Index: stable/3/crypto/kerberosIV/COPYRIGHT =================================================================== --- stable/3/crypto/kerberosIV/COPYRIGHT (revision 62577) +++ stable/3/crypto/kerberosIV/COPYRIGHT (revision 62578) @@ -1,166 +1,161 @@ -Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan +Copyright (c) 1995-1999 Kungliga Tekniska Högskolan (Royal Institute of Technology, Stockholm, Sweden). All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by the Kungliga Tekniska - Högskolan and its contributors. - -4. Neither the name of the Institute nor the names of its contributors +3. Neither the name of the Institute nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright (C) 1995 Eric Young (eay@mincom.oz.au) All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Eric Young (eay@mincom.oz.au) THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright (c) 1983, 1990 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright (C) 1990 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the names of M.I.T. and the M.I.T. S.I.P.B. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. and the M.I.T. S.I.P.B. make no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. Copyright 1992 Simmule Turner and Rich Salz. All rights reserved. This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California. Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it freely, subject to the following restrictions: 1. The authors are not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it. 2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read sources, credits must appear in the documentation. 3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few users ever read sources, credits must appear in the documentation. 4. This notice may not be removed or altered. Index: stable/3/crypto/kerberosIV/ChangeLog =================================================================== --- stable/3/crypto/kerberosIV/ChangeLog (revision 62577) +++ stable/3/crypto/kerberosIV/ChangeLog (revision 62578) @@ -1,3761 +1,5384 @@ +1999-11-29 + + * lib/krb/krb-protos.h (tf_get_cred_addr): add prototype + * lib/krb/tf_util.c (tf_get_cred_addr): new function for fetching + the NAT addresses stored in the ticket file. From + + + * kuser/klist.c (display_tktfile): dump the IP address being used + when in NAT-mode. From + +1999-11-25 + + * appl/bsd/rlogind.c (main): getopt returns -1 and not EOF. From + + + * lib/krb/krb_ip_realm.c (krb_add_our_ip_for_realm): new function + for obtaining the IP address that the KDC sees us as coming from. + From + + * lib/krb/tf_util.c (tf_get_addr, tf_store_addr): new functions + for storing the NAT-ed address per realm + (tf_get_cred): make sure to ignore all magic credentials + + * lib/krb/get_in_tkt.c (krb_get_pw_in_tkt2): if using NAT, store + the address the the KDC saw. (krb_add_our_ip_for_realm) + + * lib/krb/send_to_kdc.c: rewrite some. Make sure that we do not + do any hostname lookups when using http through a proxy (the proxy + is supposed to do that in the `real' name-space). + +1999-11-19 + + * appl/bsd/rcmd_util.c (conv): add EXTA and EXTB + +Tue Nov 16 1999 + + * lib/krb/defaults.c (krb_get_default_keyfile): Get value of + KEYFILE from /etc/krb.extra. + +1999-11-13 + + * **/*.c (main): getopt returns -1 not EOF. From + + + * configure.in: check for fields in `struct tm' and variable + `timezone', used by strftime + * configure.in (AC_BROKEN): strptime is a new function in roken + opt*: more header files for the tests + +Tue Nov 2 1999 + + * lib/krb/krb.h (TKT_ROOT): Change the definition of TKT_ROOT to a + function call. The returned value is settable in /etc/krb.extra + with the construct krb_default_tkt_root = /tmp/tkt_. + +1999-10-06 + + * lib/krb/verify_user.c: remove ERICSSON_COMPAT, it's apparently + no longer needed + +Mon Oct 4 1999 + + * appl/bsd/klogin.c (multiple_get_tkt): Must use appropiate realm + name when calling krb_get_pw_in_tkt or else you will receive an + inter-realm TGT. + +1999-10-03 + + * doc/problems.texi: add blurb about irix abi:s + +1999-09-27 + + * lib/krb/tf_util.c (tf_init): cygwin work-around + +1999-09-16 + + * configure.in: test for strlcpy, strlcat + + * admin/kdb_util.c (main): support `-' as an alias for stdout. + originally from Fredrik Ljungberg + +1999-09-15 + + * include/Makefile.in: remove duplicate parse_time.h + + * kadmin/ksrvutil_get.c (get_srvtab_ent): better error messages + +1999-09-12 + + * configure.in: revert back awk test, now worked around in + roken.awk + +1999-09-06 + + * doc/problems.texi: document a really working fix for the xlc + -qnolm bug + +1999-09-04 + + * doc/problems.texi: comment about xlc -E brokenness + +1999-09-01 + + * lib/krb/get_krbrlm.c (krb_get_lrealm_f): treat n = 0 the same as + if it were 1 (this should make it backwards compatible with apps + that pass 0 for n) + +1999-08-25 + + * appl/bsd/login.c: surround SGI capability stuff with + `defined(HAVE_CAP_SET_PROC)' + +1999-08-24 + + * kadmin/kadmin.c (add_new_key): add missing space when printing + generated passwords. bug reported by Per Eriksson DMC + + + * lib/krb/verify_user.c (krb_verify_user_srvtab): return last + error instead of KFAILURE when everything fails. + + * appl/bsd/klogin.c (multiple_get_tkt): return last error instead + of KFAILURE when everything fails. + +1999-08-18 + + * doc/problems.texi: some y2k stuff + + * doc/kth-krb.texi: update copyright, and menu + + * doc/intro.texi: remove unix-system section, since it's + impossible to keep up to date + +1999-08-13 + + * configure.in: test for inet_pton include in all + utmp tests + +1999-07-27 + + * configure.in: test for struct sockaddr_storage and sa_family + brokenize inet_ntop + +1999-07-24 + + * kadmin/ksrvutil_get.c (get_srvtab_ent): try to print better + error messages + + * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \# + in lib/roken/roken.awk + +1999-07-22 + + * acconfig.h (SunOS): remove definition + + * configure.in: define SunOS to xy for SunOS x.y + +1999-07-19 + + * configure.in (AC_BROKEN): check for copyhostent, freehostent, + getipnodebyname, getipnodebyaddr + +1999-07-13 + + * configure.in: use AC_FUNC_GETLOGIN + +1999-07-07 + + * kadmin/admin_server.c (main): call krb_get_lrealm correctly + + * appl/bsd/rlogind.c (lowtmp): fill in ut_id + +1999-07-06 + + * include/bits.c: move around __attribute__ to make it work with + old gcc + + * appl/bsd/rcp.c (rsource): remove trailing slashes which + otherwise makes us fail + +1999-07-04 + + * appl/afsutil/aklog.c (epxand_cell_name): terminate on # + + * lib/kadm/kadm_cli_wrap.c (kadm_cli_send): free the right memory + (none) when kadm_cli_out fails. based on a patch by Buck Huppmann + + +1999-06-24 + + * configure.in: check for sgi capability stuff + + * appl/bsd/login.c: add some kind of sgi capability capability + +1999-06-23 + + * acconfig.h (HAVE_KRB_DISABLE_DEBUG): always define. this makes + the telnet code easier when building heimdal with an older krb4 + + * lib/krb/kuserok.c (krb_kuserok): add support for multiple local + realms and de-support entries without realm in ~/.klogin + +1999-06-19 + + * lib/krb/send_to_kdc.c: and a new variable `timeout' in krb.extra + instead of always having a timeout of four seconds. based on a + patch by Mattias Amnefelt + +1999-06-17 + + * appl/bsd/rshd.c: use DES_RW_MAXWRITE instead of BUFSIZ (for + consistency) + + * appl/bsd/rsh.c: use DES_RW_MAXWRITE instead of BUFSIZ. + Otherwise, des_enc_read might be buffering data to us and it can + get returned on a des_enc_read to another fd that the original one + :-( + + * appl/bsd/bsd_locl.h: DES_RW_{MAXWRITE,BSIZE} + + * appl/bsd/encrypt.c: move MAXWRITE and BSIZE to bsd_locl.h and + rename them to DES_RW_\1 + +1999-06-16 + + * kuser/kdestroy.c: make unlog and tickets function correctly + + * configure.in: correct variables used for socks includes and libs + + + * lib/krb/{debug_decl.c,krb-protos.h}: add krb_disable_debug + +1999-06-15 + + * kuser/klist.c (display_tokens): type correctness + + * lib/krb/send_to_kdc.c (url_parse): always return the port in + network byte order (and be more careful when parsing the port + number) + + * lib/krb/send_to_kdc.c (http_recv): handle both HTTP/1.0 and + HTTP/1.1 in reply + +1999-06-06 + + * configure.in: use KRB_CHECK_X + + * kuser/kdestroy.c: use print_version + +Wed Jun 2 1999 + + * kadmin/kadmin.c: use print_version; (mod_entry): add command + line options + +1999-05-21 + + * appl/bsd/login.c: limit more stuff for crays; fix call to + login_access + +1999-05-19 + + * man/Makefile.in (install, uninstall): handle relative paths (fix + editline) + +1999-05-18 + + * appl/bsd/bsd_locl.h: update prototype for login_access; declare + `struct aud_rec' to keep AIX xlc happy + +1999-05-14 + + * appl/bsd/login_access.c: merge in more recent code + + * configure.in (CHECK_NETINET_IP_AND_TCP): use + +1999-05-10 + + * lib/krb/get_host.c (parse_address): remove trailing slash + + * lib/krb/send_to_kdc.c (prog): nuke + (send_to_kdc): restructure. make sure we have used all of the + addresses from gethostbyname before calling send_recv + (send_recv): removed unused parameters + (url_parse): remove trailing slash + (http_recv): make sure the http transaction was succesful + +1999-05-08 + + * configure.in: use the correct include files for the utmp tests + + * appl/movemail/pop.c: rename getline -> pop_getline removed + duplicate prototypes + + * configure.in: db.h: test for + (getmsg): check for existence before checking if it works (otherwise + it fails with glibc2.1 that implements an always failing getmsg) + + * acconfig.h (_GNU_SOURCE): define this to enable (used) + extensions on glibc-based systems such as linux + + * configure.in: test for strndup + +1999-04-21 + + * configure.in: replace AC_TEST_PACKAGE with AC_TEST_PACKAGE_NEW + fix test for readline.h add test for four argument el_init + remember to link with $LIB_tgetent when trying linking with + readline + +1999-04-16 + + * configure.in: check for prototype of strsep + +Sat Apr 10 1999 + + * configure.in: fix readline logic + +Fri Apr 9 1999 + + * man/Makefile.in: add editline and push. make install rules + handle paths + +Wed Apr 7 1999 + + * appl/movemail/Makefile.in: fix names of hesiod variables + + * configure.in: fix readline flags + +Mon Mar 29 1999 + + * appl/bsd/utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_* + + * appl/bsd/utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_* + + * appl/bsd/rlogind.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_* + + * configure.in: include in test for ut_*; use + AC_CHECK_XAU + + * configure.in: utmp{,x} -> struct utmp{,x} + +Sat Mar 27 1999 + + * configure.in: AC_CHECK_OSFC2 + +Fri Mar 19 1999 + + * configure.in: use AC_SHARED_LIBS + + * configure.in: remove AIX install hack (fixed in autoconf 2.13) + + + * server/kerberos.c: fix some printf format strings + +Wed Mar 17 1999 + + * lib/krb/krb.h (KRB_VERIFY_NOT_SECURE): add for completeness + + * lib/auth/sia/sia.c (common_auth): use KRB_VERIFY_SECURE instead + of 1 + + * lib/auth/pam/pam.c (doit): use KRB_VERIFY_SECURE instead of 1 + + * lib/auth/afskauthlib/verify.c (afs_verify): use + KRB_VERIFY_SECURE instead of 1 + +Tue Mar 16 1999 + + * lib/krb/verify_user.c (krb_verify_user): handle multiple local + realms + (krb_verify_user_multiple): remove + + * lib/krb/krb-protos.h (krb_verify_user_multiple): remove + + * lib/auth/pam/pam.c: krb_verify_user_multiple -> krb_verify_user + + * lib/auth/sia/sia.c: krb_verify_user_multiple -> krb_verify_user + + * lib/auth/afskauthlib/verify.c: krb_verify_user_multiple -> + krb_verify_user + + + * lib/krb/getaddrs.c: SOCKADDR_HAS_SA_LEN -> + HAVE_STRUCT_SOCKADDR_SA_LEN + +Sat Mar 13 1999 + + * lib/kadm/check_password.c (kadm_check_pw): cast when calling is* + to get rid of a warning + + * lib/acl/acl_files.c (nuke_whitespace): cast when calling is* to + get rid of a warning + + * kadmin/ksrvutil.c (usage): update. improve error messages + + * appl/bsd/sysv_default.c (trim): cast when calling is* to get rid + of a warning + + * appl/bsd/rshd.c (doit): more parenthesis to make gcc happy + + * appl/bsd/rsh.c: add `-p' + + * appl/bsd/rlogin.c (main): more paranoid parsing of `-p' + + * appl/bsd/rcp.c (sink): cast when calling is* to get rid of a + warning + + * appl/bsd/login_access.c (login_access): cast when calling + isspace to get rid of a warning + + * include/bits.c (my_strupr): rename to strupr and ifdef + (try_signed, try_unsigned): add __attribute__ junk to get rid of two + warnings + + * appl/bsd/Makefile.in (SOURCES): add osfc2.c + + * admin/kdb_util.c (update_ok_file): add fallback utimes (some + systems seem to fail updating the timestamp with open(), close()) + + * server/kerberos.c (main): more paranoid parsing of `-a' and `-p' + +Thu Mar 11 1999 + + * configure.in: AC_BROKEN innetgr + + * lib/krb/send_to_kdc.c: fix types in format string + + * lib/krb/get_host.c: add some if-braces to keep gcc happy + + * lib/kadm/kadm_supp.c: fix types in format string + + * lib/auth/sia/Makefile.in: WFLAGS + + * include/bits.c: fix types in format string + + * appl/bsd/su.c: add some if-braces to keep gcc happy + + * appl/bsd/rlogind.c: add some if-braces to keep gcc happy + + * appl/bsd/rlogin.c: add some if-braces to keep gcc happy + + * appl/bsd/login.c: add some if-braces to keep gcc happy + + * appl/afsutil/pagsh.c: fix types in format string + +Wed Mar 10 1999 + + * server/kerberos.c: remove unused k_instance + + * lib/krb/krb-protos.h (read_service_key): add some consts to + prototype + + * lib/krb/read_service_key.c (read_service_key): add some consts + to prototype + + * appl/sample/sample_server.c: openlog -> roken_openlog + + * appl/kip/kipd.c: openlog -> roken_openlog + + * configure.in: use AC_WFLAGS + +Mon Mar 1 1999 + + * acinclude.m4: add + + * configure.in: typo + + * Makefile.in: use aclocal + + * Makefile.export: use aclocal + + * configure.in: update to autoconf 2.13 + + * aclocal.m4.in: have-struct-field.m4, check-type-extra.m4 + + * acconfig.h: update to autoconf 2.13 + + * lib/auth/sia/sia.c: SIAENTITY_HAS_OUID -> HAVE_SIAENTITY_OUID + +Tue Feb 23 1999 + + * configure.in: don't include afsl.exp in libkafs.a if building + with dynamic afs support (breaks egcs 1.1.1) + + * configure.in: don't build rxkad if not building afs-support + +Mon Feb 22 1999 + + * include/Makefile.in: clean up handling of missing system headers + + * configure.in: clean up handling of missing system headers + + * aclocal.m4.in: broken-snprintf.m4 broken-glob.m4 + + * acconfig.h: NEED_{SNPRINTF,GLOB}_PROTO + +Mon Feb 15 1999 + + * configure.in (gethostname, mkstemp): test for prototype + + * configure.in: homogenize broken detection with heimdal + +Thu Feb 11 1999 + + * lib/krb/verify_user.c: If secure == KRB_VERIFY_SECURE_FAIL, + return ok if there isn't any service key (or if it can't be read). + + * lib/krb/krb.h: KRB_VERIFY_SECURE, KRB_VERIFY_SECURE_FAIL + +Wed Jan 13 1999 + + * kadmin/kadmin.c (add_new_key): enable the `-p password' option + and add the missing code. + + * appl/bsd/login_fbtab.c (login_protect): remove `/*' from string + before reading the directory. From "Brandon S. Allbery" + + +Fri Dec 18 1998 + + * man/kadmin.8 (-t): add a note about using `kinit -p' + +Mon Dec 14 1998 + + * lib/krb/name2name.c (krb_name_to_name): really verify we have an + alias before trying to use it as the primary name. + +Fri Nov 27 1998 + + * lib/krb/send_to_kdc.c (url_parse): use correct length when + copying the hostname + +Sun Nov 22 1998 + + * configure.in, acconfig.h: NEED_HSTRERROR_PROTO + + + * configure.in: use AC_KRB_STRUCT_SPWD + + * slave/Makefile.in (WFLAGS): set + + * server/Makefile.in (WFLAGS): set + + * lib/krb/send_to_kdc.c (send_recv): add `int' + + * lib/krb/decomp_ticket.c (decomp_ticket): if the realm is empty, + use the local realm. + + * lib/krb/Makefile.in (WFLAGS): set + + * lib/kdb/krb_lib.c (kerb_get_principal): correct test + (kerb_put_principal): remove unused variable + + * lib/kdb/Makefile.in (WFLAGS): set + + * lib/auth/pam/Makefile.in (WFLAGS): set + + * lib/auth/afskauthlib/Makefile.in (WFLAGS): set + + * lib/acl/Makefile.in (WFLAGS): set + + * kuser/Makefile.in (WFLAGS): set + + * kadmin/Makefile.in (WFLAGS): set + + * include/Makefile.in (WFLAGS): set + + * appl/sample/sample_client.c (main): remove unused variable + + * appl/sample/Makefile.in (WFLAGS): set + + * appl/movemail/Makefile.in (WFLAGS): set + + * appl/kip/Makefile.in (WFLAGS): set + + * appl/bsd/Makefile.in (WFLAGS): set + + * appl/afsutil/pagsh.c (main): fall back to running /bin/sh if + execvp fails. + + * appl/afsutil/Makefile.in (WFLAGS): set + + * admin/kdb_edit.c (change_principal): remove unused variable + + * admin/Makefile.in (WFLAGS): set + + * configure.in: check for crypt, environ and struct spwd + +Thu Nov 19 1998 + + * appl/movemail/Makefile.in: link and include hesiod + + * configure.in: test for hesiod + +Wed Nov 18 1998 + + * kadmin/kadm_locl.h: include + + * configure.in (freebsd3): seems to like symbolic links for the + shared libraries + +1998-11-07 + + * Makefile.export (ChangeLOG): handle emacs20-style changelog + entries + + * lib/kdb/krb_dbm.c (kerb_db_get_principal, kerb_db_iterate): + check return value from `dbm_open' + +Fri Oct 23 1998 + + * lib/kadm/kadm.h: enable new extended kadmin fields by default + +Thu Oct 22 1998 + + * lib/krb/get_host.c (read_file): add more kinds of whitespace + + * lib/krb/lsb_addr_comp.c: fix(?) calculations regrding + `firewall_address' + + * kadmin/kadmin.c: change timeout to 5 minutes, (sigarlm): only + print message if any tickets were actually destroyed, (main): less + noise, (add_new_key): some cleanup, (del_entry): allow more than + one principal on command line, (get_entry): set more flags + + * lib/kadm/kadm.h: add code to get modification date, modifier and + key version number + + * lib/kadm/kadm_supp.c: add code to get modification date, + modifier and key version number + + * lib/kadm/kadm_stream.c: add code to get modification date, + modifier and key version number + +Tue Oct 13 1998 + + * lib/kadm/Makefile.in: ROKEN_RENAME + + * lib/krb/roken_rename.h: add strnlen + + * lib/krb/Makefile.in: add strnlen + +Sat Oct 3 1998 + + * doc/install.texi: add comment about afskauthlib being in the + correct object format + +Thu Oct 1 1998 + + * kadmin/kadmin.c (change_admin_password): add `alarm(0)' to + prevent it from timing out + + + * lib/krb/time.c (krb_kdctimeofday): set `tv'. fix from Thomas + Nyström + +Mon Sep 28 1998 + + * appl/bsd/osfc2.c: lots of C2 magic + + * appl/bsd/{rshd,rcp_util,rcp}.c: do C2 stuff + + * appl/bsd/login.c: move C2 stuff to osfc2.c + + * appl/bsd/login.c: call `set_auth_parameters' if OSFC2 + +Sun Sep 27 1998 + + * appl/bsd/login.c: add some code to call setluid + +Sat Sep 26 1998 + + * appl/sample/sample_client.c (main): correct test + +Sat Sep 12 1998 + + * configure.in (XauReadAuth): reverse test and check for -lX11 + before -lXau, otherwise the test fails on Irix 6.5 + +Sun Sep 6 1998 + + * lib/krb/krb-protos.h: fix prototypes for krb_net_{read,write} + + * lib/krb/krb_net_{read,write}.c: new files + + * lib/krb/Makefile.in: add krb_net_{read,write} + +Fri Sep 4 1998 + + * lib/auth/sia/sia.c (siad_ses_launch, siad_ses_reauthent): use + krb_afslog_home + + * lib/auth/pam/pam.c (pam_sm_open_session): use krb_afslog_home + + * lib/auth/afskauthlib/verify.c (afs_verify): use + krb_afslog_uid_home + +Sun Aug 30 1998 + + * lib/krb/get_host.c: patch from Derrick J Brashear + for doing less DNS lookups + +Sun Aug 23 1998 + + * lib/krb/ticket_memory.c (tf_save_cred): use memcpy to copy the + session key. + +Tue Aug 18 1998 + + * kadmin/kadmin.c (change_password): add `--random'. From Love + Hörnquist-Åstrand + +Thu Aug 13 1998 + + * lib/kclient/KClient.c (KClientErrorText): copy the string. + Patch from Daniel Staaf + +Tue Jul 28 1998 + + * appl/bsd/rsh.c (main): make sure not to send `-K' before the + hostname when re-execing + + * appl/bsd/su.c: openlog LOG_AUTH + +Fri Jul 24 1998 + + * lib/krb/create_ciph.c: typo: s/tmp/rem/ + +Wed Jul 22 1998 + + * lib/krb/send_to_kdc.c (send_recv): return FALSE if recv failed + so that we try the next server + + * configure.in (*-*-sunos): no lib_deps + + * include/protos.H (utime): update prototype + +Thu Jul 16 1998 + + * acconfig.h (DBDIR, MATCH_SUBDOMAINS): added + + * configure.in (--enable-match-subdomains): added + (--with-db-dir): added + + * lib/krb/getrealm.c (file_find_realm): fix MATCH_SUBDOMAINS code. + Patch originally from R Lindsay Todd + + * lib/krb/dllmain.c: clean-up patch from + + * appl/krbmanager: patches from + +Mon Jul 13 1998 + + * appl/sample/sample_client.c (main): don't advance + hostent->h_addr_list, use a copy instead + + * appl/bsd/kcmd.c (kcmd): don't advance hostent->h_addr_list, use + a copy instead + +Fri Jul 10 1998 + + * lib/krb/net{read,write}.c: removed + + * lib/krb/Makefile.in: grab net_{read,write}.c from roken + + * lib/krb/roken_rename.h: add krb_net_{write,read} + + * lib/krb/create_ciph.c (create_ciph): return KFAILURE instead of + NULL + + * lib/kadm/kadm_cli_wrap.c (kadm_get): return KADM_NOMEM, not NULL + +Wed Jul 8 1998 + + * server/kerberos.c (make_sockets): strdup the port specification + before strtok_r:ing it + + * lib/krb/extra.c (define_variable): return 0 + + * kuser/klist.c (display_tktfile): only print time diff and + newline if using the longform + +Tue Jun 30 1998 + + * lib/krb/send_to_kdc.c (send_to_kdc): be careful in not advancing + the h_addr_list pointer in the hostent structure + + * lib/krb/time.c (krb_kdctimeofday): handle the case of `time_t' + and the type of `tv_sec' being different. patch originally from + + + * man/afslog.1: add refs to kafs and kauth + + * man/kauth.1: add refs to kafs + + * lib/krb/krb_get_in_tkt.c (krb_mk_as_req): remove old code laying + around. + + * lib/krb/Makefile.in: add strcat_truncate.c + + * lib/auth/sia/krb4+c2_matrix.conf: fix broken lines and typos + + * kuser/klist.c (display_tokens): print expired for expired tokens + +Sat Jun 13 1998 + + * kadmin/kadm_ser_wrap.c (kadm_ser_init): new argument `addr' + + * kadmin/admin_server.c: new argument `-i' for listening on a + single address + +Mon Jun 8 1998 + + * Release 0.9.9 + +Wed Jun 3 1998 + + * lib/krb/extra.c: implement read_extra_file() for Win32 + +Fri May 29 1998 + + * configure.in: removed duplicate crypt + + * lib/kdb/Makefile.in (roken_rename.h): remove dependency + + * lib/acl/Makefile.in (roken_rename.h): remove dependency + + * lib/krb/roken_rename.h: remove duplicate flock + + * appl/afsutil/aklog.c (createuser): fclose the file + +Wed May 27 1998 + + * lib/krb/Makefile.in (extra.c): add + + * slave/kpropd.c: k_flock -> flock + + * slave/kprop.c: k_flock -> flock + + * lib/krb/tf_util.c: k_flock -> flock + + * lib/krb/roken_rename.h: add base64* and flock + + * lib/krb/kntoln.c: k_flock -> flock + + * lib/kdb/krb_dbm.c: k_flock -> flock + + * lib/kdb/Makefile.in: use ROKEN_RENAME to get hold of renames + symbols + +Tue May 26 1998 + + * lib/krb/extra.c: add read flag, so we don't have to look for + non-existant files several times + + * lib/krb/send_to_kdc.c: use krb_get_config_string() + + * lib/krb/lsb_addr_comp.c: use krb_get_config_bool() + + * lib/krb/krb_get_in_tkt.c: use krb_get_config_bool() + + * lib/krb/extra.c: parse and use krb.extra file for special + configurations, to lessen the number of environment variables used + + * lib/krb/getfile.c: cleanup and add `krb_get_krbextra' + + * lib/krb/debug_decl.c: add krb_enable_debug + + * lib/krb/lsb_addr_comp.c (lsb_time): if KRB_REVERSE_DIRECTION is + set, negate time (fix for some firewalls) + +Mon May 25 1998 + + * lib/krb/Makefile.in (clean): try to remove shared library debris + (LIBDES and LIB_DEPS): try to figure out dependencies + + * lib/kdb/Makefile.in (clean): try to remove shared library debris + + * lib/kadm/Makefile.in (clean): try to remove shared library + debris + + * configure.in: make symlink magic work with libsl + +Mon May 18 1998 + + * appl/bsd/login.c: Hack for AIX 4.3. + +Thu May 14 1998 + + * configure.in: mips-api support. From Derrick J Brashear + + + * configure.in: --enable-legacy-kdestroy: added. From Derrick J + Brashear + + * kuser/kdestroy.c: LEGACY_KDESTROY: add + +Wed May 13 1998 + + * lib/krb/krb.h (const, signed): define when compiling with + non-ANSI comilers. From Derrick J Brashear + +Mon May 11 1998 + + * kadmin/admin_server.c: Fix reallocation bug. + +Fri May 1 1998 + + * configure.in: don't test for winsock.h + + * slave/kprop.c: unifdef -DHAVE_H_ERRNO + + * appl/sample/sample_client.c: unifdef -DHAVE_H_ERRNO + + * appl/movemail/pop.c: unifdef -DHAVE_H_ERRNO + + * appl/kip/kip.c: unifdef -DHAVE_H_ERRNO + +Mon Apr 27 1998 + + * appl/ftp/ftpd/krb4.c (krb4_adat): applied patch from Love + for checking address in krb_rd_req + +Sun Apr 26 1998 + + * appl/Makefile.in (SUBDIRS): add push + +Sun Apr 19 1998 + + * configure.in: fix for the symlink magic. From Gregory S. Stark + + + * doc/Makefile.in (install): ignore failures from install-info. + + * lib/krb/Makefile.in (install): don't install include files with + x bit + + * lib/kadm/Makefile.in (install): don't install include files with + x bit + + * man/Makefile.in: don't install getusershell + + * lib/krb/Makefile.in: add symlink magic for linux. + only link in com_err.o and error.o if building shared + + * lib/kdb/Makefile.in: add symlink magic for linux + + * lib/kadm/Makefile.in: add symlink magic for linux + + * configure.in: add symlink magic for Linux + + * appl/kx/common.c (connect_local_xsocket): update to try the list + of potential socket pathnames + +Tue Apr 7 1998 + + * lib/krb/getaddrs.c: Don't bail out if various ioctl's fail. + + + * doc/Makefile.in (kth-krb.info): use `--no-split' + +Mon Apr 6 1998 + + * configure.in: add --disable-cat-manpages + + * configure.in: call the shared libraries so.0.9.9 on linux + +Sat Apr 4 1998 + + * lib/Makefile.in (SUBDIRS): changed order so that editline is + built before sl + + * lib/*/Makefile.in: shared library dependency information + + * doc/Makefile.in (clean): remove *.info* + + * merge in win32 changes from and + + + * Makefile.export: aux -> cf + + * Makefile.in: aux -> cf + + * appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): check the + return from `gethostbyname' + + * appl/bsd/bsd_locl.h: Check for and conditionalize + prepare_utmp. From + + * acconfig.h (__EMX__): define MAIL_USE_SYSTEM_LOCK. From + + + * include/bits.c: renamed `strupr' to `my_strupr' not to conflict + with any exiting strupr. + +Sat Mar 28 1998 + + * Makefile.in (install): use DESTDIR + + * include/Makefile.in (install): depend on all + + * man/Makefile.in (install, uninstall): use transform correctly + +Fri Mar 27 1998 + + * configure.in: don't look for dbopen. From Derrick J Brashear + + (termcap.h): check for + + * lib/krb/Makefile.in: fix for LD options on solaris. From + Derrick J Brashear + +Thu Mar 19 1998 + + * appl/kx/common.c: Trying binding sockets in the special + directories for some versions of Solaris and HP-UX + + + * lib/krb/kdc_reply.c: Check for error code of zero in error + packet from KDC. + +Wed Mar 18 1998 + + * appl/kx/common.c (get_xsockets): try getting sockets in lots of + places + + * appl/kauth/kauth.c: return error code from child (plus shell + magic) + + + * lib/krb/getrealm.c (krb_realmofhost), lib/krb/get_krbrlm.c + (krb_get_lrealm, krb_get_default_realm): When figuring out a + default local realm name avoid going into infinite loops. + +Sun Mar 15 1998 + + * configure.in: test for and search for `tgetent' in + ncurses. From Gregory S. Stark + + * **/Makefile.in: add DESTDIR support and .PHONY + +Sat Mar 7 1998 + + * kadmin/ksrvutil.c: Remove kvno zero restriction. + + * configure.in: Add option `--disable-dynamic-afs' do disable AIX + dynamic loading of afs syscall library. This should hopefully also + work with AIX 3. + + * kadmin/ksrvutil.c: Add `delete' function (from Chris Chiappa + ). + +Thu Feb 26 1998 + + * kadmin/kadmin.c (do_init): fix check of return value from + krb_get_default_principal + + * lib/kadm/kadm_stream.c (stv_string): use correct offset + +Sat Feb 21 1998 + + * include/Makefile.in: add parse_time.h + + * lib/krb/solaris_compat.c: new file with alternative entry points + compatible with solaris's libkrb. + +Thu Feb 19 1998 + + * lib/krb/time.c: Various time related functions. + +Tue Feb 17 1998 + + * lib/krb/send_to_kdc.c: Add some more connection debug traces. + +Sun Feb 15 1998 + + * lib/krb/get_host.c (init_hosts): call k_getportbyname with proto + == "udp" instead of NULL. NULL would be the right thing, but some + libraries are not happy with that. + + * appl/bsd/rcp.c: renamed `{local,foreign}' to \1_addr to avoid + conflicts with system header files on mklinux. + + + * lib/kadm/Makefile.in: Fix rules for kadm_err.[ch]. + + * lib/krb/krb_err.et: Fix for changes to compile_et. + + * lib/com_err/{error.c,com_err.h,com_right.h}: Rename error.h to + com_right.h. + + * lib/com_err/{compile_et.c,compile_et.h,lex.l,parse.y}: Switch + back to a yacc-based compile_et. + +Tue Feb 10 1998 + + * appl/kx/kxd.c (doit): fix stupid mistake when marshalling + + * lib/krb/Makefile.in: add strcpy_truncate + +Sun Feb 8 1998 + + * lib/krb/netwrite.c (krb_net_write): restart if errno == EINTR + + * lib/krb/netread.c (krb_net_read): restart if errno == EINTR + + * appl/kx/rxterm.in: redirect std{in,out,err} of xterm to make + sure rshd does not hang. + +Sat Feb 7 1998 + + * lib/acl/acl_files.c (acl_canonicalize_principal): use + krb_parse_name + + + * lib/krb/rw.c: add a parameter containting maximum size. Change + all callers. + + * lots-of-files: replace {REALM_SZ, *_SZ, MaxPathLen, + MaxHostNameLen} + 1 with \1 + + * appl/bsd/rlogind.c (cleanup): logout -> rlogind_logout + + * lib/acl/acl_files.c (acl_canonicalize_principal): use + strcpy_truncate + + * include/Makefile.in: fnmatch.h + + * appl/ftp/ftpd/ftpd.c: + + * lib/kadm/kadm_stream.c (stv_string): don't use strncpy + + * lib/auth/sia/sia.c (siad_ses_suauthent): do ugly magic to make + sure `entity->name' is long enough. + + * appl/ftp/ftpd/ftpcmd.y: HASSETPROCTITLE -> HAVE_SETPROCTITLE + + * appl/bsd/rlogind.c (logout): renamed to rlogind_logout to avoid + conflict with logout() in libutil. + (doit): use forkpty_truncate it there's one + + * appl/afsutil/kstring2key.c (krb5_string_to_key): don't use + strcat + + * configure.in: add lots of functions and headers that were used + in the code but not tested for. + + * lib/krb/send_to_kdc.c (url_parse): re-structured + + * kadmin/kadm_locl.h: add prototype for random_password and remove + __P + + * appl/bsd/forkpty.c (forkpty_truncate): new function. + use strcpy_truncate instead of strcpy + + * appl/bsd/bsd_locl.h: include . + prototype for forkpty_truncate() + + * configure.in: test for + +Fri Feb 6 1998 + + * kadmin/random_password.c: Random password generation. + + * kadmin/kadmin.c: Add some functionality to add_new_key, to make + it more useful with batch creation. + +Wed Feb 4 1998 + + * appl/bsd/login.c (find_in_etc_securetty): new function + (rootterm): call `find_in_etc_securetty' + + * appl/bsd/pathnames.h (_PATH_ETC_SECURETTY): add + +Tue Feb 3 1998 + + * kadmin/kadmin.c: Fix `-t' flag. Centralize the calling of + alarm() to a modified sl_loop(). + + * kadmin/kadmin.c: Add support for `batch' processing, taking a + command from the command line. Remove the automatic destruction of + tickets, instead add a timeout (initially set to 1 minute), after + which any tickets will be destroyed. Option `-m' now sets this + timeout to 0 (disabling timeout). Options `-p' takes a full + principal, and `-u' takes a `username' that is used as the name of + the admin principal to use. + +Sat Jan 31 1998 + + * lib/auth/sia/sia.c: Chown ticket file when doing reauth. + +Thu Jan 29 1998 + + * lib/auth/sia/sia.c: Add support for reauthentication. + +Mon Jan 26 1998 + + * appl/kauth/kauth.c (main): Add debug switch -d to kauth to aid + in finding miss-configurations. + +Mon Jan 19 1998 + + * lib/krb/name2name.c: If inet_addr thinks host's a valid + ip-address, assume it is, and don't call gethostbyname(). This + should fix things like `rsh 1.2.3.4'. + +Sat Jan 17 1998 + + * lib/krb/get_host.c: Check for http-srv records. + + * lib/krb/get_host.c: Don't use getprotobyname. Check for `http' + as well as `udp' and `tcp'. + + * lib/auth/sia/sia.c: Add password changing support. + + * kadmin/new_pwd.c: Use kadm_check_pw. + + * lib/kadm/check_password.c: Password quality check, moved from + kpasswd.c. + +Fri Jan 16 1998 + + * kadmin/ksrvutil_get.c: Add `-u' flag to put each key in a + separate file. + +Mon Jan 12 1998 + + * kadmin/admin_server.c: Fix broken realloc of pidarray. + +Fri Jan 9 1998 + + * rename logwtmp -> ftpd_logwtmp not to conflict with libc. + +Sun Dec 21 1997 + + * lib/krb/verify_user.c (krb_verify_user): new argument `srvtab'. + Changed all callers. + +Sat Dec 13 1997 + + * lib/kdb/krb_dbm.c: check return value from dbm_store + +Thu Dec 11 1997 + + * lib/krb/k_flock.c (k_flock): Re-included an implementaion of + k_flock. Changed all library and core application source to use + k_flock. + +Tue Dec 9 1997 + + * appl/kx/kxd.c,common.c: more error testing from Love + Hörnquist-Åstrand + Use the correct number of X for mkstemp. + + + * Release 0.9.8 + + * Add `--disable-mmap' configure option, do disable all use of + mmap. + + * Rename all k_afsklog to krb_afslog. + +Mon Dec 8 1997 + + * kuser/klist.c: Add a header for tokens. + +Fri Dec 5 1997 + + * lib/krb/krb.h: Moved prototypes to krb-protos.h, cruft to + krb-archaeology.h. + +Thu Dec 4 1997 + + * appl/kauth/kauth.c: Use krb_get_pw_in_tkt2. + + * lib/krb/get_in_tkt.c: krb_get_pw_in_tkt2 that returns key. + +Sun Nov 30 1997 + + * configure.in: check for tgetent in libcurses + +Mon Nov 24 1997 + + * appl/krbmanager: incorporate patches from + for making sure there's only one instance of krbmanager. + +Fri Nov 21 1997 + + * admin/ext_srvtab.c: use atexit() to stamp out secrets. + +Thu Nov 20 1997 + + * server/kerberos.c: Log funny HTTP requests. + + * server/kerberos.c: Add comma to list of port separators for + `-P'. + + + * appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): better + error message (from ) + +Wed Nov 12 1997 + + * kuser/klist.c (display_tokens): patch from + +Sun Nov 9 1997 + + * Release 0.9.7 + + + * configure.in: test for ssize_t + + * appl/bsd/rlogind.c: Fill in ut_type, and ut_exit if they exist. + + * appl/kx/common.c (create_and_write_cookie): Create temp file + with mkstemp. + + + * appl/ftp/ftpd/ftpd.c: conditionalize otp + + * appl/bsd/login.c: conditionalize otp + + * configure.in: add --disable-otp. update Makefile.in's + + * configure.in: define CANONICAL_HOST + + * configure.in, aclocal.m4: remove . contains + bogus information on Crays. + + * include/bits.c: stolen from Heimdal + + * include/Makefile.in: replace ktypes.c with bits.c + + * lib/krb/getaddrs.c (k_get_all_addrs): cray fix + + * configure.in: updated header files + + + * slave/kpropd.c: Make sure it's the kprop service that tries to + send data. + +Fri Nov 7 1997 + + * configure.in: Added option --with-afsws=/usr/afsws. + + * lib/Makefile.in: Build lib/rxkad if we have include file rx/rx.h + +Thu Nov 6 1997 + + * appl/ftp/ftp/ftp.c (sendrequest, recvrequest): do correct tests + for `-' + + * appl/ftp/ftp/cmds.c (getit): removed stupid goto + + + * appl/kauth/kauth.c: Use krb_get_pw_in_tkt(), now that it is + fixed. + + * appl/ftp/ftp/cmds.c: Don't retrieve files that start with `..' + or `/' without asking. Reverse test in confirm() to check for `y' + rather than not `n'. Use mkstemp. + + * appl/ftp/ftp/ftp.c: Add extra parameter to recvrequest, + specifying if local filenames should be parsed as "-" and "|". + +Mon Nov 3 1997 + + * configure.in: updated broken list. add fclose for proto check. + + * kadmin/kadmin.c: updated functions to new style of sl + + * appl/bsd/rcp.c, rlogin.c, rsh.c: setuid before doing kerberos + authentication. if that fails, exec ourselves with -K + + * appl/bsd/pathnames.h: add _PATH_RCP + + * configure.in: test for readv, writev + +Fri Oct 24 1997 + + * lib/krb/tkt_string.c (krb_set_tkt_string): const-ized + + * appl/ftp/ftp{,d}: new commands: kdestroy, krbtkfile and afslog. + + * appl/afsutil/aklog.c (expand_cell_name): fix parsing of + CellServDB + +Sat Oct 11 1997 + + * appl/telnet/telnetd/sys_term.c (start_login): moved `user' so it + works even if !defined(HAVE_UTMPX_H) + +Fri Oct 10 1997 + + * lib/krb/send_to_kdc.c: Change send_recv* to use a lookup table + indexed by protocol. + + Implement http proxy use, enabled via `krb4_proxy' environment + variable. + +Thu Oct 9 1997 + + * lib/krb/getrealm.c: Don't lookup top-level domains. Try files + before doing DNS. + +Thu Oct 2 1997 + + * appl/krbmanager: Turned into a ticket management program. + + * lib/krb/{dllmain,ticket_memory}.c: Add some KrbManager + interaction. + +Sat Sep 27 1997 + + * appl/voodoo: Major fixes of terminal emulation, and other + things. + +Fri Sep 26 1997 + + * server/kerberos.c: Cleanup socket-opening code. Add HTTP + support. + + * lib/krb/send_to_kdc.c: Add Kerberos over HTTP. + + * lib/krb/get_host.c: Parse URL-style host-specifications. + + + * include/win32: add `version.h' and `ktypes.h' + + * lib/kclient/KClient.def: rename kclnt32 to make Eudora + happy. Add SendTicketForService + + * lib/kclient/KClient.c: implement SendTicketForService. Used by + Eudora. + + * appl/voodoo/voodoo.mak: kclient renamed as kclnt32 + +Thu Sep 25 1997 + + * Moved various base64 implementations to roken. + +Thu Sep 18 1997 + + * appl/telnet/telnetd/telnetd.c: Move the call to startslave() + into the telnet() loop. This way we'll maximise the chance that + the transmission is encrypted before starting login. This will + hopefully remove the irritating warning you would get with some + macintosh telnet clients. + +Wed Sep 17 1997 + + * appl/telnet/telnetd/sys_term.c: Fix for duplicate `-- user'. + +Tue Sep 9 1997 + + * server/kerberos.c: More detailed logging + +Fri Sep 5 1997 + + * lib/kafs/afssysdefs.h: HP-UX 10.20 seems to use 48 + +Thu Sep 4 1997 + + * lib/des/Makefile.in: quote the test for $(CC) correctly + +Wed Sep 3 1997 + + * include/ktypes.c: Move __BIT_TYPES_DEFINED__ to after including + other stuff. + + + * lib/rxkad/rxk_locl.c (rxkad_calc_header_iv): Simplify header IV + calculation. + + * lib/rxkad/osi_alloc.c (osi_Alloc): Memory allocation routines + for user space. There is no longer any need for conditional + compilation of user/kernel-space versions of librxkad.a. + + * lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Use + Transarc FC-crypto to generate random numbers. We no longer need + to link a DES library into the kernel. + +Tue Sep 2 1997 + + * appl/ftp/ftpd/ftpd.c (pass): chown the ticket file is logging in + with clear-text passwords and using kerberos + + * lib/krb/krb_log.h: new file + + * lib/krb/krb.h: moved all logging functions to krb_log.h. + Include krb_log.h in appropriate places. From + + +Mon Sep 1 1997 + + * appl/kx/kx.c: more intelligent check for passive mode new option + `-P' to force passive mode + +Sat Aug 23 1997 + + * lib/krb/krb_get_in_tkt.c: rename krb_as_req -> krb_mk_as_req + +Wed Aug 20 1997 + + * lib/rxkad/rxkad.h, rxk_serv.c (server_CheckResponse): Increase + limit of ticket lengths to 1024 at server end. + + * lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Support + for almost arbitrary ticket lengths. + +Tue Aug 19 1997 + + * kadmin/ksrvutil_get.c: Make sure we're talking to the admin + server when getting ticket. + + * lib/krb/send_to_kdc.c: Add flag to always use admin server. + +Sun Aug 17 1997 + + * appl/kx/rxtelnet.in: reverse the looking for xterm loops Use + `-n' and not `-name' to xterm + + * server/kerberos.c: implement `-i' for only listening on one + address + + * lib/kadm/kadm_cli_wrap.c: Implement kadm_change_pw2 to be + compatible with CNS. From + + * appl/ftp/ftpd/ftpd.c: removed bogus reset of `debug' + + * appl/ftp/ftpd/extern.h: define NBBY if needed + + * configure.in: os2 fixes: -Zcrtdll and check for chroot + +Wed Aug 13 1997 + + * lib/krb/get_in_tkt.c: Use new get_in_tkt functions, and + implement kerberos 5 salts. + + * lib/krb/krb_get_in_tkt.c: Split krb_get_in_tkt in two functions + so it's possible to try several key-procs with just one request to + the KDC. + +Wed Jul 23 1997 + + * lib/rxkad/rxk_serv.c (decode_krb4_ticket): New functions + decode_xxx_ticket so that it is possible to also decode kerberos + version 5 tickets. + +Sat Jul 19 1997 + + * doc/Makefile.in: `test -f' is more portable than `test -e' + +Tue Jul 15 1997 + + * lib/kafs/kafs.h, lib/krb/krb.h: swap order of and + . Another fix form + +Fri Jul 11 1997 + + * lib/krb/krb.h: non-ANSI fix from + +Fri Jun 27 1997 + + * man/otp.1: `-o' option + + * appl/otp/otp.c: List lock-time with `-l'. New option `-o' to + open an locked entry. + + * lib/otp/otp_db.c (otp_get_internal): Save lock_time in returned + struct. + + * lib/otp/otp.h: New field `lock_time' in OtpContext + +Thu Jun 26 1997 + + * man/otp.1, man/otpprint.1: Update changed default to `md5' + + * appl/bsd/rsh.c: Don't use a hard-coded constant in `select' + + * configure.in, include/ktypes.c: Handle the case of there being + an old version of our `sys/bitypes.h'. + +Sun Jun 22 1997 + + * lib/des: Merge in changes from libdes 4.01. The optimizations + written in assembler are not used since they in general wont't + work with shared libraries. + +Fri Jun 20 1997 + + * lib/krb/netread.c, netwrite.c: Handle windows discrimation of + sockets. + +Sun Jun 15 1997 + + * appl/kpopper/pop_init.c: Use `STDIN_FILENO' and `STDOUT_FILENO' + instead of `sp'. OSF's libc isn't quite prepared to have two + different FILEs refer to the same file descriptor. + +Thu Jun 12 1997 + + * doc/dir: Add dir template file. + + + * appl/kauth/kauth.c (main): AFS style positional argument for -n + option. + + * appl/xnlock/xnlock.c (verify): New resource destroyTickets and + corresponding option -nodestroytickets. First try local + authentication and if it fails try kerberos. + +Sun Jun 8 1997 + + * appl/ftp/ftpd/popen.c (ftpd_popen): Correct initialization of + `foo' before call to `strtok_r' + +Wed Jun 4 1997 + + * doc/*.texi: Use @url. + + * doc/setup.texi: Added @ifinfo around @dircategory + Tue Jun 3 1997 * Release 0.9.6 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: new argument '-w term_emulator' for specifiying which terminal emulator to use. Based on a patch from . Mon Jun 2 1997 * appl/xnlock/Makefile.in, appl/kx/Makefile.in, lib/auth/Makefile.in: fix the Makefile to do the for loops the automake way. Sun Jun 1 1997 * appl/xnlock/Makefile.in, appl/kx/Makefile.in: do install correctly even if there are no programs to install * configure.in: Check for `h_nerr'. * lib/auth/pam/pam.c: Include to make it compile on Solaris 2.6 lib/sl/sl.c, lib/krb/realm_parse.c, appl/ftp/ftpd/popen.c, appl/ftp/ftpd/ftpd.c, appl/bsd/login_fbtab.c, appl/bsd/login_access.c: Initialize the `lasts' to NULL before calling strtok_r the first time. With our strtok_r it's not necessary, but the man-page on SGIs says it should be done. Fri May 30 1997 * lib/krb/mk_req.c (krb_mk_req, get_ad_tkt): Support for multi-realm ticket files by using the best matching TGT to define the realm of the ticket holder. * appl/bsd/utmpx_login.c (utmpx_update): Set `ut_id' if we're using utmpx * appl/telnet/telnetd/sys_term.c (start_login): Set `ut_id' if we're using utmpx Wed May 28 1997 * lib/roken/daemon.c: New file. * include/protos.H: needed on solaris 2.4 Mon May 26 1997 * appl/bsd/su.c (kerberos): If kerberos password is zero length immediately try next scheme. * lib/kafs/afskrb.c (k_afsklog_uid): Token lifetime should be even if we don't know the proper ViceId. * Release 0.9.5 * man/Makefile.in: Install preformatted manual pages with correct suffix on *BSD. Sun May 25 1997 * appl/kpopper/popper.h: Remove XTND, and XTND XMIT. Rename XTND XOVER to XOVER. * appl/telnet/telnetd/sys_term.c: Only include and once * fix-export: Also create cat manpages. * appl/ftp/ftpd/logwtmp.c: Check for `_PATH_WTMP' * appl/telnet/telnetd/sys_term.c: Ditto. Remove stupid macros. * appl/ftp/ftp/cmds.c (setpeer): Check for `__unix'. This is (apparently) a standard with many representations. * appl/ftp/ftpd/ftpcmd.y (SYST): Ditto. * appl/ftp/ftpd/ftpd.c (retrieve): file must exist to apply a command to it. * appl/ftp/ftpd/ftpd.c (retrieve): Generalise list of commands and basename argument. * appl/ftp/ftpd/popen.c (ftpd_popen): Try standard binary if the one in ~ftp fails. * appl/telnet/telnetd/sys_term.c: Use `_getpty' if there's one * appl/bsd/forkpty.c: Use `_getpty' if there's one * configure.in: check for `_getpty' * acconfig.h: correct test for IRIX * lib/roken/snprintf.c: code for checking the correct functioning of *nprintf is now #ifdef PARANOIA * appl/bsd/rlogind.c: fix logging in wtmp and parsing of winsize * appl/bsd/rlogin.c: New option `-p'. * lib/des/fcrypt.c: removed `inline' from `des_set_key' Thu May 22 1997 * lib/des/md5.c (MD5Final): Made signature compliant with FreeBSD. * lib/des/md5.h: Remove digest from MD5_CTX, it is now an argument to MD5Final instead. * lib/des/fcrypt.c: Also support MD5 style crypt(2). Tue May 20 1997 * appl/telnet/telnetd/sys_term.c: utmp stuff now seems to be compatible with login * appl/ftp/ftpd/logwtmp.c: Add support for logging to wtmpx * (*/)*/Makefile.in:s (install): Avoid redundant multiple recursion in install targets. * Made things compile with socks5-v1.0r1. * appl/telnet/telnetd/sys_term.c: changed utmp-stuff not to use ut_id at all * appl/bsd/utmpx_login.c: handle case where there's no wtmpx (such as HP-UX 10) * appl/bsd/rlogind.c: Added support for utmpx Sun May 18 1997 * lib/roken: removed herror, strchr, and strrchr * lib/krb/dest_tkt.c(dest_tkt): Only use `lstat' iff HAVE_LSTAT * lib/krb: snprintf, strdup, strtok_r, and strcasecmp always live in lib/roken and get linked here when needed. * lib/roken: removed strchr, strrchr. * appl/telnet/telnet/telnet.c: Always use our own `setupterm' for compatibility reasons. * appl/telnet/telnetd/telnetd.c: Removed and . They doesn't seem to be used and breaks on fujitsu. * appl/kx/kx.c: try to give a better error message (than a core dump :-) when talking to an old kxd. * appl/kx/kxd.c, appl/kip/kipd.c, appl/kauth/kauthd.c: corrected fencepost error with KRB_SENDAUTH_VLEN. * appl/ftp/common/buffer.c: new file. * configure.in: cray hides their bitypes in . Also check for this file. * appl/telnet/telnet/telnet_locl.h: moved termios.h before curses.h. This was needed to compile on cray, but will probably break on some other host. Thu May 15 1997 * server/kerberos.c: Implement changes to the tcp protocol, while being compatible with the old protocol. * lib/krb/send_to_kdc.c: The old method to signal end of transmission by closing the sending side of the socket does not work well through some firewalls. This is now changed so that the client instead sends the length of the request as a four byte integer (in network byte order) before sending the data. Wed May 14 1997 * appl/telnet/telnetd/sys_term.c: HAVE_UTMPX -> HAVE_UTMPX_H. Fix for OSF1. * appl/bsd/utmp_login.c: UTMPX_DOES_UTMP_LOGGING -> HAVE_UTMPX_H * appl/bsd/sysv_environ.c: Use k_concat rather than snprintf. Tue May 13 1997 * kuser/klist.c: updated usage string * lib/otp/otp_print.c: make word table and reverse word table constant Sun May 11 1997 * */*: Added some __attribute__ ((format (printf))) and fixes where needed. * appl/ftp/common/sockbuf.c: start probing at 4Mb * appl/ftp/ftpd/ftpd.c: use MAP_FAILED * appl/ftp/ftp/ftp.c: Use MAP_FAILED. (alloc_buffer): new function for allocating a buffer of size max(BUFSIZ, st.st_blksize) (Based on a patch from ) * appl/ftpd/ftpdcmd.y: hack for reget. * appl/kx/kxd.c: Give a error message to old-version kx. * replaced vsprintf with vsnprintf. * lib/roken/vsyslog.c: not used. removed. * Changed -> * include/Makefile.in: Added ktypes.h * include/sys/Makefile.in: removed bitypes.h Wed May 7 1997 * appl/ftp/ftp/ftp.c: Open files in binary mode. * appl/ftp/ftpd/ftpd.c (checkaccess): Changed to make absent file mean `allow'. Added shell matching to names (if fnmatch is available). * appl/ftp/ftpd/kauth.c (kauth): Use `DEFAULT_TKT_LIFE' * appl/ftp/ftpd/ftpcmd.y, appl/ftp/ftpd/ftpd.c: always cast to (long) before printing out an `off_t' * lib/kdb/print_princ.c (krb_print_principal), lib/kdb/krb_lib.c (kerb_put_principal), admin/kdb_edit.c (change_principal), admin/kdb_util.c (print_time) : gmtime should never return tm_year > 1900 * appl/ftp/ftpd/ftpcmd.y: Year 2000 fix * appl/telnet/telnetd/telnetd.c: removed code that used `getent' * lib/roken/getent.c: removed Mon May 5 1997 * appl/ftp/ftpd/ftpd.c: fix for mmap and restart_point * kadmin/ksrvutil_get.c (ksrvutil_get): get correct default realm Sun May 4 1997 * configure.in (REAL_PICFLAGS): Use `-fPIC' instead of `-fpic', otherwise it's not possible to make libotp on hpux. * configure.in: try sending picflags even when linking a shared library with $CC * lib/roken/getent.c: remove getstr * configure.in: removed unneeded REAL_-variables working shared libraries on *bsd* * appl/kip/kip.h: Added * */Makefile.in: Use @LDSHARED@ * configure.in: Fix shared libraries on HP/UX. check for curses.h check for `getstr' and `cgetstr' in curses * appl/telnet/telnet: clean-up * lib/kafs/afssys.c: ifdef-out the code that is not used to avoid referencing `syscall' on AIX. * lib/krb/et_list.c: s/WEAK_PRAGMA/PRAGMA_WEAK/ * aclocal.m4 (AC_HAVE_PRAGMA_WEAK): redirect output * lib/roken/snprintf.c: fix for the case of max_sz == 0 * doc/kth-krb.texi: Add @dircategory and @direntry to enable `install-info' to install this entry in `dir'. * appl/telnet/telnetd/Makefile.in: Don't link with getstr * lib/auth/sia/krb4_matrix.conf: Fix entries for ses_release and chk_user. Sat May 3 1997 * lib/auth/sia/sia.c: Some cleanup. Fri May 2 1997 * configure.in: only link the programs that need it with the db/dbm library * lib/auth/sia/sia.c: Merge code for for normal and su authentication. * Replaced sprintf with snprintf and asprintf all over the place. * lib/roken/snprintf.c: Added asnprintf and vasnprintf * lib/roken/snprintf.c: implemented asprintf, vasprintf * lib/roken/snprintf.c: new file Thu May 1 1997 * lib/kafs/afskrb.c (k_afsklog_all_local_cells): Use `k_concat' Wed Apr 30 1997 * lib/krb/{get_host,get_krbrlm,getrealm,realm_parse}.c: Fix some potential buffer overruns. * lib/krb/k_concat.c: Safely concatenate two strings. Sat Apr 26 1997 * appl/telnet/libtelnet/kerberos.c: removed stupid #if 0 * appl/bsd/rlogind.c (send_oob): different default for `last_oob' to avoid losing first OOB packet Fri Apr 25 1997 * appl/voodoo/AuthOption.cpp: provoke the telnetd in turning on encryption Wed Apr 23 1997 * lib/kafs/afskrb.c (realm_of_cell): don't overflow buffer with result from `gethostbyaddr' * lib/krb/name2name.c (krb_name_to_name): new parameter `phost_size' to disable buffer overflowing. Changed all callers. * lib/krb/k_getsockinst.c: New parameter `inst_size' to disable buffer overflowing. Changed all callers. * appl/kpopper/Makefile.in: soriasis make stupidity * appl/kx/Makefile.in: don't include encdata.c in SOURCES_COMMON, otherwise DEC make gets upset. Tue Apr 22 1997 * lib/krb/k_getsockinst.c: Use same name as in krb_get_phost. * acconfig.h: hp-ux 10 also has `pututxline' that writes both to utmp and utmpx. Sun Apr 20 1997 * include/win32/config.h: adapted to win95/NT * appl/voodoo: Merged in win32-telnet from * lib/krb/tkt_string.c: dummy `getuid' function. * lib/krb/ticket_memory.c (tf_setup): implement * lib/roken/roken.mak, roken.def: new files * lib/des/des.def: Removed des_random_{seed,key} * lib/krb/dllmain.c: Rewrote `msg'. Better explanation when it fails to spawn `krbmanager'. * lib/krb/tf_util.c: backwards `in_tkt' added. * lib/krb/in_tkt.c: removed * lib/kclient/KClient: Reformatted and fixed. Sat Apr 19 1997 * appl/ftp/ftpd/ftpd.c: Incorporate /etc/ftpusers changes from NetBSD. * appl/ftp/ftpd/ftpd.c: Handle oob-stuff better. Fri Apr 18 1997 * appl/kpopper/pop_{dropinfo,send,updt}.c: Fix 'From ' line parsing bug. * appl/kpopper/pop_dropinfo.c: Add support for xover. * appl/kpopper/pop_xover.c: Add some kind of xover support. * appl/kpopper/pop_debug.c: New tiny popper debugging program. Tue Apr 15 1997 * lib/krb/kdc_reply.c (kdc_reply_cred): fix sanity checks. * appl/bsd/rshd.c: k_afsklog so that remote command gets a token. fix usage string. Sat Apr 12 1997 * appl/bsd/rcp.c (main): Rcp implements encrypted file transfer without using the kshell service. * lib/krb/mk_safe.c: Emit new checksum. * lib/krb/rd_safe.c: New code to handle both new and old checksums. * lib/des/qud_cksm.c: Fix compatibility with mit deslib. Fri Apr 11 1997 * lib/sl/sl.c (sl_match): initialize `partial_cmd' Sun Apr 6 1997 * lib/kafs/kafs.h: Ugly addition of `_P' * lib/kafs/afssys.c: contains the definition of `_IOW' on cygwin32. * appl/telnet/telnet/utilities.c: needed by cygwin32 * doc/Makefile.in: always run $(MAKEINFO). * lib/otp/otp_md.c (sha_finito_little_endian): byte-swap correctly. * include/sys/bitypes.H: Added #ifndef for types * configure.in: test for types * aclocal.m4: Stolen AC_GROK_TYPES? from heimdal * appl/ftp/ftp/ftp.c: Fix passive mode. Sat Apr 5 1997 * appl/kauth/ksrvtgt.in: New ksrvtgt script. Fri Apr 4 1997 * lib/krb/kdc_reply.c: Add some range checking. * lib/otp/otptest.c: Updated tests from `draft-ietf-otp-01.txt'. Passes verification examples from appendix C. * admin/kdb_util.c: All usage strings are now consistent (and even with the code)! Thu Apr 3 1997 * lib/kafs/afssys.c (k_pioctl): Separate syscall functionality and kerberos convenience routines into afssys.c and afskrb.c. This to make it possible to use k_pioctl() without linking in all libraries in the world. Tue Apr 1 1997 * appl/telnet/telnet/commands.c: Rename suspend to telnetsuspend, since Unicos has one of its own. Sun Mar 30 1997 * appl/bsd/{rsh,rlogin}.c: Don't look at argv[0]. * man/tenletxr.1: new file * appl/kx/rxtelnet.in, appl/kx/rxterm.in, appl/kx/tenletxr.in: Support `-k' * appl/kx/tenletxr.in: new script for running kx in backwards mode. * appl/kx: New version of protocol. * appl/kauth: Use err & c:o * appl/kauth/encdata.c (read_encrypted): Give better return code for EOF * appl/ftp/ftp/krb4.c: Use stdout rather than stderr. Add newlines to many strings. * kuser/kdestroy.c: Use set_progname, make -q equal to -f, remove bell. * lib/roken/warnerr.c: New function set_progname. * aclocal.m4: Invert test of AC_NEED_DECLARATION and rename it to AC_CHECK_DECLARATION. Add new function AC_CHECK_VAR, that looks for a variable, including a declaration. * lib/roken/roken.h: Add optional declaration for __progname. * lib/roken/*{err,warn}.c: Restructure err and warn functions. Sat Mar 29 1997 * appl/telnet/telnet/sys_bsd.c: Maybe-fix for HP-UX 10: Ifdef SO_OOBINLINE, don't even select for exceptional conditions. * lib/otp/otp_md.c: always downcase the seed. byte-swap the SHA result. Thu Mar 27 1997 * appl/otp/otp.c: removed bad free of global data Sun Mar 23 1997 * configure.in: moved version.h and config.h to include * acconfig.h: Fix utmp/utmpx stuff on OSF/1. * appl/bsd/rlogind.c (control): Rewritten to handle the case of there being no `ws_xpixel' and `ws_ypixel' * appl/bsd/rlogin.c (sendwindow): Rewritten to handle the case of there being no `ws_xpixel' and `ws_ypixel' * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): Also test for `ws_xpixel' and `ws_ypixel' * lib/otp/otp.h: Change default global timeout * lib/krb/tf_util.c (tf_setup): Also take `pname' and `pinst' * appl/telnet/telnetd/sys_term.c, appl/bsd/utmpx_login.c: Do gettimeofday and then copy the data for the sake of those systems like SGI that can have different timevals in file and memory. * configure.in: Allow `--with-readline' * lib/editline/edit_compat.c (readline): strdup data before returning it. * appl/telnet/telnetd/state.c: Change size of subbuffer to 2k. Thu Mar 20 1997 * lib/krb/decomp_ticket.c: Add some range checking. * appl/ftp/ftpd/krb4.c: Check return value from krb_net_write. * appl/ftp/ftp/ftp.c: Fix hash mark printing. Wed Mar 19 1997 * appl/kauth/kauthd.c: more logging * man/kx.1, man/kxd.8: Updated. * appl/kx/kx.c, kxd.c: Hacked so that all TCP-connections are kx -> kxd * lib/editline/edit_compat.c: BSD libedit comatibility. Wed Mar 12 1997 * appl/ftp/ftpd/ftpd.c: Set `byte_count' even when using mmap. Log foreign IP address together with hostname. Mon Mar 10 1997 * server/kerberos.c: Fix log file muddle. Sun Mar 9 1997 * appl/bsd/kcmd.c (kcmd): check malloc for failure. Tue Feb 25 1997 * man/ftpd.8: Documented the `-g' option. * appl/ftp/ftpd/ftpd.c: New option `-g umask' for specifying the umask for anonymous users. * appl/ftp/ftpd/ftpd.c: conditionalize SIGURG * appl/otp/otp.c: More fixes from Fabien COELHO . Check for current OTP before allowing the update. Wed Feb 19 1997 * appl/otp/otp.c: updated help string * appl/bsd/Makefile.in: Fixed installation of suid programs. * appl/telnet/libtelnet/kerberos.c: fix some stuff to get forwarding code to compile * lib/otp/otp_db.c: fix for signed char overflow. * lib/krb/resolve.c: Patch from Jörgen Wahlsten : Zero out resource record, and send correct length to dn_expand. Mon Feb 17 1997 * lib/roken/roken.h: Check for `_setsid' * appl/ftp/ftp/ftp.c: s/__CYGWIN32__/HAVE_H_ERRNO/ * include/Makefile.in: Generete krb_err.h and kadm_err.h before linking/copying them * aclocal.m4: AC_FIND_FUNC: Add the library at the beginning of the list. * configure.in: Use AC_PROG_RANLIB Always use EMXOMF under OS/2 Check for sys/termio.h and _setsid * configure.in: A preliminary fix for editline. * appl/telnet/libtelnet/kerberos.c: Include ticket forwarding stuff. * lib/krb/krb_get_in_tkt.c: Use tf_setup. * lib/krb/krb_get_in_tkt.c: New function tf_setup. Sat Feb 15 1997 * man/otp.1: updated * appl/otp/otp.c: New options `-d' and `-r'. From Fabien COELHO * lib/otp/otp.h: Changed default from md4 to md5 * lib/otp/otp_db.c (otp_get, otp_simple_get): New functions. Thu Feb 13 1997 * appl/kx/rxtelnet.in: allow specification of port number * appl/otp/otp.c: Add `-u' option Sun Feb 9 1997 * appl/ftp/common/glob.c: Rename FOO -> CHAR_FOO to avoid collision with symbol in sys/ioctl.h Fri Feb 7 1997 * man/kpropd.8: updated * appl/bsd/rcmd_util.c: warning needs to know what program is used. * slave/kpropd.c: New explicit flag `-i' for interactive. Don't use AI to figure out if we have been started by inetd or not. Thu Feb 6 1997 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: Patch for sending -l to kx. From * kuser/klist.c: corrected alignment of `expired' * appl/telnet/telnet/commands.c: replaced lots of \n by \r\n Mon Feb 3 1997 * configure.in (socket, gethostbyname, getsockopt, setsockopt): Better tests. (HAVE_H_ERRNO): New test * lib/roken/herror.c (herror): Check HAVE_H_ERRNO lots of other files as well. Sat Feb 1 1997 * appl/bsd/rcp.c: Work around the non-working getpw* in cygwin32 * lib/krb/logging.c: Init function for `std_log´ * appl/telnet/telnet/utilities.c: Remove `upcase´ Check HAVE_SETSOCKOPT * appl/telnet/telnet/telnet.c: Use `strupr´ instead of `upcase´ * appl/telnet/telnet/commands.c, appl/movemail/pop.c, appl/kauth/rkinit.c, appl/ftp/ftp/ftp.c, appl/sample/sample_client.c: Ifdef around for the non-existence of `h_errno' in cygwin32. * lib/des/read_pwd.c: work-around for cygwin32 * appl/telnet/telnet/sys_bsd.c: work-around for cygwin32 Fri Jan 31 1997 * lib/krb/tf_util.c: gnu-win32 needs to open files with O_BINARY. Sun Jan 26 1997 * configure.in: removed duplicate of initgroups and lstat Use AC_KRB_STRUCT_WINSIZE * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): New test * lib/krb/getaddrs.c: Check for SIOCGIFFLAGS and SIOCGIFADDR * appl/bsd/rlogin.c: conditional on SIGWINCH * appl/bsd/rcmd_util.c et al: conditional getsockopt * configure.in (cygwin32): New target (getsockopt, getsockopt): Test for (herror, hstrerror): Better tests * aclocal.m4 (AC_FIND_IF_NOT_BROKEN): Pass arguments to AC_FIND_FUNC Thu Jan 23 1997 * configure.in: Add EXECSUFFIX * appl/kx/rxterm.in: rsh -n * lib/krb/unparse_name.c (krb_unparse_name_long_r): new function * lib/auth/sia/sia.c: Fix a bug with ticket filename. Add afs support. * lib/krb/get_host.c: Use KRB_SERVICE. Wed Jan 22 1997 * lib/auth/sia/Makefile.in: Add linker magic fix for broken, conflicting kerberos code in xdm. Tue Jan 21 1997 * appl/xnlock/xnlock.c (verify): Change the "LOGOUT" password to be manageable as X-resource XNlock*logoutPasswd. The password is stored in UNIX crypt format so that it can be stored in a global resource file for sites that whish to keep it a secret. * configure.in: Check for winsize in sys/ioctl.h also. Sat Jan 18 1997 * lib/krb/get_default_principal.c: Use principal from KRB4PRINCIPAL before using uid. Wed Jan 15 1997 * appl/telnet/telnet/sys_bsd.c: Use `get_window_size' * lib/roken/get_window_size.c: New file * appl/bsd/rlogin.c: Use `get_window_size' * appl/bsd/forkpty.c, appl/bsd/rlogind.c: conditionalize on TIOCSWINSZ * configure.in: Check for `_scrsize' and `struct winsize' Tue Jan 14 1997 * Makefile.in (install-strip, travelkit-strip): New targets. Thu Jan 9 1997 * */Makefile.in: Use @foo_prefix@ and @program_transform_name@ Add code to uninstall target Thu Dec 19 1996 * configure.in: Set LIBPREFIX * config.sub: Add os2 as a system * config.guess: Try to recognize i386-pc-os2_emx * configure.in: case for *-*-os2_emx NEED_PROTO for `strtok_r' * aclocal.m4: ranlib is apparently calld EMXOMF on OS/2 (AC_KRB_PROG_LN_S): New test that uses cp if ln fails Wed Dec 18 1996 * appl/bsd/login.c (main): First try to verify password using standard UNIX method and if it fails try kerberos authentication. Sat Dec 14 1996 * appl/bsd/rcp.c: consider case of no fchmod * appl/kpopper/pop_init.c: Use k_getsockinst. * lib/roken/{strupr,strlwr,strchr,strrchr,lstat,initgroups,chown, fchown,rcmd}.c: new files * appl/kpopper/pop_lower.c: Removed. * Makefile.in (travelkit): New target. Tue Dec 10 1996 * lib/krb/parse_name.c (kname_parse): Only copy realm if it is specified. * lib/krb/get_host.c (krb_get_host): Treat no realm as local realm. Mon Dec 9 1996 * appl/ftp/ftpd/ftpd.c: Get afs-tokens when logging in with password. * slave/kprop.c: flock with K_LOCK_SH Wed Dec 4 1996 * appl/telnet/telnet/commands.c: Also export XAUTHORITY Sun Dec 1 1996 * kadmin/ksrvutil.c: If realm is not specified, use the local one. Sat Nov 30 1996 * appl/kauth/kauthd.c: Use KAUTH_VERSION. Try to give correct error messages back to kauth. * config.sub, config.guess: Merged in changes from autoconf 2.12 * appl/bsd/rsh.c: quick hack to make `-n' to the right thing. * kadmin/kadm_locl.h: Add prototype for FascistCheck. Thu Nov 28 1996 * man/afslog.1: Documented `-createuser' * appl/afsutil/aklog.c: removed `cell_of_file' Added option `-createuser' to run pts to create a foreign principal. Tue Nov 26 1996 * lib/otp/otp_challenge.c: Initialize error string and check for NULL from strdup. * lib/roken/mini_inetd.c: Initialize `sin_family' * appl/kpopper/pop_init.c: Add `-p' option and make `-a' auth-style * appl/bsd/rshd.c: Add `-p' option. * appl/bsd/rlogind.c: Handle `-p' correctly. * appl/bsd/login.c: Removed confusing initialization of `login_timeout' * appl/kpopper/pop_dropinfo.c: Remove white-space at the beginning of UIDL-string. Sun Nov 24 1996 * Release 0.9.3 Sat Nov 23 1996 * kadmin/ksrvutil_get.c: Use `krb_unparse_name_long' Better defaults. * lib/krb/krb.h: Added *_to_key * lib/krb/get_svc_in_tkt.c (srvtab_to_key): Make public * kadmin/kadmin.c (do_init): `-p' is a synonym for `-u' (do_init): more logical defaults (help): removed old code better error messages * lib/krb/get_in_tkt.c (passwd_to_key, passwd_to_afskey): Export and remove functionality for reading passwords. * lib/sl/sl.c: Nicer help output. * lib/otp/otp_challenge.c: Initialize `challengep' * lib/krb/Makefile.in: Removed get_pw_tkt.c Fri Nov 22 1996 * lib/auth/sia/sia.c: Now compiles under Digital UNIX 4.0. Wed Nov 20 1996 * lib/auth/pam/pam.c: Chown ticketfile to correct GID. Tue Nov 19 1996 * appl/kx/rxtelnet.in: Try to set the screen number as well. * Be careful not to thrust `h_length' from gethostby{name,addr} * appl/bsd/rcmd_util.c (ip_options_and_die): New function. * configure.in: moved headers before functions. call AC_PATH_XTRA_XTRA. Add strchr, index, rindex, and strrchr to AC_CHECK_FUNCS. remove strchr and strrchr, add strtok_r from/to AC_BROKEN. * aclocal.m4 (AC_PATH_XTRA_XTRA): New macro. * aclocal.m4 (AC_FIND_FUNC, AC_FIND_FUNC_NO_LIBS): Two new arguments: includes and arguments) * configure.in: Need to supply arguments and includes to test for `res_search' and `dn_expand' * lib/kafs/afssys.c (k_setpag): Handle AFS_SYSCALL3 * Use `k_getpw{nam,uid}' instead of getpw{nam,uid}. * Replace lots of `strtok' with `strtok_r'. * lib/sl/sl.c: Allow unlimited number of arguments. Use `strtok_r' to divide up string into arguments. * lib/roken/roken.h: Added `strtok_r' * configure.in: Test for `strtok_r' * include/Makefile.in: Don't build in ss * Makefile.export: Fixed ChangeLog-generation * lib/sl/sl.c: Let `readline' to the \n-removal. Handle empty lines. Don't store empty lines in the history. Mon Nov 18 1996 * lib/sl/sl.c: Use readline compatible i/o. * lib/otp/otp_locl.h: Changed location of otp database to /etc * appl/otp/Makefile.in: Install otp setuid root. * util/Makefile.in: don't build SS * lib/sl: New directory. * kadmin/kadmin.c: Replaced SS by SL. Sun Nov 17 1996 * kadmin/kadm_funcs.c: Improved log messages. * Use KRB_TICKET_GRANTING_TICKET. * server/kerberos.c: Don't do any special logging when running as slave. * Lots of files: remove unnecessary `(void)' * Lots of files: remove unnecessary `register' declaration. * lib/krb/get_host.c: Only keep list of hosts from requested realm. * man/otpprint.1, otp.1: New files. * appl/otp/otp.c: `-s' is now default. * appl/otp/otp.c: removed count * lib/des/destest.c: more general quad_cksum test. * lib/otp/otp_print.c (otp_print_stddict_extended, otp_print_hex_extended): New functions. * lib/otp/otptest.c: New file. * appl/ftp/ftpd/ftpd.c: Change default auth level to what was formerly known as `user'. * appl/ftp/ftpd/ftpd.c: Orthogonalize arguments to -a * appl/kip/kip.c: Try all addresses we get back from the name server. * kadmin/kpasswd.c: updated to new functions. * lib/otp/otp_db.c (otp_db_open): Do a few retries. Unlock in case this file cannot be opened. * doc/kth-krb.texi: New chapter about OTPs. * appl/otp/otpprint.c, appl/otp/otp.c: Use OTP_ALG_DEFAULT. Consistent language Check return value from des_read_pw_string. * lib/otp/otp.h: Add OTP_ALG_DEFAULT * lib/krb/parse_name.c: New function krb_parse_name Sat Nov 16 1996 * appl/bsd/login.c: removed S/Key. Added OTP with option `-a otp' Reorganized verification loop. * appl/bsd/Makefile.in (login): Remove skey and add OTP * configure.in: Test for `uid_t' and `off_t' * appl/telnet/telnetd/telnetd.c: Removed `-s' for securID and added `-a otp' for OTP. * appl/kpopper: removed s/key and added OTP support. Updated man-page. * lib/otp/otp.h: more fields in the struct and a new function. * appl/ftp/ftpd/ftpd.c: Full OTP support. * appl/kx/rxterm.in: Add options: -l username, -r args_to_rsh, and -x args_to_xterm * appl/kx/rxtelnet.in: Add options: -l username, -t args_to_telnet, and -x args_to_xterm * man/kx.cat1: regenerated * man/kx.1: Added `-l' option. * appl/kx/kxd.c: Accept username from `kx' * appl/kx/kx.c: Introduced option `-l user' to be able to login as some other user. Fri Nov 15 1996 * appl/kx/kx.c: Print out display and not display_nr * lib/auth/Makefile.in: Fix the case with empty SUBDIRS. * */Makefile.in: Use $(LN_S) instead of ln -s * */Makefile.in: Add @SET_MAKE@ * doc/latin1.tex: New file. * doc/kth-krb.texi: Use latin1.tex to be able to use one letter that some bear seem to think is important. * doc/kth-krb.texi: Added acknowledgements. * lib/auth/Makefile.in: Only build relevant subdirectories. * configure.in: Set @LIB_AUTH_SUBDIRS@ to the subdirectories of lib/auth that should be built. * lib/kafs/afssys.c: Only get tokens for each cell once. Thu Nov 14 1996 * man: Added man pages for movemail(1) and kerberos(8). * kadmin/kadmin_cmds.ct: Add `add' for add_new_key and `passwd' for change_password. * lib/krb/logging.c: Now actually compiles! * config.{guess,sub}: Merge changes from Autoconf * lib/krb/{recv,send}auth.c: Don't return errno if there is a system error. Wed Nov 13 1996 * util/ss/Makefile.in: Now even compiles with BSD make! * appl/kx: Now send the complete display from `kxd' to `kx'. This should enable it to work better with Xlibraries that don't support unix sockets. * kuser/klist.c: conditionally include and before * lib/krb/resolve.h: Add fallback for `T_TXT'. * appl/otp/otp.c: removed print-functionality. * appl/otp/otpprint.c: New file. * appl/otp/Makefile.in: New program `otpprint' * lots of Makefile.in: Now should be possible to build with makes that have broken VPATH-handling. * configure.in: Always replace REAL_SHARED & c:o so that some libraries may be built as shared. Removed unused AC_SUBST. Only build afskauthlib on irix. * lib/auth/afskauthlib/Makefile.in, lib/auth/sia/Makefile.in, lib/auth/pam/Makefile.in: Always build as a shared library. * appl/kx/rxtelnet.in, appl/kx/rxterm.in: export PATH (from ). * lib/krb/{pkt_cipher,fgetst}.c: Removed * lib/krb/name2name.c: Renamed k_name_to_name to krb_name_to_name Mon Nov 11 1996 * appl/telnet/telnetd/sys_term.c: Really remove bad stuff from environment. Fri Nov 8 1996 * appl/bsd/rlogind.c (main): `portnum' should be int. * appl/bsd/sysv_environ.c: Use _PATH_ETC_ENVIRONMENT * appl/bsd/pathnames.h: _PATH_ETC_ENVIRONMENT: new * lib/krb/get_host.c (srv_find_realm): New parameter `service' * lib/krb/unparse_name.c: New function. Tue Nov 5 1996 * lib/auth/pam/pam.c: Add PAM Kerberos module. Mon Nov 4 1996 * configure.in: configure in lib/auth/afskauthlib * lib/kafs/afssys.c: New function `k_afsklog_uid'. * lib/auth/afskauthlib: New library that works like `afskauthlib.so' from Transarc. *lib/krb/get_host.c, lib/krb/getrealm.c, lib/kafs/afssys.c: Use dns_lookup(). * lib/krb/resolve.c (dns_lookup): Replaced several different resolver functions with one more generalized. Sun Nov 3 1996 * Add check target in lib/krb. * appl/bsd/login.c (main): Sleep 10 seconds before bailing out so that there is a chance of reading the error message. * appl/bsd/rsh.c (main): When invoked as rlogin equivalent change to real uid before execing rlogin. Sat Nov 2 1996 * appl/bsd/utmp_login.c: Do the right thing on systems where UTMPX_DOES_UTMP_LOGGING is defined. * lib/krb/krb.h: names for `krb_kuserok' prototype * lib/krb/get_host.c: Add tcp/kerberos.REALM as well. * appl/bsd/su.c: Replace call to `kuserok' by `krb_kuserok'. * lib/otp/otp_parse.c: Add support for parsing extended responses (draft-ietf-otp-ext-01). * lib/otp/otp.h: Define OTP_HEXPREFIX and OTP_WORDPREFIX. * appl/otp/otp.c: Add option `-e' for printing responses in extended mode (according to draft-ietf-otp-ext-01.txt). * lib/krb/kuserok.c: Function krb_kuserok now takes name, instance, realm rather than an AUTH_DAT. Fri Nov 1 1996 * lib/auth/sia: Add SIA Kerberos module. * lib/roken/roken.h: Need to include signal.h prior to defining SIG_ERR. * appl/bsd/utmpx_login.c (utmpx_update): Minor restructuring for simplified maintainability. * appl/bsd/utmp_login.c (utmp_login): Even when there are utmpx files on this system we should also log to the utmp files. If there are no utmp files we of course don't have to log to them. * Makefile.export: now generate PROBLEMS and COPYRIGHT as well. * PROBLEMS, COPYRIGHT, doc/kth-krb.info: removed * doc/kth-krb.texi: Put copyrights in marketing order. * appl/kpopper/popper.h: client and ipaddr should be char [] so that we can store the names there. * appl/kpopper/pop_init.c: save copies of addresses that otherwise get overwritten. Mon Oct 28 1996 * lib/krb/send_to_kdc.c (send_recv_it): Use `recv' not `recvfrom' to make winsock happy. Also don't care anymore about from which address we got the answer since we do a `connect'. * admin/adm_locl.h, lib/kdb/kdb_locl.h, kadmin/kadm_locl.h, lib/krb/krb_locl.h, lib/roken/strftime.c, server/kerberos.c: Do not use #if, use #ifdef. * configure.in: Test for `rand' and `getuid' * slave/kprop.c: Don't terminate on trivial errors in slaves-file. Sun Oct 27 1996 * doc/Makefile.in: Install from source directory if necessary. * lib/krb/kuserok.c: Do not use `k_getpwnam' in libkrb. * configure.in: You can't even use `unset', Ultrix sh does not have it. * several files: Check status from des_read_pw_string. * server/kerberos.c: Make sure all data is recieved on a tcp socket before trying to reply. * lib/krb/krb.h: Add for `struct tm' * appl/kx/Makefile.in: Both kx and kxd requires @XauWriteAuth@ * configure.in: Fix test for `XauReadAuth' Fri Oct 25 1996 * lib/krb/get_host.c (init_hosts): Must ntohs(KRB_PORT) on machines running backwards. * More consistent use of CRLF in telnet and telnetd. * Removed redundant -I$(srcsdir)/../../include from compiler args. * appl/ftp/ftpd/ftpd.c: New option `-a otp' to allow OTPs but no ordinary passwords in cleartext. * appl/ftp/ftpd/Makefile.in: Link `ftpd' with -lotp * lib/Makefile.in: Add otp * include/Makefile.in: Add otp.h * configure.in: Test for ndbm.h Generate Makefiles in lib/otp and appl/otp * appl/otp: New program to set up and generate OTPs. * lib/otp: New library for one-time passwords (RFC1938). * lib/krb/get_host.c (srv_find_realm): Added parameter `proto' * lib/des/Makefile.in: Add md4 and sha. run `mdtest' from check. * lib/des/md4.h, lib/des/md4.c, lib/des/sha.c, lib/des/sha.h, lib/des/mdtest.c: New files. * appl/kauth/Makefile.in: Make $(libexedir) as well. Thu Oct 24 1996 * appl/bsd/rlogind.c (setup_term): Actually set the speed of the terminal. * appl/bsd/rlogin.c (main): Do a `speed_t2int' before putting the speed in the TERM variable. * appl/bsd/rcmd_util.c: New functions: `speed_t2int' and `int2speed_t'. * appl/bsd/bsd_locl.h: Added prototype of `speed_t2int' and `int2speed_t'. Sun Oct 20 1996 * appl/bsd/login.c: Do `getspnam' before change the UID. Also call `endspent' * appl/krbmanager: New program used on PCs by kclient. * lib/kclient: New library. * lib/des, lib/krb: Added some PC-specific files. * doc/kth-krb.info: Regenerated. * doc/Makefile.in (kth-krb.info): Some stupid makes don't understand $< (kth-krb.html): New rule. * doc/kth-krb.texi (Compiling from source): Added some references about Socks. Sat Oct 19 1996 * doc/kth-krb.texi: Added text about ``--with-socks''. * configure.in: Use `AC_TEST_PACKAGE' for skey and socks. * aclocal.m4: Replaced `AC_TEST_SOCKS' and `AC_TEST_SKEY' with the more general `AC_TEST_PACKAGE'. Fri Oct 18 1996 * configure.in: call AC_TEST_SOCKS * acconfig.h: SOCKS * aclocal.m4: Added AC_TEST_SOCKS * lib/krb/send_to_kdc.c (send_to_kdc): Removed unused `f' and close. Thu Oct 17 1996 * man/popper.8: Option `-i' * appl/kpopper/pop_send.c: clean-up * appl/kpopper/popper.h: Removed old garbage and added SKEY. * appl/kpopper/pop_xmit.c: clean up * appl/kpopper/pop_user.c: SKEY-support * appl/kpopper/pop_pass.c: Added support for spaces in passwords and S/Key. * appl/kpopper/pop_init.c: Moved some variables into struct pop (main): Added support for `-i' * appl/kpopper/pop_get_command.c: New command "HELP". * appl/kpopper/Makefile.in: Add SKEY-stuff. * lib/krb/get_host.c: Use `k_getportbyname(KRB_SERVICE,...)' as a default instead of KRB_PORT * lib/krb/getaddrs.c (k_get_all_addrs): Add gethostbyname(k_gethostname()) as a fallback. * lib/krb/k_getport.c (k_getportbyname): proto can be NULL * lib/krb/krb.h: Only include if HAVE_SYS_TYPES_H * lib/krb/prot.h: KRB_SERVICE: Added * server/kerberos.c: Replaced linked list with a vector. Wed Oct 16 1996 * server/kerberos.c: Add support for TCP connections. * lib/krb/send_to_kdc.c: On stream sockets, use krb_net_read rather than recvfrom. Mon Oct 14 1996 * doc/kth-krb.texi: Only use `kdb_edit' to add the initial `nisse.admin'. Add all other users with `kadmin'. * doc/kth-krb.info: new file. * doc/kth-krb.texi: Added some text about kx and ftp. * appl/ftp/ftpd/ftpcmd.y, util/ss/ct.y, util/et/error_table.y : Added code for handling the case of using `bison' and having no `alloca'. Alloca is usually never called anyway, so we just use `malloc'. * appl/kx/kxd.c: All static variables are now global and in common.c. (doit_conn, doit): Turn on TCP_NODELAY. (create_and_write_cookie, suspicious_address): Moved to common.c * appl/kx/kx.c (connect_host): Try all addresses of `host'. Turn on TCP_NODELAY. (doit): prepare for TCP-only hosts. (usage,main): add `-t' (main): Passive mode is possible again. * appl/kx/kx.h: More #ifdefs for include files. Declarations for global variables. * appl/kx/common.c (get_xsockets): Try to chmod dirname(`X_UNIX_PATH') (get_xsockets): Turn on TCP_NODELAY on TCP connections. * doc/Makefile.in: New file * Makefile.in: Added `doc' to `SUBDIRS' * configure.in: Generate `doc/Makefile' Sun Oct 13 1996 * appl/bsd/rcp.c (main): Made rcp AFS aware. * lib/krb/kuserok.c (kuserok): Act as if luser@LOCALREALM is always an entry of .klogin. Sat Oct 12 1996 * appl/kx/rxtelnet.in: Start the `xterm' process correctly. * lib/des/rnd_keys.c (sumFile): consider the case that `res' is not longword-aligned. * lib/krb/get_host.c (parse_address): `getservbyname' should really get proto = NULL * lib/krb/send_to_kdc.c (krb_udp_port): removed (send_to_kdc): removed `addrlist' * lib/krb/send_to_kdc.c: Support not only UDP. * lib/krb/get_host.c (krb_get_admhst): Really ask for a admin host if that's what we want. Thu Oct 10 1996 * lib/krb/get_host.c: Simplified some code. Added stub-support for SRV-records. Wed Oct 9 1996 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: PDC are unable to give correct instructions to their users and therefore we have to add strange directories to the PATH. * appl/kx/rxtelnet.in: Support sending arguments to telnet. * appl/kx/rxterm.in: rsh can reside in path or %bindir% support extra arguments to xterm (from ). * appl/kx/rxtelnet.in: Try to find some kind of terminal emulator for X. * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Look for kx in $PATH and %bindir%. * appl/kx/common.c (get_xsockets): `mkdir' the correct directory. From * lib/krb/send_to_kdc.c: Changes to allow other than udp port 750 connections. * lib/krb/get_host.c: rewrite of krb_get_{adm,krb}hst. Sun Oct 6 1996 * appl/ftp/ftpd/ftpd.c (retrieve): Got rid of `sprintf'. * configure.in: Fix order for x libs. From . Check for `fcntl', `alloca', `winsock.h', and `io.h'. * lib/krb/krb_locl.h: Check for and * lib/krb/krb.h: Check for winsock.h * lib/krb/k_flock.c: Better test for `fcntl' with locking. * lib/krb/et_list.c: Hopefully correct pragma this time. From Thu Oct 3 1996 * lib/krb/klog.c (klog): Do not forget to print the text. * lib/krb/log.c (krb_log): Print space after time in log. Wed Oct 2 1996 * appl/kpopper/popper.h: Add field msg_id to hold Message-Id for UIDL command. * appl/kpopper/pop_dropinfo.c (pop_dropinfo): Support for UIDL command. Saves Message-Id to be used as unique id. Everything is #ifdef:ed UIDL. * appl/kpopper/pop_get_command.c: Recognize UIDL command. * appl/kpopper/pop_uidl.c (pop_uidl): POP3 UIDL command implementation. * appl/kpopper/Makefile.in: New file pop_uidl.c. * configure.in: Made some of the tests into macros defined in aclocal.m4 * appl/telnet/libtelnet/kerberos.c: Given better error message when user is not authorized to login. * lib/roken/k_getpwuid.c, lib/roken/k_getpwnam.c: Call `endpwent'. If we are using a BSD-kind of system we should not leave the shadow password database open. * appl/xnlock/xnlock.c: Got rid of all `register' declarations. * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Use `set --' Mon Sep 30 1996 * lib/roken/k_getpwnam.c, lib/roken_k_getpwuid.c: Call `endspent' to try to close the shadow password file. * appl/ftp/ftpd/ftpd.c (retrieve): Cut the argument to the command and the first character of the extension. * lib/krb/send_to_kdc.c: Sun doesn't have any strerror so we can't use that here. We are only printing debug messages anyway, so just print errno for now. * appl/kx/rxtelnet.in: Now using SIGUSR2. * appl/kx/kx.c: Now using SIGUSR1 to mean `exit when number of children goes down to zero'. SIGUSR2 is `exit when number of children is equal to zero'. * appl/xnlock/xnlock.c: More fixup of old code. * appl/ftp/ftpd/ftpd.c: Only call `filename_check' for guest users. * configure.in: Added tests for more header files. Also added more ifdefs when actually including those files. * appl/kx/Makefile.in: Do not build programs if we have no X11. Sun Sep 29 1996 * appl/xnlock/xnlock.c (main): Support for shadow passwords. * lib/roken/k_getpwuid.c: New file, better support for shadow passwords. * appl/telnet/Makefile.in: Use SET_MAKE * appl/ftp/ftpd/ftpcmd.y: Remove access to several commands for anonymous users. * lib/krb/get_krbhst.c: Look for kerberos-#.realm. * appl/ftp/ftpd/popen.c: Execute files from ~ftp if possible. * appl/ftp/ftpd/ftpd.c: Add find site command. * appl/ftp/ftpd/ftpd.c: Add special handling of nonexistant files with extensions {,.tar}{,.gz,Z}. Sat Sep 28 1996 * configure.in: Check for sys/times.h, sys/param.h, and sys/timeb.h * lib/des: autoconfed a little to make it compile. * lib/roken/roken.h: Add `max', `min', and definitions for broken syslogs. * appl/bsd/bsd_locl.h: Removed SYSLOG-garbage and max. * appl/kx/kx.h: Remove prototype of childhandler. * appl/kx/common.c: Remove childhandler. Not common any more. * appl/kx/rxterm.in: Send SIGUSR1 to kx before starting xterm. * appl/kx/rxtelnet.in: Send USR1 to kx at appropriate moment. * appl/kx/kx.c: Die after receiving SIGUSR1 and when number of children goes to zero. * lib/roken/roken.h: Add STDERR_FILENO * lib/roken/mini_inetd.c (mini_inetd): Also dup onto stderr. * lib/kafs/Makefile.in (afslib.so): Change argument so they work with `ld' instead of `cc' * appl/kx/kxd.c: writeauth.c as separate file. * appl/kx/kx.c: `-d' option to disable forking. * appl/kx/Makefile.in: Compile and link writeauth.c if necessary. For some stupid reason $< does not work correctly in BSD make. Use $(srcdir) instead. * appl/ftp/ftp/ftp_locl.h: Only include once. * configure.in: Use strange X flags when looking for XauReadAuth. Add XauWriteAuth if we need to include it. Fri Sep 27 1996 * appl/sample: Sample programs work again. * appl/kx/kxd.c (main): use `mini_inetd' * appl/kx/kx.c: Use KX_PORT * appl/kx/kx.h: Remove SOMAXCONN and add KX_PORT * appl/kauth/kauthd.c (main): use `mini_inetd' * appl/ftp/ftpd/ftpd.c: Removed `conn_wait' and use `mini_inetd' instead. * appl/bsd/bsd_locl.h: Prototypes for `get_shell_port' and `get_login_port' * appl/bsd/rcmd_util.c: New file. * appl/bsd/Makefile.in: Added rcmd_util.c * appl/bsd/rcp.c: Moved `get_shell_port' to rcmd_util.c * appl/bsd/rsh.c: Moved `get_shell_port' to rcmd_util.c * appl/bsd/rlogind.c (main): Use `mini_inetd' * appl/bsd/rshd.c (main): Add support for interactive mode with `-i'. * appl/telnet/telnetd/telnetd.c (main): use `mini_inetd' * lib/roken/roken.h: Added prototype for `mini_inetd', and fallback definitions for SOMAXCONN, STDIN_FILENO, and STDOUT_FILENO. * lib/roken/Makefile.in: Added mini_inetd.o * lib/roken/mini_inetd.c: New file. Thu Sep 26 1996 * appl/kx/kxd.c (doit): read port number in ascii. * appl/kx/kx.c (doit): write port number in ascii. * appl/kauth/rkinit.c (doit_host): Check return value from `read_encrypted'. * appl/kauth/kauthd.c (doit): Removed unnecessary sprintf's before syslog. * lib/krb/krb_get_in_tkt.c (krb_get_in_tkt): Return error code from `tf_create' and not always INTK_ERR. * lib/krb/tf_util.c (tf_create): Correct check for return value from `open'. * lib/des/rnd_keys.c (des_rand_data): Try /dev/urandom as well. Wed Sep 25 1996 * appl/afsutil/pagsh.c (main): One-of error hopefully fixed this time. * configure.in: Add test for * kadmin/Makefile.in: Add back $(CRACKLIB) Mon Sep 16 1996 * appl/kx/Makefile.in: Create rxterm and rxtelnet at compile time. * kstring2key moved to appl/afsutil. Sun Sep 15 1996 * appl/kx/kx.c (main): For now always use passive mode. That's the only thing that has been tested and not a lot of people are going to use non-passive anyways. * appl/kx/kx.c (connect_host): write display_number in ascii. * appl/kx/kxd.c (doit): read display_number in ascii. * appl/kx/common.c (get_local_xsocket): Generate the /tmp/.X11-unix directory with the sticky bit set. * configure.in: Generate appl/kx/rxterm and appl/kx/rxtelnet. * appl/kx/Makefile.in: Install rxterm and rxtelnet. * appl/kx/rxterm.in, appl/kx/rxtelnet.in: New files. * appl/kx/common.c (get_local_xsocket): try to bind the socket instead of checking for existence with lstat. * appl/kx/kxd.c: Detect remote termination and cleanup on exit. Sat Sep 14 1996 * lib/des/rnd_keys.c: Hack for systems that lack setitimer (like crays). * appl/kx/kxd.c (doit): Send over the display number and the authority file actually used to kx. (create_and_write_cookie): New function to generate and write into a file a local cookie used between this pseudo-server and the clients on this host. (start_session): New function to check and remove the local cookie before the data is sent over to `kx'. * appl/kx/kx.c (display_num, xauthfile): New variables. Now `kx' prints out the values of those two variables and then goes to the background to enable some script to set these on the other host. (start_session): New function that adds a local cookie before sending the rest of the connection to the local X-server. (main): Also recognize "unix" as a local DISPLAY. * appl/kx/kx.h: used. (get_local_xsocket): Changed parameter. * appl/kx/common.c (get_local_xsocket): Now try to allocate the first free socket in /tmp/.X11-unix. Also `mkdir' this directory first. Return the number of the display opened. * appl/kx/Makefile.in: Added X libraries. * lib/des/des.h: Added prototype for `des_rand_data'. * lib/des/rnd_keys.c: Made `des_rand_data' non-static. This function is useful and now even used. Wed Sep 11 1996 * appl/bsd/login.c: Use k_afs_cell_of_file() to get tokens for the cell of the home catalog rather than the local cell. * lib/kafs/afssys.c: Add k_afs_cell_of_file. Tue Sep 10 1996 * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c: Removed all convex code. Mon Sep 9 1996 * appl/telnet/telnetd/termstat.c: UNICOS5: removed * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c: NEWINIT, UNICOS7x, UNICOS5: removed STREAMSPTY: added variable `really_stream' Now able to handle the case where the OS supports stream ptys but we run out of them and start using ordinary BSD ones. * appl/telnet/telnetd/state.c: UNICOS5: removed * appl/telnet/telnetd/pathnames.h: BFTPPATH: removed * appl/telnet/telnetd/ext.h, appl/telnet/telnetd/global.c: BFTPDAEMON: removed. UNICOS5: removed. * appl/telnet/telnetd/ext.h: STREAMSPTY: added variable `really_stream'. * lib/krb/stime.c (krb_stime): argument should be `time_t'. lib/krb/krb_locl.h: changed prototype. Sun Sep 8 1996 * configure.in: Also generate `appl/sample/Makefile' * appl/Makefile.in: Use @SET_MAKE@. Include sample * lib/krb/Makefile.in: Add krb_stime, krb_mk_auth, and krb_check_auth. * util/et/compile_et.c (main): Include in foo.c * slave/kprop.c: exit with return code == 1 to indicate failure. * server/kerberos.c (usage): Fixed usage string. * lib/krb/tkt_string.c (tkt_string): Removed bogus extern declaration of `getuid'. * lib/krb/tf_util.c (tf_save_cred): Removed bogus extern declaration of `lseek'. * lib/krb/stime.c (stime): Renamed to `krb_stime' * lib/krb/sendauth.c (krb_sendauth): reimplemented using `krb_mk_auth' and `krb_check_auth'. * lib/krb/send_to_kdc.c (send_recv): Removed stupid cast. * lib/krb/recvauth.c: Removed KRB_SENDAUTH_VERS * lib/krb/prot.h: create_auth_reply: correct prototype. krb_create_death_packet: ditto. KRB_SENDAUTH_VERS: moved here from sendauth.c and recvauth.c * lib/krb/month_sname.c: Made `month_sname' const. * lib/krb/mk_req.c: Remove stupid `register' * lib/krb/log.c (krb_log): Use `krb_stime' * lib/krb/kuserok.c (kuserok): Nightmare Filesystem might return ESTALE. Treat it the same way as ENOENT. * lib/krb/krb_locl.h: Added prototype for `krb_stime' * lib/krb/krb_check_auth.c: New file with `krb_check_auth', implemented for compatibility with CNS. lib/krb/krb_mk_auth.c: Ditto. * lib/krb/krb.h: Removed duplicate declarations of `get_request' and `krb_get_admhst'. Added declarations for `krb_mk_auth' and `krb_check_auth'. * lib/krb/kparse.h: removed prototype for `strsave' * lib/krb/kparse.c (fGetParameterSet): Use `strdup' instead of `strsave'. (strsave): Removed. * lib/krb/kname_parse.c: Removed stupid `register' declarations. * lib/krb/klog.c (klog): Use `krb_stime' * lib/krb/get_phost.c: Handle the case where the name has no dots in it by just returning it as-is. * lib/knet/Imakefile, lib/knet/getkdata.c, lib/knet/phost.c, lib/knet/sendkdata.c: removed unused files. * lib/kadm/kadm_cli_wrap.c (kadm_init_link): use `k_getportbyname' * kadmin/ksrvutil_get.c (get_srvtab_ent): Erase the key if something goes wrong. Include realm in the message when writing a key. (parseinput): New function that removes quotes and backslashes from input. (ksrvutil_get): Use `parseinput' to read input. * kadmin/ksrvutil.c (safe_read_stdin): Correct use of printf. Removed bogus casts and fflush of stdin. (main): Use `return' instead of `exit'. * kadmin/kpasswd.c (main): Use `return' instead of `exit'. * kadmin/admin_server.c: exit with return code == 1 to indicate failure. * appl/sample/sample_server.c: Rewrote to use all new functions. * appl/sample/sample_client.c: Rewrote to use all new functions. * appl/sample/sample.h: new file. * appl/sample/Makefile.in: new file. * appl/movemail/pop.c (socket_connection): use `k_getportbyname' * appl/kpopper/pop_init.c: exit with return code == 1 to indicate failure. * appl/kauth/kauth.c (doexec): new-style definition. ret should be a `pid_t'. (main): new-style definition. Use `prog' instead of `argv[0]' * appl/ftp/ftp/extern.h: Removed unused `abortsend' * appl/ftp/Makefile.in: Use @SET_MAKE@ * appl/bsd/rsh.c: get_shell_port: use `k_getportbyname' * appl/bsd/rlogin.c: get_login_port: use `k_getportbyname' * appl/bsd/kcmd.c: Removed bogus casts to `caddr_t' * admin/kstash.c: Removed bogus flushing of stderr. Replaced lots of `exit(-1)' by `return 1' * admin/kdb_util.c: Removed unused variable `aprinc'. Removed bogus flushing of stderr. Replaced lots of `exit(-1)' by `return 1'. * admin/kdb_edit.c, admin/kdb_init.c: use `return' instead of calling `exit' and use 1, not -1, for failure. * Makefile.in: Use @SET_MAKE@ * aclocal.m4: AC_NEED_PROTO: need macro to determine if we need to define a prototype for a function. * configure.in: Reordered. Removed unused stuff. Start using AC_NEED_PROTO. * config.guess: merged in FSF version from 960908. Tue Sep 3 1996 * include/protos.H: Added optarg, opterr, optind, optopt and (fclose under Sunos 4). Removed these declarations from lots of other files. * acconfig.h: Add undefs for h_errno, h_errlist, optarg, optind, opterr, and optopt. * configure.in: Use `AC_NEED_DECLARATION' for h_errno, h_errlist, optarg, optind, opterr, and optopt. * aclocal.m4: New macro `AC_NEED_DECLARATION' to figure out if we need to have an external declaration of a variable. Mon Sep 2 1996 * lib/krb/krb.h: Removed unused `req_act_vno' and `k_log'. Changed all callers. * lib/krb/krb.h: Removed definition of `MAX_HSTNM'. * lib/krb/send_to_kdc.c: Removed use of `MAX_HSTNM'. * appl/afsutil/pagsh.c: Some reformatting and fixed the off-by-one args bug. Sat Aug 31 1996 * lib/krb/{send_to_kdc.c, getrealm.c}, appl/xnlock/xnlock.c, appl/kauthkauth.c, appl/bsd/{rshd.c,rlogind.c}: Removed '#if 0'-ed code. * lib/krb/get_in_tkt.c: Removed '#if 0'-ed code and now compiles with NOENCRYPTION. * kadmin/ksrvutil.c: Now compiles with NOENCRYPTION. * appl/ftp/ftpd/ftpcmd.y: Throw away passwd after use. * appl/ftp/ftpd/ftpd.c: Fixed old comment. * slave/kpropd.c: s/sa_len/salen/ Irix has a #define for sa_len. * lib/kdb/krb_dbm.c: If key->dptr is not a `char *' we have to cast it before adding to it. * configure.in: Old test for `sa_len' in `struct sockaddr' fails on IRIX 6.2. Try to compile a program refering to that field instead of grepping for it in . * appl/bsd/kcmd.c: Removed old and broken code. * configure.in: Check for `gethostname', `uname', and * lib/krb/k_gethostname.c: Try to use `uname' if we have no `gethostname'. * appl/ftp/ftpd/klogin.c: Incorrect use of `gethostname' replaced by correct use of `k_gethostname'. * lib/roken/verify.c: Change name verify_unix_user -> unix_verify_user in analogy with krb_verify_user. Fri Aug 30 1996 * appl/xnlock/Makefile.in: Install man-page. * configure.in, */Makefile.in: Replace `-shared' with some other option when not using gcc. * lib/kafs/afssys.c: Do not start by checking if we have AFS in `k_afsklog'. * appl/bsd/rlogin.c: More kludges to make it work with rlogin on linux: Do not select for an exceptional condition on `rem' after having received EINVAL. Also rewrote ifndef NOENCRYPTION stuff. * appl/bsd/rlogind.c: More kludges to make it work with rlogin on linux: Only send oob data just after having sent normal data to make sure we never send two consecutive bytes of oob data. Also rewrote ifndef NOENCRYPTION stuff. Thu Aug 29 1996 * lib/kafs/Makefile.in: Use `ld' instead of `cc' for linking afslib.so. Not everybody has cc. Wed Aug 28 1996 * Release 0.9.2a Mon Aug 26 1996 * appl/bsd/login.c: Clean-up. Made static a lot of functions and variables. Rewrote some function definitions to ANSI-style. * appl/bsd/sysv_environ.c: KRB4_MAILDIR may and may not contain a trailing slash. We need to be very careful to make sure the contents of $MAIL does not contain two, because RMAIL in emacs uses it and emacs is no friend with double slashing. * lib/kafs/afssys.c (k_afsklog_all_local_cells): Now should return correct value. Sun Aug 25 1996 * Release 0.9.2. Sat Aug 24 1996 * lib/roken/hstrerror.c: Check for h_errlist prototype. Thu Aug 22 1996 * lib/krb/send_to_kdc.c, etc/services.append, server/kerberos.c: Changed `kerberos' to `kerberos-iv' now that it has been registered with IANA. * man/rshd.8, man/rlogind.8: updated documentation of `-a' * lib/roken/roken.h: Added declaration of `h_errno' * kuser/Makefile.in: Link kdestroy with KRB_KAFS_LIB * appl/kauth/kauth.h: Stupid declarations for syslog. * appl/kauth/kauthd.c: syslog errors and success. * include/protos.H: Removed `h_errno', now in roken.h Declare `getusershell' under solaris. * configure.in, acconfig.h: Figure out if we have to declare `h_errno'. * appl/ftp/ftp/kauth.c: Added support for afs_string_to_key. Wed Aug 21 1996 * lib/kafs/afssys.c: Look for AFS database servers in dns also. * lib/kafs/afssys.c: Add support for a ~/.TheseCells-file. Sun Aug 18 1996 * appl/bsd/rlogind.c: Removed unused `check_all' variable. Use `inaddr2str'. * appl/bsd/rshd.c: Use `inaddr2str'. * appl/bsd/iruserok.c: Removed potential buffer overrun after `gethostbyaddr'. * lib/roken/inet_aton.c: Some const-ness. * lib/roken/Makefile.in: Add `inaddr2str.o'. * appl/ftp/ftpd/ftpd.c: Use `inaddr2str'. * lib/roken/inaddr2str.c, lib/roken/roken.h: New function `inaddr2str' to convert an IP address into a verified hostname or a string of the form x.y.z.a * lib/krb/{krb_locl.h, krb.h, k_name_to_name.c, k_getsockinst.c, getrealm.c}: Some const-ness. * appl/bsd/bsd_locl.h: Removed another prototype for `crypt'. * appl/kpopper/popper.h: Some const-ness to get rid of a warning. * appl/bsd/rshd.c: Always check reverse mapping. Removed `local_domain' and `top_domain'. Added some const-ness. Sat Aug 17 1996 * include/Makefile.in: Removed VPATH. With it this makefile does not work correctly. * lib/krb/rw.c, lib/krb/krb_locl.h: Changed parameters to `krb_{get,put}'-functions to void *. * include/protos.H: Add `getusershell' in solaris. * appl/kauth/kauthd.c, appl/bsd/{rlogin.c,rlogind.c}: Less warnings because of arguments to `setsockopt'. * lib/roken/roken.h: Fixed prototype of `inet_aton' Wed Aug 14 1996 * lib/roken/verify.c: Use if there is one. * lib/kafs/Makefile.in: AFS_EXTRA_LIBS is always called `afslib.so'. Otherwise some makes get upset when there is no such library to be made. * appl/telnet/telnetd/telnetd.h: are needed to get prototype for `ptsname'. * appl/bsd/rlogind.c, appl/kpopper/pop_dropinfo.c, appl/telnet/libtelnet/{auth.h,enc_des.c,kerberos.c}, appl/telnet/telnet/utilities.c, appl/telnet/telnetd/{sys_term.c, telnetd.h, kadmin/admin_server.c, kuser/klist.c, lib/kdb/{krb_cache.c, krb_dbm.c}, lib/krb/{fgetst.c, getst.c, log.c, tf_util.c}: Include type `int' on all definitions and remove unnecessary `register'. * appl/bsd/login_access.c: Fix parameter declaration to `netgroup_match'. * appl/bsd/forkpty.c, include/protos.h: s/__sgi__/__sgi//g * admin/kdb_util.c: Use `errno' for error message instead of uninitialized variable. Tue Aug 13 1996 * appl/kauth/rkinit.c: Default port should be the same in kauth and kauthd. Sun Aug 11 1996 * configure.in: Added `AC_REVISION' * slave/kpropd.c: Cleaned up structure. Now returns useful value. * lib/roken/verify.c: Broken OSes need declartion of `crypt'. * lib/roken/roken.h: Added prototype for `verify_unix_user'. * lib/krb/lsb_addr_comp.h: Added prototype for `lsb_time'. * lib/krb/{get_admhst.c, get_default_principal.c, get_krbhst.c, get_krbrlm.c, getrealm.c, realm_parse.c} : Check for buffer overwrite correctly. * lib/krb/rw.c, lib/krb/krb_locl.h: Prepended `krb_' to `get_int', `put_int', `get_address', `put_address', `put_string', `get_string', `get_nir', and `put_nir'. Changed all callers. * lib/kdb/krb_db.h: Added prototype for `kerb_delete_principal' and `kerb_db_delete_principal'. * lib/kadm/kadm_cli_wrap.c: Removed unused variable. * appl/telnet/telnetd/telnetd.c: Changed bogus `strncpy' to `strcpy'. * appl/bsd/su.c: Fixed error messages from execv. * appl/bsd/rlogin.c: Fixed potential buffer overrun when reading "TERM". Thu Aug 8 1996 * appl/telnet/telnet/commands.c, appl/kauth/rkinit.c: Replaced `herror' by `hstrerror'. * appl/bsd/login.c: chmod the tty so that it is writable for group tty. * configure.in: Use AC_FIND_IF_NOT_BROKEN for herror and hstrerror. * aclocal.m4: New macro `AC_FIND_IF_NOT_BROKEN' * config.guess: Add 686 Tue Aug 6 1996 * lib/krb/getrealm.c: Fallback for `T_TXT' * configure.in: Look for `res_search' and `dn_expand' in libresolv. Mon Aug 5 1996 * */Makefile.in: Add Id to those missing it. * configure.in: Small fix in comment. * Release 0.9.1. * appl/ftp/ftpd/ftpcmd.y: s/timeout/ftpd_timeout/ * appl/kstring2key/kstring2key.c: `usage' changed to void. * lib/krb/mk_req.c: `build_request' changed to void. * appl/ftp/ftp/ftp_locl.h: Changed order of includes. * appl/bsd/login.c, appl/ftp/ftpd/*: s/timeout/login_timeout/ * lib/kafs/afssysdefs.h: undef AFS_SYSCALL if we are defining it. Sun Aug 4 1996 * lib/kafs/afssys.c: AIX systems will now correctly (I hope) detect whether AFS is loaded or not. This is currently a bit kludgy, and involves loading an external shared library, afslib.so, which can be put in athena/lib or pointed to with environment variable AFSLIBPATH. This is only tested on AIX 4 (due to lack of an AIX 3 system). * lib/krb/getrealm.c: Range-check the result from the DNS. * lib/krb/get_krbrlm.c: Try to use the DNS to find out which realm this host belongs to. * kadmin/ksrvutil_get.c: Fixed error message. * lib/kafs/*: Fix aix/afs brokenness. * lib/kadm/kadm_stream.c (stv_string): Range check. Fri Jul 26 1996 * appl/ftp/common/{ftp,ruserpass}.c: Less bogus domain name handling. Mon Jul 22 1996 * lib/krb/mk_req.c: Use encrypt_ktext() * configure.in, lib/kafs/afssys.c: Add option to exclude AFS support (this is useful only on AIX systems that doesn't have AFS). * configure.in: Removed configuration from subdirectories. Sat Jul 13 1996 * appl/ftp/ftp/extern.h, appl/ftp/ftp/ftp.c: Substitute `struct fd_set' with `fd_set'. Mon Jul 8 1996 * Makefile.in: install should depend on all. Sun Jul 7 1996 * appl/bsd/su.c: Allow root to set the uid without entering a password. Fri Jul 5 1996 * lib/krb/getrealm.c: Add automatic dns realm search. Thu Jul 4 1996 * lib/krb/log.c (krb_log): Renamed k_log(...) to krb_log(...) for compatibility with CNS. There is still a #define k_log krb_log. * util/et/et_list.c: Hack to resolve _et_list in shared libraries. Fri Jun 28 1996 * appl/bsd/rlogin.c (reader): If after a select rlogin fails to read expected OOB data try to read ordinary data before continuing. * appl/bsd/rlogin.c (oob_real): SunOS5 tty race kludge. * appl/bsd/rlogind.c: Cleanup oobdata stuff. Thu Jun 27 1996 * appl/bsd/login.c (main): Also check for complete tty name with `rootterm'. * lib/krb/check_time.c: New function `krb_check_tm'. * lib/roken/tm2time.c: New function `tm2time', mktime generalized to local timezone and UTC. * kadmin, admin: Use `tm2time' and `krb_check_time' instead of `maketime'. Tue Jun 25 1996 * lib/krb/mk_priv.c (krb_mk_priv): Send correct address. * appl/kauth/kauthd.c: Set ticket file to some sane default, and add -i debugging switch. Mon Jun 24 1996 * appl/xnlock, appl/kauth, appl/telnet/telnetd: Use BINDIR and not `/usr/athena/bin'. Wed Jun 19 1996 * appl/bsd/rlogin.c: consistent usage of oob_real. * appl/bsd/rlogind.c: Do not send oob garbage when running solaris? Seems that linux is unable to handle the duplicate urgent data that is the result. * appl/bsd/rlogind.c: Fix usage. * appl/bsd/kcmd.c: Don't F_SETOWN. Mon Jun 17 1996 * lib/krb/rw.c: Add get_address() and put_address(). * appl/telnet/telnetd/telnetd.c: updated usage * appl/bsd/su.c: Replaced getpass by des_read_pw_string * appl/bsd/forkpty.c (ptym_open): Removed unused `ptr2'. * appl/bsd/rlogind.c: Removed unused functions and made others static. Sun Jun 16 1996 * Release 0.9. * appl/ftp/ftpd/ftpd.c: Don't just send data in plain when doing NLST. * configure.in: test for setresgid. * kadmin/ksrvutil_get.c: Fixed byte manipulations of keys. Sat Jun 15 1996 * lib/des/rnd_keys.c (des_rand_data): At least `srandom'. * appl/ftp/ftp/cmds.c: Support longer passwords when retrying login. * kadmin/admin_server.c, man/kadmind.8, kth-krb.texi: Reading key file from file is now the default. Use `-m' to enter it manually. `-n' is currently a no-op. * appl/ftp/ftpd/ftpd.c: Add S/Key support. * appl/ftp/ftpd/Makefile.in: Link with S/Key. * appl/ftp/configure.in: Test for S/key. * configure.in, aclocal.m4: Moved skey test to aclocal.m4. * appl/bsd/login.c: Correct argument to `skeyaccess'. Fri Jun 14 1996 * lib/krb/verify_user.c: New parameter to specify service key instance, NULL means "rcmd". * lots of files: All ticket filenames uses `TKT_ROOT'. * appl/bsd/rlogind.c: Check for uid == 0 and user != "root". Tue Jun 11 1996 * appl/kpopper/pop_init.c(pop_init): Got rid of some old ifdef'ed code. * lib/kdb/krb_dbm.c: Add macro for `dbm_delete' for the people that are ndbm challenged. Mon Jun 10 1996 * lib/krb/kname_parse.c: Got rid of duplicate defintions. * appl/ftp/ftp/ruserpass.c: Get hostname even if user has no '.netrc' file. * lib/kadm, lib/kdb, kadmin: Add database delete operation. * lib/krb/kname_parse.c: Allow dots in instances. * appl/bsd/rlogind.c (logwtmp): Only define `logwtmp' if it does not exist. Log more garbage. Sun Jun 9 1996 * appl/telnet/configure.in: Check for `logwtmp'. * appl/ftp/configure.in: Use `AC_FUNC_MMAP' * appl/bsd/forkpty.c: Removed all ugly pty search stuff from ptym_open(). * configure.in: Modified the creation of version.h, now actually shows up with ident.It is now also slightly more keen on creating a new version.h. Sat Jun 8 1996 * lib/roken/verify.c: for NULL. * appl/xnlock/xnlock.c (leave): Call XCloseDisplay, otherwise screen saver changes are not updated before closing the X connection. * appl/bsd/utmp_login.c: Remove tty-prefix from ut_id; this field is usually very short. Fri Jun 7 1996 * slave/kpropd.c: Add option -m to merge rather then load database. Thu Jun 6 1996 * admin/kdb_util.c: Add a merge operation. (One day it might be used to propagate only patches to the database) Wed Jun 5 1996 * appl/kpopper: Support both POP3 and KPOP3. * appl/xnlock/xnlock.c: Use `verify_unix_user' * lib/roken/verify.c: verify_unix_user: New function from xnlock for checking passwd in `/etc/passwd'. * appl/telnet/telnetd/sys_term.c: gettimeofday buglet * slave/kpropd.c: Rewrite of kpropd. * admin/kdb_util.c: Sanity check on input to load_db. * slave/kpropd.c: Use default value for fname. * slave/kprop.c: Use some sane default values for data_file and slaves_file. * admin/kdb_util.c: If there isn't any database when loading, create an empty one. Mon Jun 3 1996 * appl/telnet/telnetd/sys_term.c: Somewhat changed the way utmpx entries are created. It should now work on both Solaris and IRIX, without stale login information. Sat Jun 1 1996 * lib/krb/k_gethostname.c (k_gethostname): Fallback. * lib/krb/send_to_kdc.c (send_to_kdc), kadmin/kadm_ser_wrap.c (kadm_ser_init), slave/kprop.c (prop_to_slaves), slave/kpropd.c (main): Use `k_getportbyname'. Fri May 31 1996 * Lots of files: more #includes ifdefad and cleaned up. Thu May 30 1996 * Lots of files: Replaced bcopy/bzero/bcmp with memcpy/memset/memcmp. * lib/krb/get_default_principal.c: Use getlogin() if it is the BSD variant that actually gives some information. * lib/krb/create_ticket.c: Write correct address byteorder. * lib/kadm/kadm_stream.c,kadm_cli_wrap.c: Don't assume int32_t is four bytes. * kadmin/kpasswd.c: Allow principal without -n. * kadmin/kadmin.c: Use krb_get_default_principal. * appl/ftp/ftpd/ftpd.c: Fix bare newline bug. * appl/bsd/rlogind.c: Add -i and -p options to start rlogind from command line (for debugging). * INSTALL: Rewritten. Wed May 29 1996 * appl/ftp/ftp/krb4.c: Handle different sizes of returned checksum. * appl/bsd/Makefile.in: Don't install login setuid. Fri May 24 1996 * appl/bsd/rsh.c: Don't run away yelling if someone calls you `remsh'. Sun May 19 1996 * lib/krb/kdc_reply.c: Remove unused function decrypt_tkt. Sanity check on decrypted ticket. Wed May 15 1996 * server/kerberos.c: Should work with the new libkrb * appl/kip: Support more than one tunnel device. * lib/krb/*.c: All functions that create or decode kerberos packets have been rewritten. Hopefully, everything still works. This is to eliminate problems with wierd systems, like Crays, that doesn't have any two or four byte integers. Some of these changes could be a lot more pretty, and *many* assumptions that sizeof(int32) == 4 still exist in the rest of the code, though. As a side effect, all packets sent are now in network byte order. Mon May 13 1996 * configure.in: Shared libraries for Irix * Several fixes for UNICOS. * appl/ftp/ftp/krb4.c: Allow default data protection level through a "prot level" in .netrc. This really should be done in a more useful manner. Sun May 12 1996 * appl/xnlock/xnlock.c: Cleaned up user verification code. Now uses new function krb_verify_user. Also fixed a few problems with the password prompt box. * lib/krb/verify_user.c: New function krb_verify_user to verify a user with kerberos. * appl/kip: New program for forwarding IP packets over kerberised connections using tunnel devices. * appl/kauth/kauth.c, kadmin/ksrvutil.c: Use krb_get_default_principal * appl/bsd/rlogind.c: Do not change portnumber to host order if using kerberos. This will cause the magic `reverse-time-if-port-is-less-than' to fail. * lib/des/GNUmakefile: Removed file. This file causes problem when building in the source directory and when using GNU make which prefers this file to the generated Makefile. * appl/bsd/login.c: More careful when handling returned value from `getspnam'. Sat May 11 1996 * lib/krb/realm_parse.c: New function to expand a non-complete realm to its official name, e.g nada -> NADA.KTH.SE. * lib/krb/get_default_principal.c: New function to guess the default principal to use. Looks at any existing ticket file first, then at uid/logname etc. * kadmin/kadmin.c: Use kname_parse and allow different instances and realms. * lib/roken/k_getpwnam.c: New function k_getpwnam that should work with and without shadow passwords. * Lots of files: s/getpwnam/k_&/g. Tue May 7 1996 * lib/des/des_locl.h: DES library updated to version 3.23, des_locl.h now includes configure.h to get HAVE_TERMIOS etc. * lib/des/des.h: On the alpha define DES_LONG to unsigned int. * kuser/kinit.c: Handle passwords longer than 16 characters. * appl/xnlock/xnlock.c (GetPasswd): Handle longer passwords than 16 characters. Sun May 5 1996 * Release 0.8. * appl/ftp/ftpd/kauth.c: Klist command. * appl/ftp/ftpd: Removed `-g' from calls to ls. * appl/ftp/ftp/cmds.c (setpeer): Fix so that opening a second connection to a specified port works. * appl/telnet/telnet: Default is binary. * appl: Now build under Ultrix. * appl/kx: Now even builds on AIX. Sat May 4 1996 * lib/des: Now merged in libdes 3.21 on main branch. * appl/ftp/ftpd/logwtmp.c: Slightly different functionality. Works on systems that has more fields in struct utmp such as OSF/1. Still some questions about Solaris. * lib/krb/lsb_addr_comp.c: Now byteorder independent. * appl/kx: Rewrote kx & kxd to share more code. They are also now able to talk both ways. * lib/kdb/krb_dbm.c (kerb_db_rename): Now works properly when using berkeley DB. Thu Apr 25 1996 * lib/krb/get_krbrlm.c (krb_get_default_realm): New function for SunOS5 compat. * When building shared libraries link libkrb with libdes to be compatible with SunOS5. * Move lib/krb/krb_err.et to lib/kadm since it is only used there, no longer need to link libkrb against libcom_err. Wed Apr 24 1996 * lib/krb/lsb_addr_comp.h: Renamed ugly lsb_addr_comp. * Some porting to UNICOS. Tue Apr 23 1996 * Moved some junk from appl/bsd to libroken. * lib/roken/Makefile.in (LIBNAME): Added header file roken.h for library libroken.a. * Add kerberized ftp. * Add libroken. Mon Apr 22 1996 * appl/kauth/kauth.c: When commands are given to kauth, a new ticket file is used. Sat Apr 20 1996 * appl/xnlock/xnlock.c: Fixed a potential overwrite bug. Also works with more than one screen, only fancy stuff on screen 0, though. Fri Apr 19 1996 * appl/bsd/login.c, su.c, rshd.c, rlogind.c: Syslog and abort when getpwnam returns uid == 0 but user is not root. This is usually the result of an attack on NIS (former YP). Wed Apr 17 1996 * kadmin/ksrvutil.c (get_key_from_password): Support for generating AFS keys. From Sun Apr 14 1996 * appl/kx: New program for forwarding a X connection. Mon Apr 8 1996 * appl/bsd/rsh.c (get_shell_port): Default port number for ekshell changed from 2106 to 545. * appl/bsd/login.c (doremotelogin): Remove terminal speed from the value of $TERM in the case of an ancient rlogind being used. Thu Apr 4 1996 * lib/kafs/afssys.c (k_afsklog): Try to read from /usr/vice/etc/TheseCells for list of cells we should try to obtain tokens for. * appl/kauth/kauth.c (renew): Use cell even when renewing. * appl/kauth/kauth.c, appl/xnlock/xnlock.c: Always call k_afsklog with realm == NULL. * lib/kafs/afssys.c: More thorough guessing of what realm a cell belongs to. Wed Apr 3 1996 * appl/bsd/login.c: If setuid() failes and not logging in as root, exit. Tue Apr 2 1996 * server/kerberos.c: Set name, inst, and realm to NULL in APPL_REQUEST, error replies tend to look a bit funny otherwise. Thu Mar 28 1996 * appl/bsd/iruserok.c (iruserok): Imported iruserok() FreeBSD. Tue Mar 26 1996 * lib/des/Makefile.in: Removed enc_read.c enc_writ.c. * appl/bsd/Makefile.in: New file with the old functions from libdes. * appl/bsd/utmp_login.c: Fixed (hopefully) double utmp-entries in Solaris. Only put entries in one of utmp/utmpx, since they both get updated by putut*ent() anyway. Mon Mar 25 1996 * kuser/klist.c (main): Use verbose option (-v) to list key version numbers. * Release 0.7. Sun Mar 24 1996 * appl/bsd/rlogin.c (doit): Moved signal junk (as far as possible) to doit(). * configure.in: Check for getmsg with AC_TRY_RUN instead. Otherwise it fails under AIx 3.2. Now rlogind works on this so-called OS. Also cache value of berkeley db check. * lib/kdb/krb_kdb_utils.c: New experimental masterkey generation, enabled with --enable-random-mkey. This makes kdb_init et al generate random master keys, based on random input from the user. This comes in a package with auto-kstash, and possibility to enter lost master keys as base64. Moved default master key file from /.k to /var/kerberos/master-key, override with --with-mkey=file. * kadmin/kadmin.c (do_init): Handle the `-t' option to kadmin, meaning do not get a new ticket file. (From CNS). Fri Mar 22 1996 * appl/xnlock/xnlock.c: Removed some dead code, and a few unused header files. * kadmin/pw_check.c (kadm_pw_check): If kadm_pw_check() fails *pw_msg can't be 0! At the very least use the empty string but a descriptive error-message is preferred. * libtelnet: add nonbroken signal() function. Wed Mar 20 1996 * appl/kpopper/pop_pass.c (pop_pass): Use kuserok to determine if user is allowed to fetch mail. * appl/kpopper/*. Got rid of some ugly codes and some warnings. * appl/bsd/Makefile.in: signal.o was not included in OBJECTS, which made strange makes not doing what they should. * configure.in, appl/kpopper/popper.h, appl/bsd/pathnames.h: Now should work on systems that do not have mail spool files in /var/spool/mail. Looks for MAILDIR or _PATH_MAILDIR, usually from or . Defaults to /var/spool/mail. Mon Mar 18 1996 * appl/bsd/bsd_locl.h: TIOCPKT for those systems missing it. Fri Mar 15 1996 * lib/kafs/kafs.h: Use instead of * appl/bsd/rshd.c (doit): Don't set environ, send it as an argument to execle instead. * lib/kafs/kafs.h: Find definition of _IOW. * configure.in: Check for random. * appl/bsd/bsd_locl.h: Including gives too many conflicts. * appl/afsutil/pagsh.c: Check for random. Thu Mar 14 1996 * appl/bsd/bsd_locl.h, appl/telnet/telnetd/defs.h: Default values of `TIOCPKT_FLUSHWRITE' & c:o. * appl/telnet/telnet{,d}/Makefile.in (telnetd): Change order of linking in libraries. * configure.in: Check for interesting functions in libsocket and libnsl and not strange soriasis inventions. Wed Mar 13 1996 * appl/bsd/bsd_locl.h (fatal): Only use prototype or iruserok if the function does not exist. Mon Mar 11 1996 * lib/krb/krb_err_txt.c (krb_get_err_text): Changed name of krb_err_msg to krb_get_err_text(int) to be compatible with the CNS distribution. This function is used for instance by CVS-1.7. Sun Mar 10 1996 * configure.in, appl/Makefile.in: removed rkinit * etc/inetd.conf.changes, etc/services.append: Added kauth. * appl/kauth: Integrated rkinit into kauth. * appl/kauth/kauth.c (main): Only look for principal name if no -p has been given. * lots of files: prototypes and other small fixes. * appl/bsd/sysv_shadow.h: spwd multiple defined. * appl/bsd/bsd_locl.h: include * configure.in: Added afsutil and rkinit. * */Makefile.in: Do cd $$i && $(MAKE). Otherwise, if cd fails you end up with an infinite recursion. * kuser/klist.c (display_tktfile): Another warning removed. Tue Mar 5 1996 * appl/bsd/forkpty.c (forkpty): Kludge for Ultrix, rlogind now works properly also under this system. * appl/afsutil: New aklog and pagsh * lib/krb/krb_equiv.c (krb_equiv): Fix bugs with '\\'. * lib/des/rnd_keys.c: Include . Mon Mar 4 1996 * appl/kauth/kauth.c (main): Handle name when given after options. Sun Mar 3 1996 * appl/rkinit/rkinit.c (getalladdrs): Check for herror. Solaris apparently does not have any. (main): Use memset instead of bzero. * appl/rkinit/rkinitd.c (decrypt_remote_tkt): bcopy -> memcpy. * kuser/kinit.c (main): Corrected lifetime. * lib/krb/krb_equiv.c (krb_equiv): Now handles longer lines, continuation lines and addresses of the form 193.10.156.0/24. * kuser/Makefile.in (kdestroy): Link kdestroy with libkafs. Wed Feb 28 1996 * Replaced all occurencies of krb_err_txt[] with new function krb_err_msg(), that does some sanity checks before indexing krb_err_txt. Mon Feb 26 1996 * appl/telnet/telnetd: Added flags -z to have telnetd log unauthenticated logins, such as when using an old telnet client. Unfortunately in most of these cases, the user name is not known. There should also be a way to tell the difference between bad authentication (such as with expired tickets) and no attempt to provide authentication (such as with an old client). Sun Feb 25 1996 * kuser/kdestroy.c: Remove afs-tokens as well as tickets, -t flags added to prevent this. Thu Feb 22 1996 * appl/rkinit/rkinitd.c (doit): Use k_getsockinst to make it work correctly for multi-homed hosts. * appl/rkinit: New program with rkinit functionality. * lib/krb/k_getport.c: Function for finding port in /etc/services with fallback. * lib/krb/netread.c,netwrite.c (krb_net_{read,write}): Now correct prototype with void * and size_t. Wed Feb 21 1996 * kadmin/new_pwd.c (get_pw_new_pwd): Moved get_pw_new_pwd to seperate file. Now called both from kadmin and kpasswd. * kadmin/pw_check.c (kadm_pw_check): Handle the case of no password provided. This is really a policy decision. The server should be able to say `use a client that sends the password'. * appl/bsd/rlogind.c (local_domain): MAXHOSTNAMELEN -> MaxHostNameLen. Sun Feb 18 1996 * appl/bsd/rcp.c (answer_auth): Made rcp multihome aware. * appl/bsd/rlogind.c (do_krb_login): Made rlogind multihome aware. * appl/bsd/rshd.c (doit): Made rshd multihome aware. * lib/krb/k_getsockinst.c (k_getsockinst): New function to figure out the instance name of interfaces on multihomed hosts. Use this function when making daemons multihome aware. * appl/telnet/libtelnet/kerberos.c (kerberos4_is): Made telnetd multihome aware. Mon Feb 12 1996 * Release 0.6. Sun Feb 11 1996 * lots of files: hacks to make it all compile. * configure.in, appl/telnet/configure.in: More broken AIX. * appl/bsd/bsd_locl.h: Fix for old syslogs (as in Ultrix). * appl/telnet/libtelnet/encrypt.c: encrypt_verbose by default. * appl/telnet/libtelnet/kerberos.c: Show difference between MUTUAL and ONE_WAY KERBEROS4. * appl/telnet/libtelnet/encrypt.c: Print message about not encrypting when receiving WONT or DONT encrypt. * configure.in: Automatic check for HAVE_NEW_DB. * lib/krb/getaddrs.c (k_get_all_addrs): Fixed for systems with SOCKADDR_HAS_SA_LEN, aka 4.4BSD-based. * appl/telnet/telnetd/global.c: Removed some multiple defined variables. * appl/bsd/rlogind.c (cleanup): ifndef HAVE_VHANGUP. * appl/bsd/sysv_shadow.h: Add DAY and DAY_NOW ifndef. * configure.in: Check if `struct sockaddr' has `sa_len'. Sat Feb 10 1996 * appl/telnet/telnetd/telnetd.c (recv_ayt): pty -> ourpty. * appl/bsd/bsd_locl.h: More include-files: and * appl/kpopper/popper.c (catchSIGHUP): Got rid of some warnings. * lib/krb/log.c (new_log): Yet another year 2000. * appl/bsd/sysv_environ.c (read_etc_environment): Support setting environment variables from /etc/environment. * appl/bsd/bsd_locl.h: * configure.in: check for setpcred, libs.a and . * appl/bsd/login.c (main): setpcred is used on AIX. * appl/bsd/rshd.c (doit): Added setpcred for AIX. * lib/krb/getaddrs.c: is sometimes needed. * admin/kdb_init.c (main): Now verifies master key. * lib/kdb/krb_kdb_utils.c (kdb_get_master_key): Added possibility of asking for verfication. * appl/bsd/bsd_locl.h: Try to include * appl/telnet/telnetd/utility.c (printsub): Mismatch arguments. * lib/krb/send_to_kdc.c (send_to_kdc): Send to all A records and accept an answer from anything we have sent to. * appl/kauth/kauth.c (renew): Use strange return types for strange OSes. (doexec): Remove tokens. * server/kerberos.c (main): Uses k_get_all_addrs and binds to each of these addresses. * kadmin/ksrvutil_get.c (ksrvutil_get): Added support for specifying key to create on command line to get. Wed Feb 7 1996 * lib/krb/log.c (k_log): Now using YYYY for years. * lib/krb/klog.c (klog): Preparing for the year 2000. * kuser/kinit.c (main): Added option -p to get changepw-tickets. * lib/krb/getaddrs.c: New file to get all the addresses of all the interfaces on this machine. Tue Feb 6 1996 * configure.in: Support for S/Key in login.c. Use --with-skeylib switch to configure. The code assumes that the skeylib.a comes from logdaemon. * General support for shadow password files if there is an shadow.h. * appl/bsd/su.c: Arrange so that it supports shadow passords. Sun Feb 4 1996 * appl/telnet/*: Hacks to make it work on strange OSes. * appl/bsd/bsd_locl.h: Check for sys/ptyvar.h * appl/telnet/configure.in (telnet_msg): sys/str_tty.h, sys/uio.h * configure.in: test for crypt.h and sys/ptyvar.h * appl/telnet/telnetd/*.c: pty -> ourpty. * telnetd: Changes to make more systems work better, specifically AIX 4. Hopefully this will work on both STREAM and BSD systems. Not tested on some systems, like CRAY and Linux. * util/ss/mk_cmds.c: Generating cleaner code. * lib/krb/krb_err_txt.c (krb_err_txt): Clarification. * kadmin/admin_server.c: Less varnings. * appl/xnlock/xnlock.c: Changed some types and added some casts. * appl/movemail/movemail.c: Not using syswait.h anymore. * appl/xnlock/xnlock.c: God rid of some warnings. * util/ss/*.[ch]: cleanup * util/et/*.[ch]: cleanup * appl/bsd/rcp.c: Less warnings. * kadmin/admin_server.c (kadm_listen): Get rid of another warning. * kadmin/pw_check.c (kadm_pw_check): Support for letting cracklib check the quality of the password. * kadmin/pw_check.h (kadm_pw_check): New argument to kadm_pw_check: list of useful strings to check for. * kadmin/kadm_server.c (kadm_ser_cpw): Send a few `useful' strings to kadm_pw_check (name, instance, and realm). * kadmin/Makefile.in (kadmind): Linking with -lcrack. * configure.in: Support for --with-cracklib and --with-dictpath. * kadmin/ksrvutil_get.c: Now seems to be working. * kadmin/ksrvutil.h: Some new parameters. * kadmin/ksrvutil.c: Some reorganisation and uses a working ksrvutil_get. * appl/movemail/movemail.c: Some more include-files. * appl/bsd/rlogind.c: Testing for the existence of vhangup. Wed Jan 31 1996 * configure.in: Massaged the configure files so that we can build under NEXTSTEP 3.3. Some kludges to prevent cpp bugs and link errors where also neccessary. Tue Jan 30 1996 * appl/xnlock/xnlock.c (main): Improved user feedback on password input. * appl/xnlock/xnlock.c: Applied patch made by flag@it.kth.se that enables C-u to erase the password field. * lib/krb/lifetime.c: configure now creates a version string which is referenced here. Use what and grep version to figure out where, when and by whom binaries where created. * appl/bsd/forkpty.c (ptys_open): Call revoke before pty slave is opened. Add revoke using vhangup for those system lacking revoke. Also call vhangup when rlogind exits. Mon Jan 29 1996 * lib/krb/send_to_kdc.c (send_to_kdc): Removed kludge for SunOS 3.2 and Ultrix 2.2 that prevented multihomed kerberos servers to operate correctly. * kadmin/kadmin.c (change_key): Add new subcommand change_key so that it is possible to enter keys in the DB on binary form. Most usefull for sites running AFS. Fri Jan 26 1996 * appl/bsd/su.c (koktologin): New option -i root-instance. If you want a user.afs ticket in a root shell and user.afs is on root's ACL then do a "su -i afs". * Makefile.in: Rearrange the order of object files to make shared libraries slightly more efficient. * appl/kauth/kauth.c (main): Always up case realm. Better error messages on failed exec. Mon Jan 22 1996 * appl/bsd/rshd.c (main): New option -P to prevent rshd from using a new PAG. Expert use only! * appl/bsd/rlogind.c (doit): Avoid race when setting tty size. * appl/bsd/rlogin.c (reader): Use select rather than horrible signal hacks to handle OOB data. * appl/bsd/login.c (main) sysv_environ.c (sysv_newenv): Login does now honor the -p switch when invoked by root. This is used by telnetd to export environment variables. Fri Jan 5 1996 * appl/bsd/signal.c (signal): New BSD compatible signal function. Most r* applications assume reliable signals. * appl/bsd/login.c (main): Check HAVE_ULIMIT. * appl/bsd/bsd_locl.h: Include sys/ioctl.h. * configure.in: Check for ulimit. * admin/kdb_edit.c: Flush stdout after printing prompts. * appl/kpopper/pop_xmit.c: Remember to include config.h. Tue Jan 2 1996 * appl/bsd/login.c (main): New function stty_default to setup default tty settings. Fri Dec 29 1995 * appl/kstring2key/kstring2key.c (main): New program that converts passwords to DES keys, either using des_string_to_key or afs_string_to_key. * server/kerberos.c: Kerberos server now listen on 2 ports, kerberos/udp and kerberos-sec/udp. Wed Dec 27 1995 * appl/bsd/rcp.c (main): Integrated -x option to rcp. This required some real horrible hacks in lib/des/enc_{read,write}.c * acconfig.h: Enabled MULTIHOMED_KADMIN in acconfig.h. * Add RCSID stuff to telnet files. Fri Dec 22 1995 * appl/bsd/login.c (main): The login program does now by default read /etc/default/login, even on non Psoriasis systems. Unifdef SYSV4, this was essentially only for prompting. Mon Dec 18 1995 * appl/kpopper/popper.c (main): Integrate default timeout of 120 seconds from Qualcomm popper. Timeout is also set able with -T seconds. * lib/kadm/kadm_cli_wrap.c (kadm_change_pw_plain): If there's no password, don't even send the empty string. Thu Dec 7 1995 * lots of files: all debug messages now printed to stderr (from ) * lib/krb/tf_util.c (tf_create): New method for creating a new ticket file. Remove the old old and then open with O_CREAT and O_EXCL. * server/kerberos.c, slave/kpropd.c: Some casts to get rid of warnings. * configure.in: Added checks for unistd.h, memmove and const. * appl/telnet/telnet/commands.c: Changed types of functions to confirm with struct Command. * appl/telnet/configure.in: Check for setpgid. * appl/bsd/rlogin.c: Get rid of another warning. * appl/bsd/bsd_locl.h, appl/telnet/acconfig.h: New synonym for solaris. Wed Dec 6 1995 * (movemail): Now from emacs-19.30. If you have a newish emacs there is no reason to use this movemail. * (kadm): Added support for server side password checks. Hopefully this is compatible with kerberos 4.10. Old kpasswd:s will give funny error messages. For examples of checks, see kadmin/pw_check.c. Since this is mostly political matters, kadm_pw_check() should probably return KADM_SUCCESS by default. Mon Nov 27 1995 * appl/telnet/telnetd/telnetd.c (main): Kludge to fix encryption problem with Mac NCSA telnet 2.6. * lib/krb/stime.c: Now using YYYY for years. (2000 is soon here). * appl/bsd/rsh.c, rcp.c, rlogin.c: Fixed fallback for port number (added missing ntohs). Sun Nov 12 1995 * (many files): More ANSI/ISO 9899-1990 to the people! Now actually builds (not including util) with DEC "cc -std1" and Sun "acc -Xc". There are still major prototype conflicts, but there isn't much to do about this. Sat Oct 28 1995 * lib/kadm/kadm_cli_wrap.c: Fallback for kerberos and kerberos_master services. Fri Oct 27 1995 * Released version 0.5 * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the same code is used both for posix termios and others. * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when set to "yes" make warnings about "rlogin: warning, using standard rlogin: remote host doesn't support Kerberos." go away. Tue Oct 24 1995 * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update): Optimized so that it can handle large databases, previously a 10000 entry DB would take *many* minutes, this can now be done in under a minute. Sat Oct 21 1995 * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64 bit machines. Source should now be free of 64 bit assumptions. * admin/copykey.c (copy_from_key): New functions for copying to and from keys. Neccessary to solve som problems with longs on 64 bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab. * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems with longs on 64 bit machines. Mon Oct 16 1995 * appl/bsd/login.c (main): Lots of stuff to support Psoriasis login. Courtesy of gertz@lysator.liu.se. * configure.in, all Makefile.in's: Support for Linux shared libraries. Courtesy of svedja@lysator.liu.se. * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno = KRB_PROT_VERSION; from server kode to libkrb where it really belongs. * appl/bsd/forkpty.c (forkpty): New function that allocates master and slave ptys in a portable way. Used by rlogind. * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the same utmpx slot got used by sevral sessions. Courtesy of gertz@lysator.liu.se. Wed Oct 4 1995 * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of svedja@lysator.liu.se. * Fix the above Makefiles to work around bugs in Solaris and OSF/1 make rules that was triggered by VPATH functionality in the yacc and lex rules. Mon Oct 2 1995 * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg): Use stdarg instead of varargs. The code is still broken though, you'll realize that on a machine with 64 bit pointers and 32 bit int:s and no vsprintf, let's hope there will be no such beasts ;-). * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems have (or need) modules ttcompat and pckt so don't flag it as a fatal error if they don't exist. Mon Sep 25 1995 * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c (kadm_listen): Add kludge for kadmind running on a multihomed server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h if you need this feature. * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper and xnlock. Wed Sep 20 1995 * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not implemented yet though. Wed Sep 13 1995 * appl/xnlock/Makefile.in: Some stubs for X11 programs in configure.in as well as a kerberized version of xnlock. * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback port numbers if they can not be found using getservbyname. Tue Sep 12 1995 * appl/bsd/klogin.c (klogin): Use differnet ticket files for each login so that a malicous user won't be able to destroy our tickets with a failed login attempt. * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if there is no such thing try afs@CELL instead. There is now two arguments to k_afslog(char *cell, char *realm). Mon Sep 11 1995 * kadmin/admin_server.c (kadm_listen): If we are multihomed we need to figure out which local address that is used this time since it is used in "direction" comparison. Wed Sep 6 1995 * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default port number. * lib/krb/send_to_kdc.c (send_to_kdc): Default port number (KRB_PORT) was not in network byte order. Tue Sep 5 1995 * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct when selecting. Mon Sep 4 1995 * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c: Now does fallback if there isn't any entries in /etc/services for klogin/kshell. This also made the code a bit more pretty. * appl/bsd/login.c: Added support for lots of more struct utmp fields. If there is no ttyslot() use setutent and friends. * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c: Added extern iruserok(). * appl/bsd/iruserok.c: Initial revision * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis. * appl/bsd/Makefile.in: New install * appl/bsd/pathnames.h: Fix default path, rsh and rlogin. * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp. * appl/bsd/login.c (login): If there is no ttyslot use setutent and friends. Added support for lots of more struct utmp fields. * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros. * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than _PATH_DEF. * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if running as root. * appl/bsd/su.c (main): Update usage message to reflect that '-' option must come after the ordinary options and before login-id. Sat Sep 2 1995 * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to long to fit into utmp try to remove domain part if it does match our local domain. (main): Add new option -L /bin/login so that it is possible to specify an alternate login program. * appl/telnet/telnet/commands.c (env_init): When exporting variable DISPLAY and if hostname is not the full name, try to get the full name from DNS. * appl/telnet/telnet/main.c (main): Option -k realm was broken due to a bogous external declaration. Fri Sep 1 1995 * kadmin/kadmin.c (add_new_key): Kadmin now properly sets lifetime, expiration date and attributes in add_new_key command. Wed Aug 30 1995 * appl/bsd/su.c (main): Don't handle '-' option with getopt. * appl/telnet/telnet/externs.h: Removed protection for multiple inclusions of termio(s).h since it broke definition of termio macro on POSIX systems. Tue Aug 29 1995 * lib/krb/lifetime.c (krb_life_to_time): If you want to disable AFS compatible long lifetimes set krb_no_long_lifetimes = 1. Please note that the long lifetimes are 100% compatible up to 10h so this should rarely be necessary. * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use ipaddress protection of tickets set krb_ignore_ip_address. This makes it possible for an intruder to steal a ticket and then use it from som other machine anywhere on the net. Mon Aug 28 1995 * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one local address. Accept request on all interfaces. * admin/kdb_edit.c (change_principal): Don't accept illegal dates. Courtesy of gertz@lysator.liu.se. Sat Aug 26 1995 * configure.in: AIX specific libraries needed when using standard libc routine getttyent, IBM should be ashamed! * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t problem. * Added strdup for su and rlogin. * Fix for old syslog macros in appl/bsd/bsd_locl. Fri Aug 25 1995 * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New ifdef HAVE_NEW_DB for new databases residing in one file only. * appl/bsd/rlogin.c (oob): Add workaround for Linux. Mon Aug 21 1995 * appl/bsd/getpass.c: New routine that reads up to 127 char passwords. Used in su.c and login.c. Tue Aug 15 1995 * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY should not be used on HP-UX. Mon Aug 14 1995 * appl/bsd/rlogin.c (main): Added dummy rlogind that tells user to rather use telnet. Thu Aug 10 1995 * lib/krb/ krb.h, decomp_ticket.c, getrealm.c, get_krbhst.c, get_krbrlm.c, get_admhst.c: Use multiple configuration directories for krb.conf and krb.realms, KRB_CONF and KRB_REALM_TRANS macros substituted with KRB_CNF_FILES and KRB_RLM_FILES. Currently /etc and /etc/kerberosIV are searched. Directory specified by envioronment variable KRBCONFDIR is searched first if set. No hardcoded realmname or kerberos server. Instead use domainname for deafult realm and kerberos.domain as kerberos server if they are not listed in krb.conf and/or krb.realms. In the normal case there should be no need for configuration files if administrators add a CNAME pointing to the kerberos server. * appl/bsd/Makefile.in and friends: GNU make should no longer be neccessary unless building with VPATH. Wed Aug 9 1995 * appl/bsd/klogin.c (klogin): Old ticket file need to be removed before we call krb_get_pw_in_tkt or we might get a Kerberos intkt error because the wrong user owns the file. Tue Aug 8 1995 * configure.in : Telnet.beta2 is now official and has been moved to appl/telnet. * appl/bsd/su.c (main): Reenable -K flag, won't work if not PASSWD_FALLBACK is enabled. Cosmetics for Password prompt. Fri Aug 4 1995 * appl/bsd/su.c (kerberos): Don't allow su from possibly bogous kerberos server. Controlled by #ifdef KLOGIN_PARANOID. * lib/kafs/afssys.c (SIGSYS_handler): Need to reinstall handler on SYSV. Mon Jul 24 1995 * lib/kafs/afssys.c (k_afsklog): Use default realm on null argument. * appl/bsd/rlogin.c, login.c: New programs. Fri Jul 21 1995 * appl/bsd/kcmd.c rsh.c rlogin.c: Use POSIX signals. * appl/telnet.95.05.31.NE/telnetd/sys_term.c, telnetd.c: Port to IRIX. Tue Jul 11 1995 * admin/kdb_init.c (main): Use new random generator. Dito in admin/kdb_edit.c. Use master key to initialize random sequence. Mon Jul 10 1995 * kadmin/kadmin.c (get_password): Fix for random passwords. Dito for admin/kdb_edit.c * appl/kauth/kauth.c (main): Updated for krb distribution, now uses new library libkafs. * appl/telnet.beta/telnet/main.c (main): New telnet with encryption hacks from ftp.funet.fi:/pub/unix/security/esrasrc-1.0. Encryption does not currently work though. Tue Jun 20 1995 * New library to support AFS. Routines: int k_hasafs(void); int k_afsklog(...); int k_setpag(void); int k_unlog(void); int k_pioctl(char *, int, struct ViceIoctl *, int); Modified it to support more than one single entry point AFS syscalls (needed by HPUX and OSF/1 when running DFS). Don't rely on transarc headers or library code. This has not been tested and will most probably need some serious violence to get working under AIX. (AIX has since been fixed to. /bg) Fri Jun 16 1995 * lib/krb/krb_equiv.c (krb_equiv): Compare IP adresses using krb_equiv() to allow for hosts with more than one address in files rd_priv.c rd_req.c and rd_safe.c. * slave/kpropd.c (main): Fix uninitialized variables and rewind file in kprop.c. Thu Jun 15 1995 * appl/bsd/rcp.c (allocbuf): Fix various bugs. * slave/kpropd.c (main): Responder uses KPROP_SERVICE_NAME.`hostname' and requestor always uses KPROP_SERVICE_NAME.KRB_MASTER, i.e rcmd.kerberos in kprop/kpropd protocol. Wed Jun 14 1995 * appl/bsd/rshd.c (doit): Encryption should now work both ways. Tue Jun 13 1995 * appl/bsd/pathnames.h: Fixup paths. * server/Makefile.in and friends (install): Install daemons in in libexec and administrator programs in sbin. * Makefile.in: Joda (d91-jda) added install target Wed Jun 7 1995 * lib/krb/k_strerror.c: New function k_strerror() to use instead of the non portable sys_errlist[]. Index: stable/3/crypto/kerberosIV/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/Makefile.in (revision 62578) @@ -1,70 +1,73 @@ -# $Id: Makefile.in,v 1.30 1997/05/20 18:58:34 bg Exp $ +# $Id: Makefile.in,v 1.36 1999/03/01 13:04:23 joda Exp $ srcdir = @srcdir@ prefix = @prefix@ VPATH = @srcdir@ SHELL = /bin/sh INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs TRAVELKIT = appl/kauth/kauth kuser/klist appl/telnet/telnet/telnet \ appl/ftp/ftp/ftp appl/kx/kx appl/kx/rxtelnet @SET_MAKE@ -SUBDIRS = util include lib kuser server slave admin kadmin appl man doc +SUBDIRS = include lib kuser server slave admin kadmin appl man doc all: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) all); done Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" check: cd lib && $(MAKE) $(MFLAGS) check install: - $(MKINSTALLDIRS) $(prefix) + $(MKINSTALLDIRS) $(DESTDIR)$(prefix) for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) install); done install-strip: $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' install uninstall: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done travelkit: all $(MKINSTALLDIRS) tmp for i in $(TRAVELKIT); \ do $(INSTALL_PROGRAM) $$i tmp; done (cd tmp; tar cf ../travelkit.tar `for i in $(TRAVELKIT); do basename $$i; done`) rm -rf tmp travelkit-strip: $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' travelkit TAGS: find . -name '*.[chyl]' -print | etags - clean: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) clean); done mostlyclean: clean distclean: $(MAKE) clean for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done rm -f Makefile config.status config.cache config.log version.h newversion.h.in version.h.in *~ realclean: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done -.PHONY: all install install-strip uninstall travelkit travelkit-strip clean distclean realclean mostlyclean +$(srcdir)/aclocal.m4: + cd $(srcdir) && aclocal -I cf + +.PHONY: all Wall check install install-strip uninstall travelkit travelkit-strip clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/NEWS =================================================================== --- stable/3/crypto/kerberosIV/NEWS (revision 62577) +++ stable/3/crypto/kerberosIV/NEWS (revision 62578) @@ -1,563 +1,682 @@ +Changes in release 1.0: + +* A new configuration option `nat_in_use' in krb.extra to ease use + through Network Address Translators. + +* Support configuration value of KEYFILE and TKT_ROOT in krb.extra + +* Easier building on some platforms + +* built-in ls in ftpd. + +* Bug fixes. + +Changes in release 0.10: + +* Some support for Irix 6.5 capabilities + +* Improved kadmin interface; you can get more info via kadmin. + +* Some improved support for OSF C2. + +* General bug-fixes and improvements, including a large number of + potential buffer overrun fixes. A large number of portability + improvements. + +* Support for multiple local realms. + +* Support batch kadmin operation. + +* Heimdal support in push. + +* Removed `--with-shared' configure option (use `--enable-shared'.) + +* Now uses Autoconf 2.13. + +Changes in release 0.9.9: + +* New configuration file /etc/krb.extra + +* New program `push' for popping mail. + +* Add (still little tested) support for maildir spool files in popper. + +* Added `delete' to ksrvutil. + +* Support the strange X11 sockets used on HP-UX and some versions of + Solaris. + +* Arla compatibility in libkafs. + +* More compatibility with the Solaris version of libkrb. + +* New configure option `--with-mips-abi' + +* Support `/etc/securetty' in login. + +* Bug fixes and improvements to the Win32 telnet. + +* Add support for installing with DESTDIR + +* SIA module with added support for password changing, and + reauthentication. + +* Add better support for MIT `compile_et' and `mk_cmds', this should + make it easier to build things like `zephyr'. + +* Bug fixes: + - Krb: fixed dangling references to flock in libkrb + - FTP: fixed `logwtmp' name conflict + - Telnet: fix a few literal IP-number bugs + - Telnet: hopefully fixed stair-stepping bug + - Kafs: don't store expired tokens in the kernel + - Kafs: fix broken installation of afslib.so in AIX + +Changes in release 0.9.8: + +* several bug fixes; some which deserve mentioning: + - fix non-working `kauth -h' + - the sia-module should work again + - don't leave tickets in popper + +Changes in release 0.9.7: + +* new configure option --disable-otp + +* new configure option --with-afsws + +* includes rxkad implementation + +* ftp client is more careful with suspicious filenames (|, .., /) + +* fixed setuid-vulnerability of rcp, rlogin, and rsh. + +* removed use of tgetent from telnetd (thereby eliminating buffer-overflow) + +* new commands in ftp and ftpd: kdestroy, krbtkfile, and afslog. + +* implement HTTP transport in libkrb and KDC. + +* win32 terminal program much improved. also implemented ticket + management program. + +* introduce `-i' option to kerberos server for listening only on one + interface. + +* updated otp applications and man pages. + +* merged in libdes 4.01 + +* popper is more resilient to badly formatted mails. + +* minor fixes for Cray support. + +* fix popen bug i ftpd. + +* lots of bug fixes and portability fixes. + +* better compatibility with Heimdal. + Minor changes in release 0.9.6: * utmp(x) works correctly on systems with utmpx. * A security-related bug in ftpd fixed. * Compiles on solaris 2.4, 2.6 and on WinNT/95 with cygwin32 beta18. * New option `-w' to rxtelnet, rxterm. Major changes in release 0.9.5: * We made some changes to be compatible with the other kerberised ftp implementations and this means that an old kerberised ftp client will not be able to talk to a new ftp server. So try to upgrade your ftp clients and servers at the same time. The reason for this change is described in more detail below. * The interpretation of /etc/ftpusers has changed slightly, see ftpusers(5). These changes come from NetBSD. * The function `des_quad_cksum', which is used by `krb_rd_safe', and `krb_mk_safe', has never been compatible with MIT's DES library. This has now been fixed. This fix will however break some programs that used those functions, for instance `ftp'. In this version `krb_rd_safe' is modified to accept checksums of both the new and the old format; `krb_mk_safe' will always emit checksums of the new type *unless* `krb_rd_safe' has detected that the client is using the old checksum (this feature may be removed in some future release). If you have programs that use `krb_mk_safe' and `krb_rd_safe' you should upgrade all clients before upgrading your servers. Client is here defined as the program that first calls `krb_rd_safe'. If you are using some protocol that talks to more than one client or server in one session, the heuristics to detect which kind of checksum to use might fail. The problem with `des_quad_cksum' was just a byte-order problem, so there are no security problems with using the old versions. Thanks to Derrick J Brashear for pointing in the right general direction. * Rewrote kx to work always open TCP connections in the same direction. This was needed to make it work through NATs and is generally a cleaner way of doing it. Also added `tenletxr'. Unfortunately the new protocol is not compatible with the old one. The new kx and kxd programs try to figure out if they are talking to old versions. * Quite a bit of new functionality in otp. Changed default hash function to `md5'. Fixed implementation of SHA and added downcasing of seed to conform with `draft-ietf-otp-01.txt'. All verification examples in the draft now work. * Fixed buffer overflows. * Add history/line editing in kadmin and ftp. * utmp/utmpx and wtmp/wtmpx might work better on strange machines. * Bug fixes for `rsh -n' and `rcp -x'. * reget now works in ftp and ftpd. Passive mode works. Other minor bug fixes as well. * New option `-g umask' to ftpd for specifying the umask for anonymous users. * Fix for `-l' option in rxtelnet and rxterm. * XOVER support in popper. * Better support for building shared libraries. * Better support for talking to the KDC over TCP. This could make it easier to use brain-damaged firewalls. * Support FreeBSD-style MD5 /etc/passwd. * New option `-createuser' to afslog. * Upgraded to work with socks5-v1.0r1. * Almost compiles and works on OS/2 with EMX, and Win95/NT with gnu-win32. * Merged in win32-telnet, see README-WIN32 for more details. * Possibly fixed telnet bug on HP-UX 10. * Updated man-pages. * Support for NetBSD/OpenBSD manual page circus. * Bug fixes. Major changes in release 0.9.3: * kx has been rewritten and is now a lot easier to use. Two new scripts: rxtelnet and rxterm. It also works on machines such as Cray where the X-libraries cannot talk unix sockets. * experimental OTP (RFC1938). Included in login, ftpd, and popper. * authentication modules: PAM for linux, SIA for OSF/1, and afskauthlib for Irix. * popper now has the UIDL command. * ftpd can now tar and compress files and directories on the fly, also added a find site command. * updated documentation and man pages. * Change kuserok so that it acts as if luser@LOCALREALM is always an entry of .klogin, even when it's not possible to verify that there is no such file or the file is unreadable. * Support for SRV-records. * Socks v5 support. * rcp is AFS-aware. * allow for other transport mechanisms than udp (useful for firewall tormented souls); as a side effect the format of krb.conf had to become more flexible * sample programs included. * work arounds for Linux networking bugs in rlogind and rlogin. * more portable * quite a number of improvments/bugfixes * New platforms: HP-UX 10, Irix 6.2 Major changes in release 0.9.2a: * fix annoying bug with kauth (et al) returning incorrect error Major changes in release 0.9.2: * service `kerberos-iv' and port 750 has been registered with IANA. * Bugfixes. - Compiles with gcc on AIX. - Compiles with really old resolvers. - ftp works with afs string-to-key. - shared libraries should work on Linux/ELF. - some potential buffer overruns. - general code clean-up. * Better Cray/UNICOS support. * New platforms: AIX 4.2, IRIX 6.1, and Linux 2.0 Major changes in release 0.9.1: * Mostly bugfixes. - No hardcoded references to /usr/athena - Better Linux support with rlogin - Fix for broken handling of NULL password in kadmind (such as with `ksrvutil change') - AFS-aware programs should work on AIX systems without AFS * New platforms: Digital UNIX 4.0 and Fujitsu UXP/V * New mechanism to determine realm from hostname based on DNS. To find the realm of a.b.c.d it tries to find krb4-realm.a.b.c.d and then krb4-realm.b.c.d and so on. The entry in DNS should be a TXT record with the realm name. krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE" Major changes in release 0.9: * Tested platforms: Dec Alpha OSF/1 3.2 with cc -std1 HP 9000/735 HP/UX 9.05 with gcc DEC Pmax Ultrix 4.4 with gcc (cc does not work) IBM RS/6000 AIX 4.1 with xlc (gcc works, cc does not) SGI IRIX 5.3 with cc Sun SunOS 4.1.4 with gcc (cc is not ANSI and does not work) Sun SunOS 5.5 with gcc Intel i386 NetBSD 1.2 with gcc Intel i386 Linux 1.3.95 with gcc Cray J90 Unicos 9 with cc * Mostly ported to Crays running Unicos 9. * S/Key-support in ftpd. * Delete operation supported in kerberos database. * Cleaner and more portable code. * Even less bugs than before. * kpopper now supports the old pop3 protocol and has been renamed to popper. * rsh can be renamed remsh. * Experimental program for forwarding IP over a kerberos tunnel. * Updated to libdes 3.23. Major changes in release 0.8: * New programs: ftp & ftpd. * New programs: kx & kxd. These programs forward X connections over kerberos-encrypted connections. * Incorporated version 3.21 of libdes. * login: No double utmp-entries on Solaris. * kafs * Better guessing of what realm a cell belongs to. * Support for authenticating to several cells. Reads /usr/vice/etc/TheseCells, if present. * ksrvutil: Support for generating AFS keys. * login, su, rshd, rlogind: tries to counter possible NIS-attack. * xnlock: several bug fixes and support for more than one screen. * Default port number for ekshell changed from 2106 to 545. kauth port changed from 4711 to 2120. * Rumored to work on Fujitsu UXP/V and Cray UNICOS. Major changes in release 0.7: * New experimental masterkey generation. Enable with --enable-random-mkey. Also the default place for the master key has moved from /.k to /var/kerberos/master-key. This is customizable with --with-mkey=file. If you don't want you master key to be on the same backup medium as your database, remember to use this flag. All relevant programs still checks for /.k. * `-t' option to kadmin. * Kpopper uses kuserok to verify if user is allowed to pop mail. * Kpopper tries to locate the mail spool directory: /var/mail or /var/spool/mail. * kauth has ability to get ticket on a remove host with the `-h' option. * afslog (aklog clone) and pagsh included. * New format for /etc/krb.equiv. * Better multi-homed hosts support in kauth, rcp, rlogin, rlogind, rshd, telnet, telnetd. * rlogind works on ultrix and aix 3.2. * lots of bug fixes. Major changes in release 0.6: * Tested platforms: DEC/Alpha OSF3.2 HP700 HPux 9.x Dec/Pmax Ultrix 4.4 (rlogind not working) IBM RS/6000 AIX 3.2 (rlogind not working) IBM RS/6000 AIX 4.1 SGI Irix 5.3 Sun Sunos 4.1.x Sun Sunos 5.4 386 BSD/OS 2.0.1 386 NetBSD 1.1 386 Linux 1.2.13 It is rumored to work to some extent on NextStep 3.3. * ksrvutil get to create new keys and put them in the database at the same time. * Support for S/Key in login. * kstring2key: new program to show string to key conversion. * Kerberos server should now listen on all available network interfaces and on both port 88 and 750. * Timeout in kpopper. * Support password quality checks in kadmind. Use --with-crack-lib to link kadmind with cracklib. The patches in cracklib.patch are needed. * Movemail from emacs 19.30. * Logging format uses four digits for years. * Fallback if port numbers are not listed in /etc/services. * Relesed version 0.5 * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the same code is used both for posix termios and others. * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when set to "yes" make warnings about "rlogin: warning, using standard rlogin: remote host doesn't support Kerberos." go away. * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update): Optimized so that it can handle large databases, previously a 10000 entry DB would take *many* minutes, this can now be done in under a minute. * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64 bit machines. Source should now be free of 64 bit assumptions. * admin/copykey.c (copy_from_key): New functions for copying to and from keys. Neccessary to solve som problems with longs on 64 bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab. * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems with longs on 64 bit machines. * appl/bsd/login.c (main): Lots of stuff to support Psoriasis login. Courtesy of gertz@lysator.liu.se. * configure.in, all Makefile.in's: Support for Linux shared libraries. Courtesy of svedja@lysator.liu.se. * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno = KRB_PROT_VERSION; from server kode to libkrb where it really belongs. * appl/bsd/forkpty.c (forkpty): New function that allocates master and slave ptys in a portable way. Used by rlogind. * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the same utmpx slot got used by sevral sessions. Courtesy of gertz@lysator.liu.se. * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of svedja@lysator.liu.se. * Fix the above Makefiles to work around bugs in Solaris and OSF/1 make rules that was triggered by VPATH functionality in the yacc and lex rules. * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg): Use stdarg instead of varargs. The code is still broken though, you'll realize that on a machine with 64 bit pointers and 32 bit int:s and no vsprintf, let's hope there will be no such beasts ;-). * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems have (or need) modules ttcompat and pckt so don't flag it as a fatal error if they don't exist. * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c (kadm_listen): Add kludge for kadmind running on a multihomed server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h if you need this feature. * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper and xnlock. * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not implemented yet though. * appl/xnlock/Makefile.in: Some stubs for X11 programs in configure.in as well as a kerberized version of xnlock. * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback port numbers if they can not be found using getservbyname. * appl/bsd/klogin.c (klogin): Use differnet ticket files for each login so that a malicous user won't be able to destroy our tickets with a failed login attempt. * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if there is no such thing try afs@CELL instead. There is now two arguments to k_afslog(char *cell, char *realm). * kadmin/admin_server.c (kadm_listen): If we are multihomed we need to figure out which local address that is used this time since it is used in "direction" comparison. * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default port number. * lib/krb/send_to_kdc.c (send_to_kdc): Default port number (KRB_PORT) was not in network byte order. * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct when selecting. * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c: Now does fallback if there isn't any entries in /etc/services for klogin/kshell. This also made the code a bit more pretty. * appl/bsd/login.c: Added support for lots of more struct utmp fields. If there is no ttyslot() use setutent and friends. * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c: Added extern iruserok(). * appl/bsd/iruserok.c: Initial revision * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis. * appl/bsd/Makefile.in: New install * appl/bsd/pathnames.h: Fix default path, rsh and rlogin. * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp. * appl/bsd/login.c (login): If there is no ttyslot use setutent and friends. Added support for lots of more struct utmp fields. * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros. * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than _PATH_DEF. * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if running as root. * appl/bsd/su.c (main): Update usage message to reflect that '-' option must come after the ordinary options and before login-id. * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to long to fit into utmp try to remove domain part if it does match our local domain. (main): Add new option -L /bin/login so that it is possible to specify an alternate login program. * appl/telnet/telnet/commands.c (env_init): When exporting variable DISPLAY and if hostname is not the full name, try to get the full name from DNS. * appl/telnet/telnet/main.c (main): Option -k realm was broken due to a bogous external declaration. * kadmin/kadmin.c (add_new_key): Kadmin now properly sets lifetime, expiration date and attributes in add_new_key command. * appl/bsd/su.c (main): Don't handle '-' option with getopt. * appl/telnet/telnet/externs.h: Removed protection for multiple inclusions of termio(s).h since it broke definition of termio macro on POSIX systems. * lib/krb/lifetime.c (krb_life_to_time): If you want to disable AFS compatible long lifetimes set krb_no_long_lifetimes = 1. Please note that the long lifetimes are 100% compatible up to 10h so this should rarely be necessary. * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use ipaddress protection of tickets set krb_ignore_ip_address. This makes it possible for an intruder to steal a ticket and then use it from som other machine anywhere on the net. * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one local address. Accept request on all interfaces. * admin/kdb_edit.c (change_principal): Don't accept illegal dates. Courtesy of gertz@lysator.liu.se. * configure.in: AIX specific libraries needed when using standard libc routine getttyent, IBM should be ashamed! * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t problem. * Added strdup for su and rlogin. * Fix for old syslog macros in appl/bsd/bsd_locl. * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New ifdef HAVE_NEW_DB for new databases residing in one file only. * appl/bsd/rlogin.c (oob): Add workaround for Linux. * appl/bsd/getpass.c: New routine that reads up to 127 char passwords. Used in su.c and login.c. * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY should not be used on HP-UX. ==========================*** Released 0.2? ***============================= ksrvutil If there is a dot in the about to be added principals name there is no need to ask for instance name. kerberos & kadmind Logfiles are created with small permissions (600). krb.conf and krb.realms Use domain part as realm name if there is no match in krb.realms. Use kerberos.REALMNAME if there is no match in krb.realms. rlogin The rlogin client is supported both with and without encryption, there is no rlogind yet though. login There is login program that supports the -f option. Both kerberos and /etc/passwd authentication is enabled. Vendors login programs typically have no -f option (needed by telnetd) and also does not know how to verify passwords againts kerberos. appl/bsd/* Now uses POSIX signals. kdb_edit, kadmin Generate random passwords if administrator enters empty password. lib/kafs New library to support AFS. Routines: int k_hasafs(void); int k_afsklog(...); or some other name int k_setpag(void); int k_unlog(void); int k_pioctl(char *, int, struct ViceIoctl *, int); Library supports more than one single entry point AFS syscalls (needed be HP/UX and OSF/1 when running DFS). Doesn't rely on transarc headers or library code. Same binaries can be used both on machines running AFS and others. This library is used in telnetd, login and the r* programs. telnet & telnetd Based on telnet.95.05.31.NE but with the encryption hacks from ftp.funet.fi:/pub/unix/security/esrasrc-1.0 added. This encryption stuff needed some more modifications (done by joda@nada.kth.se) before it was usable. Telnet has also been modified to use GNU autoconf. Numerous other changes that are long since forgotten. Index: stable/3/crypto/kerberosIV/PROBLEMS =================================================================== --- stable/3/crypto/kerberosIV/PROBLEMS (revision 62577) +++ stable/3/crypto/kerberosIV/PROBLEMS (revision 62578) @@ -1,74 +1,147 @@ Problems compiling Kerberos =========================== -Many compilers require a switch to become ANSI compliant. Since kth-krb -is written in ANSI C it is necessary to specify the name of the compiler +Many compilers require a switch to become ANSI compliant. Since krb4 is +written in ANSI C it is necessary to specify the name of the compiler to be used and the required switch to make it ANSI compliant. This is most easily done when running configure using the `env' command. For instance to build under HP-UX using the native compiler do: datan$ env CC="cc -Ae" ./configure In general `gcc' works. The following combinations have also been verified to successfully compile the distribution: `HP-UX' `cc -Ae' `Digital UNIX' `cc -std1' `AIX' `xlc' `Solaris 2.x' `cc' (unbundled one) `IRIX' `cc' Linux problems -------------- +The libc functions gethostby*() under RedHat4.2 can sometimes cause +core dumps. If you experience these problems make sure that the file +`/etc/nsswitch.conf' contains a hosts entry no more complex than the +line + +hosts: files dns + Some systems have lost `/usr/include/ndbm.h' which is necessary to -build kth-krb correctly. There is a `ndbm.h.Linux' right next to the +build krb4 correctly. There is a `ndbm.h.Linux' right next to the source distribution. There has been reports of non-working `libdb' on some Linux distributions. If that happens, use the `--without-berkeley-db' when configuring. +SunOS 5 (aka Solaris 2) problems +-------------------------------- + +When building shared libraries and using some combinations of GNU gcc/ld +you better set the environment variable RUN_PATH to /usr/athena/lib +(your target libdir). If you don't, then you will have to set +LD_LIBRARY_PATH during runtime and the PAM module will not work. + HP-UX problems -------------- The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems. To make problems even worse, there is never an archive version for static linking either. Therefore, when building "truly portable" binaries first install GNU gdbm or Berkeley DB, and make sure that you are linking against that library. Cray problems ------------- `rlogind' won't work on Crays until `forkpty()' has been ported, in the mean time use `telnetd'. +IRIX problems +------------- + +IRIX has three different ABI:s (Application Binary Interface), there's +an old 32 bit interface (known as O32, or just 32), a new 32 bit +interface (N32), and a 64 bit interface (64). O32 and N32 are both 32 +bits, but they have different calling conventions, and alignment +constraints, and similar. The N32 format is the default format from IRIX +6.4. + +You select ABI at compile time, and you can do this with the +`--with-mips-abi' configure option. The valid arguments are `o32', +`n32', and `64', N32 is the default. Libraries for the three different +ABI:s are normally installed installed in different directories (`lib', +`lib32', and `lib64'). If you want more than one set of libraries you +have to reconfigure and recompile for each ABI, but you should probably +install only N32 binaries. + +GCC had had some known problems with the different ABI:s. Old GCC could +only handle O32, newer GCC can handle N32, and 64, but not O32, but in +some versions of GCC the structure alignment was broken in N32. + +This confusion with different ABI:s can cause some trouble. For +instance, the `afskauthlib.so' library has to use the same ABI as +`xdm', and `login'. The easiest way to check what ABI to use is to run +`file' on `/usr/bin/X11/xdm'. + +Another problem that you might encounter if you run AFS is that Transarc +apparently doesn't support the 64-bit ABI, and because of this you can't +get tokens with a 64 bit application. If you really need to do this, +there is a kernel module that provides this functionality at +. + AIX problems ------------ -`gcc' version 2.7.2.1 has a bug which makes it miscompile +`gcc' version 2.7.2.* has a bug which makes it miscompile `appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'), if used with too much optimization. + +Some versions of the `xlc' preprocessor doesn't recognise the +(undocumented) `-qnolm' option. If this option is passed to the +preprocessor (like via the configuration file `/etc/ibmcxx.cfg', +configure will fail. + +The solution is to remove this option from the configuration file, +either globally, or for just the preprocessor: + + $ cp /etc/ibmcxx.cfg /tmp + $ed /tmp/ibmcxx.cfg + 8328 + /nolm + options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm + s/,-qnolm//p + options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000 + w + 8321 + q + $ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure + +There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the +kernel to panic in some cases. There is a hack for this in `login', but +other programs could be affected also. This seems to be fixed in +version 5.55. C2 problems ----------- The programs that checks passwords works with `passwd', OTP, and Kerberos paswords. This is problem if you use C2 security (or use some other password database), that normally keeps passwords in some obscure place. If you want to use Kerberos with C2 security you will have to think about what kind of changes are necessary. See also the discussion about Digital's SIA and C2 security, see *Note Digital SIA::. Index: stable/3/crypto/kerberosIV/README =================================================================== --- stable/3/crypto/kerberosIV/README (revision 62577) +++ stable/3/crypto/kerberosIV/README (revision 62578) @@ -1,44 +1,47 @@ + +*** PLEASE REPORT BUGS AND PROBLEMS TO kth-krb-bugs@nada.kth.se *** + This is a severly hacked up version of Eric Young's eBones-p9 kerberos version. The DES library has been updated with his 3.23 version and numerous patches collected over the years have been applied to both the kerberos and DES sources, most notably the CMU patches for extended lifetimes that AFS uses. There is also support for AFS built into most programs. The source has been changed to use ANSI C and POSIX to the largest possible extent. The code in util/et and appl/bsd have not been updated in this way though (they really need it). Telnet and telnetd are based on the telnet.95.10.23.NE.tar.Z. Kerberos authentication is the default and warnings are issued by telnetd if the telnet client does not turn on encryption. The r* programs in appl/bsd have been updated with newer sources from NetBSD and FreeBSD. NOTE: use of telnet is prefered to the use of rlogin which is a temporary hack and not an Internet standard (and has only been documented quite recently). Telnet uses kerberos authentication to prevent the passing of cleartext passwords and is thus superior to rlogin. The distribution has been configured to primarily use kerberos authentication with a fallback to /etc/passwd passwords. This should make it easy to do a slow migration to kerberos. OTP support is also included in login, popper, and ftpd. All programs in this distribution follow these conventions: /usr/athena/bin: User programs /usr/athena/sbin: Administrator programs /usr/athena/libexec: Daemons /etc: Configuration files /var/log: Logfiles /var/kerberos: Kerberos database and ACL files A W3-page is at http://www.pdc.kth.se/kth-krb/ You can get some documentation from ftp://ftp.pdc.kth.se/pub/krb/doc. Please report bugs and problems to kth-krb-bugs@nada.kth.se There is a mailing list discussing kerberos at krb4@sics.se, send a message to majordomo@sics.se to subscribe. Index: stable/3/crypto/kerberosIV/TODO =================================================================== --- stable/3/crypto/kerberosIV/TODO (revision 62577) +++ stable/3/crypto/kerberosIV/TODO (revision 62578) @@ -1,42 +1,42 @@ -*- indented-text -*- rlogind, rshd, popper, ftpd (telnetd uses nonce?) Add a replay cache. +rcp + figure out how it should really behave with -r + telnet, rlogin, rsh, rcp Some form of support for ticket forwarding, perhaps only for AFS tickets. telnet, telnetd Add negotiation for keep-alives. rlogind Fix utmp logging. documentation Write more info on: * how to use rshd Read default environment from /etc/default/login and other files. Encryption without secondary port is bugged, it currently does no encryption. But, nobody uses it anyway. autoconf libraries generate archive and shared libraries in some portable way. - -k_get_all_addrs - for Cray UNICOS ftpd kx Compress and recode X protocol? kip Other kinds of encapsulations? Tunnel device as loadable kernel module. Speed? BUGS Where? Index: stable/3/crypto/kerberosIV/acconfig.h =================================================================== --- stable/3/crypto/kerberosIV/acconfig.h (revision 62577) +++ stable/3/crypto/kerberosIV/acconfig.h (revision 62578) @@ -1,282 +1,172 @@ -/* $Id: acconfig.h,v 1.71 1997/06/01 22:32:24 assar Exp $ */ +/* $Id: acconfig.h,v 1.105 1999/12/02 13:09:41 joda Exp $ */ -/* Define this if RETSIGTYPE == void */ -#undef VOID_RETSIGTYPE - -/* Define this if struct utmp have ut_user */ -#undef HAVE_UT_USER - -/* Define this if struct utmp have ut_host */ -#undef HAVE_UT_HOST - -/* Define this if struct utmp have ut_addr */ -#undef HAVE_UT_ADDR - -/* Define this if struct utmp have ut_type */ -#undef HAVE_UT_TYPE - -/* Define this if struct utmp have ut_pid */ -#undef HAVE_UT_PID - -/* Define this if struct utmp have ut_id */ -#undef HAVE_UT_ID - -/* Define this if struct utmpx have ut_syslen */ -#undef HAVE_UT_SYSLEN - -/* Define this if struct winsize is declared in sys/termios.h */ -#undef HAVE_STRUCT_WINSIZE - -/* Define this if struct winsize have ws_xpixel */ -#undef HAVE_WS_XPIXEL - -/* Define this if struct winsize have ws_ypixel */ -#undef HAVE_WS_YPIXEL - -/* Define this to be the directory where the dictionary for cracklib */ -/* resides */ -#undef DICTPATH - -/* Define this if you want to use SOCKS v5 */ -#undef SOCKS - -/* Define this to the path of the mail spool directory */ -#undef KRB4_MAILDIR - -/* Define this if `struct sockaddr' includes sa_len */ -#undef SOCKADDR_HAS_SA_LEN - -/* Define this if `struct siaentity' includes ouid */ -#undef SIAENTITY_HAS_OUID - -/* Define if getlogin has POSIX flavour, as opposed to BSD */ -#undef POSIX_GETLOGIN - -/* Define if getpwnam_r has POSIX flavour */ -#undef POSIX_GETPWNAM_R - -/* define if getcwd() is broken (such as in SunOS) */ -#undef BROKEN_GETCWD - -/* define if the system is missing a prototype for crypt() */ -#undef NEED_CRYPT_PROTO - -/* define if the system is missing a prototype for strtok_r() */ -#undef NEED_STRTOK_R_PROTO - -/* define if /bin/ls takes -A */ -#undef HAVE_LS_A - -/* define if you have h_errno */ -#undef HAVE_H_ERRNO - -/* define if you have h_errlist but not hstrerror */ -#undef HAVE_H_ERRLIST - -/* define if you have h_nerr but not hstrerror */ -#undef HAVE_H_NERR - -/* define if your system doesn't declare h_errlist */ -#undef HAVE_H_ERRLIST_DECLARATION - -/* define if your system doesn't declare h_nerr */ -#undef HAVE_H_NERR_DECLARATION - -/* define this if you need a declaration for h_errno */ -#undef HAVE_H_ERRNO_DECLARATION - -/* define if you need a declaration for optarg */ -#undef HAVE_OPTARG_DECLARATION - -/* define if you need a declaration for optind */ -#undef HAVE_OPTIND_DECLARATION - -/* define if you need a declaration for opterr */ -#undef HAVE_OPTERR_DECLARATION - -/* define if you need a declaration for optopt */ -#undef HAVE_OPTOPT_DECLARATION - -/* define if you need a declaration for __progname */ -#undef HAVE___PROGNAME_DECLARATION - @BOTTOM@ #undef HAVE_INT8_T #undef HAVE_INT16_T #undef HAVE_INT32_T #undef HAVE_INT64_T #undef HAVE_U_INT8_T #undef HAVE_U_INT16_T #undef HAVE_U_INT32_T #undef HAVE_U_INT64_T +/* This for compat with heimdal (or something) */ +#define KRB_PUT_INT(f, t, l, s) krb_put_int((f), (t), (l), (s)) + +#define HAVE_KRB_ENABLE_DEBUG 1 + +#define HAVE_KRB_DISABLE_DEBUG 1 + +#define HAVE_KRB_GET_OUR_IP_FOR_REALM 1 + #define RCSID(msg) \ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } /* * Set ORGANIZATION to be the desired organization string printed * by the 'kinit' program. It may have spaces. */ #define ORGANIZATION "eBones International" #if 0 #undef BINDIR #undef LIBDIR #undef LIBEXECDIR #undef SBINDIR #endif #if 0 #define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0} #define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0} #define KRB_EQUIV "/etc/krb.equiv" #define KEYFILE "/etc/srvtab" #define KRBDIR "/var/kerberos" #define DBM_FILE KRBDIR "/principal" #define DEFAULT_ACL_DIR KRBDIR #define KRBLOG "/var/log/kerberos.log" /* master server */ #define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ #define KADM_SYSLOG "/var/log/admin_server.syslog" #define K_LOGFIL "/var/log/kpropd.log" #endif /* Maximum values on all known systems */ #define MaxHostNameLen (64+4) #define MaxPathLen (1024+4) -/* - * Define NDBM if you are using the 4.3 ndbm library (which is part of - * libc). If not defined, 4.2 dbm will be assumed. - */ -#if defined(HAVE_DBM_FIRSTKEY) -#define NDBM -#endif - /* ftp stuff -------------------------------------------------- */ #define KERBEROS /* telnet stuff ----------------------------------------------- */ +/* define this for OTP support */ +#undef OTP + /* define this if you have kerberos 4 */ #undef KRB4 /* define this if you want encryption */ #undef ENCRYPTION /* define this if you want authentication */ #undef AUTHENTICATION #if defined(ENCRYPTION) && !defined(AUTHENTICATION) #define AUTHENTICATION 1 #endif /* Set this if you want des encryption */ #undef DES_ENCRYPTION /* Set this to the default system lead string for telnetd * can contain %-escapes: %s=sysname, %m=machine, %r=os-release * %v=os-version, %t=tty, %h=hostname, %d=date and time */ #undef USE_IM /* define this if you want diagnostics in telnetd */ #undef DIAGNOSTICS /* define this if you want support for broken ENV_{VALUE,VAR} systems */ #undef ENV_HACK /* */ #undef OLD_ENVIRON /* Used with login -p */ #undef LOGIN_ARGS -/* Define if there are working stream ptys */ -#undef STREAMSPTY - /* set this to a sensible login */ #ifndef LOGIN_PATH #define LOGIN_PATH BINDIR "/login" #endif /* ------------------------------------------------------------ */ -/* - * Define this if your ndbm-library really is berkeley db and creates - * files that ends in .db. - */ -#undef HAVE_NEW_DB +#ifdef BROKEN_REALLOC +#define realloc(X, Y) isoc_realloc((X), (Y)) +#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y)) +#endif -/* Define this if you have a working getmsg */ -#undef HAVE_GETMSG - -/* Define to enable new master key code */ -#undef RANDOM_MKEY - -/* Location of the master key file, default value lives in */ -#undef MKEYFILE - -/* Define if you don't want support for afs, might be a good idea on - AIX if you don't have afs */ -#undef NO_AFS - -/* Define if you have a readline compatible library */ -#undef HAVE_READLINE - #ifdef VOID_RETSIGTYPE #define SIGRETURN(x) return #else #define SIGRETURN(x) return (RETSIGTYPE)(x) #endif -/* Define this if your compiler supports '#pragma weak' */ -#undef HAVE_PRAGMA_WEAK - /* Temporary fixes for krb_{rd,mk}_safe */ #define DES_QUAD_GUESS 0 #define DES_QUAD_NEW 1 #define DES_QUAD_OLD 2 -/* Set this to one of the constants above to specify default checksum - type to emit */ -#undef DES_QUAD_DEFAULT +/* + * All these are system-specific defines that I would rather not have at all. + */ /* * AIX braindamage! */ #if _AIX #define _ALL_SOURCE -#define _POSIX_SOURCE -/* this is left for hysteric reasons :-) */ -#define unix /* well, ok... */ +/* XXX this is gross, but kills about a gazillion warnings */ +struct ether_addr; +struct sockaddr; +struct sockaddr_dl; +struct sockaddr_in; #endif -/* - * SunOS braindamage! (Sun include files are generally braindead) - */ -#if (defined(sun) || defined(__sun)) -#if defined(__svr4__) || defined(__SVR4) -#define SunOS 5 -#else -#define SunOS 4 -#endif -#endif - #if defined(__sgi) || defined(sgi) #if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4) #define IRIX 5 #else #define IRIX 4 #endif #endif /* IRIX 4 braindamage */ #if IRIX == 4 && !defined(__STDC__) #define __STDC__ 0 +#endif + +/* + * Defining this enables lots of useful (and used) extensions on + * glibc-based systems such as Linux + */ + +#define _GNU_SOURCE + +/* some strange OS/2 stuff. From */ + +#ifdef __EMX__ +#define _EMX_TCPIP +#define MAIL_USE_SYSTEM_LOCK +#endif + +#ifdef ROKEN_RENAME +#include "roken_rename.h" #endif Index: stable/3/crypto/kerberosIV/aclocal.m4 =================================================================== --- stable/3/crypto/kerberosIV/aclocal.m4 (revision 62577) +++ stable/3/crypto/kerberosIV/aclocal.m4 (revision 62578) @@ -1,543 +1,1365 @@ +dnl aclocal.m4 generated automatically by aclocal 1.4 + +dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without +dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A +dnl PARTICULAR PURPOSE. + +dnl $Id: acinclude.m4,v 1.2 1999/03/01 13:06:21 joda Exp $ dnl -dnl $Id: aclocal.m4,v 1.38 1997/05/18 18:47:30 assar Exp $ +dnl Only put things that for some reason can't live in the `cf' +dnl directory in this file. dnl +dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $ dnl -dnl General tests +define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl + +dnl $Id: krb-prog-ln-s.m4,v 1.1 1997/12/14 15:59:01 joda Exp $ dnl +dnl +dnl Better test for ln -s, ln or cp +dnl +AC_DEFUN(AC_KRB_PROG_LN_S, +[AC_MSG_CHECKING(for ln -s or something else) +AC_CACHE_VAL(ac_cv_prog_LN_S, +[rm -f conftestdata +if ln -s X conftestdata 2>/dev/null +then + rm -f conftestdata + ac_cv_prog_LN_S="ln -s" +else + touch conftestdata1 + if ln conftestdata1 conftestdata2; then + rm -f conftestdata* + ac_cv_prog_LN_S=ln + else + ac_cv_prog_LN_S=cp + fi +fi])dnl +LN_S="$ac_cv_prog_LN_S" +AC_MSG_RESULT($ac_cv_prog_LN_S) +AC_SUBST(LN_S)dnl +]) + + +dnl $Id: krb-prog-yacc.m4,v 1.1 1997/12/14 15:59:02 joda Exp $ dnl +dnl +dnl We prefer byacc or yacc because they do not use `alloca' +dnl + +AC_DEFUN(AC_KRB_PROG_YACC, +[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')]) + +dnl $Id: test-package.m4,v 1.7 1999/04/19 13:33:05 assar Exp $ +dnl +dnl AC_TEST_PACKAGE_NEW(package,headers,libraries,extra libs,default locations) + +AC_DEFUN(AC_TEST_PACKAGE,[AC_TEST_PACKAGE_NEW($1,[#include <$2>],$4,,$5)]) + +AC_DEFUN(AC_TEST_PACKAGE_NEW,[ +AC_ARG_WITH($1, +[ --with-$1=dir use $1 in dir]) +AC_ARG_WITH($1-lib, +[ --with-$1-lib=dir use $1 libraries in dir], +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-lib]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) +AC_ARG_WITH($1-include, +[ --with-$1-include=dir use $1 headers in dir], +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-include]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) + +AC_MSG_CHECKING(for $1) + +case "$with_$1" in +yes) ;; +no) ;; +"") ;; +*) if test "$with_$1_include" = ""; then + with_$1_include="$with_$1/include" + fi + if test "$with_$1_lib" = ""; then + with_$1_lib="$with_$1/lib$abilibdirext" + fi + ;; +esac +header_dirs= +lib_dirs= +d='$5' +for i in $d; do + header_dirs="$header_dirs $i/include" + lib_dirs="$lib_dirs $i/lib$abilibdirext" +done + +case "$with_$1_include" in +yes) ;; +no) ;; +*) header_dirs="$with_$1_include $header_dirs";; +esac +case "$with_$1_lib" in +yes) ;; +no) ;; +*) lib_dirs="$with_$1_lib $lib_dirs";; +esac + +save_CFLAGS="$CFLAGS" +save_LIBS="$LIBS" +ires= lres= +for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" + AC_TRY_COMPILE([$2],,ires=$i;break) +done +for i in $lib_dirs; do + LIBS="-L$i $3 $4 $save_LIBS" + AC_TRY_LINK([$2],,lres=$i;break) +done +CFLAGS="$save_CFLAGS" +LIBS="$save_LIBS" + +if test "$ires" -a "$lres" -a "$with_$1" != "no"; then + $1_includedir="$ires" + $1_libdir="$lres" + INCLUDE_$1="-I$$1_includedir" + LIB_$1="-L$$1_libdir $3" + AC_DEFINE_UNQUOTED(upcase($1),1,[Define if you have the $1 package.]) + with_$1=yes + AC_MSG_RESULT([headers $ires, libraries $lres]) +else + INCLUDE_$1= + LIB_$1= + with_$1=no + AC_MSG_RESULT($with_$1) +fi +AC_SUBST(INCLUDE_$1) +AC_SUBST(LIB_$1) +]) + +dnl $Id: osfc2.m4,v 1.2 1999/03/27 17:28:16 joda Exp $ +dnl +dnl enable OSF C2 stuff + +AC_DEFUN(AC_CHECK_OSFC2,[ +AC_ARG_ENABLE(osfc2, +[ --enable-osfc2 enable some OSF C2 support]) +LIB_security= +if test "$enable_osfc2" = yes; then + AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.]) + LIB_security=-lsecurity +fi +AC_SUBST(LIB_security) +]) + +dnl $Id: mips-abi.m4,v 1.4 1998/05/16 20:44:15 joda Exp $ +dnl +dnl +dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some +dnl value. + +AC_DEFUN(AC_MIPS_ABI, [ +AC_ARG_WITH(mips_abi, +[ --with-mips-abi=abi ABI to use for IRIX (32, n32, or 64)]) + +case "$host_os" in +irix*) +with_mips_abi="${with_mips_abi:-yes}" +if test -n "$GCC"; then + +# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select +# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs. +# +# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old +# GCC and revert back to O32. The same goes if O32 is asked for - old +# GCCs doesn't like the -mabi option, and new GCCs can't output O32. +# +# Don't you just love *all* the different SGI ABIs? + +case "${with_mips_abi}" in + 32|o32) abi='-mabi=32'; abilibdirext='' ;; + n32|yes) abi='-mabi=n32'; abilibdirext='32' ;; + 64) abi='-mabi=64'; abilibdirext='64' ;; + no) abi=''; abilibdirext='';; + *) AC_ERROR("Invalid ABI specified") ;; +esac +if test -n "$abi" ; then +ac_foo=krb_cv_gcc_`echo $abi | tr =- __` +dnl +dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to +dnl AC_MSG_RESULT +dnl +AC_MSG_CHECKING([if $CC supports the $abi option]) +AC_CACHE_VAL($ac_foo, [ +save_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS $abi" +AC_TRY_COMPILE(,int x;, eval $ac_foo=yes, eval $ac_foo=no) +CFLAGS="$save_CFLAGS" +]) +ac_res=`eval echo \\\$$ac_foo` +AC_MSG_RESULT($ac_res) +if test $ac_res = no; then +# Try to figure out why that failed... +case $abi in + -mabi=32) + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -mabi=n32" + AC_TRY_COMPILE(,int x;, ac_res=yes, ac_res=no) + CLAGS="$save_CFLAGS" + if test $ac_res = yes; then + # New GCC + AC_ERROR([$CC does not support the $with_mips_abi ABI]) + fi + # Old GCC + abi='' + abilibdirext='' + ;; + -mabi=n32|-mabi=64) + if test $with_mips_abi = yes; then + # Old GCC, default to O32 + abi='' + abilibdirext='' + else + # Some broken GCC + AC_ERROR([$CC does not support the $with_mips_abi ABI]) + fi + ;; +esac +fi #if test $ac_res = no; then +fi #if test -n "$abi" ; then +else +case "${with_mips_abi}" in + 32|o32) abi='-32'; abilibdirext='' ;; + n32|yes) abi='-n32'; abilibdirext='32' ;; + 64) abi='-64'; abilibdirext='64' ;; + no) abi=''; abilibdirext='';; + *) AC_ERROR("Invalid ABI specified") ;; +esac +fi #if test -n "$GCC"; then +;; +esac +]) + +dnl +dnl $Id: shared-libs.m4,v 1.4 1999/07/13 17:47:09 assar Exp $ +dnl +dnl Shared library stuff has to be different everywhere +dnl + +AC_DEFUN(AC_SHARED_LIBS, [ + +dnl Check if we want to use shared libraries +AC_ARG_ENABLE(shared, +[ --enable-shared create shared libraries for Kerberos]) + +AC_SUBST(CFLAGS)dnl +AC_SUBST(LDFLAGS)dnl + +case ${enable_shared} in + yes ) enable_shared=yes;; + no ) enable_shared=no;; + * ) enable_shared=no;; +esac + +# NOTE: Building shared libraries may not work if you do not use gcc! +# +# OS $SHLIBEXT +# HP-UX sl +# Linux so +# NetBSD so +# FreeBSD so +# OSF so +# SunOS5 so +# SunOS4 so.0.5 +# Irix so +# +# LIBEXT is the extension we should build (.a or $SHLIBEXT) +LINK='$(CC)' +AC_SUBST(LINK) +lib_deps=yes +REAL_PICFLAGS="-fpic" +LDSHARED='$(CC) $(PICFLAGS) -shared' +LIBPREFIX=lib +build_symlink_command=@true +install_symlink_command=@true +install_symlink_command2=@true +REAL_SHLIBEXT=so +changequote({,})dnl +SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'` +SHLIB_SONAME=`echo $VERSION | sed 's/\([0-9]*\).*/\1/'` +changequote([,])dnl +case "${host}" in +*-*-hpux*) + REAL_SHLIBEXT=sl + REAL_LD_FLAGS='-Wl,+b$(libdir)' + if test -z "$GCC"; then + LDSHARED="ld -b" + REAL_PICFLAGS="+z" + fi + lib_deps=no + ;; +*-*-linux*) + LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}" + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_SHLIBEXT=so.$SHLIB_VERSION + build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so' + install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so' + install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so' + ;; +changequote(,)dnl +*-*-freebsd[34]*) +changequote([,])dnl + REAL_SHLIBEXT=so.$SHLIB_VERSION + REAL_LD_FLAGS='-Wl,-R$(libdir)' + build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so' + install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so' + install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so' + ;; +*-*-*bsd*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + LDSHARED='ld -Bshareable' + REAL_LD_FLAGS='-Wl,-R$(libdir)' + ;; +*-*-osf*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_PICFLAGS= + LDSHARED='ld -shared -expect_unresolved \*' + ;; +*-*-solaris2*) + REAL_LD_FLAGS='-Wl,-R$(libdir)' + if test -z "$GCC"; then + LDSHARED='$(CC) -G' + REAL_PICFLAGS="-Kpic" + fi + ;; +*-fujitsu-uxpv*) + REAL_LD_FLAGS='' # really: LD_RUN_PATH=$(libdir) cc -o ... + REAL_LINK='LD_RUN_PATH=$(libdir) $(CC)' + LDSHARED='$(CC) -G' + REAL_PICFLAGS="-Kpic" + lib_deps=no # fails in mysterious ways + ;; +*-*-sunos*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + REAL_LD_FLAGS='-Wl,-L$(libdir)' + lib_deps=no + ;; +*-*-irix*) + libdir="${libdir}${abilibdirext}" + REAL_LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)" + LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)" + LDSHARED="\$(CC) -shared ${abi}" + REAL_PICFLAGS= + CFLAGS="${abi} ${CFLAGS}" + ;; +*-*-os2*) + LIBPREFIX= + EXECSUFFIX='.exe' + RANLIB=EMXOMF + LD_FLAGS=-Zcrtdll + REAL_SHLIBEXT=nobuild + ;; +*-*-cygwin32*) + EXECSUFFIX='.exe' + REAL_SHLIBEXT=nobuild + ;; +*) REAL_SHLIBEXT=nobuild + REAL_PICFLAGS= + ;; +esac + +if test "${enable_shared}" != "yes" ; then + PICFLAGS="" + SHLIBEXT="nobuild" + LIBEXT="a" + build_symlink_command=@true + install_symlink_command=@true + install_symlink_command2=@true +else + PICFLAGS="$REAL_PICFLAGS" + SHLIBEXT="$REAL_SHLIBEXT" + LIBEXT="$SHLIBEXT" + AC_MSG_CHECKING(whether to use -rpath) + case "$libdir" in + /lib | /usr/lib | /usr/local/lib) + AC_MSG_RESULT(no) + REAL_LD_FLAGS= + LD_FLAGS= + ;; + *) + LD_FLAGS="$REAL_LD_FLAGS" + test "$REAL_LINK" && LINK="$REAL_LINK" + AC_MSG_RESULT($LD_FLAGS) + ;; + esac +fi + +if test "$lib_deps" = yes; then + lib_deps_yes="" + lib_deps_no="# " +else + lib_deps_yes="# " + lib_deps_no="" +fi +AC_SUBST(lib_deps_yes) +AC_SUBST(lib_deps_no) + +# use supplied ld-flags, or none if `no' +if test "$with_ld_flags" = no; then + LD_FLAGS= +elif test -n "$with_ld_flags"; then + LD_FLAGS="$with_ld_flags" +fi + +AC_SUBST(REAL_PICFLAGS) dnl +AC_SUBST(REAL_SHLIBEXT) dnl +AC_SUBST(REAL_LD_FLAGS) dnl + +AC_SUBST(PICFLAGS) dnl +AC_SUBST(SHLIBEXT) dnl +AC_SUBST(LDSHARED) dnl +AC_SUBST(LD_FLAGS) dnl +AC_SUBST(LIBEXT) dnl +AC_SUBST(LIBPREFIX) dnl +AC_SUBST(EXECSUFFIX) dnl + +AC_SUBST(build_symlink_command)dnl +AC_SUBST(install_symlink_command)dnl +AC_SUBST(install_symlink_command2)dnl +]) + +dnl +dnl $Id: c-attribute.m4,v 1.2 1999/03/01 09:52:23 joda Exp $ +dnl + +dnl +dnl Test for __attribute__ +dnl + +AC_DEFUN(AC_C___ATTRIBUTE__, [ +AC_MSG_CHECKING(for __attribute__) +AC_CACHE_VAL(ac_cv___attribute__, [ +AC_TRY_COMPILE([ +#include +], +[ +static void foo(void) __attribute__ ((noreturn)); + +static void +foo(void) +{ + exit(1); +} +], +ac_cv___attribute__=yes, +ac_cv___attribute__=no)]) +if test "$ac_cv___attribute__" = "yes"; then + AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__]) +fi +AC_MSG_RESULT($ac_cv___attribute__) +]) + + +dnl $Id: krb-sys-nextstep.m4,v 1.2 1998/06/03 23:48:40 joda Exp $ +dnl +dnl +dnl NEXTSTEP is not posix compliant by default, +dnl you need a switch -posix to the compiler +dnl + +AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [ +AC_MSG_CHECKING(for NEXTSTEP) +AC_CACHE_VAL(krb_cv_sys_nextstep, +AC_EGREP_CPP(yes, +[#if defined(NeXT) && !defined(__APPLE__) + yes +#endif +], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) ) +if test "$krb_cv_sys_nextstep" = "yes"; then + CFLAGS="$CFLAGS -posix" + LIBS="$LIBS -posix" +fi +AC_MSG_RESULT($krb_cv_sys_nextstep) +]) + +dnl $Id: krb-sys-aix.m4,v 1.1 1997/12/14 15:59:02 joda Exp $ +dnl +dnl +dnl AIX have a very different syscall convention +dnl +AC_DEFUN(AC_KRB_SYS_AIX, [ +AC_MSG_CHECKING(for AIX) +AC_CACHE_VAL(krb_cv_sys_aix, +AC_EGREP_CPP(yes, +[#ifdef _AIX + yes +#endif +], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) ) +AC_MSG_RESULT($krb_cv_sys_aix) +]) + +dnl $Id: find-func-no-libs.m4,v 1.5 1999/10/30 21:08:18 assar Exp $ +dnl +dnl dnl Look for function in any of the specified libraries dnl -dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments) +dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args) AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [ +AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])]) +dnl $Id: find-func-no-libs2.m4,v 1.3 1999/10/30 21:09:53 assar Exp $ +dnl +dnl +dnl Look for function in any of the specified libraries +dnl + +dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args) +AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [ + AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(ac_cv_funclib_$1, [ if eval "test \"\$ac_cv_func_$1\" != yes" ; then ac_save_LIBS="$LIBS" - for ac_lib in "" $2; do + for ac_lib in $2; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS="$6 $ac_lib $5 $ac_save_LIBS" AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break) done eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" LIBS="$ac_save_LIBS" fi ]) eval "ac_res=\$ac_cv_funclib_$1" -# autoheader tricks *sigh* +dnl autoheader tricks *sigh* : << END @@@funcs="$funcs $1"@@@ @@@libs="$libs $2"@@@ END -changequote(, )dnl -eval "ac_tr_func=HAVE_`echo $1 | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# $1 +eval "ac_tr_func=HAVE_[]upcase($1)" +eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')" eval "LIB_$1=$ac_res" -changequote([, ])dnl case "$ac_res" in yes) eval "ac_cv_func_$1=yes" eval "LIB_$1=" AC_DEFINE_UNQUOTED($ac_tr_func) AC_MSG_RESULT([yes]) ;; no) eval "ac_cv_func_$1=no" eval "LIB_$1=" AC_MSG_RESULT([no]) ;; *) eval "ac_cv_func_$1=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" AC_DEFINE_UNQUOTED($ac_tr_func) AC_DEFINE_UNQUOTED($ac_tr_lib) AC_MSG_RESULT([yes, in $ac_res]) ;; esac AC_SUBST(LIB_$1) ]) -dnl AC_FIND_FUNC(func, libraries, includes, arguments) -AC_DEFUN(AC_FIND_FUNC, [ -AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) -if test -n "$LIB_$1"; then - LIBS="$LIB_$1 $LIBS" -fi -]) - dnl -dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal -dnl libraries +dnl $Id: check-netinet-ip-and-tcp.m4,v 1.2 1999/05/14 13:15:40 assar Exp $ +dnl -AC_DEFUN(AC_BROKEN, -[for ac_func in $1 -do -AC_CHECK_FUNC($ac_func, [ +dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3 +dnl you have to include standards.h before including these files + +AC_DEFUN(CHECK_NETINET_IP_AND_TCP, +[ +AC_CHECK_HEADERS(standards.h) +for i in netinet/ip.h netinet/tcp.h; do + +cv=`echo "$i" | sed 'y%./+-%__p_%'` + +AC_MSG_CHECKING([for $i]) +AC_CACHE_VAL([ac_cv_header_$cv], +[AC_TRY_CPP([\ +#ifdef HAVE_STANDARDS_H +#include +#endif +#include <$i> +], +eval "ac_cv_header_$cv=yes", +eval "ac_cv_header_$cv=no")]) +AC_MSG_RESULT(`eval echo \\$ac_cv_header_$cv`) changequote(, )dnl -ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +if test `eval echo \\$ac_cv_header_$cv` = yes; then + ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` changequote([, ])dnl -AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS="$LIBOBJS ${ac_func}.o"]) -# autoheader tricks *sigh* + AC_DEFINE_UNQUOTED($ac_tr_hdr, 1) +fi +done +dnl autoheader tricks *sigh* : << END -@@@funcs="$funcs $1"@@@ +@@@headers="$headers netinet/ip.h netinet/tcp.h"@@@ END -done -AC_SUBST(LIBOBJS)dnl + ]) +dnl $Id: grok-type.m4,v 1.4 1999/11/29 11:16:48 joda Exp $ dnl -dnl Mix between AC_FIND_FUNC and AC_BROKEN -dnl +AC_DEFUN(AC_GROK_TYPE, [ +AC_CACHE_VAL(ac_cv_type_$1, +AC_TRY_COMPILE([ +#ifdef HAVE_INTTYPES_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_BIND_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif +], +$i x; +, +eval ac_cv_type_$1=yes, +eval ac_cv_type_$1=no))]) -AC_DEFUN(AC_FIND_IF_NOT_BROKEN, -[AC_FIND_FUNC([$1], [$2], [$3], [$4]) -if eval "test \"$ac_cv_func_$1\" != yes"; then -LIBOBJS="$LIBOBJS $1.o" +AC_DEFUN(AC_GROK_TYPES, [ +for i in $1; do + AC_MSG_CHECKING(for $i) + AC_GROK_TYPE($i) + eval ac_res=\$ac_cv_type_$i + if test "$ac_res" = yes; then + type=HAVE_[]upcase($i) + AC_DEFINE_UNQUOTED($type) fi -AC_SUBST(LIBOBJS)dnl + AC_MSG_RESULT($ac_res) +done ]) +dnl $Id: find-func.m4,v 1.1 1997/12/14 15:58:58 joda Exp $ dnl +dnl AC_FIND_FUNC(func, libraries, includes, arguments) +AC_DEFUN(AC_FIND_FUNC, [ +AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) +if test -n "$LIB_$1"; then + LIBS="$LIB_$1 $LIBS" +fi +]) + dnl +dnl See if there is any X11 present dnl +dnl $Id: check-x.m4,v 1.2 1999/11/05 04:25:23 assar Exp $ -dnl AC_TEST_PACKAGE(package,header,lib,linkline) -AC_DEFUN(AC_TEST_PACKAGE, -[ -AC_MSG_CHECKING(for $1) -AC_ARG_WITH($1, -[ --with-$1=dir use $1 in dir], -[if test "$with_$1" = "no"; then - with_$1= -fi] -) -AC_ARG_WITH($1-lib, -[ --with-$1-lib=dir use $1-lib in dir], -[if test "$withval" = "yes" -o "$withval" = "no"; then - AC_MSG_ERROR([No argument for --with-$1-lib]) -elif test "X$with_$1" = "X"; then - with_$1=yes -fi] -) -AC_ARG_WITH($1-include, -[ --with-$1-include=dir use $1-include in dir], -[if test "$withval" = "yes" -o "$withval" = "no"; then - AC_MSG_ERROR([No argument for --with-$1-include]) -elif test "X$with_$1" = "X"; then - with_$1=yes -fi] -) +AC_DEFUN(KRB_CHECK_X,[ +AC_PATH_XTRA -define([foo], translit($1, [a-z], [A-Z])) -: << END -@@@syms="$syms foo"@@@ -END - -if test -n "$with_$1"; then - AC_DEFINE([foo]) - if test "$with_$1" != "yes"; then - $1_dir=$with_$1 - fi -dnl Try to find include - if test -n "$with_$1_include"; then - trydir=$with_$1_include - elif test "$with_$1" != "yes"; then - trydir="$with_$1 $with_$1/include" +# try to figure out if we need any additional ld flags, like -R +# and yes, the autoconf X test is utterly broken +if test "$no_x" != yes; then + AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[ + ac_save_libs="$LIBS" + ac_save_cflags="$CFLAGS" + CFLAGS="$CFLAGS $X_CFLAGS" + krb_cv_sys_x_libs_rpath="" + krb_cv_sys_x_libs="" + for rflag in "" "-R" "-R " "-rpath "; do + if test "$rflag" = ""; then + foo="$X_LIBS" else - trydir= + foo="" + for flag in $X_LIBS; do + case $flag in + -L*) + foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`" + ;; + *) + foo="$foo $flag" + ;; + esac + done fi - found= - for i in $trydir ""; do - if test -n "$i"; then - if test -f $i/$2; then - found=yes; res=$i; break + LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS" + AC_TRY_RUN([ + #include + foo() + { + XOpenDisplay(NULL); + } + main() + { + return 0; + } + ], krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:) + done + LIBS="$ac_save_libs" + CFLAGS="$ac_save_cflags" + ]) + X_LIBS="$krb_cv_sys_x_libs" fi +]) + +dnl $Id: check-xau.m4,v 1.3 1999/05/14 01:17:06 assar Exp $ +dnl +dnl check for Xau{Read,Write}Auth and XauFileName +dnl +AC_DEFUN(AC_CHECK_XAU,[ +save_CFLAGS="$CFLAGS" +CFLAGS="$X_CFLAGS $CFLAGS" +save_LIBS="$LIBS" +dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +save_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS $X_LIBS" + + +AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau) +ac_xxx="$LIBS" +LIBS="$LIB_XauWriteAuth $LIBS" +AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau) +LIBS="$LIB_XauReadAauth $LIBS" +AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau) +LIBS="$ac_xxx" + +case "$ac_cv_funclib_XauWriteAuth" in +yes) ;; +no) ;; +*) if test "$ac_cv_funclib_XauReadAuth" = yes; then + if test "$ac_cv_funclib_XauFileName" = yes; then + LIB_XauReadAuth="$LIB_XauWriteAuth" else - AC_TRY_CPP([#include <$2>], [found=yes; res=$i; break]) + LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName" fi - done - if test -n "$found"; then - $1_include=$res else - AC_MSG_ERROR(Cannot find $2) - fi -dnl Try to find lib - if test -n "$with_$1_lib"; then - trydir=$with_$1_lib - elif test "$with_$1" != "yes"; then - trydir="$with_$1 $with_$1/lib" + if test "$ac_cv_funclib_XauFileName" = yes; then + LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth" else - trydir= + LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName" fi - found= - for i in $trydir ""; do - if test -n "$i"; then - if test -f $i/$3; then - found=yes; res=$i; break fi + ;; +esac + +if test "$AUTOMAKE" != ""; then + AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes") else - old_LIBS=$LIBS - LIBS="$4 $LIBS" - AC_TRY_LINK([], [], [found=yes; res=$i; LIBS=$old_LIBS; break]) - LIBS=$old_LIBS - fi - done - if test -n "$found"; then - $1_lib=$res + AC_SUBST(NEED_WRITEAUTH_TRUE) + AC_SUBST(NEED_WRITEAUTH_FALSE) + if test "$ac_cv_func_XauWriteAuth" != "yes"; then + NEED_WRITEAUTH_TRUE= + NEED_WRITEAUTH_FALSE='#' else - AC_MSG_ERROR(Cannot find $3) + NEED_WRITEAUTH_TRUE='#' + NEED_WRITEAUTH_FALSE= fi - AC_MSG_RESULT([headers $$1_include, libraries $$1_lib]) - AC_DEFINE_UNQUOTED(foo) - if test -n "$$1_include"; then - foo[INCLUDE]="-I$$1_include" fi - AC_SUBST(foo[INCLUDE]) - if test -n "$$1_lib"; then - foo[LIB]="-L$$1_lib" - fi - foo[LIB]="$foo[LIB] $4" - AC_SUBST(foo[LIB]) -else - AC_MSG_RESULT(no) -fi -undefine([foo]) +CFLAGS=$save_CFLAGS +LIBS=$save_LIBS +LDFLAGS=$save_LDFLAGS ]) +# Define a conditional. + +AC_DEFUN(AM_CONDITIONAL, +[AC_SUBST($1_TRUE) +AC_SUBST($1_FALSE) +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi]) + +dnl $Id: krb-find-db.m4,v 1.5 1999/05/08 02:24:04 assar Exp $ dnl -dnl Check if we need the declaration of a variable +dnl find a suitable database library dnl +dnl AC_FIND_DB(libraries) +AC_DEFUN(KRB_FIND_DB, [ -dnl AC_HAVE_DECLARATION(includes, variable) -AC_DEFUN(AC_CHECK_DECLARATION, [ -AC_MSG_CHECKING([if $2 is properly declared]) -AC_CACHE_VAL(ac_cv_var_$2_declaration, [ -AC_TRY_COMPILE([$1 -extern struct { int foo; } $2;], -[$2.foo = 1;], -eval "ac_cv_var_$2_declaration=no", -eval "ac_cv_var_$2_declaration=yes") -]) +lib_dbm=no +lib_db=no -ac_tr_var=[HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION] +for i in $1; do -define([foo], [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION]) -: << END -@@@syms="$syms foo"@@@ -END -undefine([foo]) + if test "$i"; then + m="lib$i" + l="-l$i" + else + m="libc" + l="" + fi -AC_MSG_RESULT($ac_cv_var_$2_declaration) -if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then - AC_DEFINE_UNQUOTED($ac_tr_var) + AC_MSG_CHECKING(for dbm_open in $m) + AC_CACHE_VAL(ac_cv_krb_dbm_open_$m, [ + + save_LIBS="$LIBS" + LIBS="$l $LIBS" + AC_TRY_RUN([ +#include +#include +#if defined(HAVE_NDBM_H) +#include +#elif defined(HAVE_DBM_H) +#include +#elif defined(HAVE_RPCSVC_DBM_H) +#include +#elif defined(HAVE_DB_H) +#define DB_DBM_HSEARCH 1 +#include +#endif +int main() +{ + DBM *d; + + d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); + if(d == NULL) + return 1; + dbm_close(d); + return 0; +}], [ + if test -f conftest.db; then + ac_res=db + else + ac_res=dbm + fi], ac_res=no, ac_res=no) + + LIBS="$save_LIBS" + + eval ac_cv_krb_dbm_open_$m=$ac_res]) + eval ac_res=\$ac_cv_krb_dbm_open_$m + AC_MSG_RESULT($ac_res) + + if test "$lib_dbm" = no -a $ac_res = dbm; then + lib_dbm="$l" + elif test "$lib_db" = no -a $ac_res = db; then + lib_db="$l" + break + fi +done + +AC_MSG_CHECKING(for NDBM library) +ac_ndbm=no +if test "$lib_db" != no; then + LIB_DBM="$lib_db" + ac_ndbm=yes + AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files ending in .db).]) + if test "$LIB_DBM"; then + ac_res="yes, $LIB_DBM" + else + ac_res=yes + fi +elif test "$lib_dbm" != no; then + LIB_DBM="$lib_dbm" + ac_ndbm=yes + if test "$LIB_DBM"; then + ac_res="yes, $LIB_DBM" + else + ac_res=yes + fi +else + LIB_DBM="" + ac_res=no fi +test "$ac_ndbm" = yes && AC_DEFINE(NDBM, 1, [Define if you have NDBM (and not DBM)])dnl +AC_SUBST(LIB_DBM) +DBLIB="$LIB_DBM" +AC_SUBST(DBLIB) +AC_MSG_RESULT($ac_res) + ]) +dnl $Id: broken-snprintf.m4,v 1.3 1999/03/01 09:52:22 joda Exp $ dnl -dnl -dnl +AC_DEFUN(AC_BROKEN_SNPRINTF, [ +AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working, +ac_cv_func_snprintf_working=yes +AC_TRY_RUN([ +#include +#include +int main() +{ +changequote(`,')dnl + char foo[3]; +changequote([,])dnl + snprintf(foo, 2, "12"); + return strcmp(foo, "1"); +}],:,ac_cv_func_snprintf_working=no,:)) -dnl AC_CHECK_VAR(includes, variable) -AC_DEFUN(AC_CHECK_VAR, [ -AC_MSG_CHECKING(for $2) -AC_CACHE_VAL(ac_cv_var_$2, [ -AC_TRY_LINK([extern int $2; -int foo() { return $2; }], - [foo()], - ac_cv_var_$2=yes, ac_cv_var_$2=no) +if test "$ac_cv_func_snprintf_working" = yes; then + AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf]) +fi +if test "$ac_cv_func_snprintf_working" = yes; then +AC_NEED_PROTO([#include ],snprintf) +fi ]) -eval "ac_tr_var=[HAVE_]translit($2,[a-z],[A-Z])" -define([foo], [HAVE_]translit($2, [a-z], [A-Z])) -: << END -@@@syms="$syms foo"@@@ -END -undefine([foo]) +AC_DEFUN(AC_BROKEN_VSNPRINTF,[ +AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working, +ac_cv_func_vsnprintf_working=yes +AC_TRY_RUN([ +#include +#include +#include -AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`) -if test `eval echo \\$ac_cv_var_$2` = yes; then - AC_DEFINE_UNQUOTED($ac_tr_var) - AC_CHECK_DECLARATION([$1],[$2]) +int foo(int num, ...) +{ +changequote(`,')dnl + char bar[3]; +changequote([,])dnl + va_list arg; + va_start(arg, num); + vsnprintf(bar, 2, "%s", arg); + va_end(arg); + return strcmp(bar, "1"); +} + + +int main() +{ + return foo(0, "12"); +}],:,ac_cv_func_vsnprintf_working=no,:)) + +if test "$ac_cv_func_vsnprintf_working" = yes; then + AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf]) fi +if test "$ac_cv_func_vsnprintf_working" = yes; then +AC_NEED_PROTO([#include ],vsnprintf) +fi ]) +dnl $Id: need-proto.m4,v 1.2 1999/03/01 09:52:24 joda Exp $ dnl +dnl dnl Check if we need the prototype for a function dnl dnl AC_NEED_PROTO(includes, function) AC_DEFUN(AC_NEED_PROTO, [ +if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto, AC_TRY_COMPILE([$1], [struct foo { int foo; } xx; extern int $2 (struct foo*); $2(&xx); ], eval "ac_cv_func_$2_noproto=yes", eval "ac_cv_func_$2_noproto=no")) define([foo], [NEED_]translit($2, [a-z], [A-Z])[_PROTO]) if test "$ac_cv_func_$2_noproto" = yes; then - AC_DEFINE(foo) + AC_DEFINE(foo, 1, [define if the system is missing a prototype for $2()]) fi -: << END -@@@syms="$syms foo"@@@ -END undefine([foo]) +fi ]) -dnl AC_MSG_RESULT($ac_cv_func_$3_proto) -dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then -dnl AC_DEFINE_UNQUOTED($ac_tr_func) -dnl fi -dnl ]) -dnl -dnl AC_DEFUN(AC_NEED_PROTO, [ -dnl AC_MSG_CHECKING([if $3 needs a proto]) -dnl AC_CACHE_VAL(ac_cv_func_$3_proto, [ -dnl AC_TRY_COMPILE([$1], -dnl [$2], -dnl eval "ac_cv_func_$3_proto=no", -dnl eval "ac_cv_func_$3_proto=yes") -dnl ]) -dnl changequote(, )dnl -dnl eval "ac_tr_func=NEED_`echo $3 | tr '[a-z]' '[A-Z]'`_PROTO" -dnl changequote([, ])dnl -dnl -dnl define([foo], [NEED_]translit($3, [a-z], [A-Z])[_PROTO]) -dnl : << END -dnl @@@syms="$syms foo"@@@ -dnl END -dnl undefine([foo]) -dnl -dnl AC_MSG_RESULT($ac_cv_func_$3_proto) -dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then -dnl AC_DEFINE_UNQUOTED($ac_tr_func) -dnl fi -dnl ]) +dnl $Id: broken-glob.m4,v 1.2 1999/03/01 09:52:15 joda Exp $ +dnl +dnl check for glob(3) +dnl +AC_DEFUN(AC_BROKEN_GLOB,[ +AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working, +ac_cv_func_glob_working=yes +AC_TRY_LINK([ +#include +#include ],[ +glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL); +],:,ac_cv_func_glob_working=no,:)) -AC_DEFUN(AC_GROK_TYPE, [ -AC_CACHE_VAL(ac_cv_type_$1, -AC_TRY_COMPILE([ -#include "confdefs.h" -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_BITYPES_H -#include -#endif -#ifdef HAVE_BIND_BITYPES_H -#include -#endif -#ifdef HAVE_NETINET_IN6_MACHTYPES_H -#include -#endif -], -$i x; -, -eval ac_cv_type_$1=yes, -eval ac_cv_type_$1=no))]) - - -AC_DEFUN(AC_GROK_TYPES, [ -for i in $1; do - AC_MSG_CHECKING(for $i) - AC_GROK_TYPE($i) - eval ac_res=\$ac_cv_type_$i - if test "$ac_res" = yes; then - type=HAVE_`echo $i | tr '[a-z]' '[A-Z]'` - AC_DEFINE_UNQUOTED($type) +if test "$ac_cv_func_glob_working" = yes; then + AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks + GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE]) fi - AC_MSG_RESULT($ac_res) -done +if test "$ac_cv_func_glob_working" = yes; then +AC_NEED_PROTO([#include +#include ],glob) +fi ]) dnl -dnl Specific tests +dnl $Id: capabilities.m4,v 1.2 1999/09/01 11:02:26 joda Exp $ dnl dnl -dnl We prefer byacc or yacc because they do not use `alloca' +dnl Test SGI capabilities dnl -AC_DEFUN(AC_KRB_PROG_YACC, -[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')]) +AC_DEFUN(KRB_CAPABILITIES,[ -dnl -dnl Also look for EMXOMF for OS/2 -dnl +AC_CHECK_HEADERS(capability.h sys/capability.h) -AC_DEFUN(AC_KRB_PROG_RANLIB, -[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)]) +AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc) +]) +dnl $Id: check-getpwnam_r-posix.m4,v 1.2 1999/03/23 16:47:31 joda Exp $ dnl -dnl Better test for ln -s, ln or cp +dnl check for getpwnam_r, and if it's posix or not + +AC_DEFUN(AC_CHECK_GETPWNAM_R_POSIX,[ +AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r) +if test "$ac_cv_func_getpwnam_r" = yes; then + AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix, + ac_libs="$LIBS" + LIBS="$LIBS $LIB_getpwnam_r" + AC_TRY_RUN([ +#include +int main() +{ + struct passwd pw, *pwd; + return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; +} +],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:) +LIBS="$ac_libs") +if test "$ac_cv_func_getpwnam_r_posix" = yes; then + AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.]) +fi +fi +]) dnl +dnl $Id: krb-func-getlogin.m4,v 1.1 1999/07/13 17:45:30 assar Exp $ +dnl +dnl test for POSIX (broken) getlogin +dnl -AC_DEFUN(AC_KRB_PROG_LN_S, -[AC_MSG_CHECKING(for ln -s or something else) -AC_CACHE_VAL(ac_cv_prog_LN_S, -[rm -f conftestdata -if ln -s X conftestdata 2>/dev/null -then - rm -f conftestdata - ac_cv_prog_LN_S="ln -s" -else - touch conftestdata1 - if ln conftestdata1 conftestdata2; then - rm -f conftestdata* - ac_cv_prog_LN_S=ln + +AC_DEFUN(AC_FUNC_GETLOGIN, [ +AC_CHECK_FUNCS(getlogin setlogin) +if test "$ac_cv_func_getlogin" = yes; then +AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [ +if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then + ac_cv_func_getlogin_posix=no else - ac_cv_prog_LN_S=cp + ac_cv_func_getlogin_posix=yes fi -fi])dnl -LN_S="$ac_cv_prog_LN_S" -AC_MSG_RESULT($ac_cv_prog_LN_S) -AC_SUBST(LN_S)dnl ]) +if test "$ac_cv_func_getlogin_posix" = yes; then + AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).]) +fi +fi +]) +dnl $Id: find-if-not-broken.m4,v 1.2 1998/03/16 22:16:27 joda Exp $ dnl -dnl NEXTSTEP is not posix compliant by default, -dnl you need a switch -posix to the compiler dnl +dnl Mix between AC_FIND_FUNC and AC_BROKEN +dnl -AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [ -AC_MSG_CHECKING(for NEXTSTEP) -AC_CACHE_VAL(krb_cv_sys_nextstep, -AC_EGREP_CPP(yes, -[#ifdef NeXT - yes -#endif -], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) ) -if test "$krb_cv_sys_nextstep" = "yes"; then - CFLAGS="$CFLAGS -posix" - LIBS="$LIBS -posix" +AC_DEFUN(AC_FIND_IF_NOT_BROKEN, +[AC_FIND_FUNC([$1], [$2], [$3], [$4]) +if eval "test \"$ac_cv_func_$1\" != yes"; then +LIBOBJS[]="$LIBOBJS $1.o" fi -AC_MSG_RESULT($krb_cv_sys_nextstep) +AC_SUBST(LIBOBJS)dnl ]) +dnl $Id: broken.m4,v 1.3 1998/03/16 22:16:19 joda Exp $ dnl -dnl AIX have a very different syscall convention dnl -AC_DEFUN(AC_KRB_SYS_AIX, [ -AC_MSG_CHECKING(for AIX) -AC_CACHE_VAL(krb_cv_sys_aix, -AC_EGREP_CPP(yes, -[#ifdef _AIX - yes -#endif -], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) ) -AC_MSG_RESULT($krb_cv_sys_aix) +dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal +dnl libraries + +AC_DEFUN(AC_BROKEN, +[for ac_func in $1 +do +AC_CHECK_FUNC($ac_func, [ +ac_tr_func=HAVE_[]upcase($ac_func) +AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS[]="$LIBOBJS ${ac_func}.o"]) +dnl autoheader tricks *sigh* +: << END +@@@funcs="$funcs $1"@@@ +END +done +AC_SUBST(LIBOBJS)dnl ]) +dnl $Id: krb-func-getcwd-broken.m4,v 1.2 1999/03/01 13:03:32 joda Exp $ dnl +dnl dnl test for broken getcwd in (SunOS braindamage) dnl AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [ if test "$ac_cv_func_getcwd" = yes; then AC_MSG_CHECKING(if getcwd is broken) AC_CACHE_VAL(ac_cv_func_getcwd_broken, [ ac_cv_func_getcwd_broken=no AC_TRY_RUN([ #include char *getcwd(char*, int); void *popen(char *cmd, char *mode) { errno = ENOTTY; return 0; } int main() { char *ret; ret = getcwd(0, 1024); if(ret == 0 && errno == ENOTTY) return 0; return 1; } ], ac_cv_func_getcwd_broken=yes,:,:) ]) if test "$ac_cv_func_getcwd_broken" = yes; then - AC_DEFINE(BROKEN_GETCWD, 1)dnl + AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl LIBOBJS="$LIBOBJS getcwd.o" AC_SUBST(LIBOBJS)dnl AC_MSG_RESULT($ac_cv_func_getcwd_broken) else AC_MSG_RESULT([seems ok]) fi fi ]) +dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $ +dnl +dnl +dnl Check if the prototype of a function is compatible with another one +dnl -AC_DEFUN(AC_HAVE_PRAGMA_WEAK, [ -if test "${with_shared}" = "yes"; then -AC_MSG_CHECKING(for pragma weak) -AC_CACHE_VAL(ac_have_pragma_weak, [ -ac_have_pragma_weak=no -cat > conftest_foo.$ac_ext <<'EOF' -[#]line __oline__ "configure" -#include "confdefs.h" -#pragma weak foo = _foo -int _foo = 17; -EOF -cat > conftest_bar.$ac_ext <<'EOF' -[#]line __oline__ "configure" -#include "confdefs.h" -extern int foo; +dnl AC_PROTO_COMPAT(includes, function, prototype) -int t() { - return foo; -} +AC_DEFUN(AC_PROTO_COMPAT, [ +AC_CACHE_CHECK([if $2 is compatible with system prototype], +ac_cv_func_$2_proto_compat, +AC_TRY_COMPILE([$1], +[$3;], +eval "ac_cv_func_$2_proto_compat=yes", +eval "ac_cv_func_$2_proto_compat=no")) +define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE]) +if test "$ac_cv_func_$2_proto_compat" = yes; then + AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with + $3]) +fi +undefine([foo]) +]) +dnl $Id: check-var.m4,v 1.2 1999/03/01 09:52:23 joda Exp $ +dnl +dnl AC_CHECK_VAR(includes, variable) +AC_DEFUN(AC_CHECK_VAR, [ +AC_MSG_CHECKING(for $2) +AC_CACHE_VAL(ac_cv_var_$2, [ +AC_TRY_LINK([extern int $2; +int foo() { return $2; }], + [foo()], + ac_cv_var_$2=yes, ac_cv_var_$2=no) +]) +define([foo], [HAVE_]translit($2, [a-z], [A-Z])) -int main() { - return t(); -} -EOF -if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then -ac_have_pragma_weak=yes +AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`) +if test `eval echo \\$ac_cv_var_$2` = yes; then + AC_DEFINE_UNQUOTED(foo, 1, [define if you have $2]) + AC_CHECK_DECLARATION([$1],[$2]) fi -rm -rf conftest* +undefine([foo]) ]) -if test "$ac_have_pragma_weak" = "yes"; then - AC_DEFINE(HAVE_PRAGMA_WEAK, 1)dnl + +dnl $Id: check-declaration.m4,v 1.3 1999/03/01 13:03:08 joda Exp $ +dnl +dnl +dnl Check if we need the declaration of a variable +dnl + +dnl AC_HAVE_DECLARATION(includes, variable) +AC_DEFUN(AC_CHECK_DECLARATION, [ +AC_MSG_CHECKING([if $2 is properly declared]) +AC_CACHE_VAL(ac_cv_var_$2_declaration, [ +AC_TRY_COMPILE([$1 +extern struct { int foo; } $2;], +[$2.foo = 1;], +eval "ac_cv_var_$2_declaration=no", +eval "ac_cv_var_$2_declaration=yes") +]) + +define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION]) + +AC_MSG_RESULT($ac_cv_var_$2_declaration) +if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then + AC_DEFINE(foo, 1, [define if your system declares $2]) fi -AC_MSG_RESULT($ac_have_pragma_weak) +undefine([foo]) +]) + +dnl $Id: have-struct-field.m4,v 1.6 1999/07/29 01:44:32 assar Exp $ +dnl +dnl check for fields in a structure +dnl +dnl AC_HAVE_STRUCT_FIELD(struct, field, headers) + +AC_DEFUN(AC_HAVE_STRUCT_FIELD, [ +define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_])) +AC_CACHE_CHECK([for $2 in $1], cache_val,[ +AC_TRY_COMPILE([$3],[$1 x; x.$2;], +cache_val=yes, +cache_val=no)]) +if test "$cache_val" = yes; then + define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_])) + AC_DEFINE(foo, 1, [Define if $1 has field $2.]) + undefine([foo]) fi +undefine([cache_val]) ]) +dnl $Id: have-type.m4,v 1.4 1999/07/24 19:23:01 assar Exp $ dnl +dnl check for existance of a type + +dnl AC_HAVE_TYPE(TYPE,INCLUDES) +AC_DEFUN(AC_HAVE_TYPE, [ +cv=`echo "$1" | sed 'y%./+- %__p__%'` +AC_MSG_CHECKING(for $1) +AC_CACHE_VAL([ac_cv_type_$cv], +AC_TRY_COMPILE( +[#include +#if STDC_HEADERS +#include +#include +#endif +$2], +[$1 foo;], +eval "ac_cv_type_$cv=yes", +eval "ac_cv_type_$cv=no"))dnl +AC_MSG_RESULT(`eval echo \\$ac_cv_type_$cv`) +if test `eval echo \\$ac_cv_type_$cv` = yes; then + ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` +dnl autoheader tricks *sigh* +define(foo,translit($1, [ ], [_])) +: << END +@@@funcs="$funcs foo"@@@ +END +undefine([foo]) + AC_DEFINE_UNQUOTED($ac_tr_hdr, 1) +fi +]) + +dnl $Id: krb-struct-spwd.m4,v 1.3 1999/07/13 21:04:11 assar Exp $ +dnl +dnl Test for `struct spwd' + +AC_DEFUN(AC_KRB_STRUCT_SPWD, [ +AC_MSG_CHECKING(for struct spwd) +AC_CACHE_VAL(ac_cv_struct_spwd, [ +AC_TRY_COMPILE( +[#include +#ifdef HAVE_SHADOW_H +#include +#endif], +[struct spwd foo;], +ac_cv_struct_spwd=yes, +ac_cv_struct_spwd=no) +]) +AC_MSG_RESULT($ac_cv_struct_spwd) + +if test "$ac_cv_struct_spwd" = "yes"; then + AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd]) +fi +]) + +dnl $Id: krb-struct-winsize.m4,v 1.2 1999/03/01 09:52:23 joda Exp $ +dnl +dnl dnl Search for struct winsize dnl AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [ AC_MSG_CHECKING(for struct winsize) AC_CACHE_VAL(ac_cv_struct_winsize, [ ac_cv_struct_winsize=no for i in sys/termios.h sys/ioctl.h; do AC_EGREP_HEADER( changequote(, )dnl struct[ ]*winsize,dnl changequote([,])dnl $i, ac_cv_struct_winsize=yes; break)dnl done ]) if test "$ac_cv_struct_winsize" = "yes"; then - AC_DEFINE(HAVE_STRUCT_WINSIZE, 1)dnl + AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h]) fi AC_MSG_RESULT($ac_cv_struct_winsize) -AC_EGREP_HEADER(ws_xpixel, termios.h, AC_DEFINE(HAVE_WS_XPIXEL)) -AC_EGREP_HEADER(ws_ypixel, termios.h, AC_DEFINE(HAVE_WS_YPIXEL)) +AC_EGREP_HEADER(ws_xpixel, termios.h, + AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel])) +AC_EGREP_HEADER(ws_ypixel, termios.h, + AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel])) ]) + +dnl $Id: check-type-extra.m4,v 1.2 1999/03/01 09:52:23 joda Exp $ +dnl +dnl ac_check_type + extra headers + +dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS) +AC_DEFUN(AC_CHECK_TYPE_EXTRA, +[AC_REQUIRE([AC_HEADER_STDC])dnl +AC_MSG_CHECKING(for $1) +AC_CACHE_VAL(ac_cv_type_$1, +[AC_EGREP_CPP(dnl +changequote(<<,>>)dnl +<<$1[^a-zA-Z_0-9]>>dnl +changequote([,]), [#include +#if STDC_HEADERS +#include +#include +#endif +$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl +AC_MSG_RESULT($ac_cv_type_$1) +if test $ac_cv_type_$1 = no; then + AC_DEFINE($1, $2, [Define this to what the type $1 should be.]) +fi +]) + +dnl $Id: krb-version.m4,v 1.1 1997/12/14 15:59:03 joda Exp $ +dnl +dnl +dnl output a C header-file with some version strings +dnl +AC_DEFUN(AC_KRB_VERSION,[ +dnl AC_OUTPUT_COMMANDS([ +cat > include/newversion.h.in </dev/null | sed 1q` + Date=`date` + mv -f include/newversion.h.in include/version.h.in + sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h +fi +dnl ],host=$host PACKAGE=$PACKAGE VERSION=$VERSION) +]) + Index: stable/3/crypto/kerberosIV/admin/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/admin/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/admin/Makefile.in (revision 62578) @@ -1,104 +1,102 @@ -# $Id: Makefile.in,v 1.26 1997/05/04 08:33:50 assar Exp $ +# $Id: Makefile.in,v 1.32 1999/03/10 19:01:10 joda Exp $ SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ LIBS = @LIBS@ LIB_DBM = @LIB_DBM@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ sbindir = @sbindir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ PROGS = ext_srvtab$(EXECSUFFIX) \ kdb_destroy$(EXECSUFFIX) \ kdb_edit$(EXECSUFFIX) \ kdb_init$(EXECSUFFIX) \ kdb_util$(EXECSUFFIX) \ kstash$(EXECSUFFIX) SOURCES = ext_srvtab.c kdb_destroy.c kdb_edit.c \ kdb_init.c kdb_util.c kstash.c OBJECTS = ext_srvtab.o kdb_destroy.o kdb_edit.o \ kdb_init.o kdb_util.o kstash.o all: $(PROGS) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + $(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $< install: all - $(MKINSTALLDIRS) $(sbindir) + $(MKINSTALLDIRS) $(DESTDIR)$(sbindir) for x in $(PROGS); do \ - $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x|sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(sbindir)/`echo $$x|sed '$(transform)'`; \ done uninstall: for x in $(PROGS); do \ - rm -f $(sbindir)/`echo $$x|sed '$(transform)'`; \ + rm -f $(DESTDIR)$(sbindir)/`echo $$x|sed '$(transform)'`; \ done TAGS: $(SOURCES) etags $(SOURCES) check: clean: rm -f *.a *.o $(PROGS) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - KLIB=-L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes LIBROKEN= -L../lib/roken -lroken ext_srvtab$(EXECSUFFIX): ext_srvtab.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) kdb_destroy$(EXECSUFFIX): kdb_destroy.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) kdb_edit$(EXECSUFFIX): kdb_edit.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) kdb_init$(EXECSUFFIX): kdb_init.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) kdb_util$(EXECSUFFIX): kdb_util.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) kstash$(EXECSUFFIX): kstash.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) $(OBJECTS): ../include/config.h + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/admin/adm_locl.h =================================================================== --- stable/3/crypto/kerberosIV/admin/adm_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/admin/adm_locl.h (revision 62578) @@ -1,91 +1,86 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: adm_locl.h,v 1.16 1997/04/20 05:46:14 assar Exp $ */ +/* $Id: adm_locl.h,v 1.17 1999/12/02 16:58:27 joda Exp $ */ #ifndef __adm_locl_h #define __adm_locl_h #include "config.h" #include "protos.h" #include #include #include #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif /* !TIME_WITH_SYS_TIME */ #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #include #include #ifdef HAVE_NETINET_IN_H #include #endif #include #include #include #include #include #include #include #endif /* __adm_locl_h */ Index: stable/3/crypto/kerberosIV/admin/ext_srvtab.c =================================================================== --- stable/3/crypto/kerberosIV/admin/ext_srvtab.c (revision 62577) +++ stable/3/crypto/kerberosIV/admin/ext_srvtab.c (revision 62578) @@ -1,143 +1,140 @@ /* * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Description */ #include "adm_locl.h" -RCSID("$Id: ext_srvtab.c,v 1.13 1997/05/02 14:27:33 assar Exp $"); +RCSID("$Id: ext_srvtab.c,v 1.18 1999/09/16 20:37:20 assar Exp $"); static des_cblock master_key; static des_cblock session_key; static des_key_schedule master_key_schedule; static char realm[REALM_SZ]; static void -usage(void) -{ - fprintf(stderr, - "Usage: %s [-n] [-r realm] instance [instance ...]\n", - __progname); - exit(1); -} - -static void StampOutSecrets(void) { memset(master_key, 0, sizeof master_key); memset(session_key, 0, sizeof session_key); memset(master_key_schedule, 0, sizeof master_key_schedule); } static void -Die(void) +usage(void) { + fprintf(stderr, + "Usage: %s [-n] [-r realm] instance [instance ...]\n", + __progname); StampOutSecrets(); exit(1); } static void FWrite(void *p, int size, int n, FILE *f) { if (fwrite(p, size, n, f) != n) { - printf("Error writing output file. Terminating.\n"); - Die(); + StampOutSecrets(); + errx(1, "Error writing output file. Terminating.\n"); } } int main(int argc, char **argv) { FILE *fout; char fname[1024]; int fopen_errs = 0; int arg; Principal princs[40]; int more; int prompt = KDB_GET_PROMPT; int n, i; set_progname (argv[0]); memset(realm, 0, sizeof(realm)); +#ifdef HAVE_ATEXIT + atexit(StampOutSecrets); +#endif + /* Parse commandline arguments */ if (argc < 2) usage(); else { for (i = 1; i < argc; i++) { if (strcmp(argv[i], "-n") == 0) prompt = FALSE; else if (strcmp(argv[i], "-r") == 0) { if (++i >= argc) usage(); else { - strcpy(realm, argv[i]); + strlcpy(realm, argv[i], REALM_SZ); /* * This is to humor the broken way commandline * argument parsing is done. Later, this * program ignores everything that starts with -. */ argv[i][0] = '-'; } } else if (argv[i][0] == '-') usage(); else if (!k_isinst(argv[i])) { warnx("bad instance name: %s", argv[i]); usage(); } } } if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0) errx (1, "Couldn't read master key."); if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { exit(1); } /* For each arg, search for instances of arg, and produce */ /* srvtab file */ if (!realm[0]) - if (krb_get_lrealm(realm, 1) != KSUCCESS) + if (krb_get_lrealm(realm, 1) != KSUCCESS) { + StampOutSecrets(); errx (1, "couldn't get local realm"); + } umask(077); for (arg = 1; arg < argc; arg++) { if (argv[arg][0] == '-') continue; snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]); if ((fout = fopen(fname, "w")) == NULL) { warn("Couldn't create file '%s'.", fname); fopen_errs++; continue; } printf("Generating '%s'....\n", fname); n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more); if (more) fprintf(stderr, "More than 40 found...\n"); for (i = 0; i < n; i++) { FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout); FWrite(princs[i].instance, strlen(princs[i].instance) + 1, 1, fout); FWrite(realm, strlen(realm) + 1, 1, fout); FWrite(&princs[i].key_version, sizeof(princs[i].key_version), 1, fout); copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key); kdb_encrypt_key (&session_key, &session_key, &master_key, master_key_schedule, DES_DECRYPT); FWrite(session_key, sizeof session_key, 1, fout); } fclose(fout); } - StampOutSecrets(); - return fopen_errs; /* 0 errors if successful */ - } Index: stable/3/crypto/kerberosIV/admin/kdb_destroy.c =================================================================== --- stable/3/crypto/kerberosIV/admin/kdb_destroy.c (revision 62577) +++ stable/3/crypto/kerberosIV/admin/kdb_destroy.c (revision 62578) @@ -1,57 +1,56 @@ /* * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Description. */ #include "adm_locl.h" -RCSID("$Id: kdb_destroy.c,v 1.7 1997/03/31 02:25:21 assar Exp $"); +RCSID("$Id: kdb_destroy.c,v 1.9 1998/06/09 19:24:13 joda Exp $"); int main(int argc, char **argv) { char answer[10]; /* user input */ - char dbm[256]; /* database path and name */ - char dbm1[256]; /* database path and name */ #ifdef HAVE_NEW_DB char *file; /* database file names */ #else char *file1, *file2; /* database file names */ #endif set_progname (argv[0]); - strcpy(dbm, DBM_FILE); #ifdef HAVE_NEW_DB - file = strcat(dbm, ".db"); + asprintf(&file, "%s.db", DBM_FILE); + if (file == NULL) + err (1, "malloc"); #else - strcpy(dbm1, DBM_FILE); - file1 = strcat(dbm, ".dir"); - file2 = strcat(dbm1, ".pag"); + asprintf(&file1, "%s.dir", DBM_FILE); + asprintf(&file2, "%s.pag", DBM_FILE); + if (file1 == NULL || file2 == NULL) + err (1, "malloc"); #endif printf("You are about to destroy the Kerberos database "); printf("on this machine.\n"); printf("Are you sure you want to do this (y/n)? "); - fgets(answer, sizeof(answer), stdin); - - if (answer[0] == 'y' || answer[0] == 'Y') { + if (fgets(answer, sizeof(answer), stdin) != NULL + && (answer[0] == 'y' || answer[0] == 'Y')) { #ifdef HAVE_NEW_DB if (unlink(file) == 0) #else if (unlink(file1) == 0 && unlink(file2) == 0) #endif { warnx ("Database deleted at %s", DBM_FILE); return 0; } else warn ("Database cannot be deleted at %s", DBM_FILE); } else warnx ("Database not deleted at %s", DBM_FILE); return 1; } Index: stable/3/crypto/kerberosIV/admin/kdb_edit.c =================================================================== --- stable/3/crypto/kerberosIV/admin/kdb_edit.c (revision 62577) +++ stable/3/crypto/kerberosIV/admin/kdb_edit.c (revision 62578) @@ -1,404 +1,403 @@ /* * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. * * For copying and distribution information, please see the file * . * * This routine changes the Kerberos encryption keys for principals, * i.e., users or services. */ /* * exit returns 0 ==> success -1 ==> error */ #include "adm_locl.h" -RCSID("$Id: kdb_edit.c,v 1.25 1997/05/07 01:34:05 assar Exp $"); +RCSID("$Id: kdb_edit.c,v 1.28 1999/09/16 20:37:21 assar Exp $"); #ifdef DEBUG extern kerb_debug; #endif -#define zaptime(foo) memset((foo), 0, sizeof(*(foo))) - static int nflag = 0; static int debug; static des_cblock new_key; static int i, j; static int more; static char input_name[ANAME_SZ]; static char input_instance[INST_SZ]; #define MAX_PRINCIPAL 10 static Principal principal_data[MAX_PRINCIPAL]; static Principal old_principal; static Principal default_princ; static des_cblock master_key; static des_cblock session_key; static des_key_schedule master_key_schedule; static char pw_str[255]; static long master_key_version; static void Usage(void) { fprintf(stderr, "Usage: %s [-n]\n", __progname); exit(1); } static char * n_gets(char *buf, int size) { char *p; char *ret; ret = fgets(buf, size, stdin); if (ret && (p = strchr(buf, '\n'))) *p = 0; return ret; } static int change_principal(void) { static char temp[255]; int creating = 0; int editpw = 0; int changed = 0; long temp_long; /* Don't change to int32_t, used by scanf */ - int n; - struct tm *tp, edate; + struct tm edate; fprintf(stdout, "\nPrincipal name: "); fflush(stdout); if (!n_gets(input_name, sizeof(input_name)) || *input_name == '\0') return 0; fprintf(stdout, "Instance: "); fflush(stdout); /* instance can be null */ n_gets(input_instance, sizeof(input_instance)); j = kerb_get_principal(input_name, input_instance, principal_data, MAX_PRINCIPAL, &more); if (!j) { fprintf(stdout, "\n\07\07, Create [y] ? "); fflush(stdout); n_gets(temp, sizeof(temp)); /* Default case should work, it didn't */ if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0') return -1; /* make a new principal, fill in defaults */ j = 1; creating = 1; - strcpy(principal_data[0].name, input_name); - strcpy(principal_data[0].instance, input_instance); + strlcpy(principal_data[0].name, + input_name, + ANAME_SZ); + strlcpy(principal_data[0].instance, + input_instance, + INST_SZ); principal_data[0].old = NULL; principal_data[0].exp_date = default_princ.exp_date; if (strcmp(input_instance, "admin") == 0) principal_data[0].max_life = 1 + (CLOCK_SKEW/(5*60)); /*5+5 minutes*/ else if (strcmp(input_instance, "root") == 0) principal_data[0].max_life = 96; /* 8 hours */ else principal_data[0].max_life = default_princ.max_life; principal_data[0].attributes = default_princ.attributes; principal_data[0].kdc_key_ver = (unsigned char) master_key_version; principal_data[0].key_version = 0; /* bumped up later */ } - tp = k_localtime(&principal_data[0].exp_date); - snprintf(principal_data[0].exp_date_txt, - sizeof(principal_data[0].exp_date_txt), - "%4d-%02d-%02d", - tp->tm_year + 1900, - tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ + *principal_data[0].exp_date_txt = '\0'; for (i = 0; i < j; i++) { for (;;) { fprintf(stdout, "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d", principal_data[i].name, principal_data[i].instance, principal_data[i].kdc_key_ver); fflush(stdout); editpw = 1; changed = 0; if (!creating) { /* * copy the existing data so we can use the old values * for the qualifier clause of the replace */ principal_data[i].old = (char *) &old_principal; memcpy(&old_principal, &principal_data[i], sizeof(old_principal)); printf("\nChange password [n] ? "); n_gets(temp, sizeof(temp)); if (strcmp("y", temp) && strcmp("Y", temp)) editpw = 0; } /* password */ if (editpw) { #ifdef NOENCRYPTION placebo_read_pw_string(pw_str, sizeof pw_str, "\nNew Password: ", TRUE); #else if(des_read_pw_string(pw_str, sizeof pw_str, "\nNew Password: ", TRUE)) continue; #endif if ( strcmp(pw_str, "RANDOM") == 0 || strcmp(pw_str, "") == 0) { printf("\nRandom password [y] ? "); n_gets(temp, sizeof(temp)); if (!strcmp("n", temp) || !strcmp("N", temp)) { /* no, use literal */ #ifdef NOENCRYPTION memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else des_string_to_key(pw_str, &new_key); #endif memset(pw_str, 0, sizeof pw_str); /* "RANDOM" */ } else { #ifdef NOENCRYPTION memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else des_new_random_key(&new_key); #endif memset(pw_str, 0, sizeof pw_str); } } else if (!strcmp(pw_str, "NULL")) { printf("\nNull Key [y] ? "); n_gets(temp, sizeof(temp)); if (!strcmp("n", temp) || !strcmp("N", temp)) { /* no, use literal */ #ifdef NOENCRYPTION memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else des_string_to_key(pw_str, &new_key); #endif memset(pw_str, 0, sizeof pw_str); /* "NULL" */ } else { principal_data[i].key_low = 0; principal_data[i].key_high = 0; goto null_key; } } else { #ifdef NOENCRYPTION memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else des_string_to_key(pw_str, &new_key); #endif memset(pw_str, 0, sizeof pw_str); } /* seal it under the kerberos master key */ kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, DES_ENCRYPT); copy_from_key(new_key, &principal_data[i].key_low, &principal_data[i].key_high); memset(new_key, 0, sizeof(new_key)); null_key: /* set master key version */ principal_data[i].kdc_key_ver = (unsigned char) master_key_version; /* bump key version # */ principal_data[i].key_version++; fprintf(stdout, "\nPrincipal's new key version = %d\n", principal_data[i].key_version); fflush(stdout); changed = 1; } /* expiration date */ - fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", - principal_data[i].exp_date_txt); - fflush(stdout); - zaptime(&edate); - while (n_gets(temp, sizeof(temp)) && ((n = strlen(temp)) > - sizeof(principal_data[0].exp_date_txt))) { - bad_date: - fprintf(stdout, "\07\07Date Invalid\n"); - fprintf(stdout, - "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", - principal_data[i].exp_date_txt); + { + char d[DATE_SZ]; + struct tm *tm; + tm = k_localtime(&principal_data[i].exp_date); + strftime(d, sizeof(d), "%Y-%m-%d", tm); + while(1) { + printf("Expiration date (yyyy-mm-dd) [ %s ] ? ", d); fflush(stdout); - zaptime(&edate); + if(n_gets(temp, sizeof(temp)) == NULL) { + printf("Invalid date.\n"); + continue; } - if (*temp) { + memset(&edate, 0, sizeof(edate)); if (sscanf(temp, "%d-%d-%d", &edate.tm_year, - &edate.tm_mon, &edate.tm_mday) != 3) - goto bad_date; + &edate.tm_mon, &edate.tm_mday) != 3) { + printf("Invalid date.\n"); + continue; + } edate.tm_mon--; /* January is 0, not 1 */ - edate.tm_hour = 23; /* nearly midnight at the end of the */ + edate.tm_hour = 23; /* at the end of the */ edate.tm_min = 59; /* specified day */ - if (krb_check_tm (edate)) - goto bad_date; + if (krb_check_tm (edate)) { + printf("Invalid date.\n"); + continue; + } edate.tm_year -= 1900; - temp_long = tm2time (edate, 1); - strcpy(principal_data[i].exp_date_txt, temp); - principal_data[i].exp_date = temp_long; + principal_data[i].exp_date = tm2time (edate, 1); changed = 1; } + break; + } + } /* maximum lifetime */ fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ", principal_data[i].max_life); fflush(stdout); while (n_gets(temp, sizeof(temp)) && *temp) { if (sscanf(temp, "%ld", &temp_long) != 1) goto bad_life; if (temp_long > 255 || (temp_long < 0)) { bad_life: fprintf(stdout, "\07\07Invalid, choose 0-255\n"); fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ", principal_data[i].max_life); fflush(stdout); continue; } changed = 1; /* dont clobber */ principal_data[i].max_life = (unsigned short) temp_long; break; } /* attributes */ fprintf(stdout, "Attributes [ %d ] ? ", principal_data[i].attributes); fflush(stdout); while (n_gets(temp, sizeof(temp)) && *temp) { if (sscanf(temp, "%ld", &temp_long) != 1) goto bad_att; if (temp_long > 65535 || (temp_long < 0)) { bad_att: - fprintf(stdout, "\07\07Invalid, choose 0-65535\n"); + fprintf(stdout, "Invalid, choose 0-65535\n"); fprintf(stdout, "Attributes [ %d ] ? ", principal_data[i].attributes); fflush(stdout); continue; } changed = 1; /* dont clobber */ principal_data[i].attributes = (unsigned short) temp_long; break; } /* * remaining fields -- key versions and mod info, should * not be directly manipulated */ if (changed) { if (kerb_put_principal(&principal_data[i], 1)) { fprintf(stdout, "\nError updating Kerberos database"); } else { fprintf(stdout, "Edit O.K."); } } else { fprintf(stdout, "Unchanged"); } memset(&principal_data[i].key_low, 0, 4); memset(&principal_data[i].key_high, 0, 4); fflush(stdout); break; } } if (more) { fprintf(stdout, "\nThere were more tuples found "); fprintf(stdout, "than there were space for"); } return 1; } static void cleanup(void) { memset(master_key, 0, sizeof(master_key)); memset(session_key, 0, sizeof(session_key)); memset(master_key_schedule, 0, sizeof(master_key_schedule)); memset(principal_data, 0, sizeof(principal_data)); memset(new_key, 0, sizeof(new_key)); memset(pw_str, 0, sizeof(pw_str)); } int main(int argc, char **argv) { /* Local Declarations */ long n; set_progname (argv[0]); while (--argc > 0 && (*++argv)[0] == '-') for (i = 1; argv[0][i] != '\0'; i++) { switch (argv[0][i]) { /* debug flag */ case 'd': debug = 1; continue; /* debug flag */ #ifdef DEBUG case 'l': kerb_debug |= 1; continue; #endif case 'n': /* read MKEYFILE for master key */ nflag = 1; continue; default: warnx ("illegal flag \"%c\"", argv[0][i]); Usage(); /* Give message and die */ } } fprintf(stdout, "Opening database...\n"); fflush(stdout); kerb_init(); if (argc > 0) if (kerb_db_set_name(*argv) != 0) errx (1, "Could not open altername database name"); if (kdb_get_master_key ((nflag == 0) ? KDB_GET_PROMPT : 0, &master_key, master_key_schedule) != 0) errx (1, "Couldn't read master key."); if ((master_key_version = kdb_verify_master_key(&master_key, master_key_schedule, stdout)) < 0) return 1; /* Initialize non shared random sequence */ des_init_random_number_generator(&master_key); /* lookup the default values */ n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, &default_princ, 1, &more); if (n != 1) errx (1, "Kerberos error on default value lookup, %ld found.", n); fprintf(stdout, "Previous or default values are in [brackets] ,\n"); fprintf(stdout, "enter return to leave the same, or new value.\n"); while (change_principal()) { } cleanup(); return 0; } Index: stable/3/crypto/kerberosIV/admin/kdb_init.c =================================================================== --- stable/3/crypto/kerberosIV/admin/kdb_init.c (revision 62577) +++ stable/3/crypto/kerberosIV/admin/kdb_init.c (revision 62578) @@ -1,174 +1,173 @@ /* * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * program to initialize the database, reports error if database file * already exists. */ #include "adm_locl.h" -RCSID("$Id: kdb_init.c,v 1.23 1997/03/30 17:45:05 assar Exp $"); +RCSID("$Id: kdb_init.c,v 1.25 1999/09/16 20:37:21 assar Exp $"); enum ap_op { NULL_KEY, /* setup null keys */ MASTER_KEY, /* use master key as new key */ RANDOM_KEY /* choose a random key */ }; static des_cblock master_key; static des_key_schedule master_key_schedule; /* use a return code to indicate success or failure. check the return */ /* values of the routines called by this routine. */ static int add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife) { Principal principal; - struct tm *tm; des_cblock new_key; memset(&principal, 0, sizeof(principal)); - strncpy(principal.name, name, ANAME_SZ); - strncpy(principal.instance, instance, INST_SZ); + strlcpy(principal.name, name, ANAME_SZ); + strlcpy(principal.instance, instance, INST_SZ); switch (aap_op) { case NULL_KEY: principal.key_low = 0; principal.key_high = 0; break; case RANDOM_KEY: #ifdef NOENCRYPTION memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else des_new_random_key(&new_key); #endif kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, DES_ENCRYPT); copy_from_key(new_key, &principal.key_low, &principal.key_high); memset(new_key, 0, sizeof(new_key)); break; case MASTER_KEY: memcpy(new_key, master_key, sizeof (des_cblock)); kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, DES_ENCRYPT); copy_from_key(new_key, &principal.key_low, &principal.key_high); break; } - principal.exp_date = 946702799; /* Happy new century */ - strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ); principal.mod_date = time(0); + *principal.mod_date_txt = '\0'; + principal.exp_date = principal.mod_date + 5 * 365 * 24 * 60 * 60; + *principal.exp_date_txt = '\0'; - tm = k_localtime(&principal.mod_date); principal.attributes = 0; principal.max_life = maxlife; principal.kdc_key_ver = 1; principal.key_version = 1; - strncpy(principal.mod_name, "db_creation", ANAME_SZ); - strncpy(principal.mod_instance, "", INST_SZ); + strlcpy(principal.mod_name, "db_creation", ANAME_SZ); + strlcpy(principal.mod_instance, "", INST_SZ); principal.old = 0; if (kerb_db_put_principal(&principal, 1) != 1) return -1; /* FAIL */ /* let's play it safe */ memset(new_key, 0, sizeof (des_cblock)); memset(&principal.key_low, 0, 4); memset(&principal.key_high, 0, 4); return 0; } int main(int argc, char **argv) { char realm[REALM_SZ]; char *cp; int code; char *database; set_progname (argv[0]); if (argc > 3) { fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]); return 1; } if (argc == 3) { database = argv[2]; --argc; } else database = DBM_FILE; /* Do this first, it'll fail if the database exists */ if ((code = kerb_db_create(database)) != 0) err (1, "Couldn't create database %s", database); kerb_db_set_name(database); if (argc == 2) - strncpy(realm, argv[1], REALM_SZ); + strlcpy(realm, argv[1], REALM_SZ); else { if (krb_get_lrealm(realm, 1) != KSUCCESS) - strcpy(realm, KRB_REALM); + strlcpy(realm, KRB_REALM, REALM_SZ); fprintf(stderr, "Realm name [default %s ]: ", realm); if (fgets(realm, sizeof(realm), stdin) == NULL) errx (1, "\nEOF reading realm"); if ((cp = strchr(realm, '\n'))) *cp = '\0'; if (!*realm) /* no realm given */ if (krb_get_lrealm(realm, 1) != KSUCCESS) - strcpy(realm, KRB_REALM); + strlcpy(realm, KRB_REALM, REALM_SZ); } if (!k_isrealm(realm)) errx (1, "Bad kerberos realm name \"%s\"", realm); #ifndef RANDOM_MKEY printf("You will be prompted for the database Master Password.\n"); printf("It is important that you NOT FORGET this password.\n"); #else printf("To generate a master key, please enter some random data.\n"); printf("You do not have to remember this.\n"); #endif fflush(stdout); if (kdb_get_master_key (KDB_GET_TWICE, &master_key, master_key_schedule) != 0) errx (1, "Couldn't read master key."); #ifdef RANDOM_MKEY if(kdb_kstash(&master_key, MKEYFILE) < 0) err (1, "Error writing master key"); fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); #endif /* Initialize non shared random sequence */ des_init_random_number_generator(&master_key); /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */ #define ADMLIFE (1 + (CLOCK_SKEW/(5*60))) /* Maximum lifetime for ticket granting tickets, 4 days or 21.25h */ #define TGTLIFE ((krb_life_to_time(0, 162) >= 24*60*60) ? 161 : 255) /* This means that default lifetimes have not been initialized */ #define DEFLIFE 255 #define NOLIFE 0 if ( add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY, NOLIFE) || add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY,DEFLIFE)|| add_principal(KRB_TICKET_GRANTING_TICKET, realm, RANDOM_KEY, TGTLIFE)|| add_principal(PWSERV_NAME, KRB_MASTER, RANDOM_KEY, ADMLIFE) ) { putc ('\n', stderr); errx (1, "couldn't initialize database."); } /* play it safe */ memset(master_key, 0, sizeof (des_cblock)); memset(master_key_schedule, 0, sizeof (des_key_schedule)); return 0; } Index: stable/3/crypto/kerberosIV/admin/kdb_util.c =================================================================== --- stable/3/crypto/kerberosIV/admin/kdb_util.c (revision 62577) +++ stable/3/crypto/kerberosIV/admin/kdb_util.c (revision 62578) @@ -1,496 +1,518 @@ /* * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Kerberos database manipulation utility. This program allows you to * dump a kerberos database to an ascii readable file and load this * file into the database. Read locking of the database is done during a * dump operation. NO LOCKING is done during a load operation. Loads * should happen with other processes shutdown. * * Written July 9, 1987 by Jeffrey I. Schiller */ #include "adm_locl.h" -RCSID("$Id: kdb_util.c,v 1.35 1997/05/07 00:57:45 assar Exp $"); +RCSID("$Id: kdb_util.c,v 1.42 1999/09/16 20:37:21 assar Exp $"); static des_cblock master_key, new_master_key; static des_key_schedule master_key_schedule, new_master_key_schedule; -#define zaptime(foo) memset((foo), 0, sizeof(*(foo))) - /* cv_key is a procedure which takes a principle and changes its key, either for a new method of encrypting the keys, or a new master key. if cv_key is null no transformation of key is done (other than net byte order). */ struct callback_args { void (*cv_key)(Principal *); FILE *output_file; }; static void print_time(FILE *file, time_t timeval) { struct tm *tm; tm = gmtime(&timeval); fprintf(file, " %04d%02d%02d%02d%02d", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min); } static long time_explode(char *cp) { char wbuf[5]; struct tm tp; int local; - zaptime(&tp); /* clear out the struct */ + memset(&tp, 0, sizeof(tp)); /* clear out the struct */ if (strlen(cp) > 10) { /* new format */ - strncpy(wbuf, cp, 4); - wbuf[4] = 0; + strlcpy(wbuf, cp, sizeof(wbuf)); tp.tm_year = atoi(wbuf) - 1900; cp += 4; /* step over the year */ local = 0; /* GMT */ } else { /* old format: local time, year is 2 digits, assuming 19xx */ wbuf[0] = *cp++; wbuf[1] = *cp++; wbuf[2] = 0; tp.tm_year = atoi(wbuf); local = 1; /* local */ } wbuf[0] = *cp++; wbuf[1] = *cp++; wbuf[2] = 0; tp.tm_mon = atoi(wbuf)-1; wbuf[0] = *cp++; wbuf[1] = *cp++; tp.tm_mday = atoi(wbuf); wbuf[0] = *cp++; wbuf[1] = *cp++; tp.tm_hour = atoi(wbuf); wbuf[0] = *cp++; wbuf[1] = *cp++; tp.tm_min = atoi(wbuf); - return(tm2time(tp, local)); } static int -dump_db_1(void *arg, Principal *principal) -{ /* replace null strings with "*" */ +dump_db_1(void *arg, + Principal *principal) /* replace null strings with "*" */ +{ struct callback_args *a = (struct callback_args *)arg; if (principal->instance[0] == '\0') { principal->instance[0] = '*'; principal->instance[1] = '\0'; } if (principal->mod_name[0] == '\0') { principal->mod_name[0] = '*'; principal->mod_name[1] = '\0'; } if (principal->mod_instance[0] == '\0') { principal->mod_instance[0] = '*'; principal->mod_instance[1] = '\0'; } if (a->cv_key != NULL) { (*a->cv_key) (principal); } fprintf(a->output_file, "%s %s %d %d %d %d %x %x", principal->name, principal->instance, principal->max_life, principal->kdc_key_ver, principal->key_version, principal->attributes, (int)htonl (principal->key_low), (int)htonl (principal->key_high)); print_time(a->output_file, principal->exp_date); print_time(a->output_file, principal->mod_date); fprintf(a->output_file, " %s %s\n", principal->mod_name, principal->mod_instance); return 0; } static int dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *)) { struct callback_args a; a.cv_key = cv_key; a.output_file = output_file; - kerb_db_iterate ((k_iter_proc_t)dump_db_1, &a); + kerb_db_iterate (dump_db_1, &a); return fflush(output_file); } static int add_file(void *db, FILE *file) { int ret; int lineno = 0; char line[1024]; unsigned long key[2]; /* yes, long */ Principal pr; char exp_date[64], mod_date[64]; int life, kkvno, kvno; while(1){ memset(&pr, 0, sizeof(pr)); errno = 0; if(fgets(line, sizeof(line), file) == NULL){ if(errno != 0) err (1, "fgets"); break; } lineno++; ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s", pr.name, pr.instance, &life, &kkvno, &kvno, &pr.attributes, &key[0], &key[1], exp_date, mod_date, pr.mod_name, pr.mod_instance); if(ret != 12){ warnx("Line %d malformed (ignored)", lineno); continue; } pr.key_low = ntohl (key[0]); pr.key_high = ntohl (key[1]); pr.max_life = life; pr.kdc_key_ver = kkvno; pr.key_version = kvno; pr.exp_date = time_explode(exp_date); pr.mod_date = time_explode(mod_date); if (pr.instance[0] == '*') pr.instance[0] = 0; if (pr.mod_name[0] == '*') pr.mod_name[0] = 0; if (pr.mod_instance[0] == '*') pr.mod_instance[0] = 0; if (kerb_db_update(db, &pr, 1) != 1) { warn ("store %s.%s aborted", pr.name, pr.instance); return 1; } } return 0; } static void load_db (char *db_file, FILE *input_file) { long *db; - int temp1; int code; char *temp_db_file; - temp1 = strlen(db_file)+2; - temp_db_file = malloc (temp1); - strcpy(temp_db_file, db_file); - strcat(temp_db_file, "~"); + asprintf (&temp_db_file, "%s~", db_file); + if(temp_db_file == NULL) + errx (1, "out of memory"); /* Create the database */ if ((code = kerb_db_create(temp_db_file)) != 0) err (1, "creating temp database %s", temp_db_file); kerb_db_set_name(temp_db_file); db = kerb_db_begin_update(); if (db == NULL) err (1, "opening temp database %s", temp_db_file); if(add_file(db, input_file)) errx (1, "Load aborted"); kerb_db_end_update(db); if ((code = kerb_db_rename(temp_db_file, db_file)) != 0) warn("database rename failed"); fclose(input_file); free(temp_db_file); } static void merge_db(char *db_file, FILE *input_file) { void *db; db = kerb_db_begin_update(); if(db == NULL) err (1, "Couldn't open database"); if(add_file(db, input_file)) errx (1, "Merge aborted"); kerb_db_end_update(db); } static void update_ok_file (char *file_name) { /* handle slave locking/failure stuff */ char *file_ok; int fd; - static char ok[]=".dump_ok"; - asprintf (&file_ok, "%s%s", file_name, ok); + asprintf (&file_ok, "%s.dump_ok", file_name); if (file_ok == NULL) errx (1, "out of memory"); - if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0) + if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) err (1, "Error creating %s", file_ok); free(file_ok); close(fd); + /* + * Some versions of BSD don't update the mtime in the above open so + * we call utimes just in case. + */ + if (utime(file_name, NULL) < 0) + err (1, "utime %s", file_name); } static void convert_key_new_master (Principal *p) { des_cblock key; /* leave null keys alone */ if ((p->key_low == 0) && (p->key_high == 0)) return; /* move current key to des_cblock for encryption, special case master key since that's changing */ if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) && (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) { memcpy (key, new_master_key, sizeof(des_cblock)); (p->key_version)++; } else { copy_to_key(&p->key_low, &p->key_high, key); - kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_DECRYPT); + kdb_encrypt_key (&key, &key, &master_key, + master_key_schedule, DES_DECRYPT); } - kdb_encrypt_key (&key, &key, &new_master_key, new_master_key_schedule, DES_ENCRYPT); + kdb_encrypt_key (&key, &key, &new_master_key, + new_master_key_schedule, DES_ENCRYPT); copy_from_key(key, &(p->key_low), &(p->key_high)); memset(key, 0, sizeof (key)); /* a little paranoia ... */ (p->kdc_key_ver)++; } static void clear_secrets (void) { memset(master_key, 0, sizeof (des_cblock)); memset(master_key_schedule, 0, sizeof (des_key_schedule)); memset(new_master_key, 0, sizeof (des_cblock)); memset(new_master_key_schedule, 0, sizeof (des_key_schedule)); } static void convert_new_master_key (char *db_file, FILE *out) { #ifdef RANDOM_MKEY errx (1, "Sorry, this function is not available with " "the new master key scheme."); #else printf ("\n\nEnter the CURRENT master key."); if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, master_key_schedule) != 0) { clear_secrets (); errx (1, "Couldn't get master key."); } if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { clear_secrets (); exit (1); } printf ("\n\nNow enter the NEW master key. Do not forget it!!"); if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key, new_master_key_schedule) != 0) { clear_secrets (); errx (1, "Couldn't get new master key."); } dump_db (db_file, out, convert_key_new_master); { - char fname[128]; - snprintf(fname, sizeof(fname), "%s.new", MKEYFILE); + char *fname; + + asprintf(&fname, "%s.new", MKEYFILE); + if(fname == NULL) { + clear_secrets(); + errx(1, "malloc: failed"); + } kdb_kstash(&new_master_key, fname); + free(fname); } #endif /* RANDOM_MKEY */ } static void convert_key_old_db (Principal *p) { des_cblock key; /* leave null keys alone */ if ((p->key_low == 0) && (p->key_high == 0)) return; copy_to_key(&p->key_low, &p->key_high, key); #ifndef NOENCRYPTION des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key, (long)sizeof(des_cblock),master_key_schedule, (des_cblock *)master_key_schedule, DES_DECRYPT); #endif /* make new key, new style */ kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT); copy_from_key(key, &(p->key_low), &(p->key_high)); memset(key, 0, sizeof (key)); /* a little paranoia ... */ } static void convert_old_format_db (char *db_file, FILE *out) { des_cblock key_from_db; Principal principal_data[1]; int n, more; if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, master_key_schedule) != 0L) { clear_secrets(); errx (1, "Couldn't get master key."); } /* can't call kdb_verify_master_key because this is an old style db */ /* lookup the master key version */ n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, 1 /* only one please */, &more); if ((n != 1) || more) errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n); /* set up the master key */ fprintf(stderr, "Current Kerberos master key version is %d.\n", principal_data[0].kdc_key_ver); /* * now use the master key to decrypt (old style) the key in the db, had better * be the same! */ copy_to_key(&principal_data[0].key_low, &principal_data[0].key_high, key_from_db); #ifndef NOENCRYPTION des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db), master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT); #endif /* the decrypted database key had better equal the master key */ n = memcmp(master_key, key_from_db, sizeof(master_key)); memset(key_from_db, 0, sizeof(key_from_db)); if (n) { fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, "); fprintf(stderr, "does not match database.\n"); exit (1); } fprintf(stderr, "Master key verified.\n"); dump_db (db_file, out, convert_key_old_db); } int main(int argc, char **argv) { int ret; FILE *file; enum { OP_LOAD, OP_MERGE, OP_DUMP, OP_SLAVE_DUMP, OP_NEW_MASTER, OP_CONVERT_OLD_DB } op; char *file_name; char *db_name; set_progname (argv[0]); if (argc != 3 && argc != 4) { fprintf(stderr, "Usage: %s operation file [database name].\n", argv[0]); fprintf(stderr, "Operation is one of: " "load, merge, dump, slave_dump, new_master_key, " "convert_old_db\n"); + fprintf(stderr, "use file `-' for stdout\n"); exit(1); } if (argc == 3) db_name = DBM_FILE; else db_name = argv[3]; ret = kerb_db_set_name (db_name); /* this makes starting slave servers ~14.3 times easier */ if(ret && strcmp(argv[1], "load") == 0) ret = kerb_db_create (db_name); if(ret) err (1, "Can't open database"); if (!strcmp(argv[1], "load")) op = OP_LOAD; else if (!strcmp(argv[1], "merge")) op = OP_MERGE; else if (!strcmp(argv[1], "dump")) op = OP_DUMP; else if (!strcmp(argv[1], "slave_dump")) op = OP_SLAVE_DUMP; else if (!strcmp(argv[1], "new_master_key")) op = OP_NEW_MASTER; else if (!strcmp(argv[1], "convert_old_db")) op = OP_CONVERT_OLD_DB; else { warnx ("%s is an invalid operation.", argv[1]); warnx ("Valid operations are \"load\", \"merge\", " "\"dump\", \"slave_dump\", \"new_master_key\", " "and \"convert_old_db\""); return 1; } file_name = argv[2]; - file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w"); + if (strcmp (file_name, "-") == 0 + && op != OP_LOAD + && op != OP_MERGE) + file = stdout; + else { + char *mode; + + if (op == OP_LOAD || op == OP_MERGE) + mode = "r"; + else + mode = "w"; + + file = fopen (file_name, mode); + } if (file == NULL) err (1, "open %s", argv[2]); switch (op) { case OP_DUMP: if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) || (fclose(file) == EOF)) err (1, "%s", file_name); break; case OP_SLAVE_DUMP: if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) || (fclose(file) == EOF)) err (1, "%s", file_name); update_ok_file (file_name); break; case OP_LOAD: load_db (db_name, file); break; case OP_MERGE: merge_db (db_name, file); break; case OP_NEW_MASTER: convert_new_master_key (db_name, file); printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); break; case OP_CONVERT_OLD_DB: convert_old_format_db (db_name, file); printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); break; } return 0; } Index: stable/3/crypto/kerberosIV/appl/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/appl/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/appl/Makefile.in (revision 62578) @@ -1,43 +1,43 @@ -# $Id: Makefile.in,v 1.27 1997/05/20 18:58:37 bg Exp $ +# $Id: Makefile.in,v 1.31 1998/04/26 09:59:31 assar Exp $ srcdir = @srcdir@ VPATH = @srcdir@ SHELL = /bin/sh @SET_MAKE@ -SUBDIRS = sample kauth bsd movemail afsutil \ - kpopper xnlock kx otp @APPL_KIP_DIR@ ftp telnet +SUBDIRS = sample kauth bsd movemail push afsutil \ + popper xnlock kx @OTP_dir@ @APPL_KIP_DIR@ ftp telnet all: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) all); done Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" install: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) install); done uninstall: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done clean: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) clean); done mostlyclean: clean distclean: for i in $(SUBDIRS);\ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done rm -f Makefile *~ realclean: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done -.PHONY: all install uninstall clean distclean realclean mostlyclean +.PHONY: all Wall install uninstall clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/appl/afsutil/kstring2key.c =================================================================== --- stable/3/crypto/kerberosIV/appl/afsutil/kstring2key.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/afsutil/kstring2key.c (revision 62578) @@ -1,138 +1,137 @@ /* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $FreeBSD$ */ #include "config.h" RCSID("$Id: kstring2key.c,v 1.16 1999/12/02 16:58:28 joda Exp $"); #include #include #include #include #include -#include +#include #include #define VERIFY 0 static void usage(void) { fprintf(stderr, "Usage: %s [-c AFS cellname] [ -5 krb5salt ] [ password ]\n", __progname); fprintf(stderr, " krb5salt is realmname APPEND principal APPEND instance\n"); exit(1); } static void krb5_string_to_key(char *str, char *salt, des_cblock *key) { char *foo; asprintf(&foo, "%s%s", str, salt); if (foo == NULL) errx (1, "malloc: out of memory"); des_string_to_key(foo, key); free (foo); } int main(int argc, char **argv) { des_cblock key; char buf[1024]; char *cellname = 0, *salt = 0; set_progname (argv[0]); if (argc >= 3 && argv[1][0] == '-' && argv[1][1] == 'c') { cellname = argv[2]; argv += 2; argc -= 2; } else if (argc >= 3 && argv[1][0] == '-' && argv[1][1] == '5') { salt = argv[2]; argv += 2; argc -= 2; } if (argc >= 2 && argv[1][0] == '-') usage(); switch (argc) { case 1: if (des_read_pw_string(buf, sizeof(buf)-1, "password: ", VERIFY)) errx (1, "Error reading password."); break; case 2: strlcpy(buf, argv[1], sizeof(buf)); break; default: usage(); break; } if (cellname != 0) afs_string_to_key(buf, cellname, &key); else if (salt != 0) krb5_string_to_key(buf, salt, &key); else des_string_to_key(buf, &key); { int j; unsigned char *tkey = (unsigned char *) &key; printf("ascii = "); for(j = 0; j < 8; j++) if(tkey[j] != '\\' && isalpha(tkey[j]) != 0) printf("%c", tkey[j]); else printf("\\%03o",(unsigned char)tkey[j]); printf("\n"); printf("hex = "); for(j = 0; j < 8; j++) printf("%02x",(unsigned char)tkey[j]); printf("\n"); } exit(0); } Index: stable/3/crypto/kerberosIV/appl/bsd/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/Makefile.in (revision 62578) @@ -1,135 +1,136 @@ -# $Id: Makefile.in,v 1.56 1997/05/20 20:35:04 assar Exp $ +# $Id: Makefile.in,v 1.68 1999/03/27 17:05:34 joda Exp $ SHELL = /bin/sh srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ -topdir = ../.. +top_builddir = ../.. CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ DEFS = @DEFS@ -DBINDIR='"$(bindir)"' -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ LIBS = @LIBS@ LIB_DBM = @LIB_DBM@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ libexecdir = @libexecdir@ bindir = @bindir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ # Beware, these are all setuid root programs PROG_SUIDBIN = rsh$(EXECSUFFIX) \ rcp$(EXECSUFFIX) \ rlogin$(EXECSUFFIX) \ su$(EXECSUFFIX) PROG_BIN = login$(EXECSUFFIX) PROG_LIBEXEC = rshd$(EXECSUFFIX) \ rlogind$(EXECSUFFIX) PROGS = $(PROG_SUIDBIN) $(PROG_BIN) $(PROG_LIBEXEC) SOURCES = rsh.c kcmd.c krcmd.c rlogin.c rcp.c rcp_util.c rshd.c \ - login.c klogin.c login_access.c su.c rlogind.c iruserok.c \ + login.c klogin.c login_access.c su.c rlogind.c \ login_fbtab.c forkpty.c sysv_default.c sysv_environ.c sysv_shadow.c \ - utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c + utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c \ + osfc2.c rsh_OBJS = rsh.o kcmd.o krcmd.o encrypt.o rcmd_util.o -rcp_OBJS = rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o +rcp_OBJS = rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o osfc2.o rlogin_OBJS = rlogin.o kcmd.o krcmd.o encrypt.o rcmd_util.o login_OBJS = login.o klogin.o login_fbtab.o login_access.o \ sysv_default.o sysv_environ.o sysv_shadow.o \ - utmp_login.o utmpx_login.o stty_default.o tty.o + utmp_login.o utmpx_login.o stty_default.o tty.o osfc2.o su_OBJS = su.o -rshd_OBJS = rshd.o iruserok.o encrypt.o rcmd_util.o -rlogind_OBJS = rlogind.o iruserok.o forkpty.o encrypt.o rcmd_util.o tty.o +rshd_OBJS = rshd.o encrypt.o rcmd_util.o osfc2.o +rlogind_OBJS = rlogind.o forkpty.o encrypt.o rcmd_util.o tty.o all: $(PROGS) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + $(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $< install: all - $(MKINSTALLDIRS) $(libexecdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) for x in $(PROG_LIBEXEC); do \ - $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \ done - $(MKINSTALLDIRS) $(bindir) + $(MKINSTALLDIRS) $(DESTDIR)$(bindir) for x in $(PROG_BIN); do \ - $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ done -for x in $(PROG_SUIDBIN); do \ - $(INSTALL_PROGRAM) -o root -m 04555 $$x $(bindir)/`echo $$x| sed '$(transform)'`; \ + $(INSTALL_PROGRAM) -o root -m 04555 $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ done uninstall: for x in $(PROG_LIBEXEC); do \ - rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + rm -f $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \ done for x in $(PROG_BIN); do \ - rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \ + rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ done for x in $(PROG_SUIDBIN); do \ - rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \ + rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ done TAGS: $(SOURCES) etags $(SOURCES) check: clean: rm -f *.a *.o $(PROGS) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes KLIB_AFS=@KRB_KAFS_LIB@ $(KLIB) -OTPLIB=-L../../lib/otp -lotp +OTPLIB=@LIB_otp@ LIBROKEN=-L../../lib/roken -lroken +LIB_security=@LIB_security@ + rcp$(EXECSUFFIX): $(rcp_OBJS) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security) rsh$(EXECSUFFIX): $(rsh_OBJS) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) rshd$(EXECSUFFIX): $(rshd_OBJS) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security) rlogin$(EXECSUFFIX): $(rlogin_OBJS) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) rlogind$(EXECSUFFIX): $(rlogind_OBJS) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) login$(EXECSUFFIX): $(login_OBJS) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) $(LIB_security) su$(EXECSUFFIX): $(su_OBJS) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/appl/bsd/bsd_locl.h =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/bsd_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/bsd_locl.h (revision 62578) @@ -1,380 +1,397 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: bsd_locl.h,v 1.98 1997/05/25 01:14:17 assar Exp $ */ +/* $Id: bsd_locl.h,v 1.111 1999/12/02 16:58:28 joda Exp $ */ #define LOGALL #define KERBEROS #define KLOGIN_PARANOID #define LOGIN_ACCESS #define PASSWD_FALLBACK #ifdef HAVE_CONFIG_H #include "config.h" #endif /* Any better way to test NO_MOTD? */ -#if (SunOS == 5) || defined(__hpux) +#if (SunOS >= 50) || defined(__hpux) #define NO_MOTD #endif #ifdef HAVE_SHADOW_H #define SYSV_SHADOW #endif #include #include #include #include #include +#include #include #include +#ifdef HAVE_IO_H +#include +#endif #ifdef HAVE_UNISTD_H #include #endif +#ifdef HAVE_LIBUTIL_H +#include +#endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifndef S_ISTXT #ifdef S_ISVTX #define S_ISTXT S_ISVTX #else #define S_ISTXT 0 #endif #endif #ifdef HAVE_FCNTL_H #include #endif #ifdef HAVE_DIRENT_H #include #endif #include #ifdef HAVE_SYS_RESOURCE_H #include #endif /* HAVE_SYS_RESOURCE_H */ #ifdef HAVE_SYS_WAIT_H #include #endif #ifdef HAVE_SYS_PARAM_H #include #endif #ifndef NCARGS #define NCARGS 0x100000 /* (absolute) max # characters in exec arglist */ #endif #ifdef HAVE_PWD_H #include #endif #ifdef HAVE_GRP_H #include #endif #ifdef HAVE_UTIME_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_NETINET_IN_SYSTM_H #include #endif #ifdef HAVE_NETINET_IP_H #include #endif #ifdef HAVE_NETINET_TCP_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_NETDB_H #include #endif -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include #endif #ifdef HAVE_SYS_IOCCOM_H #include #endif #ifdef HAVE_SYS_SOCKIO_H #include #endif #ifdef HAVE_SYS_SELECT_H #include #endif #ifdef HAVE_SYS_FILIO_H #include #endif #ifdef HAVE_SYS_STREAM_H #ifdef HAVE_SYS_UIO_H #include #endif /* HAVE_SYS_UIO_H */ #include #endif /* HAVE_SYS_STREAM_H */ #ifdef HAVE_SYS_PTYVAR_H #ifdef HAVE_SYS_PROC_H #include #endif #ifdef HAVE_SYS_TTY_H #include #endif #ifdef HAVE_SYS_PTYIO_H #include #endif #include #endif /* HAVE_SYS_PTYVAR_H */ /* Cray stuff */ #ifdef HAVE_UDB_H #include #endif #ifdef HAVE_SYS_CATEGORY_H #include #endif /* Strange ioctls that are not always defined */ #ifndef TIOCPKT_FLUSHWRITE #define TIOCPKT_FLUSHWRITE 0x02 #endif #ifndef TIOCPKT_NOSTOP #define TIOCPKT_NOSTOP 0x10 #endif #ifndef TIOCPKT_DOSTOP #define TIOCPKT_DOSTOP 0x20 #endif #ifndef TIOCPKT #define TIOCPKT _IOW('t', 112, int) /* pty: set/clear packet mode */ #endif #ifdef HAVE_LASTLOG_H #include #endif #ifdef HAVE_LOGIN_H #include #endif #ifdef HAVE_TTYENT_H #include #endif #ifdef HAVE_STROPTS_H #include #endif #ifdef HAVE_UTMP_H #include -#endif #ifndef UT_NAMESIZE #define UT_NAMESIZE sizeof(((struct utmp *)0)->ut_name) #endif +#endif #ifdef HAVE_UTMPX_H #include #endif #ifdef HAVE_USERPW_H #include #endif /* HAVE_USERPW_H */ #ifdef HAVE_USERSEC_H +struct aud_rec; #include #endif /* HAVE_USERSEC_H */ +#ifdef HAVE_OSFC2 +#include "/usr/include/prot.h" +#endif + #ifndef PRIO_PROCESS #define PRIO_PROCESS 0 #endif #include #include #ifdef SOCKS #include +/* This doesn't belong here. */ +struct tm *localtime(const time_t *); +struct hostent *gethostbyname(const char *); #endif #include #include #include int kcmd(int *sock, char **ahost, u_int16_t rport, char *locuser, char *remuser, char *cmd, int *fd2p, KTEXT ticket, char *service, char *realm, CREDENTIALS *cred, Key_schedule schedule, MSG_DAT *msg_data, struct sockaddr_in *laddr, struct sockaddr_in *faddr, int32_t authopts); int krcmd(char **ahost, u_int16_t rport, char *remuser, char *cmd, int *fd2p, char *realm); int krcmd_mutual(char **ahost, u_int16_t rport, char *remuser, char *cmd,int *fd2p, char *realm, CREDENTIALS *cred, Key_schedule sched); int klogin(struct passwd *pw, char *instance, char *localhost, char *password); typedef struct { int cnt; char *buf; } BUF; char *colon(char *cp); int okname(char *cp0); int susystem(char *s, int userid); int forkpty(int *amaster, char *name, struct termios *termp, struct winsize *winp); +int forkpty_truncate(int *amaster, char *name, size_t name_sz, + struct termios *termp, struct winsize *winp); + #ifndef MODEMASK #define MODEMASK (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO) #endif #ifdef HAVE_PATHS_H #include #endif #ifdef HAVE_MAILLOCK_H #include #endif #include "pathnames.h" void stty_default (void); int utmpx_login(char *line, char *user, char *host); extern char **environ; void sysv_newenv(int argc, char **argv, struct passwd *pwd, char *term, int pflag); -int login_access(char *user, char *from); -#ifndef HAVE_IRUSEROK -int iruserok(u_int32_t raddr, int superuser, const char *ruser, - const char *luser); -#endif +int login_access(struct passwd *user, char *from); void fatal(int f, const char *msg, int syserr); extern int LEFT_JUSTIFIED; int des_enc_read(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); int des_enc_write(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); +/* used in des_read and des_write */ +#define DES_RW_MAXWRITE (1024*16) +#define DES_RW_BSIZE (DES_RW_MAXWRITE+4) + void sysv_defaults(void); void utmp_login(char *tty, char *username, char *hostname); void sleepexit (int); #ifndef HAVE_SETPRIORITY #define setpriority(which, who, niceval) 0 #endif #ifndef HAVE_GETPRIORITY #define getpriority(which, who) 0 #endif #ifdef HAVE_TERMIOS_H #include #endif #ifndef _POSIX_VDISABLE #define _POSIX_VDISABLE 0 #endif /* _POSIX_VDISABLE */ -#if SunOS == 4 +#if SunOS == 40 #include #endif -#if defined(_AIX) +#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H) #include #endif #ifndef CEOF #define CEOF 04 #endif /* concession to Sun */ #ifndef SIGUSR1 #define SIGUSR1 30 #endif #ifndef TIOCPKT_WINDOW #define TIOCPKT_WINDOW 0x80 #endif int get_shell_port(int kerberos, int encryption); int get_login_port(int kerberos, int encryption); int speed_t2int (speed_t); speed_t int2speed_t (int); void ip_options_and_die (int sock, struct sockaddr_in *); void warning(const char *fmt, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif ; char *clean_ttyname (char *tty); char *make_id (char *tty); +#ifdef HAVE_UTMP_H void prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname); +#endif + +int do_osfc2_magic(uid_t); Index: stable/3/crypto/kerberosIV/appl/bsd/encrypt.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/encrypt.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/encrypt.c (revision 62578) @@ -1,311 +1,305 @@ /* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "bsd_locl.h" -RCSID("$Id: encrypt.c,v 1.3 1996/04/30 13:50:54 bg Exp $"); +RCSID("$Id: encrypt.c,v 1.4 1999/06/17 18:47:26 assar Exp $"); -#undef BSIZE - -/* used in des_read and des_write */ -#define MAXWRITE (1024*16) -#define BSIZE (MAXWRITE+4) - /* replacements for htonl and ntohl since I have no idea what to do * when faced with machines with 8 byte longs. */ #define HDRSIZE 4 #define n2l(c,l) (l =((u_int32_t)(*((c)++)))<<24, \ l|=((u_int32_t)(*((c)++)))<<16, \ l|=((u_int32_t)(*((c)++)))<< 8, \ l|=((u_int32_t)(*((c)++)))) #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) /* This has some uglies in it but it works - even over sockets. */ extern int errno; int des_rw_mode=DES_PCBC_MODE; int LEFT_JUSTIFIED = 0; int des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv) { /* data to be unencrypted */ int net_num=0; - unsigned char net[BSIZE]; + unsigned char net[DES_RW_BSIZE]; /* extra unencrypted data * for when a block of 100 comes in but is des_read one byte at * a time. */ - static char unnet[BSIZE]; + static char unnet[DES_RW_BSIZE]; static int unnet_start=0; static int unnet_left=0; int i; long num=0,rnum; unsigned char *p; /* left over data from last decrypt */ if (unnet_left != 0) { if (unnet_left < len) { /* we still still need more data but will return * with the number of bytes we have - should always * check the return value */ memcpy(buf,&(unnet[unnet_start]),unnet_left); /* eay 26/08/92 I had the next 2 lines * reversed :-( */ i=unnet_left; unnet_start=unnet_left=0; } else { memcpy(buf,&(unnet[unnet_start]),len); unnet_start+=len; unnet_left-=len; i=len; } return(i); } /* We need to get more data. */ - if (len > MAXWRITE) len=MAXWRITE; + if (len > DES_RW_MAXWRITE) len=DES_RW_MAXWRITE; /* first - get the length */ net_num=0; while (net_num < HDRSIZE) { i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num); if ((i == -1) && (errno == EINTR)) continue; if (i <= 0) return(0); net_num+=i; } /* we now have at net_num bytes in net */ p=net; num=0; n2l(p,num); /* num should be rounded up to the next group of eight * we make sure that we have read a multiple of 8 bytes from the net. */ - if ((num > MAXWRITE) || (num < 0)) /* error */ + if ((num > DES_RW_MAXWRITE) || (num < 0)) /* error */ return(-1); rnum=(num < 8)?8:((num+7)/8*8); net_num=0; while (net_num < rnum) { i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num); if ((i == -1) && (errno == EINTR)) continue; if (i <= 0) return(0); net_num+=i; } /* Check if there will be data left over. */ if (len < num) { if (des_rw_mode & DES_PCBC_MODE) des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet, num,sched,iv,DES_DECRYPT); else des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet, num,sched,iv,DES_DECRYPT); memcpy(buf,unnet,len); unnet_start=len; unnet_left=num-len; /* The following line is done because we return num * as the number of bytes read. */ num=len; } else { /* >output is a multiple of 8 byes, if len < rnum * >we must be careful. The user must be aware that this * >routine will write more bytes than he asked for. * >The length of the buffer must be correct. * FIXED - Should be ok now 18-9-90 - eay */ if (len < rnum) { - char tmpbuf[BSIZE]; + char tmpbuf[DES_RW_BSIZE]; if (des_rw_mode & DES_PCBC_MODE) des_pcbc_encrypt((des_cblock *)net, (des_cblock *)tmpbuf, num,sched,iv,DES_DECRYPT); else des_cbc_encrypt((des_cblock *)net, (des_cblock *)tmpbuf, num,sched,iv,DES_DECRYPT); /* eay 26/08/92 fix a bug that returned more * bytes than you asked for (returned len bytes :-( */ if (LEFT_JUSTIFIED || (len >= 8)) memcpy(buf,tmpbuf,num); else memcpy(buf,tmpbuf+(8-num),num); /* Right justified */ } else if (num >= 8) { if (des_rw_mode & DES_PCBC_MODE) des_pcbc_encrypt((des_cblock *)net, (des_cblock *)buf,num,sched,iv, DES_DECRYPT); else des_cbc_encrypt((des_cblock *)net, (des_cblock *)buf,num,sched,iv, DES_DECRYPT); } else { if (des_rw_mode & DES_PCBC_MODE) des_pcbc_encrypt((des_cblock *)net, (des_cblock *)buf,8,sched,iv, DES_DECRYPT); else des_cbc_encrypt((des_cblock *)net, (des_cblock *)buf,8,sched,iv, DES_DECRYPT); if (!LEFT_JUSTIFIED) memcpy(buf, buf+(8-num), num); /* Right justified */ } } return(num); } int des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv) { long rnum; int i,j,k,outnum; - char outbuf[BSIZE+HDRSIZE]; + char outbuf[DES_RW_BSIZE+HDRSIZE]; char shortbuf[8]; char *p; static int start=1; /* If we are sending less than 8 bytes, the same char will look * the same if we don't pad it out with random bytes */ if (start) { start=0; srand(time(NULL)); } /* lets recurse if we want to send the data in small chunks */ - if (len > MAXWRITE) + if (len > DES_RW_MAXWRITE) { j=0; for (i=0; i MAXWRITE)?MAXWRITE:(len-i),sched,iv); + ((len-i) > DES_RW_MAXWRITE)?DES_RW_MAXWRITE:(len-i),sched,iv); if (k < 0) return(k); else j+=k; } return(j); } /* write length first */ p=outbuf; l2n(len,p); /* pad short strings */ if (len < 8) { if (LEFT_JUSTIFIED) { p=shortbuf; memcpy(shortbuf,buf,(unsigned int)len); for (i=len; i<8; i++) shortbuf[i]=rand(); rnum=8; } else { p=shortbuf; for (i=0; i<8-len; i++) shortbuf[i]=rand(); memcpy(shortbuf + 8 - len, buf, len); rnum=8; } } else { p=buf; rnum=((len+7)/8*8); /* round up to nearest eight */ } if (des_rw_mode & DES_PCBC_MODE) des_pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); else des_cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); /* output */ outnum=rnum+HDRSIZE; for (j=0; j= sysconf(_SC_CRAY_NPTY)) return -1; snprintf(buf, sz, "/dev/pty/%03d", pty_major); #else if(++pty_major == strlen(bsd_1)){ pty_major = 0; if(++pty_minor == strlen(bsd_2)) return -1; } #ifdef __hpux snprintf(buf, sz, "/dev/ptym/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); #else snprintf(buf, sz, "/dev/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); #endif /* __hpux */ #endif /* CRAY */ return 0; } static void pty_scan_tty(char *buf, size_t sz) { #ifdef CRAY snprintf(buf, sz, "/dev/ttyp%03d", pty_major); #elif defined(__hpux) snprintf(buf, sz, "/dev/pty/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); #else snprintf(buf, sz, "/dev/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); #endif } static int -ptym_open_streams_flavor(char *pts_name, int *streams_pty) +ptym_open_streams_flavor(char *pts_name, + size_t pts_name_sz, + int *streams_pty) { /* Try clone device master ptys */ const char *const clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm", "/dev/ptym/clone", 0 }; int fdm; const char *const *q; for (q = clone; *q; q++) { fdm = open(*q, O_RDWR); if (fdm >= 0) break; } if (fdm >= 0) { char *ptr1; if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */ - strcpy(pts_name, ptr1); /* Return name of slave */ + /* Return name of slave */ + strlcpy(pts_name, ptr1, pts_name_sz); else { close(fdm); return(-4); } if (grantpt(fdm) < 0) { /* Grant access to slave */ close(fdm); return(-2); } if (unlockpt(fdm) < 0) { /* Clear slave's lock flag */ close(fdm); return(-3); } return(fdm); /* return fd of master */ } return -1; } static int -ptym_open_bsd_flavor(char *pts_name, int *streams_pty) +ptym_open_bsd_flavor(char *pts_name, size_t pts_name_sz, int *streams_pty) { int fdm; char ptm[MaxPathLen]; pty_scan_start(); while (pty_scan_next(ptm, sizeof(ptm)) != -1) { fdm = open(ptm, O_RDWR); if (fdm < 0) continue; -#if SunOS == 4 +#if SunOS == 40 /* Avoid a bug in SunOS4 ttydriver */ if (fdm > 0) { int pgrp; if ((ioctl(fdm, TIOCGPGRP, &pgrp) == -1) && (errno == EIO)) /* All fine */; else { close(fdm); continue; } } #endif pty_scan_tty(pts_name, sizeof(ptm)); #if CRAY /* this is some magic from the telnet code */ { struct stat sb; if(stat(pts_name, &sb) < 0) { close(fdm); continue; } if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) { chown(pts_name, 0, 0); chmod(pts_name, 0600); close(fdm); fdm = open(ptm, 2); if (fdm < 0) continue; } } /* * Now it should be safe...check for accessability. */ if (access(pts_name, 6) != 0){ /* no tty side to pty so skip it */ close(fdm); continue; } #endif return fdm; /* All done! */ } /* We failed to find BSD style pty */ errno = ENOENT; return -1; } /* * * Open a master pty either using the STREAM flavor or the BSD flavor. * Depending on if there are any free ptys in the different classes we * need to try both. Normally try STREAMS first and then BSD. * * Kludge alert: Under HP-UX 10 and perhaps other systems STREAM ptys * doesn't get initialized properly so we try them in different order * until the problem has been resolved. * */ static int ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty) { int fdm; #ifdef HAVE__GETPTY { char *p = _getpty(&fdm, O_RDWR, 0600, 1); if (p) { *streams_pty = 1; - strcpy (pts_name, p); + strlcpy (pts_name, p, pts_name_sz); return fdm; } } #endif #ifdef STREAMSPTY - fdm = ptym_open_streams_flavor(pts_name, streams_pty); + fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty); if (fdm >= 0) { *streams_pty = 1; return fdm; } #endif - fdm = ptym_open_bsd_flavor(pts_name, streams_pty); + fdm = ptym_open_bsd_flavor(pts_name, pts_name_sz, streams_pty); if (fdm >= 0) { *streams_pty = 0; return fdm; } #ifndef STREAMSPTY - fdm = ptym_open_streams_flavor(pts_name, streams_pty); + fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty); if (fdm >= 0) { *streams_pty = 1; return fdm; } #endif return -1; } static int maybe_push_modules(int fd, char **modules) { #ifdef I_PUSH char **p; int err; for(p=modules; *p; p++){ err=ioctl(fd, I_FIND, *p); if(err == 1) break; if(err < 0 && errno != EINVAL) return -17; /* module not pushed or does not exist */ } /* p points to null or to an already pushed module, now push all modules before this one */ for(p--; p >= modules; p--){ err = ioctl(fd, I_PUSH, *p); if(err < 0 && errno != EINVAL) return -17; } #endif return 0; } static int ptys_open(int fdm, char *pts_name, int streams_pty) { int fds; if (streams_pty) { /* Streams style slave ptys */ if ( (fds = open(pts_name, O_RDWR)) < 0) { close(fdm); return(-5); } { char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL }; char *ptymodules[] = { "pckt", NULL }; if(maybe_push_modules(fds, ttymodules)<0){ close(fdm); close(fds); return -6; } if(maybe_push_modules(fdm, ptymodules)<0){ close(fdm); close(fds); return -7; } } } else { /* BSD style slave ptys */ struct group *grptr; int gid; if ( (grptr = getgrnam("tty")) != NULL) gid = grptr->gr_gid; else gid = -1; /* group tty is not in the group file */ /* Grant access to slave */ - chown(pts_name, getuid(), gid); - chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP); + if (chown(pts_name, getuid(), gid) < 0) + fatal(0, "chown slave tty failed", 1); + if (chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP) < 0) + fatal(0, "chmod slave tty failed", 1); if ( (fds = open(pts_name, O_RDWR)) < 0) { close(fdm); return(-1); } } return(fds); } int -forkpty(int *ptrfdm, +forkpty_truncate(int *ptrfdm, char *slave_name, + size_t slave_name_sz, struct termios *slave_termios, struct winsize *slave_winsize) { int fdm, fds, streams_pty; pid_t pid; char pts_name[20]; if (!forkpty_ok) fatal(0, "Protocol not yet supported, use telnet", 0); if ( (fdm = ptym_open(pts_name, sizeof(pts_name), &streams_pty)) < 0) return -1; if (slave_name != NULL) - strcpy(slave_name, pts_name); /* Return name of slave */ + /* Return name of slave */ + strlcpy(slave_name, pts_name, slave_name_sz); pid = fork(); if (pid < 0) return(-1); else if (pid == 0) { /* Child */ if (setsid() < 0) fatal(0, "setsid() failure", errno); revoke(slave_name); #if defined(NeXT) || defined(ultrix) /* The NeXT is severely broken, this makes things slightly * better but we still doesn't get a working pty. If there * where a TIOCSCTTY we could perhaps fix things but... The * same problem also exists in xterm! */ if (setpgrp(0, 0) < 0) fatal(0, "NeXT kludge failed setpgrp", errno); #endif /* SVR4 acquires controlling terminal on open() */ if ( (fds = ptys_open(fdm, pts_name, streams_pty)) < 0) return -1; close(fdm); /* All done with master in child */ #if defined(TIOCSCTTY) && !defined(CIBAUD) && !defined(__hpux) /* 44BSD way to acquire controlling terminal */ /* !CIBAUD to avoid doing this under SunOS */ if (ioctl(fds, TIOCSCTTY, (char *) 0) < 0) return -1; #endif #if defined(NeXT) { int t = open("/dev/tty", O_RDWR); if (t < 0) fatal(0, "Failed to open /dev/tty", errno); close(fds); fds = t; } #endif /* Set slave's termios and window size */ if (slave_termios != NULL) { if (tcsetattr(fds, TCSANOW, slave_termios) < 0) return -1; } #ifdef TIOCSWINSZ if (slave_winsize != NULL) { if (ioctl(fds, TIOCSWINSZ, slave_winsize) < 0) return -1; } #endif /* slave becomes stdin/stdout/stderr of child */ if (dup2(fds, STDIN_FILENO) != STDIN_FILENO) return -1; if (dup2(fds, STDOUT_FILENO) != STDOUT_FILENO) return -1; if (dup2(fds, STDERR_FILENO) != STDERR_FILENO) return -1; if (fds > STDERR_FILENO) close(fds); return(0); /* child returns 0 just like fork() */ } else { /* Parent */ *ptrfdm = fdm; /* Return fd of master */ return(pid); /* Parent returns pid of child */ } } + +int +forkpty(int *ptrfdm, + char *slave_name, + struct termios *slave_termios, + struct winsize *slave_winsize) +{ + return forkpty_truncate (ptrfdm, + slave_name, + MaxPathLen, + slave_termios, + slave_winsize); +} + #endif /* HAVE_FORKPTY */ Index: stable/3/crypto/kerberosIV/appl/bsd/kcmd.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/kcmd.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/kcmd.c (revision 62578) @@ -1,270 +1,272 @@ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID("$Id: kcmd.c,v 1.19 1997/05/02 14:27:42 assar Exp $"); +RCSID("$Id: kcmd.c,v 1.20 1998/07/13 13:54:07 assar Exp $"); #define START_PORT 5120 /* arbitrary */ static int getport(int *alport) { struct sockaddr_in sin; int s; sin.sin_family = AF_INET; sin.sin_addr.s_addr = INADDR_ANY; s = socket(AF_INET, SOCK_STREAM, 0); if (s < 0) return (-1); for (;;) { sin.sin_port = htons((u_short)*alport); if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) return (s); if (errno != EADDRINUSE) { close(s); return (-1); } (*alport)--; #ifdef ATHENA_COMPAT if (*alport == IPPORT_RESERVED/2) { #else if (*alport == IPPORT_RESERVED) { #endif close(s); errno = EAGAIN; /* close */ return (-1); } } } int kcmd(int *sock, char **ahost, u_int16_t rport, char *locuser, char *remuser, char *cmd, int *fd2p, KTEXT ticket, char *service, char *realm, CREDENTIALS *cred, Key_schedule schedule, MSG_DAT *msg_data, struct sockaddr_in *laddr, struct sockaddr_in *faddr, int32_t authopts) { int s, timo = 1; pid_t pid; struct sockaddr_in sin, from; char c; #ifdef ATHENA_COMPAT int lport = IPPORT_RESERVED - 1; #else int lport = START_PORT; #endif struct hostent *hp; int rc; char *host_save; int status; + char **h_addr_list; pid = getpid(); hp = gethostbyname(*ahost); if (hp == NULL) { /* fprintf(stderr, "%s: unknown host\n", *ahost); */ return (-1); } host_save = strdup(hp->h_name); if (host_save == NULL) return -1; *ahost = host_save; + h_addr_list = hp->h_addr_list; /* If realm is null, look up from table */ if (realm == NULL || realm[0] == '\0') realm = krb_realmofhost(host_save); for (;;) { s = getport(&lport); if (s < 0) { if (errno == EAGAIN) warnx("kcmd(socket): All ports in use\n"); else warn("kcmd: socket"); return (-1); } sin.sin_family = hp->h_addrtype; - memcpy (&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr)); + memcpy (&sin.sin_addr, h_addr_list[0], sizeof(sin.sin_addr)); sin.sin_port = rport; if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) break; close(s); if (errno == EADDRINUSE) { lport--; continue; } /* * don't wait very long for Kerberos rcmd. */ if (errno == ECONNREFUSED && timo <= 4) { /* sleep(timo); don't wait at all here */ timo *= 2; continue; } - if (hp->h_addr_list[1] != NULL) { + if (h_addr_list[1] != NULL) { warn ("kcmd: connect (%s)", inet_ntoa(sin.sin_addr)); - hp->h_addr_list++; + h_addr_list++; memcpy(&sin.sin_addr, - hp->h_addr_list[0], + *h_addr_list, sizeof(sin.sin_addr)); fprintf(stderr, "Trying %s...\n", inet_ntoa(sin.sin_addr)); continue; } if (errno != ECONNREFUSED) warn ("connect(%s)", hp->h_name); return (-1); } lport--; if (fd2p == 0) { write(s, "", 1); lport = 0; } else { char num[8]; int s2 = getport(&lport), s3; int len = sizeof(from); if (s2 < 0) { status = -1; goto bad; } listen(s2, 1); snprintf(num, sizeof(num), "%d", lport); if (write(s, num, strlen(num) + 1) != strlen(num) + 1) { warn("kcmd(write): setting up stderr"); close(s2); status = -1; goto bad; } { fd_set fds; FD_ZERO(&fds); FD_SET(s, &fds); FD_SET(s2, &fds); status = select(FD_SETSIZE, &fds, NULL, NULL, NULL); if(FD_ISSET(s, &fds)){ warnx("kcmd: connection unexpectedly closed."); close(s2); status = -1; goto bad; } } s3 = accept(s2, (struct sockaddr *)&from, &len); close(s2); if (s3 < 0) { warn ("kcmd: accept"); lport = 0; status = -1; goto bad; } *fd2p = s3; from.sin_port = ntohs((u_short)from.sin_port); if (from.sin_family != AF_INET || from.sin_port >= IPPORT_RESERVED) { warnx("kcmd(socket): " "protocol failure in circuit setup."); status = -1; goto bad2; } } /* * Kerberos-authenticated service. Don't have to send locuser, * since its already in the ticket, and we'll extract it on * the other side. */ /* write(s, locuser, strlen(locuser)+1); */ /* set up the needed stuff for mutual auth, but only if necessary */ if (authopts & KOPT_DO_MUTUAL) { int sin_len; *faddr = sin; sin_len = sizeof(struct sockaddr_in); if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) { warn("kcmd(getsockname)"); status = -1; goto bad2; } } if ((status = krb_sendauth(authopts, s, ticket, service, *ahost, realm, (unsigned long) getpid(), msg_data, cred, schedule, laddr, faddr, "KCMDV0.1")) != KSUCCESS) goto bad2; write(s, remuser, strlen(remuser)+1); write(s, cmd, strlen(cmd)+1); if ((rc = read(s, &c, 1)) != 1) { if (rc == -1) warn("read(%s)", *ahost); else warnx("kcmd: bad connection with remote host"); status = -1; goto bad2; } if (c != '\0') { while (read(s, &c, 1) == 1) { write(2, &c, 1); if (c == '\n') break; } status = -1; goto bad2; } *sock = s; return (KSUCCESS); bad2: if (lport) close(*fd2p); bad: close(s); return (status); } Index: stable/3/crypto/kerberosIV/appl/bsd/klogin.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/klogin.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/klogin.c (revision 62578) @@ -1,184 +1,229 @@ /*- * Copyright (c) 1990, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID("$Id: klogin.c,v 1.20 1997/05/02 14:27:42 assar Exp $"); +RCSID("$Id: klogin.c,v 1.27 1999/10/04 16:11:48 bg Exp $"); #ifdef KERBEROS #define VERIFY_SERVICE "rcmd" extern int notickets; extern char *krbtkfile_env; static char tkt_location[MaxPathLen]; +static int +multiple_get_tkt(char *name, + char *instance, + char *realm, + char *service, + char *sinstance, + int life, + char *password) +{ + int ret; + int n; + char rlm[256]; + + /* First try to verify against the supplied realm. */ + ret = krb_get_pw_in_tkt(name, instance, realm, service, realm, life, + password); + if(ret == KSUCCESS) + return KSUCCESS; + + /* Verify all local realms, except the supplied realm. */ + for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++) + if (strcmp(rlm, realm) != 0) { + ret = krb_get_pw_in_tkt(name, instance, rlm,service, rlm,life, password); + if (ret == KSUCCESS) + return KSUCCESS; + } + + return ret; +} + /* * Attempt to log the user in using Kerberos authentication * * return 0 on success (will be logged in) * 1 if Kerberos failed (try local password in login) */ int klogin(struct passwd *pw, char *instance, char *localhost, char *password) { int kerror; AUTH_DAT authdata; KTEXT_ST ticket; struct hostent *hp; u_int32_t faddr; char realm[REALM_SZ], savehost[MaxHostNameLen]; extern int noticketsdontcomplain; #ifdef KLOGIN_PARANOID noticketsdontcomplain = 0; /* enable warning message */ #endif /* * Root logins don't use Kerberos. * If we have a realm, try getting a ticket-granting ticket * and using it to authenticate. Otherwise, return * failure so that we can try the normal passwd file * for a password. If that's ok, log the user in * without issuing any tickets. */ if (strcmp(pw->pw_name, "root") == 0 || - krb_get_lrealm(realm, 0) != KSUCCESS) + krb_get_lrealm(realm, 1) != KSUCCESS) return (1); noticketsdontcomplain = 0; /* enable warning message */ /* * get TGT for local realm * tickets are stored in a file named TKT_ROOT plus uid * except for user.root tickets. */ if (strcmp(instance, "root") != 0) snprintf(tkt_location, sizeof(tkt_location), "%s%u_%u", TKT_ROOT, (unsigned)pw->pw_uid, (unsigned)getpid()); else { snprintf(tkt_location, sizeof(tkt_location), "%s_root_%d", TKT_ROOT, (unsigned)pw->pw_uid); } krbtkfile_env = tkt_location; krb_set_tkt_string(tkt_location); - kerror = krb_get_pw_in_tkt(pw->pw_name, instance, - realm, KRB_TICKET_GRANTING_TICKET, realm, - DEFAULT_TKT_LIFE, password); + /* + * Set real as well as effective ID to 0 for the moment, + * to make the kerberos library do the right thing. + */ + if (setuid(0) < 0) { + warnx("setuid"); + return (1); + } /* + * Get ticket + */ + kerror = multiple_get_tkt(pw->pw_name, + instance, + realm, + KRB_TICKET_GRANTING_TICKET, + realm, + DEFAULT_TKT_LIFE, + password); + + /* * If we got a TGT, get a local "rcmd" ticket and check it so as to * ensure that we are not talking to a bogus Kerberos server. * * There are 2 cases where we still allow a login: * 1: the VERIFY_SERVICE doesn't exist in the KDC * 2: local host has no srvtab, as (hopefully) indicated by a * return value of RD_AP_UNDEC from krb_rd_req(). */ if (kerror != INTK_OK) { if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) { syslog(LOG_ERR, "Kerberos intkt error: %s", krb_get_err_text(kerror)); dest_tkt(); } return (1); } if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0) syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE); - strncpy(savehost, krb_get_phost(localhost), sizeof(savehost)); - savehost[sizeof(savehost)-1] = '\0'; + strlcpy(savehost, krb_get_phost(localhost), sizeof(savehost)); #ifdef KLOGIN_PARANOID /* * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, * don't allow kerberos login, also log the error condition. */ kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33); if (kerror == KDC_PR_UNKNOWN) { syslog(LOG_NOTICE, "warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?", krb_get_err_text(kerror), VERIFY_SERVICE, savehost); notickets = 0; return (1); } if (kerror != KSUCCESS) { warnx("unable to use TGT: (%s)", krb_get_err_text(kerror)); syslog(LOG_NOTICE, "unable to use TGT: (%s)", krb_get_err_text(kerror)); dest_tkt(); return (1); } if (!(hp = gethostbyname(localhost))) { syslog(LOG_ERR, "couldn't get local host address"); dest_tkt(); return (1); } memcpy(&faddr, hp->h_addr, sizeof(faddr)); kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr, &authdata, ""); if (kerror == KSUCCESS) { notickets = 0; return (0); } /* undecipherable: probably didn't have a srvtab on the local host */ if (kerror == RD_AP_UNDEC) { syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_get_err_text(kerror)); dest_tkt(); return (1); } /* failed for some other reason */ warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE, krb_get_err_text(kerror)); syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE, krb_get_err_text(kerror)); dest_tkt(); return (1); #else notickets = 0; return (0); #endif } #endif Index: stable/3/crypto/kerberosIV/appl/bsd/login.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/login.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/login.c (revision 62578) @@ -1,990 +1,1106 @@ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * login [ name ] * login -h hostname (for telnetd, etc.) * login -f name (for pre-authenticated login: datakit, xterm, etc.) */ #include "bsd_locl.h" +#ifdef HAVE_CAPABILITY_H +#include +#endif +#ifdef HAVE_SYS_CAPABILITY_H +#include +#endif -RCSID("$Id: login.c,v 1.104 1997/05/20 20:35:06 assar Exp $"); +RCSID("$Id: login.c,v 1.125 1999/11/30 19:24:01 bg Exp $"); +#ifdef OTP #include +#endif #include "sysv_default.h" #ifdef SYSV_SHADOW #include "sysv_shadow.h" #endif static void badlogin (char *); static void checknologin (void); static void dolastlog (int); static void getloginname (int); static int rootterm (char *); static char *stypeof (char *); static RETSIGTYPE timedout (int); static int doremotelogin (char *); void login_fbtab (char *, uid_t, gid_t); #ifdef KERBEROS int klogin (struct passwd *, char *, char *, char *); #endif #define TTYGRPNAME "tty" /* name of group to own ttys */ /* * This bounds the time given to login. Change it in * `/etc/default/login'. */ static u_int login_timeout; #ifdef KERBEROS int notickets = 1; int noticketsdontcomplain = 1; char *instance; char *krbtkfile_env; int authok; #endif #ifdef HAVE_SHADOW_H static struct spwd *spwd = NULL; #endif static char *ttyprompt; static struct passwd *pwd; static int failures; static char term[64], *hostname, *username, *tty; static char rusername[100], lusername[100]; static int change_passwd(struct passwd *who) { int status; - int pid; - int wpid; + pid_t pid; switch (pid = fork()) { case -1: warn("fork /bin/passwd"); sleepexit(1); case 0: execlp("/bin/passwd", "passwd", who->pw_name, (char *) 0); _exit(1); default: - while ((wpid = wait(&status)) != -1 && wpid != pid) - /* void */ ; + waitpid(pid, &status, 0); return (status); } } #ifndef NO_MOTD /* message of the day stuff */ jmp_buf motdinterrupt; static RETSIGTYPE sigint(int signo) { longjmp(motdinterrupt, 1); } static void motd(void) { int fd, nchars; RETSIGTYPE (*oldint)(); char tbuf[8192]; if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0) return; oldint = signal(SIGINT, sigint); if (setjmp(motdinterrupt) == 0) while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) write(fileno(stdout), tbuf, nchars); signal(SIGINT, oldint); close(fd); } #endif /* !NO_MOTD */ #define AUTH_NONE 0 #define AUTH_OTP 1 /* * getpwnam and try to detect the worst form of NIS attack. */ static struct passwd * paranoid_getpwnam (char *user) { struct passwd *p; p = k_getpwnam (user); if (p == NULL) return p; if (p->pw_uid == 0 && strcmp (username, "root") != 0) { syslog (LOG_ALERT, "NIS attack, user %s has uid 0", username); return NULL; } return p; } int main(int argc, char **argv) { struct group *gr; int ask, ch, cnt, fflag, hflag, pflag, quietlog, nomailcheck; int rootlogin, rval; int rflag; int changepass = 0; uid_t uid; char *domain, *p, passwd[128], *ttyn; char tbuf[MaxPathLen + 2], tname[sizeof(_PATH_TTY) + 10]; char localhost[MaxHostNameLen]; char full_hostname[MaxHostNameLen]; int auth_level = AUTH_NONE; +#ifdef OTP OtpContext otp_ctx; +#endif int mask = 022; /* Default umask (set below) */ int maxtrys = 5; /* Default number of allowed failed logins */ set_progname(argv[0]); openlog("login", LOG_ODELAY, LOG_AUTH); /* Read defaults file and set the login timeout period. */ sysv_defaults(); login_timeout = atoi(default_timeout); maxtrys = atoi(default_maxtrys); if (sscanf(default_umask, "%o", &mask) != 1 || (mask & ~0777)) syslog(LOG_WARNING, "bad umask default: %s", default_umask); else umask(mask); signal(SIGALRM, timedout); alarm(login_timeout); signal(SIGQUIT, SIG_IGN); signal(SIGINT, SIG_IGN); setpriority(PRIO_PROCESS, 0, 0); /* * -p is used by getty to tell login not to destroy the environment * -f is used to skip a second login authentication * -h is used by other servers to pass the name of the remote * host to login so that it may be placed in utmp and wtmp * -r is used by old-style rlogind to execute the autologin protocol */ *full_hostname = '\0'; domain = NULL; - if (k_gethostname(localhost, sizeof(localhost)) < 0) + if (gethostname(localhost, sizeof(localhost)) < 0) syslog(LOG_ERR, "couldn't get local hostname: %m"); else domain = strchr(localhost, '.'); fflag = hflag = pflag = rflag = 0; uid = getuid(); - while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != EOF) + while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != -1) switch (ch) { case 'a': if (strcmp (optarg, "none") == 0) auth_level = AUTH_NONE; +#ifdef OTP else if (strcmp (optarg, "otp") == 0) auth_level = AUTH_OTP; +#endif else warnx ("bad value for -a: %s", optarg); break; case 'd': break; case 'f': fflag = 1; break; case 'h': if (rflag || hflag) { printf("Only one of -r and -h allowed\n"); exit(1); } if (uid) errx(1, "-h option: %s", strerror(EPERM)); hflag = 1; - strncpy(full_hostname, optarg, sizeof(full_hostname)-1); + strlcpy(full_hostname, + optarg, + sizeof(full_hostname)); if (domain && (p = strchr(optarg, '.')) && strcasecmp(p, domain) == 0) *p = 0; hostname = optarg; break; case 'p': if (getuid()) { warnx("-p for super-user only."); exit(1); } pflag = 1; break; case 'r': if (rflag || hflag) { warnx("Only one of -r and -h allowed\n"); exit(1); } if (getuid()) { warnx("-r for super-user only."); exit(1); } rflag = 1; - strncpy(full_hostname, optarg, sizeof(full_hostname)-1); + strlcpy(full_hostname, + optarg, + sizeof(full_hostname)); if (domain && (p = strchr(optarg, '.')) && strcasecmp(p, domain) == 0) *p = 0; hostname = optarg; fflag = (doremotelogin(full_hostname) == 0); break; case '?': default: if (!uid) syslog(LOG_ERR, "invalid flag %c", ch); fprintf(stderr, - "usage: login [-fp] [-a otp]" + "usage: login [-fp]" +#ifdef OTP + " [-a otp]" +#endif "[-h hostname | -r hostname] [username]\n"); exit(1); } argc -= optind; argv += optind; if (geteuid() != 0) { warnx("only root may use login, use su"); /* Or install login setuid root, which is not necessary */ sleep(10); exit(1); } /* * Figure out if we should ask for the username or not. The name * may be given on the command line or via the environment, and * it may even be in the terminal input queue. */ if (rflag) { username = lusername; ask = 0; } else if (*argv && strchr(*argv, '=')) { ask = 1; } else if (*argv && strcmp(*argv, "-") == 0) { argc--; argv++; ask = 1; } else if (*argv) { username = *argv; ask = 0; argc--; argv++; } else if ((ttyprompt = getenv("TTYPROMPT")) && *ttyprompt) { getloginname(0); ask = 0; } else ask = 1; /* Default tty settings. */ stty_default(); for (cnt = getdtablesize(); cnt > 2; cnt--) close(cnt); /* * Determine the tty name. BSD takes the basename, SYSV4 takes * whatever remains after stripping the "/dev/" prefix. The code * below should produce sensible results in either environment. */ ttyn = ttyname(STDIN_FILENO); if (ttyn == NULL || *ttyn == '\0') { snprintf(tname, sizeof(tname), "%s??", _PATH_TTY); ttyn = tname; } if ((tty = strchr(ttyn + 1, '/'))) ++tty; else tty = ttyn; for (cnt = 0;; ask = 1) { char prompt[128], ss[256]; if (ask) { fflag = 0; getloginname(1); } rootlogin = 0; rval = 1; #ifdef KERBEROS if ((instance = strchr(username, '.')) != NULL) { if (strcmp(instance, ".root") == 0) rootlogin = 1; *instance++ = '\0'; } else instance = ""; #endif if (strlen(username) > UT_NAMESIZE) username[UT_NAMESIZE] = '\0'; /* * Note if trying multiple user names; log failures for * previous user name, but don't bother logging one failure * for nonexistent name (mistyped username). */ if (failures && strcmp(tbuf, username)) { if (failures > (pwd ? 0 : 1)) badlogin(tbuf); failures = 0; } - strcpy(tbuf, username); + strlcpy(tbuf, username, sizeof(tbuf)); pwd = paranoid_getpwnam (username); /* * if we have a valid account name, and it doesn't have a * password, or the -f option was specified and the caller * is root or the caller isn't changing their uid, don't * authenticate. */ if (pwd) { if (pwd->pw_uid == 0) rootlogin = 1; if (fflag && (uid == 0 || uid == pwd->pw_uid)) { /* already authenticated */ break; } else if (pwd->pw_passwd[0] == '\0') { /* pretend password okay */ rval = 0; goto ttycheck; } } fflag = 0; setpriority(PRIO_PROCESS, 0, -4); +#ifdef OTP if (otp_challenge (&otp_ctx, username, ss, sizeof(ss)) == 0) snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss); - else { + else +#endif + { if (auth_level == AUTH_NONE) snprintf(prompt, sizeof(prompt), "%s's Password: ", username); else { char *s; rval = 1; +#ifdef OTP s = otp_error(&otp_ctx); if(s) printf ("OTP: %s\n", s); +#endif continue; } } if (des_read_pw_string (passwd, sizeof(passwd) - 1, prompt, 0)) continue; passwd[sizeof(passwd) - 1] = '\0'; /* Verify it somehow */ +#ifdef OTP if (otp_verify_user (&otp_ctx, passwd) == 0) rval = 0; - else if (pwd == NULL) + else +#endif + if (pwd == NULL) ; else if (auth_level == AUTH_NONE) { uid_t pwd_uid = pwd->pw_uid; rval = unix_verify_user (username, passwd); if (rval == 0) { if (rootlogin && pwd_uid != 0) rootlogin = 0; } else { rval = klogin(pwd, instance, localhost, passwd); if (rval != 0 && rootlogin && pwd_uid != 0) rootlogin = 0; if (rval == 0) authok = 1; } } else { char *s; rval = 1; +#ifdef OTP if ((s = otp_error(&otp_ctx))) printf ("OTP: %s\n", s); +#endif } memset (passwd, 0, sizeof(passwd)); setpriority (PRIO_PROCESS, 0, 0); /* * Santa Claus, give me a portable and reentrant getpwnam. */ pwd = paranoid_getpwnam (username); ttycheck: /* * If trying to log in as root without Kerberos, * but with insecure terminal, refuse the login attempt. */ #ifdef KERBEROS if (authok == 0) #endif if (pwd && !rval && rootlogin && !rootterm(tty) && !rootterm(ttyn)) { warnx("%s login refused on this terminal.", pwd->pw_name); if (hostname) syslog(LOG_NOTICE, "LOGIN %s REFUSED FROM %s ON TTY %s", pwd->pw_name, hostname, tty); else syslog(LOG_NOTICE, "LOGIN %s REFUSED ON TTY %s", pwd->pw_name, tty); continue; } if (rval == 0) break; printf("Login incorrect\n"); failures++; /* max number of attemps and delays taken from defaults file */ /* we allow maxtrys tries, but after 2 we start backing off */ if (++cnt > 2) { if (cnt >= maxtrys) { badlogin(username); sleepexit(1); } sleep((u_int)((cnt - 2) * atoi(default_sleep))); } } /* committed to login -- turn off timeout */ alarm(0); endpwent(); #if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM) { struct udb *udb; long t; const long maxcpu = 46116860184; /* some random constant */ + + if(setjob(pwd->pw_uid, 0) < 0) + warn("setjob"); + udb = getudbnam(pwd->pw_name); - if(udb == UDB_NULL){ - warnx("Failed to get UDB entry."); - exit(1); - } + if(udb == UDB_NULL) + errx(1, "Failed to get UDB entry."); + + /* per process cpu limit */ t = udb->ue_pcpulim[UDBRC_INTER]; if(t == 0 || t > maxcpu) t = CPUUNLIM; else - t *= 100 * CLOCKS_PER_SEC; + t *= CLK_TCK; if(limit(C_PROC, 0, L_CPU, t) < 0) - warn("limit C_PROC"); + warn("limit process cpu"); + /* per process memory limit */ + if(limit(C_PROC, 0, L_MEM, udb->ue_pmemlim[UDBRC_INTER]) < 0) + warn("limit process memory"); + + /* per job cpu limit */ t = udb->ue_jcpulim[UDBRC_INTER]; if(t == 0 || t > maxcpu) t = CPUUNLIM; else - t *= 100 * CLOCKS_PER_SEC; + t *= CLK_TCK; - if(limit(C_JOBPROCS, 0, L_CPU, t) < 0) - warn("limit C_JOBPROCS"); + if(limit(C_JOB, 0, L_CPU, t) < 0) + warn("limit job cpu"); + /* per job processor limit */ + if(limit(C_JOB, 0, L_CPROC, udb->ue_jproclim[UDBRC_INTER]) < 0) + warn("limit job processors"); + + /* per job memory limit */ + if(limit(C_JOB, 0, L_MEM, udb->ue_jmemlim[UDBRC_INTER]) < 0) + warn("limit job memory"); + nice(udb->ue_nice[UDBRC_INTER]); } #endif /* if user not super-user, check for disabled logins */ if (!rootlogin) checknologin(); if (chdir(pwd->pw_dir) < 0) { printf("No home directory %s!\n", pwd->pw_dir); if (chdir("/")) exit(0); pwd->pw_dir = "/"; printf("Logging in with home = \"/\".\n"); } quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; nomailcheck = access(_PATH_NOMAILCHECK, F_OK) == 0; #if defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) if (pwd->pw_change || pwd->pw_expire) gettimeofday(&tp, (struct timezone *)NULL); if (pwd->pw_change) if (tp.tv_sec >= pwd->pw_change) { printf("Sorry -- your password has expired.\n"); changepass=1; } else if (pwd->pw_change - tp.tv_sec < 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) printf("Warning: your password expires on %s", ctime(&pwd->pw_change)); if (pwd->pw_expire) if (tp.tv_sec >= pwd->pw_expire) { printf("Sorry -- your account has expired.\n"); sleepexit(1); } else if (pwd->pw_expire - tp.tv_sec < 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) printf("Warning: your account expires on %s", ctime(&pwd->pw_expire)); #endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */ /* Nothing else left to fail -- really log in. */ /* * Update the utmp files, both BSD and SYSV style. */ if (utmpx_login(tty, username, hostname ? hostname : "") != 0 && !fflag) { printf("No utmpx entry. You must exec \"login\" from the lowest level \"sh\".\n"); sleepexit(0); } utmp_login(ttyn, username, hostname ? hostname : ""); dolastlog(quietlog); /* * Set device protections, depending on what terminal the * user is logged in. This feature is used on Suns to give * console users better privacy. */ login_fbtab(tty, pwd->pw_uid, pwd->pw_gid); - chown(ttyn, pwd->pw_uid, - (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); - chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP); + if (chown(ttyn, pwd->pw_uid, + (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid) < 0) + err(1, "chown tty failed"); + if (chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0) + err(1, "chmod tty failed"); setgid(pwd->pw_gid); initgroups(username, pwd->pw_gid); if (*pwd->pw_shell == '\0') pwd->pw_shell = _PATH_BSHELL; /* * Set up a new environment. With SYSV, some variables are always * preserved; some varables are never preserved, and some variables * are always clobbered. With BSD, nothing is always preserved, and * some variables are always clobbered. We add code to make sure * that LD_* and IFS are never preserved. */ if (term[0] == '\0') - strncpy(term, stypeof(tty), sizeof(term)); + strlcpy(term, stypeof(tty), sizeof(term)); /* set up a somewhat censored environment. */ sysv_newenv(argc, argv, pwd, term, pflag); #ifdef KERBEROS if (krbtkfile_env) setenv("KRBTKFILE", krbtkfile_env, 1); #endif if (tty[sizeof("tty")-1] == 'd') syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name); /* If fflag is on, assume caller/authenticator has logged root login. */ - if (rootlogin && fflag == 0) + if (rootlogin && fflag == 0) { if (hostname) syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s", username, tty, hostname); else syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); + } #ifdef KERBEROS if (!quietlog && notickets == 1 && !noticketsdontcomplain) printf("Warning: no Kerberos tickets issued.\n"); #endif #ifdef LOGALL /* * Syslog each successful login, so we don't have to watch hundreds * of wtmp or lastlogin files. */ if (hostname) { syslog(LOG_INFO, "login from %s as %s", hostname, pwd->pw_name); } else { syslog(LOG_INFO, "login on %s as %s", tty, pwd->pw_name); } #endif #ifndef NO_MOTD /* * Optionally show the message of the day. System V login leaves * motd and mail stuff up to the shell startup file. */ if (!quietlog) { struct stat st; #if 0 printf("%s\n\t%s %s\n\n", "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", "The Regents of the University of California. ", "All rights reserved."); #endif motd(); if(!nomailcheck){ snprintf(tbuf, sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name); if (stat(tbuf, &st) == 0 && st.st_size != 0) printf("You have %smail.\n", (st.st_mtime > st.st_atime) ? "new " : ""); } } #endif /* NO_MOTD */ #ifdef LOGIN_ACCESS - if (login_access(pwd->pw_name, hostname ? full_hostname : tty) == 0) { + if (login_access(pwd, hostname ? full_hostname : tty) == 0) { printf("Permission denied\n"); if (hostname) syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s", pwd->pw_name, hostname); else syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s", pwd->pw_name, tty); sleepexit(1); } #endif signal(SIGALRM, SIG_DFL); signal(SIGQUIT, SIG_DFL); signal(SIGINT, SIG_DFL); +#ifdef SIGTSTP signal(SIGTSTP, SIG_IGN); +#endif - tbuf[0] = '-'; - strcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ? - p + 1 : pwd->pw_shell); + p = strrchr(pwd->pw_shell, '/'); + snprintf (tbuf, sizeof(tbuf), "-%s", p ? p + 1 : pwd->pw_shell); #ifdef HAVE_SETLOGIN if (setlogin(pwd->pw_name) < 0) syslog(LOG_ERR, "setlogin() failure: %m"); #endif #ifdef HAVE_SETPCRED if (setpcred (pwd->pw_name, NULL) == -1) syslog(LOG_ERR, "setpcred() failure: %m"); #endif /* HAVE_SETPCRED */ #if defined(SYSV_SHADOW) && defined(HAVE_GETSPNAM) spwd = getspnam (username); endspent (); #endif + /* perhaps work some magic */ + if(do_osfc2_magic(pwd->pw_uid)) + sleepexit(1); +#if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC) + /* XXX SGI capability hack IRIX 6.x (x >= 0?) has something + called capabilities, that allow you to give away + permissions (such as chown) to specific processes. From 6.5 + this is default on, and the default capability set seems to + not always be the empty set. The problem is that the + runtime linker refuses to do just about anything if the + process has *any* capabilities set, so we have to remove + them here (unless otherwise instructed by /etc/capability). + In IRIX < 6.5, these functions was called sgi_cap_setproc, + etc, but we ignore this fact (it works anyway). */ + { + struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name); + cap_t cap; + if(ucap == NULL) + cap = cap_from_text("all="); + else + cap = cap_from_text(ucap->ca_default); + if(cap == NULL) + err(1, "cap_from_text"); + if(cap_set_proc(cap) < 0) + err(1, "cap_set_proc"); + cap_free(cap); + free(ucap); + } +#endif /* Discard permissions last so can't get killed and drop core. */ { int uid = rootlogin ? 0 : pwd->pw_uid; if(setuid(uid) != 0){ warn("setuid(%d)", uid); if(!rootlogin) exit(1); } } /* * After dropping privileges and after cleaning up the environment, * optionally run, as the user, /bin/passwd. */ if (pwd->pw_passwd[0] == 0 && strcasecmp(default_passreq, "YES") == 0) { printf("You don't have a password. Choose one.\n"); if (change_passwd(pwd)) sleepexit(0); changepass = 0; } #ifdef SYSV_SHADOW if (spwd && sysv_expire(spwd)) { if (change_passwd(pwd)) sleepexit(0); changepass = 0; } #endif /* SYSV_SHADOW */ if (changepass) { int res; if ((res=system(_PATH_CHPASS))) sleepexit(1); } if (k_hasafs()) { char cell[64]; +#ifdef _AIX + /* XXX this is a fix for a bug in AFS for AIX 4.3, w/o + this hack the kernel crashes on the following + pioctl... */ + char *pw_dir = strdup(pwd->pw_dir); +#else + char *pw_dir = pwd->pw_dir; +#endif k_setpag(); - if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) - k_afsklog(cell, 0); - k_afsklog(0, 0); + if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0) + krb_afslog(cell, 0); + krb_afslog(0, 0); } execlp(pwd->pw_shell, tbuf, 0); if (getuid() == 0) { warnx("Can't exec %s, trying %s\n", pwd->pw_shell, _PATH_BSHELL); execlp(_PATH_BSHELL, tbuf, 0); err(1, "%s", _PATH_BSHELL); } err(1, "%s", pwd->pw_shell); return 1; } #ifdef KERBEROS #define NBUFSIZ (UT_NAMESIZE + 1 + 5) /* .root suffix */ #else #define NBUFSIZ (UT_NAMESIZE + 1) #endif static void getloginname(int prompt) { int ch; char *p; static char nbuf[NBUFSIZ]; for (;;) { - if (prompt) + if (prompt) { if (ttyprompt && *ttyprompt) printf("%s", ttyprompt); else printf("login: "); + } prompt = 1; for (p = nbuf; (ch = getchar()) != '\n'; ) { if (ch == EOF) { badlogin(username); exit(0); } if (p < nbuf + (NBUFSIZ - 1)) *p++ = ch; } - if (p > nbuf) + if (p > nbuf) { if (nbuf[0] == '-') warnx("login names may not start with '-'."); else { *p = '\0'; username = nbuf; break; } } } +} static int +find_in_etc_securetty (char *ttyn) +{ + FILE *f; + char buf[128]; + int ret = 0; + + f = fopen (_PATH_ETC_SECURETTY, "r"); + if (f == NULL) + return 0; + while (fgets(buf, sizeof(buf), f) != NULL) { + if(buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = '\0'; + if (strcmp (buf, ttyn) == 0) { + ret = 1; + break; + } + } + fclose(f); + return ret; +} + +static int rootterm(char *ttyn) { -#ifndef HAVE_TTYENT_H - return (default_console == 0 || strcmp(default_console, ttyname(0)) == 0); -#else +#ifdef HAVE_TTYENT_H + { struct ttyent *t; - return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); + t = getttynam (ttyn); + if (t && t->ty_status & TTY_SECURE) + return 1; + } #endif + if (find_in_etc_securetty(ttyn)) + return 1; + if (default_console == 0 || strcmp(default_console, ttyn) == 0) + return 1; + return 0; } static RETSIGTYPE timedout(int signo) { fprintf(stderr, "Login timed out after %d seconds\n", login_timeout); exit(0); } static void checknologin(void) { int fd, nchars; char tbuf[8192]; if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) { while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) write(fileno(stdout), tbuf, nchars); sleepexit(0); } } static void dolastlog(int quiet) { -#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) || defined(SYSV_SHADOW) +#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) struct lastlog ll; int fd; if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); #ifdef SYSV_SHADOW if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && ll.ll_time != 0) { if (pwd->pw_uid && spwd && spwd->sp_inact > 0 && ll.ll_time / (24 * 60 * 60) + spwd->sp_inact < time(0)) { printf("Your account has been inactive too long.\n"); sleepexit(1); } if (!quiet) { printf("Last login: %.*s ", 24-5, ctime(&ll.ll_time)); if (*ll.ll_host != '\0') { printf("from %.*s\n", (int)sizeof(ll.ll_host), ll.ll_host); } else printf("on %.*s\n", (int)sizeof(ll.ll_line), ll.ll_line); } } lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); #else /* SYSV_SHADOW */ if (!quiet) { if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && ll.ll_time != 0) { printf("Last login: %.*s ", 24-5, ctime(&ll.ll_time)); if (*ll.ll_host != '\0') printf("from %.*s\n", (int)sizeof(ll.ll_host), ll.ll_host); else printf("on %.*s\n", (int)sizeof(ll.ll_line), ll.ll_line); } lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); } #endif /* SYSV_SHADOW */ memset(&ll, 0, sizeof(ll)); time(&ll.ll_time); strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); if (hostname) strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); write(fd, &ll, sizeof(ll)); close(fd); } #endif /* DOLASTLOG */ } static void badlogin(char *name) { if (failures == 0) return; if (hostname) { syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s", failures, failures > 1 ? "S" : "", hostname); syslog(LOG_AUTHPRIV|LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s, %s", failures, failures > 1 ? "S" : "", hostname, name); } else { syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", failures, failures > 1 ? "S" : "", tty); syslog(LOG_AUTHPRIV|LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s", failures, failures > 1 ? "S" : "", tty, name); } } #undef UNKNOWN #define UNKNOWN "su" static char * stypeof(char *ttyid) { /* TERM is probably a better guess than anything else. */ char *term = getenv("TERM"); if (term != 0 && term[0] != 0) return term; { #ifndef HAVE_TTYENT_H return UNKNOWN; #else struct ttyent *t; return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); #endif } } static void xgetstr(char *buf, int cnt, char *err) { char ch; do { if (read(0, &ch, sizeof(ch)) != sizeof(ch)) exit(1); if (--cnt < 0) { fprintf(stderr, "%s too long\r\n", err); sleepexit(1); } *buf++ = ch; } while (ch); } /* * Some old rlogind's unknowingly pass remuser, locuser and * terminal_type/speed so we need to take care of that part of the * protocol here. Also, we can't make a getpeername(2) on the socket * so we have to trust that rlogind resolved the name correctly. */ static int doremotelogin(char *host) { int code; char *cp; xgetstr(rusername, sizeof (rusername), "remuser"); xgetstr(lusername, sizeof (lusername), "locuser"); xgetstr(term, sizeof(term), "Terminal type"); cp = strchr(term, '/'); if (cp != 0) *cp = 0; /* For now ignore speed/bg */ pwd = k_getpwnam(lusername); if (pwd == NULL) return(-1); code = ruserok(host, (pwd->pw_uid == 0), rusername, lusername); if (code == 0) syslog(LOG_NOTICE, "Warning: An old rlogind accepted login probably from host %s", host); return(code); } void sleepexit(int eval) { sleep(5); exit(eval); } Index: stable/3/crypto/kerberosIV/appl/bsd/login_access.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/login_access.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/login_access.c (revision 62578) @@ -1,221 +1,264 @@ /* * This module implements a simple but effective form of login access * control based on login names and on host (or domain) names, internet * addresses (or network numbers), or on terminal line names in case of * non-networked logins. Diagnostics are reported through syslog(3). * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. */ #include "bsd_locl.h" -RCSID("$Id: login_access.c,v 1.15 1997/06/01 03:12:28 assar Exp $"); +RCSID("$Id: login_access.c,v 1.19 1999/05/14 22:02:14 assar Exp $"); #ifdef LOGIN_ACCESS /* Delimiters for fields and for lists of users, ttys or hosts. */ static char fs[] = ":"; /* field separator */ static char sep[] = ", \t"; /* list-element separator */ /* Constants to be used in assignments only, not in comparisons... */ #define YES 1 #define NO 0 -static int list_match(char *list, char *item, int (*match_fn)(char *, char *)); -static int user_match(char *tok, char *string); -static int from_match(char *tok, char *string); + /* + * A structure to bundle up all login-related information to keep the + * functional interfaces as generic as possible. + */ +struct login_info { + struct passwd *user; + char *from; +}; + +static int list_match(char *list, struct login_info *item, + int (*match_fn)(char *, struct login_info *)); +static int user_match(char *tok, struct login_info *item); +static int from_match(char *tok, struct login_info *item); static int string_match(char *tok, char *string); /* login_access - match username/group and host/tty with access control file */ -int login_access(char *user, char *from) +int login_access(struct passwd *user, char *from) { + struct login_info item; FILE *fp; char line[BUFSIZ]; char *perm; /* becomes permission field */ char *users; /* becomes list of login names */ char *froms; /* becomes list of terminals or hosts */ int match = NO; int end; int lineno = 0; /* for diagnostics */ char *foo; /* + * Bundle up the arguments to avoid unnecessary clumsiness lateron. + */ + item.user = user; + item.from = from; + + /* * Process the table one line at a time and stop at the first match. * Blank lines and lines that begin with a '#' character are ignored. * Non-comment lines are broken at the ':' character. All fields are * mandatory. The first field should be a "+" or "-" character. A * non-existing table means no access control. */ if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) { while (!match && fgets(line, sizeof(line), fp)) { lineno++; if (line[end = strlen(line) - 1] != '\n') { syslog(LOG_ERR, "%s: line %d: missing newline or line too long", _PATH_LOGACCESS, lineno); continue; } if (line[0] == '#') continue; /* comment line */ - while (end > 0 && isspace(line[end - 1])) + while (end > 0 && isspace((unsigned char)line[end - 1])) end--; line[end] = 0; /* strip trailing whitespace */ if (line[0] == 0) /* skip blank lines */ continue; foo = NULL; if (!(perm = strtok_r(line, fs, &foo)) || !(users = strtok_r(NULL, fs, &foo)) || !(froms = strtok_r(NULL, fs, &foo)) || strtok_r(NULL, fs, &foo)) { syslog(LOG_ERR, "%s: line %d: bad field count", _PATH_LOGACCESS, lineno); continue; } if (perm[0] != '+' && perm[0] != '-') { syslog(LOG_ERR, "%s: line %d: bad first field", _PATH_LOGACCESS, lineno); continue; } - match = (list_match(froms, from, from_match) - && list_match(users, user, user_match)); + match = (list_match(froms, &item, from_match) + && list_match(users, &item, user_match)); } fclose(fp); } else if (errno != ENOENT) { syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS); } return (match == 0 || (line[0] == '+')); } /* list_match - match an item against a list of tokens with exceptions */ static int -list_match(char *list, char *item, int (*match_fn)(char *, char *)) +list_match(char *list, + struct login_info *item, + int (*match_fn)(char *, struct login_info *)) { char *tok; int match = NO; char *foo = NULL; /* * Process tokens one at a time. We have exhausted all possible matches * when we reach an "EXCEPT" token or the end of the list. If we do find * a match, look for an "EXCEPT" list and recurse to determine whether * the match is affected by any exceptions. */ for (tok = strtok_r(list, sep, &foo); tok != NULL; tok = strtok_r(NULL, sep, &foo)) { if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ break; if ((match = (*match_fn) (tok, item)) != 0) /* YES */ break; } /* Process exceptions to matches. */ if (match != NO) { while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT")) /* VOID */ ; if (tok == 0 || list_match(NULL, item, match_fn) == NO) return (match); } return (NO); } +/* myhostname - figure out local machine name */ + +static char *myhostname(void) +{ + static char name[MAXHOSTNAMELEN + 1] = ""; + + if (name[0] == 0) { + gethostname(name, sizeof(name)); + name[MAXHOSTNAMELEN] = 0; + } + return (name); +} + /* netgroup_match - match group against machine or user */ static int netgroup_match(char *group, char *machine, char *user) { #ifdef HAVE_YP_GET_DEFAULT_DOMAIN static char *mydomain = 0; if (mydomain == 0) yp_get_default_domain(&mydomain); return (innetgr(group, machine, user, mydomain)); #else syslog(LOG_ERR, "NIS netgroup support not configured"); return 0; #endif } /* user_match - match a username against one token */ -static int user_match(char *tok, char *string) +static int user_match(char *tok, struct login_info *item) { + char *string = item->user->pw_name; + struct login_info fake_item; struct group *group; int i; + char *at; /* * If a token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the username, or if - * the token is a group that contains the username. + * Otherwise, return YES if the token fully matches the username, if the + * token is a group that contains the username, or if the token is the + * name of the user's primary group. */ - if (tok[0] == '@') { /* netgroup */ + if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */ + *at = 0; + fake_item.from = myhostname(); + return (user_match(tok, item) && from_match(at + 1, &fake_item)); + } else if (tok[0] == '@') { /* netgroup */ return (netgroup_match(tok + 1, (char *) 0, string)); } else if (string_match(tok, string)) { /* ALL or exact match */ return (YES); } else if ((group = getgrnam(tok)) != 0) { /* try group membership */ + if (item->user->pw_gid == group->gr_gid) + return (YES); for (i = 0; group->gr_mem[i]; i++) if (strcasecmp(string, group->gr_mem[i]) == 0) return (YES); } return (NO); } /* from_match - match a host or tty against a list of tokens */ -static int from_match(char *tok, char *string) +static int from_match(char *tok, struct login_info *item) { + char *string = item->from; int tok_len; int str_len; /* * If a token has the magic value "ALL" the match always succeeds. Return * YES if the token fully matches the string. If the token is a domain * name, return YES if it matches the last fields of the string. If the * token has the magic value "LOCAL", return YES if the string does not * contain a "." character. If the token is a network number, return YES * if it matches the head of the string. */ if (tok[0] == '@') { /* netgroup */ return (netgroup_match(tok + 1, string, (char *) 0)); } else if (string_match(tok, string)) { /* ALL or exact match */ return (YES); } else if (tok[0] == '.') { /* domain: match last fields */ if ((str_len = strlen(string)) > (tok_len = strlen(tok)) && strcasecmp(tok, string + str_len - tok_len) == 0) return (YES); } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ if (strchr(string, '.') == 0) return (YES); } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */ && strncmp(tok, string, tok_len) == 0) { return (YES); } return (NO); } /* string_match - match a string against one token */ static int string_match(char *tok, char *string) { /* * If the token has the magic value "ALL" the match always succeeds. * Otherwise, return YES if the token fully matches the string. */ if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ return (YES); } else if (strcasecmp(tok, string) == 0) { /* try exact match */ return (YES); } return (NO); } #endif /* LOGIN_ACCES */ Index: stable/3/crypto/kerberosIV/appl/bsd/login_fbtab.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/login_fbtab.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/login_fbtab.c (revision 62578) @@ -1,144 +1,154 @@ /************************************************************************ * Copyright 1995 by Wietse Venema. All rights reserved. * * This material was originally written and compiled by Wietse Venema at * Eindhoven University of Technology, The Netherlands, in 1990, 1991, * 1992, 1993, 1994 and 1995. * * Redistribution and use in source and binary forms are permitted * provided that this entire copyright notice is duplicated in all such * copies. * * This software is provided "as is" and without any expressed or implied * warranties, including, without limitation, the implied warranties of * merchantibility and fitness for any particular purpose. ************************************************************************/ /* SYNOPSIS void login_fbtab(tty, uid, gid) char *tty; uid_t uid; gid_t gid; DESCRIPTION This module implements device security as described in the SunOS 4.1.x fbtab(5) and SunOS 5.x logindevperm(4) manual pages. The program first looks for /etc/fbtab. If that file cannot be opened it attempts to process /etc/logindevperm. We expect entries with the folowing format: Comments start with a # and extend to the end of the line. Blank lines or lines with only a comment are ignored. All other lines consist of three fields delimited by whitespace: a login device (/dev/console), an octal permission number (0600), and a ":"-delimited list of devices (/dev/kbd:/dev/mouse). All device names are absolute paths. A path that ends in "/*" refers to all directory entries except "." and "..". If the tty argument (relative path) matches a login device name (absolute path), the permissions of the devices in the ":"-delimited list are set as specified in the second field, and their ownership is changed to that of the uid and gid arguments. DIAGNOSTICS Problems are reported via the syslog daemon with severity LOG_ERR. BUGS AUTHOR Wietse Venema (wietse@wzv.win.tue.nl) Eindhoven University of Technology The Netherlands */ #include "bsd_locl.h" -RCSID("$Id: login_fbtab.c,v 1.10 1997/06/01 03:12:54 assar Exp $"); +RCSID("$Id: login_fbtab.c,v 1.14 1999/09/16 20:37:24 assar Exp $"); void login_protect (char *, char *, int, uid_t, gid_t); void login_fbtab (char *tty, uid_t uid, gid_t gid); #define WSPACE " \t\n" /* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */ void login_fbtab(char *tty, uid_t uid, gid_t gid) { FILE *fp; char buf[BUFSIZ]; char *devname; char *cp; int prot; char *table; char *foo; if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0 && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0) return; while (fgets(buf, sizeof(buf), fp)) { if ((cp = strchr(buf, '#')) != 0) *cp = 0; /* strip comment */ foo = NULL; if ((cp = devname = strtok_r(buf, WSPACE, &foo)) == 0) continue; /* empty or comment */ if (strncmp(devname, "/dev/", 5) != 0 || (cp = strtok_r(NULL, WSPACE, &foo)) == 0 || *cp != '0' || sscanf(cp, "%o", &prot) == 0 || prot == 0 || (prot & 0777) != prot || (cp = strtok_r(NULL, WSPACE, &foo)) == 0) { syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)"); continue; } if (strcmp(devname + 5, tty) == 0) { foo = NULL; for (cp = strtok_r(cp, ":", &foo); cp; cp = strtok_r(NULL, ":", &foo)) { login_protect(table, cp, prot, uid, gid); } } } fclose(fp); } /* login_protect - protect one device entry */ void login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid) { char buf[BUFSIZ]; int pathlen = strlen(path); struct dirent *ent; DIR *dir; if (strcmp("/*", path + pathlen - 2) != 0) { if (chmod(path, mask) && errno != ENOENT) syslog(LOG_ERR, "%s: chmod(%s): %m", table, path); if (chown(path, uid, gid) && errno != ENOENT) syslog(LOG_ERR, "%s: chown(%s): %m", table, path); } else { - strcpy(buf, path); - buf[pathlen - 1] = 0; + strlcpy (buf, path, sizeof(buf)); + if (sizeof(buf) > pathlen) + buf[pathlen - 2] = '\0'; + /* Solaris evidently operates on the directory as well */ + login_protect(table, buf, mask | ((mask & 0444) >> 2), uid, gid); if ((dir = opendir(buf)) == 0) { syslog(LOG_ERR, "%s: opendir(%s): %m", table, path); } else { + if (sizeof(buf) > pathlen) { + buf[pathlen - 2] = '/'; + buf[pathlen - 1] = '\0'; + } + while ((ent = readdir(dir)) != 0) { if (strcmp(ent->d_name, ".") != 0 && strcmp(ent->d_name, "..") != 0) { - strcpy(buf + pathlen - 1, ent->d_name); + strlcpy (buf + pathlen - 1, + ent->d_name, + sizeof(buf) - (pathlen + 1)); login_protect(table, buf, mask, uid, gid); } } closedir(dir); } } } Index: stable/3/crypto/kerberosIV/appl/bsd/pathnames.h =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/pathnames.h (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/pathnames.h (revision 62578) @@ -1,191 +1,200 @@ /* * Copyright (c) 1989 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * from: @(#)pathnames.h 5.2 (Berkeley) 4/9/90 - * $Id: pathnames.h,v 1.23 1996/11/17 06:36:42 joda Exp $ + * $Id: pathnames.h,v 1.25 1998/02/03 23:29:30 assar Exp $ */ /******* First fix default path, we stick to _PATH_DEFPATH everywhere */ #if !defined(_PATH_DEFPATH) && defined(_PATH_USERPATH) #define _PATH_DEFPATH _PATH_USERPATH #endif #if defined(_PATH_DEFPATH) && !defined(_DEF_PATH) #define _DEF_PATH _PATH_DEFPATH #endif #if !defined(_PATH_DEFPATH) && defined(_DEF_PATH) #define _PATH_DEFPATH _DEF_PATH #endif #ifndef _PATH_DEFPATH #define _PATH_DEFPATH "/usr/ucb:/usr/bin:/bin" #define _DEF_PATH _PATH_DEFPATH #endif /* !_PATH_DEFPATH */ #ifndef _PATH_DEFSUPATH #define _PATH_DEFSUPATH "/usr/sbin:" _DEF_PATH #endif /* _PATH_DEFSUPATH */ /******* Default PATH fixed! */ #undef _PATH_RLOGIN /* Redifine rlogin */ #define _PATH_RLOGIN BINDIR "/rlogin" #undef _PATH_RSH /* Redifine rsh */ #define _PATH_RSH BINDIR "/rsh" +#undef _PATH_RCP /* Redifine rcp */ +#define _PATH_RCP BINDIR "/rcp" + #undef _PATH_LOGIN #define _PATH_LOGIN BINDIR "/login" /******* The rest is fallback defaults */ #ifndef _PATH_DEV #define _PATH_DEV "/dev/" #endif #ifndef _PATH_CP #define _PATH_CP "/bin/cp" #endif /* _PATH_CP */ #ifndef _PATH_SHELLS #define _PATH_SHELLS "/etc/shells" #endif /* _PATH_SHELLS */ #ifndef _PATH_BSHELL #define _PATH_BSHELL "/bin/sh" #endif /* _PATH_BSHELL */ #ifndef _PATH_CSHELL #define _PATH_CSHELL "/bin/csh" #endif /* _PATH_CSHELL */ #ifndef _PATH_NOLOGIN #define _PATH_NOLOGIN "/etc/nologin" #endif /* _PATH_NOLOGIN */ #ifndef _PATH_TTY #define _PATH_TTY "/dev/tty" #endif /* _PATH_TTY */ #ifndef _PATH_HUSHLOGIN #define _PATH_HUSHLOGIN ".hushlogin" #endif /* _PATH_HUSHLOGIN */ #ifndef _PATH_NOMAILCHECK #define _PATH_NOMAILCHECK ".nomailcheck" #endif /* _PATH_NOMAILCHECK */ #ifndef _PATH_MOTDFILE #define _PATH_MOTDFILE "/etc/motd" #endif /* _PATH_MOTDFILE */ #ifndef _PATH_LOGACCESS #define _PATH_LOGACCESS "/etc/login.access" #endif /* _PATH_LOGACCESS */ #ifndef _PATH_HEQUIV #define _PATH_HEQUIV "/etc/hosts.equiv" #endif #ifndef _PATH_FBTAB #define _PATH_FBTAB "/etc/fbtab" #endif /* _PATH_FBTAB */ #ifndef _PATH_LOGINDEVPERM #define _PATH_LOGINDEVPERM "/etc/logindevperm" #endif /* _PATH_LOGINDEVPERM */ #ifndef _PATH_CHPASS #define _PATH_CHPASS "/usr/bin/passwd" #endif /* _PATH_CHPASS */ #if defined(__hpux) #define __FALLBACK_MAILDIR__ "/usr/mail" #else #define __FALLBACK_MAILDIR__ "/usr/spool/mail" #endif #ifndef KRB4_MAILDIR #ifndef _PATH_MAILDIR #ifdef MAILDIR #define _PATH_MAILDIR MAILDIR #else #define _PATH_MAILDIR __FALLBACK_MAILDIR__ #endif #endif /* _PATH_MAILDIR */ #define KRB4_MAILDIR _PATH_MAILDIR #endif #ifndef _PATH_LASTLOG #define _PATH_LASTLOG "/var/adm/lastlog" #endif #if defined(UTMP_FILE) && !defined(_PATH_UTMP) #define _PATH_UTMP UTMP_FILE #endif #ifndef _PATH_UTMP #define _PATH_UTMP "/etc/utmp" #endif #if defined(WTMP_FILE) && !defined(_PATH_WTMP) #define _PATH_WTMP WTMP_FILE #endif #ifndef _PATH_WTMP #define _PATH_WTMP "/usr/adm/wtmp" #endif #ifndef _PATH_ETC_DEFAULT_LOGIN #define _PATH_ETC_DEFAULT_LOGIN "/etc/default/login" #endif #ifndef _PATH_ETC_ENVIRONMENT #define _PATH_ETC_ENVIRONMENT "/etc/environment" #endif +#ifndef _PATH_ETC_SECURETTY +#define _PATH_ETC_SECURETTY "/etc/securetty" +#endif + /* * NeXT KLUDGE ALERT!!!!!!!!!!!!!!!!!! * Some sort of bug in the NEXTSTEP cpp. */ #ifdef NeXT #undef _PATH_DEFSUPATH #define _PATH_DEFSUPATH "/usr/sbin:/usr/ucb:/usr/bin:/bin" #undef _PATH_RLOGIN #define _PATH_RLOGIN "/usr/athena/bin/rlogin" #undef _PATH_RSH #define _PATH_RSH "/usr/athena/bin/rsh" +#undef _PATH_RCP +#define _PATH_RCP "/usr/athena/bin/rcp" #undef _PATH_LOGIN #define _PATH_LOGIN "/usr/athena/bin/login" #endif Index: stable/3/crypto/kerberosIV/appl/bsd/rcmd_util.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/rcmd_util.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/rcmd_util.c (revision 62578) @@ -1,246 +1,247 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID("$Id: rcmd_util.c,v 1.15 1997/05/02 14:27:44 assar Exp $"); +RCSID("$Id: rcmd_util.c,v 1.19 1999/12/02 16:58:28 joda Exp $"); int get_login_port(int kerberos, int encryption) { char *service="login"; int port=htons(513); if(kerberos && encryption){ service="eklogin"; port=htons(2105); } if(kerberos && !encryption){ service="klogin"; port=htons(543); } return k_getportbyname (service, "tcp", port); } int get_shell_port(int kerberos, int encryption) { char *service="shell"; int port=htons(514); if(kerberos && encryption){ service="ekshell"; port=htons(545); } if(kerberos && !encryption){ service="kshell"; port=htons(544); } return k_getportbyname (service, "tcp", port); } /* * On reasonable systems, `cf[gs]et[io]speed' use values of bit/s * directly, and the following functions are just identity functions. * This is however a slower way of doing those * should-be-but-are-not-always idenity functions. */ static struct { int speed; int bps; } conv[] = { #ifdef B0 {B0, 0}, #endif #ifdef B50 {B50, 50}, #endif #ifdef B75 {B75, 75}, #endif #ifdef B110 {B110, 110}, #endif #ifdef B134 {B134, 134}, #endif #ifdef B150 {B150, 150}, #endif #ifdef B200 {B200, 200}, #endif #ifdef B300 {B300, 300}, #endif #ifdef B600 {B600, 600}, #endif #ifdef B1200 {B1200, 1200}, #endif #ifdef B1800 {B1800, 1800}, #endif #ifdef B2400 {B2400, 2400}, #endif #ifdef B4800 {B4800, 4800}, #endif #ifdef B9600 {B9600, 9600}, #endif #ifdef B19200 {B19200, 19200}, #endif +#ifdef EXTA + {EXTA, 19200}, +#endif #ifdef B38400 {B38400, 38400}, #endif +#ifdef EXTB + {EXTB, 38400}, +#endif #ifdef B57600 {B57600, 57600}, #endif #ifdef B115200 {B115200, 115200}, #endif #ifdef B153600 {B153600, 153600}, #endif #ifdef B230400 {B230400, 230400}, #endif #ifdef B307200 {B307200, 307200}, #endif #ifdef B460800 {B460800, 460800}, #endif }; #define N (sizeof(conv)/sizeof(*conv)) int speed_t2int (speed_t s) { int l, r, m; l = 0; r = N - 1; while(l <= r) { m = (l + r) / 2; if (conv[m].speed == s) return conv[m].bps; else if(conv[m].speed < s) l = m + 1; else r = m - 1; } return -1; } /* * */ speed_t int2speed_t (int i) { int l, r, m; l = 0; r = N - 1; while(l <= r) { m = (l + r) / 2; if (conv[m].bps == i) return conv[m].speed; else if(conv[m].bps < i) l = m + 1; else r = m - 1; } return -1; } /* * If there are any IP options on `sock', die. */ void ip_options_and_die (int sock, struct sockaddr_in *fromp) { #if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT) u_char optbuf[BUFSIZ/3], *cp; char lbuf[BUFSIZ], *lp; int optsize = sizeof(optbuf), ipproto; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) ipproto = ip->p_proto; else ipproto = IPPROTO_IP; if (getsockopt(sock, ipproto, IP_OPTIONS, (void *)optbuf, &optsize) == 0 && optsize != 0) { lp = lbuf; for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) snprintf(lp, sizeof(lbuf) - (lp - lbuf), " %2.2x", *cp); syslog(LOG_NOTICE, "Connection received from %s using IP options (dead):%s", inet_ntoa(fromp->sin_addr), lbuf); exit(1); } #endif } void warning(const char *fmt, ...) { char *rstar_no_warn = getenv("RSTAR_NO_WARN"); va_list args; va_start(args, fmt); if (rstar_no_warn == NULL) rstar_no_warn = ""; if (strncmp(rstar_no_warn, "yes", 3) != 0) { /* XXX */ fprintf(stderr, "%s: warning, using standard ", __progname); - warnx(fmt, args); + vwarnx(fmt, args); } va_end(args); } Index: stable/3/crypto/kerberosIV/appl/bsd/rcp.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/rcp.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/rcp.c (revision 62578) @@ -1,1019 +1,1047 @@ /* * Copyright (c) 1983, 1990, 1992, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID("$Id: rcp.c,v 1.43 1997/05/13 09:41:26 bg Exp $"); +RCSID("$Id: rcp.c,v 1.52 1999/11/16 16:54:16 bg Exp $"); /* Globals */ static char dst_realm_buf[REALM_SZ]; static char *dest_realm = NULL; static int use_kerberos = 1; static int doencrypt = 0; -#define OPTIONS "dfKk:prtx" +#define OPTIONS "dfKk:prtxl:" +static char *user_name = NULL; /* Given as -l option. */ + static int errs, rem; static struct passwd *pwd; static u_short port; static uid_t userid; static int pflag, iamremote, iamrecursive, targetshouldbedirectory; +static int argc_copy; +static char **argv_copy; + #define CMDNEEDS 64 static char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ void rsource(char *name, struct stat *statp); #define SERVICE_NAME "rcmd" CREDENTIALS cred; MSG_DAT msg_data; -struct sockaddr_in foreign, local; +struct sockaddr_in foreign_addr, local_addr; Key_schedule schedule; KTEXT_ST ticket; AUTH_DAT kdata; static void send_auth(char *h, char *r) { int lslen, fslen, status; long opts; lslen = sizeof(struct sockaddr_in); - if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0) + if (getsockname(rem, (struct sockaddr *)&local_addr, &lslen) < 0) err(1, "getsockname"); fslen = sizeof(struct sockaddr_in); - if (getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0) + if (getpeername(rem, (struct sockaddr *)&foreign_addr, &fslen) < 0) err(1, "getpeername"); if ((r == NULL) || (*r == '\0')) r = krb_realmofhost(h); opts = KOPT_DO_MUTUAL; if ((status = krb_sendauth(opts, rem, &ticket, SERVICE_NAME, h, r, (unsigned long)getpid(), &msg_data, &cred, - schedule, &local, - &foreign, "KCMDV0.1")) != KSUCCESS) + schedule, &local_addr, + &foreign_addr, "KCMDV0.1")) != KSUCCESS) errx(1, "krb_sendauth failure: %s", krb_get_err_text(status)); } static void answer_auth(void) { int lslen, fslen, status; long opts; char inst[INST_SZ], v[9]; lslen = sizeof(struct sockaddr_in); - if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0) + if (getsockname(rem, (struct sockaddr *)&local_addr, &lslen) < 0) err(1, "getsockname"); fslen = sizeof(struct sockaddr_in); - if(getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0) + if(getpeername(rem, (struct sockaddr *)&foreign_addr, &fslen) < 0) err(1, "getperrname"); k_getsockinst(rem, inst, sizeof(inst)); opts = KOPT_DO_MUTUAL; if ((status = krb_recvauth(opts, rem, &ticket, SERVICE_NAME, inst, - &foreign, &local, + &foreign_addr, &local_addr, &kdata, "", schedule, v)) != KSUCCESS) errx(1, "krb_recvauth failure: %s", krb_get_err_text(status)); } static int des_read(int fd, char *buf, int len) { if (doencrypt) return(des_enc_read(fd, buf, len, schedule, (iamremote? &kdata.session : &cred.session))); else return(read(fd, buf, len)); } static int des_write(int fd, char *buf, int len) { if (doencrypt) return(des_enc_write(fd, buf, len, schedule, (iamremote? &kdata.session : &cred.session))); else return(write(fd, buf, len)); } static void run_err(const char *fmt, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif ; static void run_err(const char *fmt, ...) { char errbuf[1024]; va_list args; va_start(args, fmt); ++errs; #define RCPERR "\001rcp: " - strcpy (errbuf, RCPERR); - vsnprintf (errbuf + strlen(RCPERR), sizeof(errbuf) - strlen(RCPERR), + strlcpy (errbuf, RCPERR, sizeof(errbuf)); + vsnprintf (errbuf + strlen(errbuf), + sizeof(errbuf) - strlen(errbuf), fmt, args); - strcat (errbuf, "\n"); + strlcat (errbuf, "\n", sizeof(errbuf)); des_write (rem, errbuf, strlen(errbuf)); if (!iamremote) vwarnx(fmt, args); va_end(args); } static void verifydir(char *cp) { struct stat stb; if (!stat(cp, &stb)) { if (S_ISDIR(stb.st_mode)) return; errno = ENOTDIR; } run_err("%s: %s", cp, strerror(errno)); exit(1); } #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) static BUF * allocbuf(BUF *bp, int fd, int blksize) { struct stat stb; size_t size; if (fstat(fd, &stb) < 0) { run_err("fstat: %s", strerror(errno)); return (0); } #ifdef HAVE_ST_BLKSIZE size = ROUNDUP(stb.st_blksize, blksize); #else size = blksize; #endif if (size == 0) size = blksize; if (bp->cnt >= size) return (bp); if (bp->buf == NULL) bp->buf = malloc(size); else bp->buf = realloc(bp->buf, size); if (bp->buf == NULL) { bp->cnt = 0; run_err("%s", strerror(errno)); return (0); } bp->cnt = size; return (bp); } static void usage(void) { fprintf(stderr, "%s\n\t%s\n", "usage: rcp [-Kpx] [-k realm] f1 f2", "or: rcp [-Kprx] [-k realm] f1 ... fn directory"); exit(1); } static void oldw(const char *s) { char *rstar_no_warn = getenv("RSTAR_NO_WARN"); if (rstar_no_warn == 0) rstar_no_warn = ""; if (strncmp(rstar_no_warn, "yes", 3) != 0) warnx("%s, using standard rcp", s); } static RETSIGTYPE lostconn(int signo) { if (!iamremote) warnx("lost connection"); exit(1); } static int response(void) { char ch, *cp, resp, rbuf[BUFSIZ]; if (des_read(rem, &resp, sizeof(resp)) != sizeof(resp)) lostconn(0); cp = rbuf; switch(resp) { case 0: /* ok */ return (0); default: *cp++ = resp; /* FALLTHROUGH */ case 1: /* error, followed by error msg */ case 2: /* fatal error, "" */ do { if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch)) lostconn(0); *cp++ = ch; } while (cp < &rbuf[BUFSIZ] && ch != '\n'); if (!iamremote) write(STDERR_FILENO, rbuf, cp - rbuf); ++errs; if (resp == 1) return (-1); exit(1); } /* NOTREACHED */ } static void source(int argc, char **argv) { struct stat stb; static BUF buffer; BUF *bp; off_t i; int amt, fd, haderr, indx, result; char *last, *name, buf[BUFSIZ]; for (indx = 0; indx < argc; ++indx) { name = argv[indx]; if ((fd = open(name, O_RDONLY, 0)) < 0) goto syserr; if (fstat(fd, &stb)) { syserr: run_err("%s: %s", name, strerror(errno)); goto next; } switch (stb.st_mode & S_IFMT) { case S_IFREG: break; case S_IFDIR: if (iamrecursive) { rsource(name, &stb); goto next; } /* FALLTHROUGH */ default: run_err("%s: not a regular file", name); goto next; } if ((last = strrchr(name, '/')) == NULL) last = name; else ++last; if (pflag) { /* * Make it compatible with possible future * versions expecting microseconds. */ snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", (long)stb.st_mtime, (long)stb.st_atime); des_write(rem, buf, strlen(buf)); if (response() < 0) goto next; } snprintf(buf, sizeof(buf), "C%04o %ld %s\n", (int)stb.st_mode & MODEMASK, (long) stb.st_size, last); des_write(rem, buf, strlen(buf)); if (response() < 0) goto next; if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) { next: close(fd); continue; } /* Keep writing after an error so that we stay sync'd up. */ for (haderr = i = 0; i < stb.st_size; i += bp->cnt) { amt = bp->cnt; if (i + amt > stb.st_size) amt = stb.st_size - i; if (!haderr) { result = read(fd, bp->buf, amt); if (result != amt) haderr = result >= 0 ? EIO : errno; } if (haderr) des_write(rem, bp->buf, amt); else { result = des_write(rem, bp->buf, amt); if (result != amt) haderr = result >= 0 ? EIO : errno; } } if (close(fd) && !haderr) haderr = errno; if (!haderr) des_write(rem, "", 1); else run_err("%s: %s", name, strerror(haderr)); response(); } } void rsource(char *name, struct stat *statp) { DIR *dirp; struct dirent *dp; char *last, *vect[1], path[MaxPathLen]; + char *p; if (!(dirp = opendir(name))) { run_err("%s: %s", name, strerror(errno)); return; } + for (p = name + strlen(name) - 1; p >= name && *p == '/'; --p) + *p = '\0'; + last = strrchr(name, '/'); if (last == 0) last = name; else last++; if (pflag) { snprintf(path, sizeof(path), "T%ld 0 %ld 0\n", (long)statp->st_mtime, (long)statp->st_atime); des_write(rem, path, strlen(path)); if (response() < 0) { closedir(dirp); return; } } snprintf(path, sizeof(path), "D%04o %d %s\n", (int)statp->st_mode & MODEMASK, 0, last); des_write(rem, path, strlen(path)); if (response() < 0) { closedir(dirp); return; } while ((dp = readdir(dirp))) { if (dp->d_ino == 0) continue; if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) continue; if (strlen(name) + 1 + strlen(dp->d_name) >= MaxPathLen - 1) { run_err("%s/%s: name too long", name, dp->d_name); continue; } if (snprintf(path, sizeof(path), "%s/%s", name, dp->d_name) >= sizeof(path)) { run_err("%s/%s: name too long", name, dp->d_name); continue; } vect[0] = path; source(1, vect); } closedir(dirp); des_write(rem, "E\n", 2); response(); } static int kerberos(char **host, char *bp, char *locuser, char *user) { int sock = -1, err; -again: + if (use_kerberos) { + setuid(getuid()); rem = KSUCCESS; errno = 0; if (dest_realm == NULL) dest_realm = krb_realmofhost(*host); #if 0 rem = krcmd(host, port, user, bp, 0, dest_realm); #else err = kcmd( &sock, host, port, NULL, /* locuser not used */ user, bp, 0, &ticket, SERVICE_NAME, dest_realm, (CREDENTIALS *) NULL, /* credentials not used */ 0, /* key schedule not used */ (MSG_DAT *) NULL, /* MSG_DAT not used */ (struct sockaddr_in *) NULL, /* local addr not used */ (struct sockaddr_in *) NULL, /* foreign addr not used */ 0L); /* authopts */ if (err > KSUCCESS && err < MAX_KRB_ERRORS) { warnx("kcmd: %s", krb_get_err_text(err)); rem = -1; } else if (err < 0) rem = -1; else rem = sock; #endif if (rem < 0) { - use_kerberos = 0; - port = get_shell_port(use_kerberos, 0); if (errno == ECONNREFUSED) oldw("remote host doesn't support Kerberos"); else if (errno == ENOENT) oldw("can't provide Kerberos authentication data"); - goto again; + execv(_PATH_RCP, argv_copy); } } else { if (doencrypt) errx(1, "the -x option requires Kerberos authentication"); if (geteuid() != 0) { errx(1, "not installed setuid root, " "only root may use non kerberized rcp"); } rem = rcmd(host, port, locuser, user, bp, 0); } return (rem); } static void toremote(char *targ, int argc, char **argv) { int i, len; #ifdef IP_TOS int tos; #endif char *bp, *host, *src, *suser, *thost, *tuser; *targ++ = 0; if (*targ == 0) targ = "."; if ((thost = strchr(argv[argc - 1], '@'))) { /* user@host */ *thost++ = 0; tuser = argv[argc - 1]; if (*tuser == '\0') tuser = NULL; else if (!okname(tuser)) exit(1); } else { thost = argv[argc - 1]; - tuser = NULL; + tuser = user_name; } for (i = 0; i < argc - 1; i++) { src = colon(argv[i]); if (src) { /* remote to remote */ *src++ = 0; if (*src == 0) src = "."; host = strchr(argv[i], '@'); - len = strlen(_PATH_RSH) + strlen(argv[i]) + - strlen(src) + (tuser ? strlen(tuser) : 0) + - strlen(thost) + strlen(targ) + CMDNEEDS + 20; - if (!(bp = malloc(len))) - err(1, " "); if (host) { *host++ = 0; suser = argv[i]; if (*suser == '\0') suser = pwd->pw_name; else if (!okname(suser)) continue; - snprintf(bp, len, - "%s %s -l %s -n %s %s '%s%s%s:%s'", + asprintf(&bp, "%s %s -l %s -n %s %s '%s%s%s:%s'", _PATH_RSH, host, suser, cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); } else - snprintf(bp, len, - "exec %s %s -n %s %s '%s%s%s:%s'", + asprintf(&bp, "exec %s %s -n %s %s '%s%s%s:%s'", _PATH_RSH, argv[i], cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); + if(bp == NULL) + errx(1, "out of memory"); susystem(bp, userid); free(bp); } else { /* local to remote */ if (rem == -1) { len = strlen(targ) + CMDNEEDS + 20; if (!(bp = malloc(len))) err(1, " "); snprintf(bp, len, "%s -t %s", cmd, targ); host = thost; if (use_kerberos) rem = kerberos(&host, bp, #ifdef __CYGWIN32__ tuser, #else pwd->pw_name, #endif tuser ? tuser : pwd->pw_name); else rem = rcmd(&host, port, #ifdef __CYGWIN32__ tuser, #else pwd->pw_name, #endif tuser ? tuser : pwd->pw_name, bp, 0); if (rem < 0) exit(1); #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) tos = IPTOS_THROUGHPUT; if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&tos, sizeof(int)) < 0) warn("TOS (ignored)"); #endif /* IP_TOS */ if (doencrypt) send_auth(host, dest_realm); if (response() < 0) exit(1); free(bp); setuid(userid); } source(1, argv+i); } } } static void sink(int argc, char **argv) { static BUF buffer; struct stat stb; struct timeval tv[2]; enum { YES, NO, DISPLAYED } wrerr; BUF *bp; off_t i, j; int amt, count, exists, first, mask, mode, ofd, omode; int setimes, size, targisdir, wrerrno=0; char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ]; #define atime tv[0] #define mtime tv[1] #define SCREWUP(str) { why = str; goto screwup; } setimes = targisdir = 0; mask = umask(0); if (!pflag) umask(mask); if (argc != 1) { run_err("ambiguous target"); exit(1); } targ = *argv; if (targetshouldbedirectory) verifydir(targ); des_write(rem, "", 1); if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) targisdir = 1; for (first = 1;; first = 0) { cp = buf; if (des_read(rem, cp, 1) <= 0) return; if (*cp++ == '\n') SCREWUP("unexpected "); do { if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch)) SCREWUP("lost connection"); *cp++ = ch; } while (cp < &buf[BUFSIZ - 1] && ch != '\n'); *cp = 0; if (buf[0] == '\01' || buf[0] == '\02') { if (iamremote == 0) write(STDERR_FILENO, buf + 1, strlen(buf + 1)); if (buf[0] == '\02') exit(1); ++errs; continue; } if (buf[0] == 'E') { des_write(rem, "", 1); return; } if (ch == '\n') *--cp = 0; -#define getnum(t) (t) = 0; while (isdigit(*cp)) (t) = (t) * 10 + (*cp++ - '0'); +#define getnum(t) \ + do { \ + (t) = 0; \ + while (isdigit((unsigned char)*cp)) \ + (t) = (t) * 10 + (*cp++ - '0'); \ + } while(0) + cp = buf; if (*cp == 'T') { setimes++; cp++; getnum(mtime.tv_sec); if (*cp++ != ' ') SCREWUP("mtime.sec not delimited"); getnum(mtime.tv_usec); if (*cp++ != ' ') SCREWUP("mtime.usec not delimited"); getnum(atime.tv_sec); if (*cp++ != ' ') SCREWUP("atime.sec not delimited"); getnum(atime.tv_usec); if (*cp++ != '\0') SCREWUP("atime.usec not delimited"); des_write(rem, "", 1); continue; } if (*cp != 'C' && *cp != 'D') { /* * Check for the case "rcp remote:foo\* local:bar". * In this case, the line "No match." can be returned * by the shell before the rcp command on the remote is * executed so the ^Aerror_message convention isn't * followed. */ if (first) { run_err("%s", cp); exit(1); } SCREWUP("expected control record"); } mode = 0; for (++cp; cp < buf + 5; cp++) { if (*cp < '0' || *cp > '7') SCREWUP("bad mode"); mode = (mode << 3) | (*cp - '0'); } if (*cp++ != ' ') SCREWUP("mode not delimited"); - for (size = 0; isdigit(*cp);) + for (size = 0; isdigit((unsigned char)*cp);) size = size * 10 + (*cp++ - '0'); if (*cp++ != ' ') SCREWUP("size not delimited"); if (targisdir) { static char *namebuf; static int cursize; size_t need; need = strlen(targ) + strlen(cp) + 250; if (need > cursize) { if (!(namebuf = malloc(need))) run_err("%s", strerror(errno)); } snprintf(namebuf, need, "%s%s%s", targ, *targ ? "/" : "", cp); np = namebuf; } else np = targ; exists = stat(np, &stb) == 0; if (buf[0] == 'D') { int mod_flag = pflag; if (exists) { if (!S_ISDIR(stb.st_mode)) { errno = ENOTDIR; goto bad; } if (pflag) chmod(np, mode); } else { /* Handle copying from a read-only directory */ mod_flag = 1; if (mkdir(np, mode | S_IRWXU) < 0) goto bad; } vect[0] = np; sink(1, vect); if (setimes) { struct utimbuf times; times.actime = atime.tv_sec; times.modtime = mtime.tv_sec; setimes = 0; if (utime(np, ×) < 0) run_err("%s: set times: %s", np, strerror(errno)); } if (mod_flag) chmod(np, mode); continue; } omode = mode; mode |= S_IWRITE; if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { bad: run_err("%s: %s", np, strerror(errno)); continue; } des_write(rem, "", 1); if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) { close(ofd); continue; } cp = bp->buf; wrerr = NO; for (count = i = 0; i < size; i += BUFSIZ) { amt = BUFSIZ; if (i + amt > size) amt = size - i; count += amt; do { j = des_read(rem, cp, amt); if (j <= 0) { run_err("%s", j ? strerror(errno) : "dropped connection"); exit(1); } amt -= j; cp += j; } while (amt > 0); if (count == bp->cnt) { /* Keep reading so we stay sync'd up. */ if (wrerr == NO) { j = write(ofd, bp->buf, count); if (j != count) { wrerr = YES; wrerrno = j >= 0 ? EIO : errno; } } count = 0; cp = bp->buf; } } if (count != 0 && wrerr == NO && (j = write(ofd, bp->buf, count)) != count) { wrerr = YES; wrerrno = j >= 0 ? EIO : errno; } if (ftruncate(ofd, size)) { run_err("%s: truncate: %s", np, strerror(errno)); wrerr = DISPLAYED; } if (pflag) { if (exists || omode != mode) #ifdef HAVE_FCHMOD if (fchmod(ofd, omode)) #else if (chmod(np, omode)) #endif run_err("%s: set mode: %s", np, strerror(errno)); } else { if (!exists && omode != mode) #ifdef HAVE_FCHMOD if (fchmod(ofd, omode & ~mask)) #else if (chmod(np, omode & ~mask)) #endif run_err("%s: set mode: %s", np, strerror(errno)); } close(ofd); response(); if (setimes && wrerr == NO) { struct utimbuf times; times.actime = atime.tv_sec; times.modtime = mtime.tv_sec; setimes = 0; if (utime(np, ×) < 0) { run_err("%s: set times: %s", np, strerror(errno)); wrerr = DISPLAYED; } } switch(wrerr) { case YES: run_err("%s: %s", np, strerror(wrerrno)); break; case NO: des_write(rem, "", 1); break; case DISPLAYED: break; } } screwup: run_err("protocol error: %s", why); exit(1); } static void tolocal(int argc, char **argv) { int i, len; #ifdef IP_TOS int tos; #endif char *bp, *host, *src, *suser; for (i = 0; i < argc - 1; i++) { if (!(src = colon(argv[i]))) { /* Local to local. */ len = strlen(_PATH_CP) + strlen(argv[i]) + strlen(argv[argc - 1]) + 20; if (!(bp = malloc(len))) err(1, " "); snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, iamrecursive ? " -r" : "", pflag ? " -p" : "", argv[i], argv[argc - 1]); if (susystem(bp, userid)) ++errs; free(bp); continue; } *src++ = 0; if (*src == 0) src = "."; if ((host = strchr(argv[i], '@')) == NULL) { #ifdef __CYGWIN32__ errx (1, "Sorry, you need to specify the username"); #else host = argv[i]; suser = pwd->pw_name; + if (user_name) + suser = user_name; #endif } else { *host++ = 0; suser = argv[i]; if (*suser == '\0') #ifdef __CYGWIN32__ errx (1, "Sorry, you need to specify the username"); #else suser = pwd->pw_name; #endif else if (!okname(suser)) continue; } len = strlen(src) + CMDNEEDS + 20; if ((bp = malloc(len)) == NULL) err(1, " "); snprintf(bp, len, "%s -f %s", cmd, src); rem = use_kerberos ? kerberos(&host, bp, #ifndef __CYGWIN32__ pwd->pw_name, #else suser, #endif suser) : rcmd(&host, port, #ifndef __CYGWIN32__ pwd->pw_name, #else suser, #endif suser, bp, 0); free(bp); if (rem < 0) { ++errs; continue; } seteuid(userid); #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) tos = IPTOS_THROUGHPUT; if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&tos, sizeof(int)) < 0) warn("TOS (ignored)"); #endif /* IP_TOS */ if (doencrypt) send_auth(host, dest_realm); sink(1, argv + argc - 1); seteuid(0); close(rem); rem = -1; } } int main(int argc, char **argv) { int ch, fflag, tflag; char *targ; + int i; set_progname(argv[0]); + + /* + * Prepare for execing ourselves. + */ + + argc_copy = argc + 1; + argv_copy = malloc((argc_copy + 1) * sizeof(*argv_copy)); + if (argv_copy == NULL) + err(1, "malloc"); + argv_copy[0] = argv[0]; + argv_copy[1] = "-K"; + for(i = 1; i < argc; ++i) { + argv_copy[i + 1] = strdup(argv[i]); + if (argv_copy[i + 1] == NULL) + errx(1, "strdup: out of memory"); + } + argv_copy[argc + 1] = NULL; + + fflag = tflag = 0; - while ((ch = getopt(argc, argv, OPTIONS)) != EOF) + while ((ch = getopt(argc, argv, OPTIONS)) != -1) switch(ch) { /* User-visible flags. */ case 'K': use_kerberos = 0; break; case 'k': dest_realm = dst_realm_buf; - strncpy(dst_realm_buf, optarg, REALM_SZ); + strlcpy(dst_realm_buf, optarg, REALM_SZ); break; case 'x': doencrypt = 1; LEFT_JUSTIFIED = 1; break; case 'p': pflag = 1; break; case 'r': iamrecursive = 1; break; /* Server options. */ case 'd': targetshouldbedirectory = 1; break; case 'f': /* "from" */ iamremote = 1; fflag = 1; break; case 't': /* "to" */ iamremote = 1; tflag = 1; break; + case 'l': + user_name = optarg; + break; case '?': default: usage(); } argc -= optind; argv += optind; /* Rcp implements encrypted file transfer without using the * kshell service, pass 0 for no encryption */ port = get_shell_port(use_kerberos, 0); + userid = getuid(); + #ifndef __CYGWIN32__ - if ((pwd = k_getpwuid(userid = getuid())) == NULL) + if ((pwd = k_getpwuid(userid)) == NULL) errx(1, "unknown user %d", (int)userid); #endif rem = STDIN_FILENO; /* XXX */ - if (fflag) { /* Follow "protocol", send data. */ + if (fflag || tflag) { if (doencrypt) answer_auth(); + if(fflag) response(); + if(do_osfc2_magic(pwd->pw_uid)) + exit(1); setuid(userid); if (k_hasafs()) { /* Sometimes we will need cell specific tokens * to be able to read and write files, thus, * the token stuff done in rshd might not * suffice. */ char cell[64]; if (k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) - k_afsklog(cell, 0); - k_afsklog(0, 0); + krb_afslog(cell, 0); + krb_afslog(0, 0); } + if(fflag) source(argc, argv); - exit(errs); - } - - if (tflag) { /* Receive data. */ - if (doencrypt) - answer_auth(); - setuid(userid); - if (k_hasafs()) { - char cell[64]; - if (k_afs_cell_of_file(pwd->pw_dir, - cell, sizeof(cell)) == 0) - k_afsklog(cell, 0); - k_afsklog(0, 0); - } + else sink(argc, argv); exit(errs); } if (argc < 2) usage(); if (argc > 2) targetshouldbedirectory = 1; rem = -1; /* Command to be executed on remote system using "rsh". */ snprintf(cmd, sizeof(cmd), "rcp%s%s%s%s", iamrecursive ? " -r" : "", (doencrypt && use_kerberos ? " -x" : ""), pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); signal(SIGPIPE, lostconn); if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ toremote(targ, argc, argv); else { tolocal(argc, argv); /* Dest is local host. */ if (targetshouldbedirectory) verifydir(argv[argc - 1]); } exit(errs); } Index: stable/3/crypto/kerberosIV/appl/bsd/rcp_util.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/rcp_util.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/rcp_util.c (revision 62578) @@ -1,97 +1,99 @@ /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID("$Id: rcp_util.c,v 1.7 1996/11/17 20:23:05 assar Exp $"); +RCSID("$Id: rcp_util.c,v 1.8 1998/09/28 11:45:21 joda Exp $"); char * colon(char *cp) { if (*cp == ':') /* Leading colon is part of file name. */ return (0); for (; *cp; ++cp) { if (*cp == ':') return (cp); if (*cp == '/') return (0); } return (0); } int okname(char *cp0) { int c; char *cp; cp = cp0; do { c = *cp; if (c & 0200) goto bad; if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-') goto bad; } while (*++cp); return (1); bad: warnx("%s: invalid user name", cp0); return (0); } int susystem(char *s, int userid) { RETSIGTYPE (*istat)(), (*qstat)(); int status; pid_t pid; pid = fork(); switch (pid) { case -1: return (127); case 0: + if(do_osfc2_magic(userid)) + exit(1); setuid(userid); execl(_PATH_BSHELL, "sh", "-c", s, NULL); _exit(127); } istat = signal(SIGINT, SIG_IGN); qstat = signal(SIGQUIT, SIG_IGN); if (waitpid(pid, &status, 0) < 0) status = -1; signal(SIGINT, istat); signal(SIGQUIT, qstat); return (status); } Index: stable/3/crypto/kerberosIV/appl/bsd/rlogin.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/rlogin.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/rlogin.c (revision 62578) @@ -1,707 +1,709 @@ /* * Copyright (c) 1983, 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * rlogin - remote login */ #include "bsd_locl.h" -RCSID("$Id: rlogin.c,v 1.61 1997/05/25 01:14:47 assar Exp $"); +RCSID("$Id: rlogin.c,v 1.67 1999/11/13 06:13:02 assar Exp $"); CREDENTIALS cred; Key_schedule schedule; int use_kerberos = 1, doencrypt; char dst_realm_buf[REALM_SZ], *dest_realm = NULL; #ifndef CCEQ #define c2uc(x) ((unsigned char) x) #define CCEQ__(val, c) (c == val ? val != c2uc(_POSIX_VDISABLE) : 0) #define CCEQ(val, c) CCEQ__(c2uc(val), c2uc(c)) #endif int eight, rem; struct termios deftty; int noescape; char escapechar = '~'; struct winsize winsize; int parent, rcvcnt; char rcvbuf[8 * 1024]; int child; static void echo(char c) { char *p; char buf[8]; p = buf; c &= 0177; *p++ = escapechar; if (c < ' ') { *p++ = '^'; *p++ = c + '@'; } else if (c == 0177) { *p++ = '^'; *p++ = '?'; } else *p++ = c; *p++ = '\r'; *p++ = '\n'; write(STDOUT_FILENO, buf, p - buf); } static void mode(int f) { struct termios tty; switch (f) { case 0: tcsetattr(0, TCSANOW, &deftty); break; case 1: tcgetattr(0, &deftty); tty = deftty; /* This is loosely derived from sys/compat/tty_compat.c. */ tty.c_lflag &= ~(ECHO|ICANON|ISIG|IEXTEN); tty.c_iflag &= ~ICRNL; tty.c_oflag &= ~OPOST; tty.c_cc[VMIN] = 1; tty.c_cc[VTIME] = 0; if (eight) { tty.c_iflag &= IXOFF; tty.c_cflag &= ~(CSIZE|PARENB); tty.c_cflag |= CS8; } tcsetattr(0, TCSANOW, &tty); break; default: return; } } static void done(int status) { int w, wstatus; mode(0); if (child > 0) { /* make sure catch_child does not snap it up */ signal(SIGCHLD, SIG_DFL); if (kill(child, SIGKILL) >= 0) while ((w = wait(&wstatus)) > 0 && w != child); } exit(status); } static RETSIGTYPE catch_child(int foo) { int status; int pid; for (;;) { pid = waitpid(-1, &status, WNOHANG|WUNTRACED); if (pid == 0) return; /* if the child (reader) dies, just quit */ if (pid < 0 || (pid == child && !WIFSTOPPED(status))) done(WTERMSIG(status) | WEXITSTATUS(status)); } /* NOTREACHED */ } /* * There is a race in the SunOS5 rlogind. If the slave end has not yet * been opened by the child when setting tty size the size is reset to * zero when the child opens it. Therefore we send the window update * twice. */ static int tty_kludge = 1; /* Return the number of OOB bytes processed. */ static int oob_real(void) { struct termios tty; int atmark, n, out, rcvd; char waste[BUFSIZ], mark; out = O_RDWR; rcvd = 0; if (recv(rem, &mark, 1, MSG_OOB) < 0) { return -1; } if (mark & TIOCPKT_WINDOW) { /* Let server know about window size changes */ kill(parent, SIGUSR1); } else if (tty_kludge) { /* Let server know about window size changes */ kill(parent, SIGUSR1); tty_kludge = 0; } if (!eight && (mark & TIOCPKT_NOSTOP)) { tcgetattr(0, &tty); tty.c_iflag &= ~IXON; tcsetattr(0, TCSANOW, &tty); } if (!eight && (mark & TIOCPKT_DOSTOP)) { tcgetattr(0, &tty); tty.c_iflag |= (deftty.c_iflag & IXON); tcsetattr(0, TCSANOW, &tty); } if (mark & TIOCPKT_FLUSHWRITE) { #ifdef TCOFLUSH tcflush(1, TCOFLUSH); #else ioctl(1, TIOCFLUSH, (char *)&out); #endif for (;;) { if (ioctl(rem, SIOCATMARK, &atmark) < 0) { warn("ioctl"); break; } if (atmark) break; n = read(rem, waste, sizeof (waste)); if (n <= 0) break; } /* * Don't want any pending data to be output, so clear the recv * buffer. If we were hanging on a write when interrupted, * don't want it to restart. If we were reading, restart * anyway. */ rcvcnt = 0; } /* oob does not do FLUSHREAD (alas!) */ return 1; } /* reader: read from remote: line -> 1 */ static int reader(void) { int n, remaining; char *bufp; int kludgep = 1; bufp = rcvbuf; for (;;) { fd_set readfds, exceptfds; while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) { n = write(STDOUT_FILENO, bufp, remaining); if (n < 0) { if (errno != EINTR) return (-1); continue; } bufp += n; } bufp = rcvbuf; rcvcnt = 0; FD_ZERO (&readfds); FD_SET (rem, &readfds); FD_ZERO (&exceptfds); if (kludgep) FD_SET (rem, &exceptfds); if (select(rem+1, &readfds, 0, &exceptfds, 0) == -1) { if (errno == EINTR) continue; /* Got signal */ else errx(1, "select failed mysteriously"); } if (!FD_ISSET(rem, &exceptfds) && !FD_ISSET(rem, &readfds)) { warnx("select: nothing to read?"); continue; } if (FD_ISSET(rem, &exceptfds)) { int foo = oob_real (); if (foo >= 1) continue; /* First check if there is more OOB data. */ else if (foo < 0) kludgep = 0; } if (!FD_ISSET(rem, &readfds)) continue; /* Nothing to read. */ kludgep = 1; #ifndef NOENCRYPTION if (doencrypt) rcvcnt = des_enc_read(rem, rcvbuf, sizeof(rcvbuf), schedule, &cred.session); else #endif rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf)); if (rcvcnt == 0) return (0); if (rcvcnt < 0) { if (errno == EINTR) continue; warn("read"); return (-1); } } } /* * Send the window size to the server via the magic escape */ static void sendwindow(void) { char obuf[4 + 4 * sizeof (u_int16_t)]; unsigned short *p; p = (u_int16_t *)(obuf + 4); obuf[0] = 0377; obuf[1] = 0377; obuf[2] = 's'; obuf[3] = 's'; *p++ = htons(winsize.ws_row); *p++ = htons(winsize.ws_col); #ifdef HAVE_WS_XPIXEL *p++ = htons(winsize.ws_xpixel); #else *p++ = htons(0); #endif #ifdef HAVE_WS_YPIXEL *p++ = htons(winsize.ws_ypixel); #else *p++ = htons(0); #endif #ifndef NOENCRYPTION if(doencrypt) des_enc_write(rem, obuf, sizeof(obuf), schedule, &cred.session); else #endif write(rem, obuf, sizeof(obuf)); } static RETSIGTYPE sigwinch(int foo) { struct winsize ws; if (get_window_size(0, &ws) == 0 && memcmp(&ws, &winsize, sizeof(ws))) { winsize = ws; sendwindow(); } } static void stop(int all) { mode(0); signal(SIGCHLD, SIG_IGN); kill(all ? 0 : getpid(), SIGTSTP); signal(SIGCHLD, catch_child); mode(1); #ifdef SIGWINCH kill(SIGWINCH, getpid()); /* check for size changes, if caught */ #endif } /* * writer: write to remote: 0 -> line. * ~. terminate * ~^Z suspend rlogin process. * ~ suspend rlogin process, but leave reader alone. */ static void writer(void) { int bol, local, n; char c; bol = 1; /* beginning of line */ local = 0; for (;;) { n = read(STDIN_FILENO, &c, 1); if (n <= 0) { if (n < 0 && errno == EINTR) continue; break; } /* * If we're at the beginning of the line and recognize a * command character, then we echo locally. Otherwise, * characters are echo'd remotely. If the command character * is doubled, this acts as a force and local echo is * suppressed. */ if (bol) { bol = 0; if (!noescape && c == escapechar) { local = 1; continue; } } else if (local) { local = 0; if (c == '.' || CCEQ(deftty.c_cc[VEOF], c)) { echo(c); break; } if (CCEQ(deftty.c_cc[VSUSP], c)) { bol = 1; echo(c); stop(1); continue; } #ifdef VDSUSP /* Is VDSUSP called something else on Linux? * Perhaps VDELAY is a better thing? */ if (CCEQ(deftty.c_cc[VDSUSP], c)) { bol = 1; echo(c); stop(0); continue; } #endif /* VDSUSP */ - if (c != escapechar) + if (c != escapechar) { #ifndef NOENCRYPTION if (doencrypt) des_enc_write(rem, &escapechar,1, schedule, &cred.session); else #endif write(rem, &escapechar, 1); } + } if (doencrypt) { #ifdef NOENCRYPTION if (write(rem, &c, 1) == 0) { #else if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) { #endif warnx("line gone"); break; } } else if (write(rem, &c, 1) == 0) { warnx("line gone"); break; } bol = CCEQ(deftty.c_cc[VKILL], c) || CCEQ(deftty.c_cc[VEOF], c) || CCEQ(deftty.c_cc[VINTR], c) || CCEQ(deftty.c_cc[VSUSP], c) || c == '\r' || c == '\n'; } } static RETSIGTYPE lostpeer(int foo) { signal(SIGPIPE, SIG_IGN); warnx("\aconnection closed.\r"); done(1); } /* * This is called in the parent when the reader process gets the * out-of-band (urgent) request to turn on the window-changing * protocol. It is signalled from the child(reader). */ static RETSIGTYPE sigusr1(int foo) { /* * Now we now daemon supports winsize hack, */ sendwindow(); #ifdef SIGWINCH signal(SIGWINCH, sigwinch); /* so we start to support it */ #endif SIGRETURN(0); } static void doit(void) { signal(SIGINT, SIG_IGN); signal(SIGHUP, SIG_IGN); signal(SIGQUIT, SIG_IGN); signal(SIGCHLD, catch_child); /* * Child sends parent this signal for window size hack. */ signal(SIGUSR1, sigusr1); signal(SIGPIPE, lostpeer); mode(1); parent = getpid(); child = fork(); if (child == -1) { warn("fork"); done(1); } if (child == 0) { signal(SIGCHLD, SIG_IGN); signal(SIGTTOU, SIG_IGN); if (reader() == 0) errx(1, "connection closed.\r"); sleep(1); errx(1, "\aconnection closed.\r"); } writer(); warnx("closed connection.\r"); done(0); } static void usage(void) { fprintf(stderr, "usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n", "8DEKLdx", " [-k realm] "); exit(1); } static u_int getescape(char *p) { long val; int len; if ((len = strlen(p)) == 1) /* use any single char, including '\' */ return ((u_int)*p); /* otherwise, \nnn */ if (*p == '\\' && len >= 2 && len <= 4) { val = strtol(++p, NULL, 8); for (;;) { if (!*++p) return ((u_int)val); if (*p < '0' || *p > '8') break; } } warnx("illegal option value -- e"); usage(); return 0; } int main(int argc, char **argv) { struct passwd *pw; int sv_port, user_port = 0; int argoff, ch, dflag, Dflag, one, uid; char *host, *user, term[1024]; argoff = dflag = Dflag = 0; one = 1; host = user = NULL; set_progname(argv[0]); /* handle "rlogin host flags" */ if (argc > 2 && argv[1][0] != '-') { host = argv[1]; argoff = 1; } #define OPTIONS "8DEKLde:k:l:xp:" - while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF) + while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1) switch(ch) { case '8': eight = 1; break; case 'D': Dflag = 1; break; case 'E': noescape = 1; break; case 'K': use_kerberos = 0; break; case 'd': dflag = 1; break; case 'e': noescape = 0; escapechar = getescape(optarg); break; case 'k': dest_realm = dst_realm_buf; - strncpy(dest_realm, optarg, REALM_SZ); + strlcpy(dest_realm, optarg, REALM_SZ); break; case 'l': user = optarg; break; case 'x': doencrypt = 1; break; - case 'p': - user_port = htons(atoi(optarg)); + case 'p': { + char *endptr; + + user_port = strtol (optarg, &endptr, 0); + if (user_port == 0 && optarg == endptr) + errx (1, "Bad port `%s'", optarg); + user_port = htons(user_port); break; + } case '?': default: usage(); } optind += argoff; - argc -= optind; - argv += optind; /* if haven't gotten a host yet, do so */ - if (!host && !(host = *argv++)) + if (!host && !(host = argv[optind++])) usage(); - if (*argv) + if (argv[optind]) usage(); if (!(pw = k_getpwuid(uid = getuid()))) errx(1, "unknown user id."); if (!user) user = pw->pw_name; - if (user_port) sv_port = user_port; else sv_port = get_login_port(use_kerberos, doencrypt); { char *p = getenv("TERM"); struct termios tty; int i; if (p == NULL) p = "network"; if (tcgetattr(0, &tty) == 0 && (i = speed_t2int (cfgetospeed(&tty))) > 0) snprintf (term, sizeof(term), "%s/%d", p, i); else snprintf (term, sizeof(term), "%s", p); } get_window_size(0, &winsize); - try_connect: if (use_kerberos) { - struct hostent *hp; - - /* Fully qualify hostname (needed for krb_realmofhost). */ - hp = gethostbyname(host); - if (hp != NULL && !(host = strdup(hp->h_name))) { - errno = ENOMEM; - err(1, NULL); - } - + setuid(getuid()); rem = KSUCCESS; errno = 0; if (dest_realm == NULL) dest_realm = krb_realmofhost(host); if (doencrypt) rem = krcmd_mutual(&host, sv_port, user, term, 0, dest_realm, &cred, schedule); else rem = krcmd(&host, sv_port, user, term, 0, dest_realm); if (rem < 0) { - use_kerberos = 0; - if (user_port == 0) - sv_port = get_login_port(use_kerberos, - doencrypt); + int i; + char **newargv; + if (errno == ECONNREFUSED) warning("remote host doesn't support Kerberos"); if (errno == ENOENT) warning("can't provide Kerberos auth data"); - goto try_connect; + newargv = malloc((argc + 2) * sizeof(*newargv)); + if (newargv == NULL) + err(1, "malloc"); + newargv[0] = argv[0]; + newargv[1] = "-K"; + for(i = 1; i < argc; ++i) + newargv[i + 1] = argv[i]; + newargv[argc + 1] = NULL; + execv(_PATH_RLOGIN, newargv); } } else { if (doencrypt) errx(1, "the -x flag requires Kerberos authentication."); if (geteuid() != 0) errx(1, "not installed setuid root, " "only root may use non kerberized rlogin"); rem = rcmd(&host, sv_port, pw->pw_name, user, term, 0); } if (rem < 0) exit(1); #ifdef HAVE_SETSOCKOPT #ifdef SO_DEBUG if (dflag && setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one, sizeof(one)) < 0) warn("setsockopt"); #endif #ifdef TCP_NODELAY if (Dflag && setsockopt(rem, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one)) < 0) warn("setsockopt(TCP_NODELAY)"); #endif #ifdef IP_TOS one = IPTOS_LOWDELAY; if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&one, sizeof(int)) < 0) warn("setsockopt(IP_TOS)"); #endif /* IP_TOS */ #endif /* HAVE_SETSOCKOPT */ setuid(uid); doit(); return 0; } Index: stable/3/crypto/kerberosIV/appl/bsd/rlogind.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/rlogind.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/rlogind.c (revision 62578) @@ -1,934 +1,963 @@ /*- * Copyright (c) 1983, 1988, 1989, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * remote login server: * \0 * remuser\0 * locuser\0 * terminal_type/speed\0 * data */ #include "bsd_locl.h" -RCSID("$Id: rlogind.c,v 1.100 1997/05/25 01:15:20 assar Exp $"); +RCSID("$Id: rlogind.c,v 1.109 1999/11/25 05:27:38 assar Exp $"); extern int __check_rhosts_file; char *INSECURE_MESSAGE = "\r\n*** Connection not encrypted! Communication may be eavesdropped. ***" "\r\n*** Use telnet or rlogin -x instead! ***\r\n"; #ifndef NOENCRYPTION char *SECURE_MESSAGE = "This rlogin session is using DES encryption for all transmissions.\r\n"; #else #define SECURE_MESSAGE INSECURE_MESSAGE #endif AUTH_DAT *kdata; KTEXT ticket; u_char auth_buf[sizeof(AUTH_DAT)]; u_char tick_buf[sizeof(KTEXT_ST)]; Key_schedule schedule; int doencrypt, retval, use_kerberos, vacuous; #define ARGSTR "Daip:lnkvxL:" char *env[2]; #define NMAX 30 char lusername[NMAX+1], rusername[NMAX+1]; static char term[64] = "TERM="; #define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */ int keepalive = 1; int check_all = 0; int no_delay = 0; struct passwd *pwd; static const char *new_login = _PATH_LOGIN; static void doit (int, struct sockaddr_in *); static int control (int, char *, int); static void protocol (int, int); static RETSIGTYPE cleanup (int); void fatal (int, const char *, int); static int do_rlogin (struct sockaddr_in *); static void setup_term (int); static int do_krb_login (struct sockaddr_in *); static void usage (void); static int readstream(int p, char *ibuf, int bufsize) { #ifndef HAVE_GETMSG return read(p, ibuf, bufsize); #else static int flowison = -1; /* current state of flow: -1 is unknown */ static struct strbuf strbufc, strbufd; static unsigned char ctlbuf[BUFSIZ]; static int use_read = 1; int flags = 0; int ret; struct termios tsp; struct iocblk ip; char vstop, vstart; int ixon; int newflow; if (use_read) { ret = read(p, ibuf, bufsize); if (ret < 0 && errno == EBADMSG) use_read = 0; else return ret; } strbufc.maxlen = BUFSIZ; strbufc.buf = (char *)ctlbuf; strbufd.maxlen = bufsize-1; strbufd.len = 0; strbufd.buf = ibuf+1; ibuf[0] = 0; ret = getmsg(p, &strbufc, &strbufd, &flags); if (ret < 0) /* error of some sort -- probably EAGAIN */ return(-1); if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) { /* data message */ if (strbufd.len > 0) { /* real data */ return(strbufd.len + 1); /* count header char */ } else { /* nothing there */ errno = EAGAIN; return(-1); } } /* * It's a control message. Return 1, to look at the flag we set */ switch (ctlbuf[0]) { case M_FLUSH: if (ibuf[1] & FLUSHW) ibuf[0] = TIOCPKT_FLUSHWRITE; return(1); case M_IOCTL: memcpy(&ip, (ibuf+1), sizeof(ip)); switch (ip.ioc_cmd) { #ifdef TCSETS case TCSETS: case TCSETSW: case TCSETSF: memcpy(&tsp, (ibuf+1 + sizeof(struct iocblk)), sizeof(tsp)); vstop = tsp.c_cc[VSTOP]; vstart = tsp.c_cc[VSTART]; ixon = tsp.c_iflag & IXON; break; #endif default: errno = EAGAIN; return(-1); } newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0; if (newflow != flowison) { /* it's a change */ flowison = newflow; ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP; return(1); } } /* nothing worth doing anything about */ errno = EAGAIN; return(-1); #endif } #ifdef HAVE_UTMPX_H static int -logout(const char *line) +rlogind_logout(const char *line) { struct utmpx utmpx, *utxp; int ret = 1; setutxent (); memset(&utmpx, 0, sizeof(utmpx)); utmpx.ut_type = USER_PROCESS; strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line)); utxp = getutxline(&utmpx); if (utxp) { - strcpy(utxp->ut_user, ""); + utxp->ut_user[0] = '\0'; utxp->ut_type = DEAD_PROCESS; +#ifdef HAVE_STRUCT_UTMPX_UT_EXIT #ifdef _STRUCT___EXIT_STATUS utxp->ut_exit.__e_termination = 0; utxp->ut_exit.__e_exit = 0; #elif defined(__osf__) /* XXX */ utxp->ut_exit.ut_termination = 0; utxp->ut_exit.ut_exit = 0; #else utxp->ut_exit.e_termination = 0; utxp->ut_exit.e_exit = 0; #endif +#endif gettimeofday(&utxp->ut_tv, NULL); pututxline(utxp); #ifdef WTMPX_FILE updwtmpx(WTMPX_FILE, utxp); #else ret = 0; #endif } endutxent(); return ret; } #else static int -logout(const char *line) +rlogind_logout(const char *line) { FILE *fp; struct utmp ut; int rval; if (!(fp = fopen(_PATH_UTMP, "r+"))) return(0); rval = 1; while (fread(&ut, sizeof(struct utmp), 1, fp) == 1) { if (!ut.ut_name[0] || strncmp(ut.ut_line, line, sizeof(ut.ut_line))) continue; memset(ut.ut_name, 0, sizeof(ut.ut_name)); -#ifdef HAVE_UT_HOST +#ifdef HAVE_STRUCT_UTMP_UT_HOST memset(ut.ut_host, 0, sizeof(ut.ut_host)); #endif +#ifdef HAVE_STRUCT_UTMP_UT_TYPE + ut.ut_type = DEAD_PROCESS; +#endif +#ifdef HAVE_STRUCT_UTMP_UT_EXIT +#ifdef _STRUCT___EXIT_STATUS + ut.ut_exit.__e_termination = 0; + ut.ut_exit.__e_exit = 0; +#elif defined(__osf__) /* XXX */ + ut.ut_exit.ut_termination = 0; + ut.ut_exit.ut_exit = 0; +#else + ut.ut_exit.e_termination = 0; + ut.ut_exit.e_exit = 0; +#endif +#endif time(&ut.ut_time); fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR); fwrite(&ut, sizeof(struct utmp), 1, fp); fseek(fp, (long)0, SEEK_CUR); rval = 0; } fclose(fp); return(rval); } #endif #ifndef HAVE_LOGWTMP static void logwtmp(const char *line, const char *name, const char *host) { struct utmp ut; struct stat buf; int fd; memset (&ut, 0, sizeof(ut)); if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0) return; if (!fstat(fd, &buf)) { strncpy(ut.ut_line, line, sizeof(ut.ut_line)); strncpy(ut.ut_name, name, sizeof(ut.ut_name)); -#ifdef HAVE_UT_HOST +#ifdef HAVE_STRUCT_UTMP_UT_ID + strncpy(ut.ut_id, make_id((char *)line), sizeof(ut.ut_id)); +#endif +#ifdef HAVE_STRUCT_UTMP_UT_HOST strncpy(ut.ut_host, host, sizeof(ut.ut_host)); #endif -#ifdef HAVE_UT_PID +#ifdef HAVE_STRUCT_UTMP_UT_PID ut.ut_pid = getpid(); #endif -#ifdef HAVE_UT_TYPE +#ifdef HAVE_STRUCT_UTMP_UT_TYPE if(name[0]) ut.ut_type = USER_PROCESS; else ut.ut_type = DEAD_PROCESS; #endif time(&ut.ut_time); if (write(fd, &ut, sizeof(struct utmp)) != sizeof(struct utmp)) ftruncate(fd, buf.st_size); } close(fd); } #endif int main(int argc, char **argv) { struct sockaddr_in from; int ch, fromlen, on; int interactive = 0; int portnum = 0; set_progname(argv[0]); openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH); opterr = 0; - while ((ch = getopt(argc, argv, ARGSTR)) != EOF) + while ((ch = getopt(argc, argv, ARGSTR)) != -1) switch (ch) { case 'D': no_delay = 1; break; case 'a': break; case 'i': interactive = 1; break; case 'p': portnum = htons(atoi(optarg)); break; case 'l': __check_rhosts_file = 0; break; case 'n': keepalive = 0; break; case 'k': use_kerberos = 1; break; case 'v': vacuous = 1; break; case 'x': doencrypt = 1; break; case 'L': new_login = optarg; break; case '?': default: usage(); break; } argc -= optind; argv += optind; if (use_kerberos && vacuous) { usage(); fatal(STDERR_FILENO, "only one of -k and -v allowed", 0); } if (interactive) { if(portnum == 0) portnum = get_login_port (use_kerberos, doencrypt); mini_inetd (portnum); } fromlen = sizeof (from); if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { syslog(LOG_ERR,"Can't get peer name of remote host: %m"); fatal(STDERR_FILENO, "Can't get peer name of remote host", 1); } on = 1; #ifdef HAVE_SETSOCKOPT #ifdef SO_KEEPALIVE if (keepalive && setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof (on)) < 0) syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); #endif #ifdef TCP_NODELAY if (no_delay && setsockopt(0, IPPROTO_TCP, TCP_NODELAY, (void *)&on, sizeof(on)) < 0) syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m"); #endif #ifdef IP_TOS on = IPTOS_LOWDELAY; if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0) syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); #endif #endif /* HAVE_SETSOCKOPT */ doit(0, &from); return 0; } int child; int netf; char line[MaxPathLen]; int confirmed; struct winsize win = { 0, 0, 0, 0 }; static void doit(int f, struct sockaddr_in *fromp) { int master, pid, on = 1; int authenticated = 0; char hostname[2 * MaxHostNameLen + 1]; char c; alarm(60); read(f, &c, 1); if (c != 0) exit(1); if (vacuous) fatal(f, "Remote host requires Kerberos authentication", 0); alarm(0); inaddr2str (fromp->sin_addr, hostname, sizeof(hostname)); if (use_kerberos) { retval = do_krb_login(fromp); if (retval == 0) authenticated++; else if (retval > 0) fatal(f, krb_get_err_text(retval), 0); write(f, &c, 1); confirmed = 1; /* we sent the null! */ } else { fromp->sin_port = ntohs((u_short)fromp->sin_port); if (fromp->sin_family != AF_INET || fromp->sin_port >= IPPORT_RESERVED || fromp->sin_port < IPPORT_RESERVED/2) { syslog(LOG_NOTICE, "Connection from %s on illegal port", inet_ntoa(fromp->sin_addr)); fatal(f, "Permission denied", 0); } ip_options_and_die (0, fromp); if (do_rlogin(fromp) == 0) authenticated++; } if (confirmed == 0) { write(f, "", 1); confirmed = 1; /* we sent the null! */ } #ifndef NOENCRYPTION if (doencrypt) des_enc_write(f, SECURE_MESSAGE, strlen(SECURE_MESSAGE), schedule, &kdata->session); else #endif write(f, INSECURE_MESSAGE, strlen(INSECURE_MESSAGE)); netf = f; +#ifdef HAVE_FORKPTY pid = forkpty(&master, line, NULL, NULL); +#else + pid = forkpty_truncate(&master, line, sizeof(line), NULL, NULL); +#endif if (pid < 0) { if (errno == ENOENT) fatal(f, "Out of ptys", 0); else fatal(f, "Forkpty", 1); } if (pid == 0) { if (f > 2) /* f should always be 0, but... */ close(f); setup_term(0); if (lusername[0] == '-'){ syslog(LOG_ERR, "tried to pass user \"%s\" to login", lusername); fatal(STDERR_FILENO, "invalid user", 0); } if (authenticated) { if (use_kerberos && (pwd->pw_uid == 0)) syslog(LOG_INFO|LOG_AUTH, "ROOT Kerberos login from %s on %s\n", krb_unparse_name_long(kdata->pname, kdata->pinst, kdata->prealm), hostname); execl(new_login, "login", "-p", "-h", hostname, "-f", "--", lusername, 0); } else execl(new_login, "login", "-p", "-h", hostname, "--", lusername, 0); fatal(STDERR_FILENO, new_login, 1); /*NOTREACHED*/ } /* * If encrypted, don't turn on NBIO or the des read/write * routines will croak. */ if (!doencrypt) ioctl(f, FIONBIO, &on); ioctl(master, FIONBIO, &on); ioctl(master, TIOCPKT, &on); +#ifdef SIGTSTP signal(SIGTSTP, SIG_IGN); +#endif signal(SIGCHLD, cleanup); setsid(); protocol(f, master); signal(SIGCHLD, SIG_IGN); cleanup(0); } const char magic[2] = { 0377, 0377 }; /* * Handle a "control" request (signaled by magic being present) * in the data stream. For now, we are only willing to handle * window size changes. */ static int control(int master, char *cp, int n) { struct winsize w; char *p; u_int32_t tmp; if (n < 4 + 4 * sizeof (u_int16_t) || cp[2] != 's' || cp[3] != 's') return (0); #ifdef TIOCSWINSZ p = cp + 4; p += krb_get_int(p, &tmp, 2, 0); w.ws_row = tmp; p += krb_get_int(p, &tmp, 2, 0); w.ws_col = tmp; p += krb_get_int(p, &tmp, 2, 0); #ifdef HAVE_WS_XPIXEL w.ws_xpixel = tmp; #endif p += krb_get_int(p, &tmp, 2, 0); #ifdef HAVE_WS_YPIXEL w.ws_ypixel = tmp; #endif ioctl(master, TIOCSWINSZ, &w); #endif return p - cp; } static void send_oob(int fd, char c) { static char last_oob = 0xFF; -#if (SunOS == 5) || defined(__hpux) +#if (SunOS >= 50) || defined(__hpux) /* * PSoriasis and HP-UX always send TIOCPKT_DOSTOP at startup so we * can avoid sending OOB data and thus not break on Linux by merging * TIOCPKT_DOSTOP into the first TIOCPKT_WINDOW. */ static int oob_kludge = 2; if (oob_kludge == 2) { oob_kludge--; /* First time send nothing */ return; } else if (oob_kludge == 1) { oob_kludge--; /* Second time merge TIOCPKT_WINDOW */ c |= TIOCPKT_WINDOW; } #endif #define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP)) c = pkcontrol(c); /* Multiple OOB data breaks on Linux, avoid it when possible. */ if (c != last_oob) send(fd, &c, 1, MSG_OOB); last_oob = c; } /* * rlogin "protocol" machine. */ static void protocol(int f, int master) { char pibuf[1024+1], fibuf[1024], *pbp, *fbp; int pcc = 0, fcc = 0; int cc, nfd, n; char cntl; unsigned char oob_queue = 0; +#ifdef SIGTTOU /* * Must ignore SIGTTOU, otherwise we'll stop * when we try and set slave pty's window shape * (our controlling tty is the master pty). */ signal(SIGTTOU, SIG_IGN); +#endif send_oob(f, TIOCPKT_WINDOW); /* indicate new rlogin */ if (f > master) nfd = f + 1; else nfd = master + 1; if (nfd > FD_SETSIZE) { syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE"); fatal(f, "internal error (select mask too small)", 0); } for (;;) { fd_set ibits, obits, ebits, *omask; FD_ZERO(&ebits); FD_ZERO(&ibits); FD_ZERO(&obits); omask = (fd_set *)NULL; if (fcc) { FD_SET(master, &obits); omask = &obits; } else FD_SET(f, &ibits); - if (pcc >= 0) + if (pcc >= 0) { if (pcc) { FD_SET(f, &obits); omask = &obits; } else FD_SET(master, &ibits); + } FD_SET(master, &ebits); if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) { if (errno == EINTR) continue; fatal(f, "select", 1); } if (n == 0) { /* shouldn't happen... */ sleep(5); continue; } if (FD_ISSET(master, &ebits)) { cc = readstream(master, &cntl, 1); if (cc == 1 && pkcontrol(cntl)) { #if 0 /* Kludge around */ send_oob(f, cntl); #endif oob_queue = cntl; if (cntl & TIOCPKT_FLUSHWRITE) { pcc = 0; FD_CLR(master, &ibits); } } } if (FD_ISSET(f, &ibits)) { #ifndef NOENCRYPTION if (doencrypt) fcc = des_enc_read(f, fibuf, sizeof(fibuf), schedule, &kdata->session); else #endif fcc = read(f, fibuf, sizeof(fibuf)); if (fcc < 0 && errno == EWOULDBLOCK) fcc = 0; else { char *cp; int left, n; if (fcc <= 0) break; fbp = fibuf; top: for (cp = fibuf; cp < fibuf+fcc-1; cp++) if (cp[0] == magic[0] && cp[1] == magic[1]) { left = fcc - (cp-fibuf); n = control(master, cp, left); if (n) { left -= n; if (left > 0) memmove(cp, cp+n, left); fcc -= n; goto top; /* n^2 */ } } FD_SET(master, &obits); /* try write */ } } if (FD_ISSET(master, &obits) && fcc > 0) { cc = write(master, fbp, fcc); if (cc > 0) { fcc -= cc; fbp += cc; } } if (FD_ISSET(master, &ibits)) { pcc = readstream(master, pibuf, sizeof (pibuf)); pbp = pibuf; if (pcc < 0 && errno == EWOULDBLOCK) pcc = 0; else if (pcc <= 0) break; else if (pibuf[0] == 0) { pbp++, pcc--; if (!doencrypt) FD_SET(f, &obits); /* try write */ } else { if (pkcontrol(pibuf[0])) { oob_queue = pibuf[0]; #if 0 /* Kludge around */ send_oob(f, pibuf[0]); #endif } pcc = 0; } } if ((FD_ISSET(f, &obits)) && pcc > 0) { #ifndef NOENCRYPTION if (doencrypt) cc = des_enc_write(f, pbp, pcc, schedule, &kdata->session); else #endif cc = write(f, pbp, pcc); if (cc < 0 && errno == EWOULDBLOCK) { /* * This happens when we try write after read * from p, but some old kernels balk at large * writes even when select returns true. */ if (!FD_ISSET(master, &ibits)) sleep(5); continue; } if (cc > 0) { pcc -= cc; pbp += cc; /* Only send urg data when normal data * has just been sent. * Linux has deep problems with more * than one byte of OOB data. */ if (oob_queue) { send_oob (f, oob_queue); oob_queue = 0; } } } } } static RETSIGTYPE cleanup(int signo) { char *p = clean_ttyname (line); - if (logout(p) == 0) + if (rlogind_logout(p) == 0) logwtmp(p, "", ""); chmod(line, 0666); chown(line, 0, 0); *p = 'p'; chmod(line, 0666); chown(line, 0, 0); shutdown(netf, 2); signal(SIGHUP, SIG_IGN); #ifdef HAVE_VHANGUP vhangup(); #endif /* HAVE_VHANGUP */ exit(1); } void fatal(int f, const char *msg, int syserr) { int len; char buf[BUFSIZ], *bp = buf; /* * Prepend binary one to message if we haven't sent * the magic null as confirmation. */ if (!confirmed) *bp++ = '\01'; /* error indicator */ if (syserr) snprintf(bp, sizeof(buf) - (bp - buf), "rlogind: %s: %s.\r\n", msg, strerror(errno)); else snprintf(bp, sizeof(buf) - (bp - buf), "rlogind: %s.\r\n", msg); len = strlen(bp); #ifndef NOENCRYPTION if (doencrypt) des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session); else #endif write(f, buf, bp + len - buf); exit(1); } static void xgetstr(char *buf, int cnt, char *errmsg) { char c; do { if (read(0, &c, 1) != 1) exit(1); if (--cnt < 0) fatal(STDOUT_FILENO, errmsg, 0); *buf++ = c; } while (c != 0); } static int do_rlogin(struct sockaddr_in *dest) { xgetstr(rusername, sizeof(rusername), "remuser too long"); xgetstr(lusername, sizeof(lusername), "locuser too long"); xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); pwd = k_getpwnam(lusername); if (pwd == NULL) return (-1); if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0) { syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername); return (-1); } return (iruserok(dest->sin_addr.s_addr, (pwd->pw_uid == 0), rusername, lusername)); } static void setup_term(int fd) { char *cp = strchr(term+ENVSIZE, '/'); char *speed; struct termios tt; tcgetattr(fd, &tt); if (cp) { int s; *cp++ = '\0'; speed = cp; cp = strchr(speed, '/'); if (cp) *cp++ = '\0'; s = int2speed_t (atoi (speed)); if (s > 0) { cfsetospeed (&tt, s); cfsetispeed (&tt, s); } } tt.c_iflag &= ~INPCK; tt.c_iflag |= ICRNL|IXON; tt.c_oflag |= OPOST|ONLCR; #ifdef TAB3 tt.c_oflag |= TAB3; #endif /* TAB3 */ #ifdef ONLRET tt.c_oflag &= ~ONLRET; #endif /* ONLRET */ tt.c_lflag |= (ECHO|ECHOE|ECHOK|ISIG|ICANON); tt.c_cflag &= ~PARENB; tt.c_cflag |= CS8; tt.c_cc[VMIN] = 1; tt.c_cc[VTIME] = 0; tt.c_cc[VEOF] = CEOF; tcsetattr(fd, TCSAFLUSH, &tt); env[0] = term; env[1] = 0; environ = env; } #define VERSION_SIZE 9 /* * Do the remote kerberos login to the named host with the * given inet address * * Return 0 on valid authorization * Return -1 on valid authentication, no authorization * Return >0 for error conditions */ static int do_krb_login(struct sockaddr_in *dest) { int rc; char instance[INST_SZ], version[VERSION_SIZE]; long authopts = 0L; /* !mutual */ struct sockaddr_in faddr; kdata = (AUTH_DAT *) auth_buf; ticket = (KTEXT) tick_buf; k_getsockinst(0, instance, sizeof(instance)); if (doencrypt) { rc = sizeof(faddr); if (getsockname(0, (struct sockaddr *)&faddr, &rc)) return (-1); authopts = KOPT_DO_MUTUAL; rc = krb_recvauth( authopts, 0, ticket, "rcmd", instance, dest, &faddr, kdata, "", schedule, version); des_set_key(&kdata->session, schedule); } else rc = krb_recvauth( authopts, 0, ticket, "rcmd", instance, dest, (struct sockaddr_in *) 0, kdata, "", 0, version); if (rc != KSUCCESS) return (rc); xgetstr(lusername, sizeof(lusername), "locuser"); /* get the "cmd" in the rcmd protocol */ xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type"); pwd = k_getpwnam(lusername); if (pwd == NULL) return (-1); if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0) { syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername); return (-1); } /* returns nonzero for no access */ if (kuserok(kdata, lusername) != 0) return (-1); return (0); } static void usage(void) { syslog(LOG_ERR, "usage: rlogind [-Dailn] [-p port] [-x] [-L login] [-k | -v]"); exit(1); } Index: stable/3/crypto/kerberosIV/appl/bsd/rsh.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/rsh.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/rsh.c (revision 62578) @@ -1,353 +1,378 @@ /*- * Copyright (c) 1983, 1990 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID("$Id: rsh.c,v 1.35 1997/03/30 18:20:22 joda Exp $"); +RCSID("$Id: rsh.c,v 1.43 1999/11/13 06:13:34 assar Exp $"); CREDENTIALS cred; Key_schedule schedule; int use_kerberos = 1, doencrypt; char dst_realm_buf[REALM_SZ], *dest_realm; /* * rsh - remote shell */ int rfd2; static void usage(void) { fprintf(stderr, - "usage: rsh [-ndKx] [-k realm] [-l login] host [command]\n"); + "usage: rsh [-ndKx] [-k realm] [-p port] [-l login] host [command]\n"); exit(1); } static char * copyargs(char **argv) { int cc; char **ap, *p; char *args; cc = 0; for (ap = argv; *ap; ++ap) cc += strlen(*ap) + 1; - if (!(args = malloc(cc))) + args = malloc(cc); + if (args == NULL) errx(1, "Out of memory."); for (p = args, ap = argv; *ap; ++ap) { strcpy(p, *ap); - for (p = strcpy(p, *ap); *p; ++p); + while(*p) + ++p; if (ap[1]) *p++ = ' '; } return(args); } static RETSIGTYPE sendsig(int signo_) { char signo = signo_; #ifndef NOENCRYPTION if (doencrypt) des_enc_write(rfd2, &signo, 1, schedule, &cred.session); else #endif write(rfd2, &signo, 1); } static void talk(int nflag, sigset_t omask, int pid, int rem) { int cc, wc; char *bp; fd_set readfrom, ready, rembits; - char buf[BUFSIZ]; + char buf[DES_RW_MAXWRITE]; if (pid == 0) { if (nflag) goto done; close(rfd2); reread: errno = 0; if ((cc = read(0, buf, sizeof buf)) <= 0) goto done; bp = buf; rewrite: FD_ZERO(&rembits); FD_SET(rem, &rembits); - if (select(16, 0, &rembits, 0, 0) < 0) { + if (select(rem + 1, 0, &rembits, 0, 0) < 0) { if (errno != EINTR) err(1, "select"); goto rewrite; } if (!FD_ISSET(rem, &rembits)) goto rewrite; #ifndef NOENCRYPTION if (doencrypt) wc = des_enc_write(rem, bp, cc, schedule, &cred.session); else #endif wc = write(rem, bp, cc); if (wc < 0) { if (errno == EWOULDBLOCK) goto rewrite; goto done; } bp += wc; cc -= wc; if (cc == 0) goto reread; goto rewrite; done: shutdown(rem, 1); exit(0); } if (sigprocmask(SIG_SETMASK, &omask, 0) != 0) warn("sigprocmask"); FD_ZERO(&readfrom); FD_SET(rem, &readfrom); FD_SET(rfd2, &readfrom); do { ready = readfrom; - if (select(16, &ready, 0, 0, 0) < 0) { + if (select(max(rem,rfd2)+1, &ready, 0, 0, 0) < 0) { if (errno != EINTR) err(1, "select"); continue; } if (FD_ISSET(rfd2, &ready)) { errno = 0; #ifndef NOENCRYPTION if (doencrypt) cc = des_enc_read(rfd2, buf, sizeof buf, schedule, &cred.session); else #endif cc = read(rfd2, buf, sizeof buf); if (cc <= 0) { if (errno != EWOULDBLOCK) FD_CLR(rfd2, &readfrom); } else write(2, buf, cc); } if (FD_ISSET(rem, &ready)) { errno = 0; #ifndef NOENCRYPTION if (doencrypt) cc = des_enc_read(rem, buf, sizeof buf, schedule, &cred.session); else #endif cc = read(rem, buf, sizeof buf); if (cc <= 0) { if (errno != EWOULDBLOCK) FD_CLR(rem, &readfrom); } else write(1, buf, cc); } } while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom)); } int main(int argc, char **argv) { struct passwd *pw; - int sv_port; + int sv_port, user_port = 0; sigset_t omask; int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid; char *args, *host, *user, *local_user; argoff = dflag = nflag = nfork = 0; one = 1; host = user = NULL; pid = 1; set_progname(argv[0]); /* handle "rsh host flags" */ - if (!host && argc > 2 && argv[1][0] != '-') { + if (argc > 2 && argv[1][0] != '-') { host = argv[1]; argoff = 1; } -#define OPTIONS "+8KLde:k:l:nwx" - while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF) +#define OPTIONS "+8KLde:k:l:np:wx" + while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1) switch(ch) { case 'K': use_kerberos = 0; break; case 'L': /* -8Lew are ignored to allow rlogin aliases */ case 'e': case 'w': case '8': break; case 'd': dflag = 1; break; case 'l': user = optarg; break; case 'k': dest_realm = dst_realm_buf; - strncpy(dest_realm, optarg, REALM_SZ); + strlcpy(dest_realm, optarg, REALM_SZ); break; case 'n': nflag = nfork = 1; break; case 'x': doencrypt = 1; break; + case 'p': { + char *endptr; + + user_port = strtol (optarg, &endptr, 0); + if (user_port == 0 && optarg == endptr) + errx (1, "Bad port `%s'", optarg); + user_port = htons(user_port); + break; + } case '?': default: usage(); } optind += argoff; /* if haven't gotten a host yet, do so */ if (!host && !(host = argv[optind++])) usage(); /* if no further arguments, must have been called as rlogin. */ if (!argv[optind]) { *argv = "rlogin"; setuid(getuid()); execv(_PATH_RLOGIN, argv); err(1, "can't exec %s", _PATH_RLOGIN); } - argc -= optind; - argv += optind; - #ifndef __CYGWIN32__ if (!(pw = k_getpwuid(uid = getuid()))) errx(1, "unknown user id."); local_user = pw->pw_name; if (!user) user = local_user; #else if (!user) errx(1, "Sorry, you need to specify the username (with -l)"); local_user = user; #endif /* -n must still fork but does not turn of the -n functionality */ if (doencrypt) nfork = 0; - args = copyargs(argv); + args = copyargs(argv+optind); + if (user_port) + sv_port = user_port; + else sv_port=get_shell_port(use_kerberos, doencrypt); -try_connect: if (use_kerberos) { + setuid(getuid()); rem = KSUCCESS; errno = 0; if (dest_realm == NULL) dest_realm = krb_realmofhost(host); if (doencrypt) rem = krcmd_mutual(&host, sv_port, user, args, &rfd2, dest_realm, &cred, schedule); else rem = krcmd(&host, sv_port, user, args, &rfd2, dest_realm); if (rem < 0) { + int i = 0; + char **newargv; + if (errno == ECONNREFUSED) warning("remote host doesn't support Kerberos"); if (errno == ENOENT) warning("can't provide Kerberos auth data"); - use_kerberos = 0; - sv_port=get_shell_port(use_kerberos, doencrypt); - goto try_connect; + newargv = malloc((argc + 2) * sizeof(*newargv)); + if (newargv == NULL) + err(1, "malloc"); + newargv[i] = argv[i]; + ++i; + if (argv[i][0] != '-') { + newargv[i] = argv[i]; + ++i; + } + newargv[i++] = "-K"; + for(; i <= argc; ++i) + newargv[i] = argv[i - 1]; + newargv[argc + 1] = NULL; + execv(_PATH_RSH, newargv); } } else { if (doencrypt) errx(1, "the -x flag requires Kerberos authentication."); if (geteuid() != 0) errx(1, "not installed setuid root, " "only root may use non kerberized rsh"); rem = rcmd(&host, sv_port, local_user, user, args, &rfd2); } if (rem < 0) exit(1); if (rfd2 < 0) errx(1, "can't establish stderr."); #if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) if (dflag) { if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one, sizeof(one)) < 0) warn("setsockopt"); if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, (void *)&one, sizeof(one)) < 0) warn("setsockopt"); } #endif setuid(uid); { sigset_t sigmsk; sigemptyset(&sigmsk); sigaddset(&sigmsk, SIGINT); sigaddset(&sigmsk, SIGQUIT); sigaddset(&sigmsk, SIGTERM); if (sigprocmask(SIG_BLOCK, &sigmsk, &omask) != 0) warn("sigprocmask"); } if (signal(SIGINT, SIG_IGN) != SIG_IGN) signal(SIGINT, sendsig); if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) signal(SIGQUIT, sendsig); if (signal(SIGTERM, SIG_IGN) != SIG_IGN) signal(SIGTERM, sendsig); if (!nfork) { pid = fork(); if (pid < 0) err(1, "fork"); } if (!doencrypt) { ioctl(rfd2, FIONBIO, &one); ioctl(rem, FIONBIO, &one); } talk(nflag, omask, pid, rem); if (!nflag) kill(pid, SIGKILL); exit(0); } Index: stable/3/crypto/kerberosIV/appl/bsd/rshd.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/rshd.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/rshd.c (revision 62578) @@ -1,635 +1,634 @@ /*- * Copyright (c) 1988, 1989, 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * remote shell server: * [port]\0 * remuser\0 * locuser\0 * command\0 * data */ #include "bsd_locl.h" -RCSID("$Id: rshd.c,v 1.51 1997/05/13 09:42:39 bg Exp $"); +RCSID("$Id: rshd.c,v 1.60 1999/11/13 06:13:53 assar Exp $"); extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ extern int __check_rhosts_file; static int keepalive = 1; static int log_success; /* If TRUE, log all successful accesses */ static int new_pag = 1; /* Put process in new PAG by default */ static int no_inetd = 0; static int sent_null; static void doit (struct sockaddr_in *); static void error (const char *, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif ; static void usage (void); #define VERSION_SIZE 9 #define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n" #define OPTIONS "alnkvxLp:Pi" AUTH_DAT authbuf; KTEXT_ST tickbuf; int doencrypt, use_kerberos, vacuous; Key_schedule schedule; int main(int argc, char *argv[]) { struct linger linger; int ch, on = 1, fromlen; struct sockaddr_in from; int portnum = 0; set_progname(argv[0]); openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); opterr = 0; - while ((ch = getopt(argc, argv, OPTIONS)) != EOF) + while ((ch = getopt(argc, argv, OPTIONS)) != -1) switch (ch) { case 'a': break; case 'l': __check_rhosts_file = 0; break; case 'n': keepalive = 0; break; case 'k': use_kerberos = 1; break; case 'v': vacuous = 1; break; case 'x': doencrypt = 1; break; case 'L': log_success = 1; break; case 'p': portnum = htons(atoi(optarg)); break; case 'P': new_pag = 0; break; case 'i': no_inetd = 1; break; case '?': default: usage(); break; } argc -= optind; argv += optind; if (use_kerberos && vacuous) { syslog(LOG_ERR, "only one of -k and -v allowed"); exit(2); } if (doencrypt && !use_kerberos) { syslog(LOG_ERR, "-k is required for -x"); exit(2); } if (no_inetd) { if(portnum == 0) portnum = get_shell_port (use_kerberos, doencrypt); mini_inetd (portnum); } fromlen = sizeof (from); if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { syslog(LOG_ERR, "getpeername: %m"); _exit(1); } #ifdef HAVE_SETSOCKOPT #ifdef SO_KEEPALIVE if (keepalive && setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0) syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); #endif #ifdef SO_LINGER linger.l_onoff = 1; linger.l_linger = 60; /* XXX */ if (setsockopt(0, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof (linger)) < 0) syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); #endif #endif /* HAVE_SETSOCKOPT */ doit(&from); /* NOTREACHED */ return 0; } char username[20] = "USER="; char homedir[64] = "HOME="; char shell[64] = "SHELL="; char path[100] = "PATH="; char *envinit[] = {homedir, shell, path, username, 0}; static void xgetstr(char *buf, int cnt, char *err) { char c; do { if (read(STDIN_FILENO, &c, 1) != 1) exit(1); *buf++ = c; if (--cnt == 0) { error("%s too long\n", err); exit(1); } } while (c != 0); } static void doit(struct sockaddr_in *fromp) { struct passwd *pwd; u_short port; fd_set ready, readfrom; int cc, nfd, pv[2], pid, s; int one = 1; const char *errorhost = ""; char *errorstr; - char *cp, sig, buf[BUFSIZ]; + char *cp, sig, buf[DES_RW_MAXWRITE]; char cmdbuf[NCARGS+1], locuser[16], remuser[16]; char remotehost[2 * MaxHostNameLen + 1]; AUTH_DAT *kdata; KTEXT ticket; char instance[INST_SZ], version[VERSION_SIZE]; struct sockaddr_in fromaddr; int rc; long authopts; int pv1[2], pv2[2]; fd_set wready, writeto; fromaddr = *fromp; signal(SIGINT, SIG_DFL); signal(SIGQUIT, SIG_DFL); signal(SIGTERM, SIG_DFL); #ifdef DEBUG { int t = open(_PATH_TTY, 2); if (t >= 0) { ioctl(t, TIOCNOTTY, (char *)0); close(t); } } #endif fromp->sin_port = ntohs((u_short)fromp->sin_port); if (fromp->sin_family != AF_INET) { syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", fromp->sin_family); exit(1); } if (!use_kerberos) { ip_options_and_die (0, fromp); if (fromp->sin_port >= IPPORT_RESERVED || fromp->sin_port < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "Connection from %s on illegal port %u", inet_ntoa(fromp->sin_addr), fromp->sin_port); exit(1); } } alarm(60); port = 0; for (;;) { char c; if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { if (cc < 0) syslog(LOG_NOTICE, "read: %m"); shutdown(0, 1+1); exit(1); } if (c== 0) break; port = port * 10 + c - '0'; } alarm(0); if (port != 0) { int lport = IPPORT_RESERVED - 1; s = rresvport(&lport); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } if (!use_kerberos) if (port >= IPPORT_RESERVED) { syslog(LOG_ERR, "2nd port not reserved\n"); exit(1); } fromp->sin_port = htons(port); if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) { syslog(LOG_INFO, "connect second port %d: %m", port); exit(1); } } if (vacuous) { - error("rshd: remote host requires Kerberos authentication\n"); + error("rshd: Remote host requires Kerberos authentication.\n"); exit(1); } errorstr = NULL; inaddr2str (fromp->sin_addr, remotehost, sizeof(remotehost)); if (use_kerberos) { kdata = &authbuf; ticket = &tickbuf; authopts = 0L; k_getsockinst(0, instance, sizeof(instance)); version[VERSION_SIZE - 1] = '\0'; if (doencrypt) { struct sockaddr_in local_addr; rc = sizeof(local_addr); if (getsockname(0, (struct sockaddr *)&local_addr, &rc) < 0) { syslog(LOG_ERR, "getsockname: %m"); - error("rlogind: getsockname: %m"); + error("rshd: getsockname: %m"); exit(1); } authopts = KOPT_DO_MUTUAL; rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, &fromaddr, &local_addr, kdata, "", schedule, version); #ifndef NOENCRYPTION des_set_key(&kdata->session, schedule); #else memset(schedule, 0, sizeof(schedule)); #endif } else rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, &fromaddr, (struct sockaddr_in *) 0, kdata, "", 0, version); if (rc != KSUCCESS) { error("Kerberos authentication failure: %s\n", krb_get_err_text(rc)); exit(1); } } else xgetstr(remuser, sizeof(remuser), "remuser"); xgetstr(locuser, sizeof(locuser), "locuser"); xgetstr(cmdbuf, sizeof(cmdbuf), "command"); setpwent(); pwd = k_getpwnam(locuser); if (pwd == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown login. cmd='%.80s'", remuser, remotehost, locuser, cmdbuf); if (errorstr == NULL) errorstr = "Login incorrect.\n"; goto fail; } if (pwd->pw_uid == 0 && strcmp("root", locuser) != 0) { syslog(LOG_ALERT, "NIS attack, user %s has uid 0", locuser); if (errorstr == NULL) errorstr = "Login incorrect.\n"; goto fail; } if (chdir(pwd->pw_dir) < 0) { chdir("/"); #ifdef notdef syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: no home directory. cmd='%.80s'", remuser, remotehost, locuser, cmdbuf); error("No remote directory.\n"); exit(1); #endif } if (use_kerberos) { if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { if (kuserok(kdata, locuser) != 0) { syslog(LOG_INFO|LOG_AUTH, "Kerberos rsh denied to %s", krb_unparse_name_long(kdata->pname, kdata->pinst, kdata->prealm)); error("Permission denied.\n"); exit(1); } } } else if (errorstr || - pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && + (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0, - remuser, locuser) < 0) { + remuser, locuser) < 0)) { if (__rcmd_errstr) syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", remuser, remotehost, locuser, __rcmd_errstr, cmdbuf); else syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied. cmd='%.80s'", remuser, remotehost, locuser, cmdbuf); fail: if (errorstr == NULL) errorstr = "Permission denied.\n"; error(errorstr, errorhost); exit(1); } if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { error("Logins currently disabled.\n"); exit(1); } write(STDERR_FILENO, "\0", 1); sent_null = 1; if (port) { if (pipe(pv) < 0) { error("Can't make pipe.\n"); exit(1); } if (doencrypt) { if (pipe(pv1) < 0) { error("Can't make 2nd pipe.\n"); exit(1); } if (pipe(pv2) < 0) { error("Can't make 3rd pipe.\n"); exit(1); } } pid = fork(); if (pid == -1) { error("Can't fork; try again.\n"); exit(1); } if (pid) { if (doencrypt) { static char msg[] = SECURE_MESSAGE; close(pv1[1]); close(pv2[0]); #ifndef NOENCRYPTION des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session); #else write(s, msg, sizeof(msg) - 1); #endif } else { close(0); close(1); } close(2); close(pv[1]); FD_ZERO(&readfrom); FD_SET(s, &readfrom); FD_SET(pv[0], &readfrom); if (pv[0] > s) nfd = pv[0]; else nfd = s; if (doencrypt) { FD_ZERO(&writeto); FD_SET(pv2[1], &writeto); FD_SET(pv1[0], &readfrom); FD_SET(STDIN_FILENO, &readfrom); nfd = max(nfd, pv2[1]); nfd = max(nfd, pv1[0]); } else ioctl(pv[0], FIONBIO, (char *)&one); /* should set s nbio! */ nfd++; do { ready = readfrom; if (doencrypt) { wready = writeto; if (select(nfd, &ready, &wready, 0, (struct timeval *) 0) < 0) break; } else if (select(nfd, &ready, 0, 0, (struct timeval *)0) < 0) break; if (FD_ISSET(s, &ready)) { int ret; if (doencrypt) #ifndef NOENCRYPTION ret = des_enc_read(s, &sig, 1, schedule, &kdata->session); #else ret = read(s, &sig, 1); #endif else ret = read(s, &sig, 1); if (ret <= 0) FD_CLR(s, &readfrom); else kill(-pid, sig); } if (FD_ISSET(pv[0], &ready)) { errno = 0; cc = read(pv[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(s, 1+1); FD_CLR(pv[0], &readfrom); } else { if (doencrypt) #ifndef NOENCRYPTION des_enc_write(s, buf, cc, schedule, &kdata->session); #else write(s, buf, cc); #endif else (void) write(s, buf, cc); } } if (doencrypt && FD_ISSET(pv1[0], &ready)) { errno = 0; cc = read(pv1[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(pv1[0], 1+1); FD_CLR(pv1[0], &readfrom); } else #ifndef NOENCRYPTION des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session); #else write(STDOUT_FILENO, buf, cc); #endif } if (doencrypt && FD_ISSET(STDIN_FILENO, &ready) && FD_ISSET(pv2[1], &wready)) { errno = 0; #ifndef NOENCRYPTION cc = des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session); #else cc = read(STDIN_FILENO, buf, sizeof(buf)); #endif if (cc <= 0) { shutdown(STDIN_FILENO, 0); FD_CLR(STDIN_FILENO, &readfrom); close(pv2[1]); FD_CLR(pv2[1], &writeto); } else write(pv2[1], buf, cc); } } while (FD_ISSET(s, &readfrom) || (doencrypt && FD_ISSET(pv1[0], &readfrom)) || FD_ISSET(pv[0], &readfrom)); exit(0); } setsid(); close(s); close(pv[0]); if (doencrypt) { close(pv1[0]); close(pv2[1]); dup2(pv1[1], 1); dup2(pv2[0], 0); close(pv1[1]); close(pv2[0]); } dup2(pv[1], 2); close(pv[1]); } if (*pwd->pw_shell == '\0') pwd->pw_shell = _PATH_BSHELL; #ifdef HAVE_SETLOGIN if (setlogin(pwd->pw_name) < 0) syslog(LOG_ERR, "setlogin() failed: %m"); #endif #ifdef HAVE_SETPCRED if (setpcred (pwd->pw_name, NULL) == -1) syslog(LOG_ERR, "setpcred() failure: %m"); #endif /* HAVE_SETPCRED */ + if(do_osfc2_magic(pwd->pw_uid)) + exit(1); setgid((gid_t)pwd->pw_gid); initgroups(pwd->pw_name, pwd->pw_gid); setuid((uid_t)pwd->pw_uid); - strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); + strlcat(homedir, pwd->pw_dir, sizeof(homedir)); - /* Need to extend path to find rcp */ - strncat(path, BINDIR, sizeof(path)-1); - strncat(path, ":", sizeof(path)-1); - strncat(path, _PATH_DEFPATH, sizeof(path)-1); - path[sizeof(path)-1] = '\0'; + /* Need to prepend path with BINDIR (/usr/athena/bin) to find rcp */ + snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH); - strncat(shell, pwd->pw_shell, sizeof(shell)-7); - strncat(username, pwd->pw_name, sizeof(username)-6); + strlcat(shell, pwd->pw_shell, sizeof(shell)); + strlcat(username, pwd->pw_name, sizeof(username)); cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; endpwent(); if (log_success || pwd->pw_uid == 0) { if (use_kerberos) syslog(LOG_INFO|LOG_AUTH, "Kerberos shell from %s on %s as %s, cmd='%.80s'", krb_unparse_name_long(kdata->pname, kdata->pinst, kdata->prealm), remotehost, locuser, cmdbuf); else syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", remuser, remotehost, locuser, cmdbuf); } if (k_hasafs()) { if (new_pag) k_setpag(); /* Put users process in an new pag */ - k_afsklog(0, 0); + krb_afslog(0, 0); } execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit); err(1, pwd->pw_shell); } /* * Report error to client. Note: can't be used until second socket has * connected to client, or older clients will hang waiting for that * connection first. */ static void error(const char *fmt, ...) { va_list ap; int len; char *bp, buf[BUFSIZ]; va_start(ap, fmt); bp = buf; if (sent_null == 0) { *bp++ = 1; len = 1; } else len = 0; - len = vsnprintf (bp, sizeof(buf) - len, fmt, ap); + len += vsnprintf(bp, sizeof(buf) - len, fmt, ap); write (STDERR_FILENO, buf, len); va_end(ap); } static void usage() { syslog(LOG_ERR, "usage: rshd [-alnkvxLPi] [-p port]"); exit(2); } Index: stable/3/crypto/kerberosIV/appl/bsd/stty_default.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/stty_default.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/stty_default.c (revision 62578) @@ -1,105 +1,100 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID("$Id: stty_default.c,v 1.6 1997/04/01 08:17:17 joda Exp $"); +RCSID("$Id: stty_default.c,v 1.7 1999/12/02 16:58:28 joda Exp $"); #include /* HP-UX 9.0 termios doesn't define these */ #ifndef FLUSHO #define FLUSHO 0 #endif #ifndef XTABS #define XTABS 0 #endif #ifndef OXTABS #define OXTABS XTABS #endif /* Ultrix... */ #ifndef ECHOPRT #define ECHOPRT 0 #endif #ifndef ECHOCTL #define ECHOCTL 0 #endif #ifndef ECHOKE #define ECHOKE 0 #endif #ifndef IMAXBEL #define IMAXBEL 0 #endif #define Ctl(x) ((x) ^ 0100) void stty_default(void) { struct termios termios; /* * Finalize the terminal settings. Some systems default to 8 bits, * others to 7, so we should leave that alone. */ tcgetattr(0, &termios); termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL); termios.c_iflag &= ~IXANY; termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE); termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO); termios.c_oflag |= (OPOST|ONLCR); termios.c_oflag &= ~OXTABS; termios.c_cc[VINTR] = Ctl('C'); termios.c_cc[VERASE] = Ctl('H'); termios.c_cc[VKILL] = Ctl('U'); termios.c_cc[VEOF] = Ctl('D'); termios.c_cc[VSUSP] = Ctl('Z'); tcsetattr(0, TCSANOW, &termios); } Index: stable/3/crypto/kerberosIV/appl/bsd/su.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/su.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/su.c (revision 62578) @@ -1,452 +1,473 @@ /* * Copyright (c) 1988 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID ("$Id: su.c,v 1.59 1997/05/26 17:45:54 bg Exp $"); +RCSID ("$Id: su.c,v 1.70 1999/11/13 06:14:11 assar Exp $"); #ifdef SYSV_SHADOW #include "sysv_shadow.h" #endif static int kerberos (char *username, char *user, int uid); static int chshell (char *sh); static char *ontty (void); static int koktologin (char *name, char *realm, char *toname); static int chshell (char *sh); /* Handle '-' option after all the getopt options */ -#define ARGSTR "Kflmi:" +#define ARGSTR "Kflmti:" +int destroy_tickets = 0; static int use_kerberos = 1; static char *root_inst = "root"; int main (int argc, char **argv) { struct passwd *pwd; char *p, **g; struct group *gr; uid_t ruid; int asme, ch, asthem, fastlogin, prio; enum { UNSET, YES, NO } iscsh = UNSET; char *user, *shell, *avshell, *username, **np; char shellbuf[MaxPathLen], avshellbuf[MaxPathLen]; set_progname (argv[0]); asme = asthem = fastlogin = 0; - while ((ch = getopt (argc, argv, ARGSTR)) != EOF) + while ((ch = getopt (argc, argv, ARGSTR)) != -1) switch ((char) ch) { case 'K': use_kerberos = 0; break; case 'f': fastlogin = 1; break; case 'l': asme = 0; asthem = 1; break; case 'm': asme = 1; asthem = 0; break; + case 't': + destroy_tickets = 1; + break; case 'i': root_inst = optarg; break; case '?': default: fprintf (stderr, - "usage: su [-Kflm] [-i root-instance] [-] [login]\n"); + "usage: su [-Kflmt] [-i root-instance] [-] [login]\n"); exit (1); } /* Don't handle '-' option with getopt */ if (optind < argc && strcmp (argv[optind], "-") == 0) { asme = 0; asthem = 1; optind++; } argv += optind; if (use_kerberos) { int fd = open (KEYFILE, O_RDONLY); if (fd >= 0) close (fd); else use_kerberos = 0; } errno = 0; prio = getpriority (PRIO_PROCESS, 0); if (errno) prio = 0; setpriority (PRIO_PROCESS, 0, -2); - openlog ("su", LOG_CONS, 0); + openlog ("su", LOG_CONS, LOG_AUTH); /* get current login name and shell */ ruid = getuid (); username = getlogin (); if (username == NULL || (pwd = k_getpwnam (username)) == NULL || pwd->pw_uid != ruid) pwd = k_getpwuid (ruid); if (pwd == NULL) errx (1, "who are you?"); username = strdup (pwd->pw_name); - if (asme) - if (pwd->pw_shell && *pwd->pw_shell) - shell = strcpy (shellbuf, pwd->pw_shell); - else { + if (username == NULL) + errx (1, "strdup: out of memory"); + if (asme) { + if (pwd->pw_shell && *pwd->pw_shell) { + strlcpy (shellbuf, pwd->pw_shell, sizeof(shellbuf)); + shell = shellbuf; + } else { shell = _PATH_BSHELL; iscsh = NO; } + } /* get target login information, default to root */ user = *argv ? *argv : "root"; np = *argv ? argv : argv - 1; pwd = k_getpwnam (user); if (pwd == NULL) errx (1, "unknown login %s", user); if (pwd->pw_uid == 0 && strcmp ("root", user) != 0) { syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user); errx (1, "unknown login %s", user); } if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) { #ifndef PASSWD_FALLBACK errx (1, "won't use /etc/passwd authentication"); #endif /* getpwnam() is not reentrant and kerberos might use it! */ pwd = k_getpwnam (user); if (pwd == NULL) errx (1, "unknown login %s", user); /* only allow those in group zero to su to root. */ if (pwd->pw_uid == 0 && (gr = getgrgid ((gid_t) 0))) for (g = gr->gr_mem;; ++g) { if (!*g) { #if 1 /* if group 0 is empty or only contains root su is still ok. */ if (gr->gr_mem[0] == 0) break; /* group 0 is empty */ if (gr->gr_mem[1] == 0 && strcmp (gr->gr_mem[0], "root") == 0) break; /* only root in group 0 */ #endif errx (1, "you are not in the correct group to su %s.", user); } if (!strcmp (username, *g)) break; } /* if target requires a password, verify it */ if (ruid && *pwd->pw_passwd) { char prompt[128]; char passwd[256]; snprintf (prompt, sizeof(prompt), "%s's Password: ", pwd->pw_name); if (des_read_pw_string (passwd, sizeof (passwd), prompt, 0)) { memset (passwd, 0, sizeof (passwd)); exit (1); } if (strcmp (pwd->pw_passwd, crypt (passwd, pwd->pw_passwd))) { memset (passwd, 0, sizeof (passwd)); syslog (LOG_AUTH | LOG_WARNING, "BAD SU %s to %s%s", username, user, ontty ()); errx (1, "Sorry"); } memset (passwd, 0, sizeof (passwd)); } } if (asme) { /* if asme and non-standard target shell, must be root */ if (!chshell (pwd->pw_shell) && ruid) errx (1, "permission denied (shell '%s' not in /etc/shells).", pwd->pw_shell); } else if (pwd->pw_shell && *pwd->pw_shell) { shell = pwd->pw_shell; iscsh = UNSET; } else { shell = _PATH_BSHELL; iscsh = NO; } if ((p = strrchr (shell, '/')) != 0) avshell = p + 1; else avshell = shell; /* if we're forking a csh, we want to slightly muck the args */ if (iscsh == UNSET) iscsh = strcmp (avshell, "csh") ? NO : YES; /* set permissions */ if (setgid (pwd->pw_gid) < 0) err (1, "setgid"); if (initgroups (user, pwd->pw_gid)) errx (1, "initgroups failed."); if (setuid (pwd->pw_uid) < 0) err (1, "setuid"); if (!asme) { if (asthem) { char *k = getenv ("KRBTKFILE"); char *t = getenv ("TERM"); environ = malloc (10 * sizeof (char *)); + if (environ == NULL) + err (1, "malloc"); environ[0] = NULL; setenv ("PATH", _PATH_DEFPATH, 1); if (t) setenv ("TERM", t, 1); if (k) setenv ("KRBTKFILE", k, 1); if (chdir (pwd->pw_dir) < 0) errx (1, "no directory"); } if (asthem || pwd->pw_uid) setenv ("USER", pwd->pw_name, 1); setenv ("HOME", pwd->pw_dir, 1); setenv ("SHELL", shell, 1); } if (iscsh == YES) { if (fastlogin) *np-- = "-f"; if (asme) *np-- = "-m"; } if (asthem) { - avshellbuf[0] = '-'; - strcpy (avshellbuf + 1, avshell); + snprintf (avshellbuf, sizeof(avshellbuf), + "-%s", avshell); avshell = avshellbuf; } else if (iscsh == YES) { /* csh strips the first character... */ - avshellbuf[0] = '_'; - strcpy (avshellbuf + 1, avshell); + snprintf (avshellbuf, sizeof(avshellbuf), + "_%s", avshell); avshell = avshellbuf; } *np = avshell; if (ruid != 0) syslog (LOG_NOTICE | LOG_AUTH, "%s to %s%s", username, user, ontty ()); setpriority (PRIO_PROCESS, 0, prio); if (k_hasafs ()) { int code; if (k_setpag () != 0) warn ("setpag"); - code = k_afsklog (0, 0); + code = krb_afslog (0, 0); if (code != KSUCCESS && code != KDC_PR_UNKNOWN) warnx ("afsklog: %s", krb_get_err_text (code)); } + if (destroy_tickets) + dest_tkt (); execv (shell, np); warn ("execv(%s)", shell); if (getuid () == 0) { execv (_PATH_BSHELL, np); warn ("execv(%s)", _PATH_BSHELL); } exit (1); } static int chshell (char *sh) { char *cp; while ((cp = getusershell ()) != NULL) if (!strcmp (cp, sh)) return (1); return (0); } static char * ontty (void) { char *p; static char buf[MaxPathLen + 4]; buf[0] = 0; if ((p = ttyname (STDERR_FILENO)) != 0) snprintf (buf, sizeof(buf), " on %s", p); return (buf); } static int kerberos (char *username, char *user, int uid) { KTEXT_ST ticket; AUTH_DAT authdata; struct hostent *hp; int kerno; u_long faddr; char lrealm[REALM_SZ], krbtkfile[MaxPathLen]; char hostname[MaxHostNameLen], savehost[MaxHostNameLen]; if (krb_get_lrealm (lrealm, 1) != KSUCCESS) return (1); if (koktologin (username, lrealm, user) && !uid) { #ifndef PASSWD_FALLBACK warnx ("not in %s's ACL.", user); #endif return (1); } snprintf (krbtkfile, sizeof(krbtkfile), "%s_%s_to_%s_%u", TKT_ROOT, username, user, (unsigned) getpid ()); setenv ("KRBTKFILE", krbtkfile, 1); krb_set_tkt_string (krbtkfile); /* + * Set real as well as effective ID to 0 for the moment, + * to make the kerberos library do the right thing. + */ + if (setuid(0) < 0) { + warn("setuid"); + return (1); + } + + /* * Little trick here -- if we are su'ing to root, we need to get a ticket * for "xxx.root", where xxx represents the name of the person su'ing. * Otherwise (non-root case), we need to get a ticket for "yyy.", where * yyy represents the name of the person being su'd to, and the instance * is null * * We should have a way to set the ticket lifetime, with a system default * for root. */ { char prompt[128]; char passw[256]; snprintf (prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name_long ((uid == 0 ? username : user), (uid == 0 ? root_inst : ""), lrealm)); if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) { memset (passw, 0, sizeof (passw)); return (1); } if (strlen(passw) == 0) return (1); /* Empty passwords is not allowed */ kerno = krb_get_pw_in_tkt ((uid == 0 ? username : user), (uid == 0 ? root_inst : ""), lrealm, KRB_TICKET_GRANTING_TICKET, lrealm, DEFAULT_TKT_LIFE, passw); memset (passw, 0, strlen (passw)); } if (kerno != KSUCCESS) { if (kerno == KDC_PR_UNKNOWN) { warnx ("principal unknown: %s", krb_unparse_name_long ((uid == 0 ? username : user), (uid == 0 ? root_inst : ""), lrealm)); return (1); } warnx ("unable to su: %s", krb_get_err_text (kerno)); syslog (LOG_NOTICE | LOG_AUTH, "BAD SU: %s to %s%s: %s", username, user, ontty (), krb_get_err_text (kerno)); return (1); } if (chown (krbtkfile, uid, -1) < 0) { warn ("chown"); unlink (krbtkfile); return (1); } setpriority (PRIO_PROCESS, 0, -2); - if (k_gethostname (hostname, sizeof (hostname)) == -1) { + if (gethostname (hostname, sizeof (hostname)) == -1) { warn ("gethostname"); dest_tkt (); return (1); } - strncpy (savehost, krb_get_phost (hostname), sizeof (savehost)); - savehost[sizeof (savehost) - 1] = '\0'; + strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost)); kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33); if (kerno == KDC_PR_UNKNOWN) { warnx ("Warning: TGT not verified."); syslog (LOG_NOTICE | LOG_AUTH, "%s to %s%s, TGT not verified (%s); " "%s.%s not registered?", username, user, ontty (), krb_get_err_text (kerno), "rcmd", savehost); #ifdef KLOGIN_PARANOID /* * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, * * don't allow kerberos login, also log the error condition. */ warnx ("Trying local password!"); return (1); #endif } else if (kerno != KSUCCESS) { warnx ("Unable to use TGT: %s", krb_get_err_text (kerno)); syslog (LOG_NOTICE | LOG_AUTH, "failed su: %s to %s%s: %s", username, user, ontty (), krb_get_err_text (kerno)); dest_tkt (); return (1); } else { if (!(hp = gethostbyname (hostname))) { warnx ("can't get addr of %s", hostname); dest_tkt (); return (1); } memcpy (&faddr, hp->h_addr, sizeof (faddr)); if ((kerno = krb_rd_req (&ticket, "rcmd", savehost, faddr, &authdata, "")) != KSUCCESS) { warnx ("unable to verify rcmd ticket: %s", krb_get_err_text (kerno)); syslog (LOG_NOTICE | LOG_AUTH, "failed su: %s to %s%s: %s", username, user, ontty (), krb_get_err_text (kerno)); dest_tkt (); return (1); } } + if (!destroy_tickets) fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n"); return (0); } static int koktologin (char *name, char *realm, char *toname) { return krb_kuserok (name, strcmp (toname, "root") == 0 ? root_inst : "", realm, toname); } Index: stable/3/crypto/kerberosIV/appl/bsd/sysv_default.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/sysv_default.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/sysv_default.c (revision 62578) @@ -1,95 +1,95 @@ /* Author: Wietse Venema */ #include "bsd_locl.h" -RCSID("$Id: sysv_default.c,v 1.9 1997/03/31 01:47:59 assar Exp $"); +RCSID("$Id: sysv_default.c,v 1.11 1999/03/13 21:15:24 assar Exp $"); #include "sysv_default.h" /* * Default values for stuff that can be read from the defaults file. The * SunOS 5.1 documentation is incomplete and often disagrees with reality. */ static char default_umask_value[] = "022"; char *default_console = 0; char *default_altsh = "YES"; char *default_passreq = "NO"; char *default_timezone= 0; char *default_hz = 0; char *default_path = _PATH_DEFPATH; char *default_supath = _PATH_DEFSUPATH; char *default_ulimit = 0; -char *default_timeout = "60"; +char *default_timeout = "180"; char *default_umask = default_umask_value; char *default_sleep = "4"; char *default_maxtrys = "5"; static struct sysv_default { char **valptr; char *prefix; int prefix_len; } defaults[] = { {&default_console, "CONSOLE=", sizeof("CONSOLE=") -1}, {&default_altsh, "ALTSHELL=", sizeof("ALTSHELL=") -1}, {&default_passreq, "PASSREQ=", sizeof("PASSREQ=") -1}, {&default_timezone, "TIMEZONE=", sizeof("TIMEZONE=") -1}, {&default_hz, "HZ=", sizeof("HZ=") -1}, {&default_path, "PATH=", sizeof("PATH=") -1}, {&default_supath, "SUPATH=", sizeof("SUPATH=") -1}, {&default_ulimit, "ULIMIT=", sizeof("ULIMIT=") -1}, {&default_timeout, "TIMEOUT=", sizeof("TIMEOUT=") -1}, {&default_umask, "UMASK=", sizeof("UMASK=") -1}, {&default_sleep, "SLEEPTIME=", sizeof("SLEEPTIME=") -1}, {&default_maxtrys, "MAXTRYS=", sizeof("MAXTRYS=") -1}, {0}, }; #define trim(s) { \ char *cp = s + strlen(s); \ - while (cp > s && isspace(cp[-1])) \ + while (cp > s && isspace((unsigned char)cp[-1])) \ cp--; \ *cp = 0; \ } /* sysv_defaults - read login defaults file */ void sysv_defaults() { struct sysv_default *dp; FILE *fp; char buf[BUFSIZ]; if ((fp = fopen(_PATH_ETC_DEFAULT_LOGIN, "r"))) { /* Stupid quadratic algorithm. */ while (fgets(buf, sizeof(buf), fp)) { /* Skip comments and blank lines. */ if (buf[0] == '#') continue; trim(buf); if (buf[0] == 0) continue; /* Assign defaults from file. */ #define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0) for (dp = defaults; dp->valptr; dp++) { if (STREQN(buf, dp->prefix, dp->prefix_len)) { if ((*(dp->valptr) = strdup(buf + dp->prefix_len)) == 0) { warnx("Insufficient memory resources - try later."); sleepexit(1); } break; } } } fclose(fp); } } Index: stable/3/crypto/kerberosIV/appl/bsd/sysv_environ.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/sysv_environ.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/sysv_environ.c (revision 62578) @@ -1,192 +1,193 @@ /* Author: Wietse Venema */ #include "bsd_locl.h" -RCSID("$Id: sysv_environ.c,v 1.21 1997/05/14 17:34:15 joda Exp $"); +RCSID("$Id: sysv_environ.c,v 1.23 1997/12/14 23:50:44 assar Exp $"); #ifdef HAVE_ULIMIT_H #include #endif #ifndef UL_SETFSIZE #define UL_SETFSIZE 2 #endif #include "sysv_default.h" /* * Set */ static void read_etc_environment (void) { FILE *f; char buf[BUFSIZ]; f = fopen(_PATH_ETC_ENVIRONMENT, "r"); if (f) { char *val; while (fgets (buf, sizeof(buf), f) != NULL) { if (buf[0] == '\n' || buf[0] == '#') continue; buf[strlen(buf) - 1] = '\0'; val = strchr (buf, '='); if (val == NULL) continue; *val = '\0'; setenv(buf, val + 1, 1); } fclose (f); } } /* * Environment variables that are preserved (but may still be overruled by * other means). Only TERM and TZ appear to survive (SunOS 5.1). These are * typically inherited from the ttymon process. */ static struct preserved { char *name; char *value; } preserved[] = { {"TZ", 0}, {"TERM", 0}, {0}, }; /* * Environment variables that are not preserved and that cannot be specified * via commandline or stdin. Except for the LD_xxx (runtime linker) stuff, * the list applies to most SYSV systems. The manpage mentions only that * SHELL and PATH are censored. HOME, LOGNAME and MAIL are always * overwritten; they are in the list to make the censoring explicit. */ static struct censored { char *prefix; int length; } censored[] = { {"SHELL=", sizeof("SHELL=") - 1}, {"HOME=", sizeof("HOME=") - 1}, {"LOGNAME=", sizeof("LOGNAME=") - 1}, {"MAIL=", sizeof("MAIL=") - 1}, {"CDPATH=", sizeof("CDPATH=") - 1}, {"IFS=", sizeof("IFS=") - 1}, {"PATH=", sizeof("PATH=") - 1}, {"LD_", sizeof("LD_") - 1}, {0}, }; /* sysv_newenv - set up final environment after logging in */ void sysv_newenv(int argc, char **argv, struct passwd *pwd, char *term, int pflag) { unsigned umask_val; - long limit_val; char buf[BUFSIZ]; int count = 0; struct censored *cp; struct preserved *pp; /* Preserve a selection of the environment. */ for (pp = preserved; pp->name; pp++) pp->value = getenv(pp->name); /* * Note: it is a bad idea to assign a static array to the global environ * variable. Reason is that putenv() can run into problems when it tries * to realloc() the environment table. Instead, we just clear environ[0] * and let putenv() work things out. */ if (!pflag && environ) environ[0] = 0; /* Restore preserved environment variables. */ for (pp = preserved; pp->name; pp++) if (pp->value) setenv(pp->name, pp->value, 1); /* The TERM definition from e.g. rlogind can override an existing one. */ if (term[0]) setenv("TERM", term, 1); /* * Environment definitions from the command line overrule existing ones, * but can be overruled by definitions from stdin. Some variables are * censored. * * Omission: we do not support environment definitions from stdin. */ #define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0) while (argc && *argv) { if (strchr(*argv, '=') == 0) { snprintf(buf, sizeof(buf), "L%d", count++); setenv(buf, *argv, 1); } else { for (cp = censored; cp->prefix; cp++) if (STREQN(*argv, cp->prefix, cp->length)) break; if (cp->prefix == 0) putenv(*argv); } argc--, argv++; } /* PATH is always reset. */ setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1); /* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */ setenv("HOME", pwd->pw_dir, 1); { char *sep = "/"; if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/') sep = ""; - k_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL); + roken_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL); } setenv("MAIL", buf, 1); setenv("LOGNAME", pwd->pw_name, 1); setenv("USER", pwd->pw_name, 1); /* * Variables that may be set according to specifications in the defaults * file. HZ and TZ are set only if they are still uninitialized. * * Extension: when ALTSHELL=YES, we set the SHELL variable even if it is * /bin/sh. */ if (strcasecmp(default_altsh, "YES") == 0) setenv("SHELL", pwd->pw_shell, 1); if (default_hz) setenv("HZ", default_hz, 0); if (default_timezone) setenv("TZ", default_timezone, 0); /* Non-environment stuff. */ if (default_umask) { if (sscanf(default_umask, "%o", &umask_val) == 1 && umask_val) umask(umask_val); } #ifdef HAVE_ULIMIT if (default_ulimit) { + long limit_val; + if (sscanf(default_ulimit, "%ld", &limit_val) == 1 && limit_val) if (ulimit(UL_SETFSIZE, limit_val) < 0) warn ("ulimit(UL_SETFSIZE, %ld)", limit_val); } #endif read_etc_environment(); } Index: stable/3/crypto/kerberosIV/appl/bsd/sysv_shadow.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/sysv_shadow.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/sysv_shadow.c (revision 62578) @@ -1,45 +1,45 @@ /* Author: Wietse Venema */ #include "bsd_locl.h" -RCSID("$Id: sysv_shadow.c,v 1.7 1997/03/23 04:56:05 assar Exp $"); +RCSID("$Id: sysv_shadow.c,v 1.8 1997/12/29 19:56:07 bg Exp $"); #ifdef SYSV_SHADOW #include /* sysv_expire - check account and password expiration times */ int sysv_expire(struct spwd *spwd) { long today; tzset(); - today = time(0); + today = time(0)/(60*60*24); /* In days since Jan. 1, 1970 */ if (spwd->sp_expire > 0) { if (today > spwd->sp_expire) { printf("Your account has expired.\n"); sleepexit(1); } else if (spwd->sp_expire - today < 14) { printf("Your account will expire in %d days.\n", (int)(spwd->sp_expire - today)); return (0); } } if (spwd->sp_max > 0) { if (today > (spwd->sp_lstchg + spwd->sp_max)) { printf("Your password has expired. Choose a new one.\n"); return (1); } else if (spwd->sp_warn > 0 && (today > (spwd->sp_lstchg + spwd->sp_max - spwd->sp_warn))) { printf("Your password will expire in %d days.\n", (int)(spwd->sp_lstchg + spwd->sp_max - today)); return (0); } } return (0); } #endif /* SYSV_SHADOW */ Index: stable/3/crypto/kerberosIV/appl/bsd/sysv_shadow.h =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/sysv_shadow.h (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/sysv_shadow.h (revision 62578) @@ -1,5 +1,5 @@ -/* $Id: sysv_shadow.h,v 1.6 1997/03/23 04:55:51 assar Exp $ */ +/* $Id: sysv_shadow.h,v 1.7 1999/03/13 21:15:43 assar Exp $ */ #include -extern sysv_expire(struct spwd *); +int sysv_expire(struct spwd *); Index: stable/3/crypto/kerberosIV/appl/bsd/tty.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/tty.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/tty.c (revision 62578) @@ -1,75 +1,70 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID("$Id: tty.c,v 1.2 1997/05/25 01:14:22 assar Exp $"); +RCSID("$Id: tty.c,v 1.3 1999/12/02 16:58:28 joda Exp $"); /* * Clean the tty name. Return a pointer to the cleaned version. */ char * clean_ttyname (char *tty) { char *res = tty; if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0) res += strlen(_PATH_DEV); if (strncmp (res, "pty/", 4) == 0) res += 4; if (strncmp (res, "ptym/", 5) == 0) res += 5; return res; } /* * Generate a name usable as an `ut_id', typically without `tty'. */ char * make_id (char *tty) { char *res = tty; if (strncmp (res, "pts/", 4) == 0) res += 4; if (strncmp (res, "tty", 3) == 0) res += 3; return res; } Index: stable/3/crypto/kerberosIV/appl/bsd/utmp_login.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/utmp_login.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/utmp_login.c (revision 62578) @@ -1,121 +1,118 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "bsd_locl.h" -RCSID("$Id: utmp_login.c,v 1.13 1997/05/20 13:46:21 assar Exp $"); +RCSID("$Id: utmp_login.c,v 1.16 1999/12/02 16:58:29 joda Exp $"); +#ifdef HAVE_UTMP_H void prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname) { char *ttyx = clean_ttyname (tty); memset(utmp, 0, sizeof(*utmp)); utmp->ut_time = time(NULL); strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line)); strncpy(utmp->ut_name, username, sizeof(utmp->ut_name)); -# ifdef HAVE_UT_USER +# ifdef HAVE_STRUCT_UTMP_UT_USER strncpy(utmp->ut_user, username, sizeof(utmp->ut_user)); # endif -# ifdef HAVE_UT_ADDR +# ifdef HAVE_STRUCT_UTMP_UT_ADDR if (hostname[0]) { struct hostent *he; if ((he = gethostbyname(hostname))) memcpy(&utmp->ut_addr, he->h_addr_list[0], sizeof(utmp->ut_addr)); } # endif -# ifdef HAVE_UT_HOST +# ifdef HAVE_STRUCT_UTMP_UT_HOST strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host)); # endif -# ifdef HAVE_UT_TYPE +# ifdef HAVE_STRUCT_UTMP_UT_TYPE utmp->ut_type = USER_PROCESS; # endif -# ifdef HAVE_UT_PID +# ifdef HAVE_STRUCT_UTMP_UT_PID utmp->ut_pid = getpid(); # endif -# ifdef HAVE_UT_ID +# ifdef HAVE_STRUCT_UTMP_UT_ID strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id)); # endif } +#endif #ifdef HAVE_UTMPX_H void utmp_login(char *tty, char *username, char *hostname) { return; } #else /* update utmp and wtmp - the BSD way */ void utmp_login(char *tty, char *username, char *hostname) { struct utmp utmp; int fd; prepare_utmp (&utmp, tty, username, hostname); #ifdef HAVE_SETUTENT utmpname(_PATH_UTMP); setutent(); pututline(&utmp); endutent(); #else #ifdef HAVE_TTYSLOT { int ttyno; ttyno = ttyslot(); if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) { lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET); write(fd, &utmp, sizeof(struct utmp)); close(fd); } } #endif /* HAVE_TTYSLOT */ #endif /* HAVE_SETUTENT */ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { write(fd, &utmp, sizeof(struct utmp)); close(fd); } } #endif /* !HAVE_UTMPX_H */ Index: stable/3/crypto/kerberosIV/appl/bsd/utmpx_login.c =================================================================== --- stable/3/crypto/kerberosIV/appl/bsd/utmpx_login.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/bsd/utmpx_login.c (revision 62578) @@ -1,88 +1,88 @@ /* Author: Wietse Venema */ #include "bsd_locl.h" -RCSID("$Id: utmpx_login.c,v 1.20 1997/06/01 03:13:15 assar Exp $"); +RCSID("$Id: utmpx_login.c,v 1.21 1999/03/29 17:57:31 joda Exp $"); /* utmpx_login - update utmp and wtmp after login */ #ifndef HAVE_UTMPX_H int utmpx_login(char *line, char *user, char *host) { return 0; } #else static void utmpx_update(struct utmpx *ut, char *line, char *user, char *host) { struct timeval tmp; char *clean_tty = clean_ttyname(line); strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line)); -#ifdef HAVE_UT_ID +#ifdef HAVE_STRUCT_UTMPX_UT_ID strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id)); #endif strncpy(ut->ut_user, user, sizeof(ut->ut_user)); strncpy(ut->ut_host, host, sizeof(ut->ut_host)); -#ifdef HAVE_UT_SYSLEN +#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN ut->ut_syslen = strlen(host) + 1; if (ut->ut_syslen > sizeof(ut->ut_host)) ut->ut_syslen = sizeof(ut->ut_host); #endif ut->ut_type = USER_PROCESS; gettimeofday (&tmp, 0); ut->ut_tv.tv_sec = tmp.tv_sec; ut->ut_tv.tv_usec = tmp.tv_usec; pututxline(ut); #ifdef WTMPX_FILE updwtmpx(WTMPX_FILE, ut); #elif defined(WTMP_FILE) { struct utmp utmp; int fd; prepare_utmp (&utmp, line, user, host); if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { write(fd, &utmp, sizeof(struct utmp)); close(fd); } } #endif } int utmpx_login(char *line, char *user, char *host) { struct utmpx *ut; pid_t mypid = getpid(); int ret = (-1); /* * SYSV4 ttymon and login use tty port names with the "/dev/" prefix * stripped off. Rlogind and telnetd, on the other hand, make utmpx * entries with device names like /dev/pts/nnn. We therefore cannot use * getutxline(). Return nonzero if no utmp entry was found with our own * process ID for a login or user process. */ while ((ut = getutxent())) { /* Try to find a reusable entry */ if (ut->ut_pid == mypid && ( ut->ut_type == INIT_PROCESS || ut->ut_type == LOGIN_PROCESS || ut->ut_type == USER_PROCESS)) { utmpx_update(ut, line, user, host); ret = 0; break; } } if (ret == -1) { /* Grow utmpx file by one record. */ struct utmpx newut; memset(&newut, 0, sizeof(newut)); newut.ut_pid = mypid; utmpx_update(&newut, line, user, host); ret = 0; } endutxent(); return (ret); } #endif /* HAVE_UTMPX_H */ Index: stable/3/crypto/kerberosIV/appl/ftp/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/Makefile.in (revision 62578) @@ -1,41 +1,44 @@ -# $Id: Makefile.in,v 1.9 1997/03/23 13:03:54 assar Exp $ +# $Id: Makefile.in,v 1.12 1999/03/10 19:01:11 joda Exp $ srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ SHELL = /bin/sh @SET_MAKE@ CC = @CC@ RANLIB = @RANLIB@ DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ INSTALL = @INSTALL@ prefix = @prefix@ SUBDIRS=common ftp ftpd all: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) all); done install: all for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) install); done uninstall: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done clean cleandir: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) clean); done distclean: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done rm -f Makefile *~ + +.PHONY: all install uninstall clean cleandir distclean Index: stable/3/crypto/kerberosIV/appl/ftp/common/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/common/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/common/Makefile.in (revision 62578) @@ -1,52 +1,55 @@ -# $Id: Makefile.in,v 1.17 1997/05/18 20:00:06 assar Exp $ +# $Id: Makefile.in,v 1.23 1999/03/10 19:01:11 joda Exp $ SHELL = /bin/sh srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ CC = @CC@ AR = ar RANLIB = @RANLIB@ DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ INSTALL = @INSTALL@ prefix = @prefix@ -SOURCES = base64.c glob.c sockbuf.c buffer.c +SOURCES = sockbuf.c buffer.c OBJECTS = $(libcommon_OBJS) -libcommon_OBJS = base64.o glob.o sockbuf.o buffer.o +libcommon_OBJS = sockbuf.o buffer.o LIBNAME = $(LIBPREFIX)common LIBEXT = a LIBPREFIX = @LIBPREFIX@ LIB = $(LIBNAME).$(LIBEXT) all: $(LIB) .c.o: - $(CC) -c $(CFLAGS) -I$(srcdir) -I../../../include $(DEFS) $< + $(CC) -c -I$(srcdir) -I../../../include $(DEFS) $(CFLAGS) $(CPPFLAGS) $< $(LIB): $(libcommon_OBJS) rm -f $@ ar cr $@ $(libcommon_OBJS) -$(RANLIB) $@ install: uninstall: TAGS: $(SOURCES) etags $(SOURCES) clean cleandir: rm -f *~ *.o libcommon.a core \#* distclean: rm -f Makefile $(OBJECTS): ../../../include/config.h + +.PHONY: all install uninstall clean cleandir distclean Index: stable/3/crypto/kerberosIV/appl/ftp/common/buffer.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/common/buffer.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/common/buffer.c (revision 62578) @@ -1,73 +1,69 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "common.h" #include +#include #include "roken.h" -RCSID("$Id: buffer.c,v 1.1 1997/05/18 19:59:24 assar Exp $"); +RCSID("$Id: buffer.c,v 1.3 1999/12/02 16:58:29 joda Exp $"); /* * Allocate a buffer enough to handle st->st_blksize, if * there is such a field, otherwise BUFSIZ. */ void * alloc_buffer (void *oldbuf, size_t *sz, struct stat *st) { size_t new_sz; new_sz = BUFSIZ; #ifdef HAVE_ST_BLKSIZE if (st) new_sz = max(BUFSIZ, st->st_blksize); #endif if(new_sz > *sz) { if (oldbuf) free (oldbuf); oldbuf = malloc (new_sz); if (oldbuf == NULL) { warn ("malloc"); *sz = 0; return NULL; } *sz = new_sz; } return oldbuf; } Index: stable/3/crypto/kerberosIV/appl/ftp/common/common.h =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/common/common.h (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/common/common.h (revision 62578) @@ -1,62 +1,60 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: common.h,v 1.9 1997/05/18 19:59:58 assar Exp $ */ +/* $Id: common.h,v 1.12 1999/12/02 16:58:29 joda Exp $ */ #ifdef HAVE_CONFIG_H #include #endif #ifndef __COMMON_H__ #define __COMMON_H__ #include "base64.h" void set_buffer_size(int, int); #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_STAT_H #include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include #endif void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st); #endif /* __COMMON_H__ */ Index: stable/3/crypto/kerberosIV/appl/ftp/common/sockbuf.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/common/sockbuf.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/common/sockbuf.c (revision 62578) @@ -1,61 +1,56 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "common.h" #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif -RCSID("$Id: sockbuf.c,v 1.2 1997/05/11 10:01:48 assar Exp $"); +RCSID("$Id: sockbuf.c,v 1.3 1999/12/02 16:58:29 joda Exp $"); void set_buffer_size(int fd, int read) { #if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT) size_t size = 4194304; while(size >= 131072 && setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF, (void *)&size, sizeof(size)) < 0) size /= 2; #endif } Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/Makefile.in (revision 62578) @@ -1,76 +1,102 @@ # -# $Id: Makefile.in,v 1.24 1997/03/23 13:03:55 assar Exp $ +# $Id: Makefile.in,v 1.32 1999/03/11 13:58:09 joda Exp $ # SHELL = /bin/sh srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ -topdir = ../../.. +top_builddir = ../../.. CC = @CC@ RANLIB = @RANLIB@ DEFS = @DEFS@ -CFLAGS = @CFLAGS@ -CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I$(topdir) -I$(top_srcdir) -I$(topdir)/include -I$(top_srcdir)/include -I$(srcdir)/../common @INCLUDE_readline@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ +CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)/../common @INCLUDE_readline@ LD_FLAGS = @LD_FLAGS@ LIB_tgetent = @LIB_tgetent@ LIBS = @LIBS@ @LIB_readline@ MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ libdir = @libdir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ -INCTOP = $(topdir)/include +INCTOP = $(top_builddir)/include -LIBTOP = $(topdir)/lib +LIBTOP = $(top_builddir)/lib PROGS = ftp$(EXECSUFFIX) -ftp_OBJS = cmds.o cmdtab.o ftp.o krb4.o main.o ruserpass.o domacro.o \ - globals.o kauth.o +ftp_SOURCES = \ + cmds.c \ + cmdtab.c \ + domacro.c \ + ftp.c \ + globals.c \ + kauth.c \ + krb4.c \ + main.c \ + ruserpass.c \ + security.c -ftp_SOURCES = cmds.c cmdtab.c ftp.c krb4.c main.c ruserpass.c \ - domacro.c globals.c kauth.c +ftp_OBJS = \ + cmds.o \ + cmdtab.o \ + domacro.o \ + ftp.o \ + globals.o \ + kauth.o \ + krb4.o \ + main.o \ + ruserpass.o \ + security.o OBJECTS = $(ftp_OBJS) SOURCES = $(ftp_SOURCES) all: $(PROGS) .c.o: - $(CC) -c $(CFLAGS) $(CPPFLAGS) $(DEFS) $< + $(CC) -c -I$(srcdir) -I../../../include $(DEFS) $(CFLAGS) $(CPPFLAGS) $< install: all - $(MKINSTALLDIRS) $(bindir) + $(MKINSTALLDIRS) $(DESTDIR)$(bindir) for x in $(PROGS); do \ - $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done uninstall: for x in $(PROGS); do \ - rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done -ftp$(EXECSUFFIX): $(ftp_OBJS) # ../common/libcommon.a +ftp$(EXECSUFFIX): $(ftp_OBJS) $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftp_OBJS) -L../common -lcommon -L$(LIBTOP)/krb -lkrb -L$(LIBTOP)/des -ldes -L$(LIBTOP)/roken -lroken $(LIBS) -L$(LIBTOP)/roken -lroken TAGS: $(SOURCES) etags $(SOURCES) -clean cleandir: - rm -f *~ *.o core ftp \#* +clean: + rm -f *~ *.o core ftp$(EXECSUFFIX) \#* -distclean: +mostlyclean: clean + +distclean: clean rm -f Makefile +realclean: distclean + rm -f TAGS + $(OBJECTS): ../../../include/config.h + +.PHONY: all install uninstall clean cleandir distclean Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/cmds.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/cmds.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/cmds.c (revision 62578) @@ -1,2073 +1,2116 @@ /* * Copyright (c) 1985, 1989, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * FTP User Program -- Command Routines. */ #include "ftp_locl.h" -RCSID("$Id: cmds.c,v 1.23 1997/06/01 22:52:37 assar Exp $"); +RCSID("$Id: cmds.c,v 1.36 1999/09/16 20:37:28 assar Exp $"); typedef void (*sighand)(int); jmp_buf jabort; char *mname; char *home = "/"; /* * `Another' gets another argument, and stores the new argc and argv. * It reverts to the top level (via main.c's intr()) on EOF/error. * * Returns false if no new arguments have been added. */ int another(int *pargc, char ***pargv, char *prompt) { int len = strlen(line), ret; if (len >= sizeof(line) - 3) { printf("sorry, arguments too long\n"); intr(0); } printf("(%s) ", prompt); line[len++] = ' '; if (fgets(&line[len], sizeof(line) - len, stdin) == NULL) intr(0); len += strlen(&line[len]); if (len > 0 && line[len - 1] == '\n') line[len - 1] = '\0'; makeargv(); ret = margc > *pargc; *pargc = margc; *pargv = margv; return (ret); } /* * Connect to peer server and * auto-login, if possible. */ void setpeer(int argc, char **argv) { char *host; short port; struct servent *sp; if (connected) { printf("Already connected to %s, use close first.\n", hostname); code = -1; return; } if (argc < 2) another(&argc, &argv, "to"); if (argc < 2 || argc > 3) { printf("usage: %s host-name [port]\n", argv[0]); code = -1; return; } sp = getservbyname("ftp", "tcp"); if (sp == NULL) errx(1, "You bastard. You removed ftp/tcp from services"); port = sp->s_port; if (argc > 2) { port = atoi(argv[2]); if (port <= 0) { printf("%s: bad port number-- %s\n", argv[1], argv[2]); printf ("usage: %s host-name [port]\n", argv[0]); code = -1; return; } port = htons(port); } host = hookup(argv[1], port); if (host) { int overbose; connected = 1; /* * Set up defaults for FTP. */ - strcpy(typename, "ascii"), type = TYPE_A; + strlcpy(typename, "ascii", sizeof(typename)); + type = TYPE_A; curtype = TYPE_A; - strcpy(formname, "non-print"), form = FORM_N; - strcpy(modename, "stream"), mode = MODE_S; - strcpy(structname, "file"), stru = STRU_F; - strcpy(bytename, "8"), bytesize = 8; + strlcpy(formname, "non-print", sizeof(formname)); + form = FORM_N; + strlcpy(modename, "stream", sizeof(modename)); + mode = MODE_S; + strlcpy(structname, "file", sizeof(structname)); + stru = STRU_F; + strlcpy(bytename, "8", sizeof(bytename)); + bytesize = 8; if (autologin) login(argv[1]); #if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)) && NBBY == 8 /* * this ifdef is to keep someone form "porting" this to an incompatible * system and not checking this out. This way they have to think about it. */ overbose = verbose; if (debug == 0) verbose = -1; if (command("SYST") == COMPLETE && overbose) { char *cp, c; cp = strchr(reply_string+4, ' '); if (cp == NULL) cp = strchr(reply_string+4, '\r'); if (cp) { if (cp[-1] == '.') cp--; c = *cp; *cp = '\0'; } printf("Remote system type is %s.\n", reply_string+4); if (cp) *cp = c; } if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) { if (proxy) unix_proxy = 1; else unix_server = 1; /* * Set type to 0 (not specified by user), * meaning binary by default, but don't bother * telling server. We can use binary * for text files unless changed by the user. */ type = 0; - strcpy(typename, "binary"); + strlcpy(typename, "binary", sizeof(typename)); if (overbose) printf("Using %s mode to transfer files.\n", typename); } else { if (proxy) unix_proxy = 0; else unix_server = 0; if (overbose && !strncmp(reply_string, "215 TOPS20", 10)) printf( "Remember to set tenex mode when transfering binary files from this machine.\n"); } verbose = overbose; #endif /* unix */ } } struct types { char *t_name; char *t_mode; int t_type; char *t_arg; } types[] = { { "ascii", "A", TYPE_A, 0 }, { "binary", "I", TYPE_I, 0 }, { "image", "I", TYPE_I, 0 }, { "ebcdic", "E", TYPE_E, 0 }, { "tenex", "L", TYPE_L, bytename }, { NULL } }; /* * Set transfer type. */ void settype(int argc, char **argv) { struct types *p; int comret; if (argc > 2) { char *sep; printf("usage: %s [", argv[0]); sep = " "; for (p = types; p->t_name; p++) { printf("%s%s", sep, p->t_name); sep = " | "; } printf(" ]\n"); code = -1; return; } if (argc < 2) { printf("Using %s mode to transfer files.\n", typename); code = 0; return; } for (p = types; p->t_name; p++) if (strcmp(argv[1], p->t_name) == 0) break; if (p->t_name == 0) { printf("%s: unknown mode\n", argv[1]); code = -1; return; } if ((p->t_arg != NULL) && (*(p->t_arg) != '\0')) comret = command ("TYPE %s %s", p->t_mode, p->t_arg); else comret = command("TYPE %s", p->t_mode); if (comret == COMPLETE) { - strcpy(typename, p->t_name); + strlcpy(typename, p->t_name, sizeof(typename)); curtype = type = p->t_type; } } /* * Internal form of settype; changes current type in use with server * without changing our notion of the type for data transfers. * Used to change to and from ascii for listings. */ void changetype(int newtype, int show) { struct types *p; int comret, oldverbose = verbose; if (newtype == 0) newtype = TYPE_I; if (newtype == curtype) return; if (debug == 0 && show == 0) verbose = 0; for (p = types; p->t_name; p++) if (newtype == p->t_type) break; if (p->t_name == 0) { printf("ftp: internal error: unknown type %d\n", newtype); return; } if (newtype == TYPE_L && bytename[0] != '\0') comret = command("TYPE %s %s", p->t_mode, bytename); else comret = command("TYPE %s", p->t_mode); if (comret == COMPLETE) curtype = newtype; verbose = oldverbose; } char *stype[] = { "type", "", 0 }; /* * Set binary transfer type. */ /*VARARGS*/ void setbinary(int argc, char **argv) { stype[1] = "binary"; settype(2, stype); } /* * Set ascii transfer type. */ /*VARARGS*/ void setascii(int argc, char **argv) { stype[1] = "ascii"; settype(2, stype); } /* * Set tenex transfer type. */ /*VARARGS*/ void settenex(int argc, char **argv) { stype[1] = "tenex"; settype(2, stype); } /* * Set file transfer mode. */ /*ARGSUSED*/ void setftmode(int argc, char **argv) { printf("We only support %s mode, sorry.\n", modename); code = -1; } /* * Set file transfer format. */ /*ARGSUSED*/ void setform(int argc, char **argv) { printf("We only support %s format, sorry.\n", formname); code = -1; } /* * Set file transfer structure. */ /*ARGSUSED*/ void setstruct(int argc, char **argv) { printf("We only support %s structure, sorry.\n", structname); code = -1; } /* * Send a single file. */ void put(int argc, char **argv) { char *cmd; int loc = 0; char *oldargv1, *oldargv2; if (argc == 2) { argc++; argv[2] = argv[1]; loc++; } if (argc < 2 && !another(&argc, &argv, "local-file")) goto usage; if (argc < 3 && !another(&argc, &argv, "remote-file")) { usage: printf("usage: %s local-file remote-file\n", argv[0]); code = -1; return; } oldargv1 = argv[1]; oldargv2 = argv[2]; if (!globulize(&argv[1])) { code = -1; return; } /* * If "globulize" modifies argv[1], and argv[2] is a copy of * the old argv[1], make it a copy of the new argv[1]. */ if (argv[1] != oldargv1 && argv[2] == oldargv1) { argv[2] = argv[1]; } cmd = (argv[0][0] == 'a') ? "APPE" : ((sunique) ? "STOU" : "STOR"); if (loc && ntflag) { argv[2] = dotrans(argv[2]); } if (loc && mapflag) { argv[2] = domap(argv[2]); } sendrequest(cmd, argv[1], argv[2], + curtype == TYPE_I ? "rb" : "r", argv[1] != oldargv1 || argv[2] != oldargv2); } /* ARGSUSED */ static RETSIGTYPE mabort(int signo) { int ointer; printf("\n"); fflush(stdout); if (mflag && fromatty) { ointer = interactive; interactive = 1; if (confirm("Continue with", mname)) { interactive = ointer; longjmp(jabort,0); } interactive = ointer; } mflag = 0; longjmp(jabort,0); } /* * Send multiple files. */ void mput(int argc, char **argv) { int i; RETSIGTYPE (*oldintr)(); int ointer; char *tp; if (argc < 2 && !another(&argc, &argv, "local-files")) { printf("usage: %s local-files\n", argv[0]); code = -1; return; } mname = argv[0]; mflag = 1; oldintr = signal(SIGINT, mabort); setjmp(jabort); if (proxy) { char *cp, *tp2, tmpbuf[MaxPathLen]; while ((cp = remglob(argv,0)) != NULL) { if (*cp == 0) { mflag = 0; continue; } if (mflag && confirm(argv[0], cp)) { tp = cp; if (mcase) { while (*tp && !islower(*tp)) { tp++; } if (!*tp) { tp = cp; tp2 = tmpbuf; while ((*tp2 = *tp) != '\0') { if (isupper(*tp2)) { *tp2 = 'a' + *tp2 - 'A'; } tp++; tp2++; } } tp = tmpbuf; } if (ntflag) { tp = dotrans(tp); } if (mapflag) { tp = domap(tp); } sendrequest((sunique) ? "STOU" : "STOR", - cp, tp, cp != tp || !interactive); + cp, tp, + curtype == TYPE_I ? "rb" : "r", + cp != tp || !interactive); if (!mflag && fromatty) { ointer = interactive; interactive = 1; if (confirm("Continue with","mput")) { mflag++; } interactive = ointer; } } } signal(SIGINT, oldintr); mflag = 0; return; } for (i = 1; i < argc; i++) { char **cpp; glob_t gl; int flags; if (!doglob) { if (mflag && confirm(argv[0], argv[i])) { tp = (ntflag) ? dotrans(argv[i]) : argv[i]; tp = (mapflag) ? domap(tp) : tp; sendrequest((sunique) ? "STOU" : "STOR", - argv[i], tp, tp != argv[i] || !interactive); + argv[i], + curtype == TYPE_I ? "rb" : "r", + tp, tp != argv[i] || !interactive); if (!mflag && fromatty) { ointer = interactive; interactive = 1; if (confirm("Continue with","mput")) { mflag++; } interactive = ointer; } } continue; } memset(&gl, 0, sizeof(gl)); flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) { warnx("%s: not found", argv[i]); globfree(&gl); continue; } for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) { if (mflag && confirm(argv[0], *cpp)) { tp = (ntflag) ? dotrans(*cpp) : *cpp; tp = (mapflag) ? domap(tp) : tp; sendrequest((sunique) ? "STOU" : "STOR", - *cpp, tp, *cpp != tp || !interactive); + *cpp, tp, + curtype == TYPE_I ? "rb" : "r", + *cpp != tp || !interactive); if (!mflag && fromatty) { ointer = interactive; interactive = 1; if (confirm("Continue with","mput")) { mflag++; } interactive = ointer; } } } globfree(&gl); } signal(SIGINT, oldintr); mflag = 0; } void reget(int argc, char **argv) { - - getit(argc, argv, 1, "r+w"); + getit(argc, argv, 1, curtype == TYPE_I ? "r+wb" : "r+w"); } void get(int argc, char **argv) { + char *mode; - getit(argc, argv, 0, restart_point ? "r+w" : "w" ); + if (restart_point) + if (curtype == TYPE_I) + mode = "r+wb"; + else + mode = "r+w"; + else + if (curtype == TYPE_I) + mode = "wb"; + else + mode = "w"; + + getit(argc, argv, 0, mode); } /* * Receive one file. */ int getit(int argc, char **argv, int restartit, char *mode) { int loc = 0; + int local_given = 1; char *oldargv1, *oldargv2; if (argc == 2) { argc++; + local_given = 0; argv[2] = argv[1]; loc++; } - if (argc < 2 && !another(&argc, &argv, "remote-file")) - goto usage; - if (argc < 3 && !another(&argc, &argv, "local-file")) { -usage: + if ((argc < 2 && !another(&argc, &argv, "remote-file")) || + (argc < 3 && !another(&argc, &argv, "local-file"))) { printf("usage: %s remote-file [ local-file ]\n", argv[0]); code = -1; return (0); } oldargv1 = argv[1]; oldargv2 = argv[2]; if (!globulize(&argv[2])) { code = -1; return (0); } if (loc && mcase) { char *tp = argv[1], *tp2, tmpbuf[MaxPathLen]; while (*tp && !islower(*tp)) { tp++; } if (!*tp) { tp = argv[2]; tp2 = tmpbuf; while ((*tp2 = *tp) != '\0') { if (isupper(*tp2)) { *tp2 = 'a' + *tp2 - 'A'; } tp++; tp2++; } argv[2] = tmpbuf; } } if (loc && ntflag) argv[2] = dotrans(argv[2]); if (loc && mapflag) argv[2] = domap(argv[2]); if (restartit) { struct stat stbuf; int ret; ret = stat(argv[2], &stbuf); if (restartit == 1) { if (ret < 0) { warn("local: %s", argv[2]); return (0); } restart_point = stbuf.st_size; - } else { - if (ret == 0) { + } else if (ret == 0) { int overbose; + int cmdret; + int yy, mo, day, hour, min, sec; + struct tm *tm; overbose = verbose; if (debug == 0) verbose = -1; - if (command("MDTM %s", argv[1]) == COMPLETE) { - int yy, mo, day, hour, min, sec; - struct tm *tm; + cmdret = command("MDTM %s", argv[1]); verbose = overbose; - sscanf(reply_string, + if (cmdret != COMPLETE) { + printf("%s\n", reply_string); + return (0); + } + if (sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", - &yy, &mo, &day, &hour, &min, &sec); + &yy, &mo, &day, &hour, &min, &sec) + != 6) { + printf ("bad MDTM result\n"); + return (0); + } + tm = gmtime(&stbuf.st_mtime); tm->tm_mon++; - if (tm->tm_year > yy%100) - return (1); - if ((tm->tm_year == yy%100 && + tm->tm_year += 1900; + + if ((tm->tm_year > yy) || + (tm->tm_year == yy && tm->tm_mon > mo) || (tm->tm_mon == mo && tm->tm_mday > day) || (tm->tm_mday == day && tm->tm_hour > hour) || (tm->tm_hour == hour && tm->tm_min > min) || (tm->tm_min == min && tm->tm_sec > sec)) return (1); - } else { - printf("%s\n", reply_string); - verbose = overbose; - return (0); } } - } - } recvrequest("RETR", argv[2], argv[1], mode, - argv[1] != oldargv1 || argv[2] != oldargv2); + argv[1] != oldargv1 || argv[2] != oldargv2, local_given); restart_point = 0; return (0); } +static int +suspicious_filename(const char *fn) +{ + return strstr(fn, "../") != NULL || *fn == '/'; +} + /* * Get multiple files. */ void mget(int argc, char **argv) { sighand oldintr; int ch, ointer; char *cp, *tp, *tp2, tmpbuf[MaxPathLen]; if (argc < 2 && !another(&argc, &argv, "remote-files")) { printf("usage: %s remote-files\n", argv[0]); code = -1; return; } mname = argv[0]; mflag = 1; oldintr = signal(SIGINT, mabort); setjmp(jabort); while ((cp = remglob(argv,proxy)) != NULL) { if (*cp == '\0') { mflag = 0; continue; } + if (mflag && suspicious_filename(cp)) + printf("*** Suspicious filename: %s\n", cp); if (mflag && confirm(argv[0], cp)) { tp = cp; if (mcase) { for (tp2 = tmpbuf; (ch = *tp++);) *tp2++ = isupper(ch) ? tolower(ch) : ch; *tp2 = '\0'; tp = tmpbuf; } if (ntflag) { tp = dotrans(tp); } if (mapflag) { tp = domap(tp); } - recvrequest("RETR", tp, cp, "w", - tp != cp || !interactive); + recvrequest("RETR", tp, cp, + curtype == TYPE_I ? "wb" : "w", + tp != cp || !interactive, 0); if (!mflag && fromatty) { ointer = interactive; interactive = 1; if (confirm("Continue with","mget")) { mflag++; } interactive = ointer; } } } signal(SIGINT,oldintr); mflag = 0; } char * remglob(char **argv, int doswitch) { char temp[16]; static char buf[MaxPathLen]; static FILE *ftemp = NULL; static char **args; int oldverbose, oldhash; char *cp, *mode; if (!mflag) { if (!doglob) { args = NULL; } else { if (ftemp) { fclose(ftemp); ftemp = NULL; } } return (NULL); } if (!doglob) { if (args == NULL) args = argv; if ((cp = *++args) == NULL) args = NULL; return (cp); } if (ftemp == NULL) { - strcpy(temp, _PATH_TMP_XXX); - mktemp(temp); + int fd; + strlcpy(temp, _PATH_TMP_XXX, sizeof(temp)); + fd = mkstemp(temp); + if(fd < 0){ + warn("unable to create temporary file %s", temp); + return NULL; + } + close(fd); oldverbose = verbose, verbose = 0; oldhash = hash, hash = 0; if (doswitch) { pswitch(!proxy); } for (mode = "w"; *++argv != NULL; mode = "a") - recvrequest ("NLST", temp, *argv, mode, 0); + recvrequest ("NLST", temp, *argv, mode, 0, 0); if (doswitch) { pswitch(!proxy); } verbose = oldverbose; hash = oldhash; ftemp = fopen(temp, "r"); unlink(temp); if (ftemp == NULL) { printf("can't find list of remote files, oops\n"); return (NULL); } + } + while(fgets(buf, sizeof (buf), ftemp)) { + if ((cp = strchr(buf, '\n')) != NULL) + *cp = '\0'; + if(!interactive && suspicious_filename(buf)){ + printf("Ignoring remote globbed file `%s'\n", buf); + continue; } - if (fgets(buf, sizeof (buf), ftemp) == NULL) { + return buf; + } fclose(ftemp); ftemp = NULL; return (NULL); } - if ((cp = strchr(buf, '\n')) != NULL) - *cp = '\0'; - return (buf); -} char * onoff(int bool) { return (bool ? "on" : "off"); } /* * Show status. */ /*ARGSUSED*/ void status(int argc, char **argv) { int i; if (connected) printf("Connected to %s.\n", hostname); else printf("Not connected.\n"); if (!proxy) { pswitch(1); if (connected) { printf("Connected for proxy commands to %s.\n", hostname); } else { printf("No proxy connection.\n"); } pswitch(0); } sec_status(); printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n", modename, typename, formname, structname); printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", onoff(verbose), onoff(bell), onoff(interactive), onoff(doglob)); printf("Store unique: %s; Receive unique: %s\n", onoff(sunique), onoff(runique)); printf("Case: %s; CR stripping: %s\n",onoff(mcase),onoff(crflag)); if (ntflag) { printf("Ntrans: (in) %s (out) %s\n", ntin,ntout); } else { printf("Ntrans: off\n"); } if (mapflag) { printf("Nmap: (in) %s (out) %s\n", mapin, mapout); } else { printf("Nmap: off\n"); } printf("Hash mark printing: %s; Use of PORT cmds: %s\n", onoff(hash), onoff(sendport)); if (macnum > 0) { printf("Macros:\n"); for (i=0; i 1) { val = atoi(argv[1]); if (val < 0) { printf("%s: bad debugging value.\n", argv[1]); code = -1; return; } } else val = !debug; debug = val; if (debug) options |= SO_DEBUG; else options &= ~SO_DEBUG; printf("Debugging %s (debug=%d).\n", onoff(debug), debug); code = debug > 0; } /* * Set current working directory * on remote machine. */ void cd(int argc, char **argv) { if (argc < 2 && !another(&argc, &argv, "remote-directory")) { printf("usage: %s remote-directory\n", argv[0]); code = -1; return; } if (command("CWD %s", argv[1]) == ERROR && code == 500) { if (verbose) printf("CWD command not recognized, trying XCWD\n"); command("XCWD %s", argv[1]); } } /* * Set current working directory * on local machine. */ void lcd(int argc, char **argv) { char buf[MaxPathLen]; if (argc < 2) argc++, argv[1] = home; if (argc != 2) { printf("usage: %s local-directory\n", argv[0]); code = -1; return; } if (!globulize(&argv[1])) { code = -1; return; } if (chdir(argv[1]) < 0) { warn("local: %s", argv[1]); code = -1; return; } if (getcwd(buf, sizeof(buf)) != NULL) printf("Local directory now %s\n", buf); else warnx("getwd: %s", buf); code = 0; } /* * Delete a single file. */ void delete(int argc, char **argv) { if (argc < 2 && !another(&argc, &argv, "remote-file")) { printf("usage: %s remote-file\n", argv[0]); code = -1; return; } command("DELE %s", argv[1]); } /* * Delete multiple files. */ void mdelete(int argc, char **argv) { sighand oldintr; int ointer; char *cp; if (argc < 2 && !another(&argc, &argv, "remote-files")) { printf("usage: %s remote-files\n", argv[0]); code = -1; return; } mname = argv[0]; mflag = 1; oldintr = signal(SIGINT, mabort); setjmp(jabort); while ((cp = remglob(argv,0)) != NULL) { if (*cp == '\0') { mflag = 0; continue; } if (mflag && confirm(argv[0], cp)) { command("DELE %s", cp); if (!mflag && fromatty) { ointer = interactive; interactive = 1; if (confirm("Continue with", "mdelete")) { mflag++; } interactive = ointer; } } } signal(SIGINT, oldintr); mflag = 0; } /* * Rename a remote file. */ void renamefile(int argc, char **argv) { if (argc < 2 && !another(&argc, &argv, "from-name")) goto usage; if (argc < 3 && !another(&argc, &argv, "to-name")) { usage: printf("%s from-name to-name\n", argv[0]); code = -1; return; } if (command("RNFR %s", argv[1]) == CONTINUE) command("RNTO %s", argv[2]); } /* * Get a directory listing * of remote files. */ void ls(int argc, char **argv) { char *cmd; if (argc < 2) argc++, argv[1] = NULL; if (argc < 3) argc++, argv[2] = "-"; if (argc > 3) { printf("usage: %s remote-directory local-file\n", argv[0]); code = -1; return; } cmd = argv[0][0] == 'n' ? "NLST" : "LIST"; if (strcmp(argv[2], "-") && !globulize(&argv[2])) { code = -1; return; } if (strcmp(argv[2], "-") && *argv[2] != '|') - if (!globulize(&argv[2]) || !confirm("output to local-file:", argv[2])) { + if (!globulize(&argv[2]) || !confirm("output to local-file:", + argv[2])) { code = -1; return; } - recvrequest(cmd, argv[2], argv[1], "w", 0); + recvrequest(cmd, argv[2], argv[1], "w", 0, 1); } /* * Get a directory listing * of multiple remote files. */ void mls(int argc, char **argv) { sighand oldintr; int ointer, i; char *cmd, mode[1], *dest; if (argc < 2 && !another(&argc, &argv, "remote-files")) goto usage; if (argc < 3 && !another(&argc, &argv, "local-file")) { usage: printf("usage: %s remote-files local-file\n", argv[0]); code = -1; return; } dest = argv[argc - 1]; argv[argc - 1] = NULL; if (strcmp(dest, "-") && *dest != '|') if (!globulize(&dest) || !confirm("output to local-file:", dest)) { code = -1; return; } cmd = argv[0][1] == 'l' ? "NLST" : "LIST"; mname = argv[0]; mflag = 1; oldintr = signal(SIGINT, mabort); setjmp(jabort); for (i = 1; mflag && i < argc-1; ++i) { *mode = (i == 1) ? 'w' : 'a'; - recvrequest(cmd, dest, argv[i], mode, 0); + recvrequest(cmd, dest, argv[i], mode, 0, 1); if (!mflag && fromatty) { ointer = interactive; interactive = 1; if (confirm("Continue with", argv[0])) { mflag ++; } interactive = ointer; } } signal(SIGINT, oldintr); mflag = 0; } /* * Do a shell escape */ /*ARGSUSED*/ void shell(int argc, char **argv) { pid_t pid; RETSIGTYPE (*old1)(), (*old2)(); char shellnam[40], *shell, *namep; int status; old1 = signal (SIGINT, SIG_IGN); old2 = signal (SIGQUIT, SIG_IGN); if ((pid = fork()) == 0) { for (pid = 3; pid < 20; pid++) close(pid); signal(SIGINT, SIG_DFL); signal(SIGQUIT, SIG_DFL); shell = getenv("SHELL"); if (shell == NULL) shell = _PATH_BSHELL; namep = strrchr(shell,'/'); if (namep == NULL) namep = shell; - strcpy(shellnam,"-"); - strcat(shellnam, ++namep); + snprintf (shellnam, sizeof(shellnam), + "-%s", ++namep); if (strcmp(namep, "sh") != 0) shellnam[0] = '+'; if (debug) { printf ("%s\n", shell); fflush (stdout); } if (argc > 1) { execl(shell,shellnam,"-c",altarg,(char *)0); } else { execl(shell,shellnam,(char *)0); } warn("%s", shell); code = -1; exit(1); } if (pid > 0) while (waitpid(-1, &status, 0) != pid) ; signal(SIGINT, old1); signal(SIGQUIT, old2); if (pid == -1) { warn("%s", "Try again later"); code = -1; } else { code = 0; } } /* * Send new user information (re-login) */ void user(int argc, char **argv) { char acct[80]; int n, aflag = 0; char tmp[256]; if (argc < 2) another(&argc, &argv, "username"); if (argc < 2 || argc > 4) { printf("usage: %s username [password] [account]\n", argv[0]); code = -1; return; } n = command("USER %s", argv[1]); if (n == CONTINUE) { if (argc < 3 ) { des_read_pw_string (tmp, sizeof(tmp), "Password: ", 0); argv[2] = tmp; argc++; } n = command("PASS %s", argv[2]); } if (n == CONTINUE) { if (argc < 4) { printf("Account: "); fflush(stdout); fgets(acct, sizeof(acct) - 1, stdin); acct[strlen(acct) - 1] = '\0'; argv[3] = acct; argc++; } n = command("ACCT %s", argv[3]); aflag++; } if (n != COMPLETE) { fprintf(stdout, "Login failed.\n"); return; } if (!aflag && argc == 4) { command("ACCT %s", argv[3]); } } /* * Print working directory. */ /*VARARGS*/ void pwd(int argc, char **argv) { int oldverbose = verbose; /* * If we aren't verbose, this doesn't do anything! */ verbose = 1; if (command("PWD") == ERROR && code == 500) { printf("PWD command not recognized, trying XPWD\n"); command("XPWD"); } verbose = oldverbose; } /* * Make a directory. */ void makedir(int argc, char **argv) { if (argc < 2 && !another(&argc, &argv, "directory-name")) { printf("usage: %s directory-name\n", argv[0]); code = -1; return; } if (command("MKD %s", argv[1]) == ERROR && code == 500) { if (verbose) printf("MKD command not recognized, trying XMKD\n"); command("XMKD %s", argv[1]); } } /* * Remove a directory. */ void removedir(int argc, char **argv) { if (argc < 2 && !another(&argc, &argv, "directory-name")) { printf("usage: %s directory-name\n", argv[0]); code = -1; return; } if (command("RMD %s", argv[1]) == ERROR && code == 500) { if (verbose) printf("RMD command not recognized, trying XRMD\n"); command("XRMD %s", argv[1]); } } /* * Send a line, verbatim, to the remote machine. */ void quote(int argc, char **argv) { if (argc < 2 && !another(&argc, &argv, "command line to send")) { printf("usage: %s line-to-send\n", argv[0]); code = -1; return; } quote1("", argc, argv); } /* * Send a SITE command to the remote machine. The line * is sent verbatim to the remote machine, except that the * word "SITE" is added at the front. */ void site(int argc, char **argv) { if (argc < 2 && !another(&argc, &argv, "arguments to SITE command")) { printf("usage: %s line-to-send\n", argv[0]); code = -1; return; } quote1("SITE ", argc, argv); } /* * Turn argv[1..argc) into a space-separated string, then prepend initial text. * Send the result as a one-line command and get response. */ void quote1(char *initial, int argc, char **argv) { - int i, len; + int i; char buf[BUFSIZ]; /* must be >= sizeof(line) */ - strcpy(buf, initial); - if (argc > 1) { - len = strlen(buf); - len += strlen(strcpy(&buf[len], argv[1])); - for (i = 2; i < argc; i++) { - buf[len++] = ' '; - len += strlen(strcpy(&buf[len], argv[i])); - } + strlcpy(buf, initial, sizeof(buf)); + for(i = 1; i < argc; i++) { + if(i > 1) + strlcat(buf, " ", sizeof(buf)); + strlcat(buf, argv[i], sizeof(buf)); } - if (command(buf) == PRELIM) { + if (command("%s", buf) == PRELIM) { while (getreply(0) == PRELIM) continue; } } void do_chmod(int argc, char **argv) { if (argc < 2 && !another(&argc, &argv, "mode")) goto usage; if (argc < 3 && !another(&argc, &argv, "file-name")) { usage: printf("usage: %s mode file-name\n", argv[0]); code = -1; return; } command("SITE CHMOD %s %s", argv[1], argv[2]); } void do_umask(int argc, char **argv) { int oldverbose = verbose; verbose = 1; command(argc == 1 ? "SITE UMASK" : "SITE UMASK %s", argv[1]); verbose = oldverbose; } void ftp_idle(int argc, char **argv) { int oldverbose = verbose; verbose = 1; command(argc == 1 ? "SITE IDLE" : "SITE IDLE %s", argv[1]); verbose = oldverbose; } /* * Ask the other side for help. */ void rmthelp(int argc, char **argv) { int oldverbose = verbose; verbose = 1; command(argc == 1 ? "HELP" : "HELP %s", argv[1]); verbose = oldverbose; } /* * Terminate session and exit. */ /*VARARGS*/ void quit(int argc, char **argv) { if (connected) disconnect(0, 0); pswitch(1); if (connected) { disconnect(0, 0); } exit(0); } /* * Terminate session, but don't exit. */ void disconnect(int argc, char **argv) { if (!connected) return; command("QUIT"); if (cout) { fclose(cout); } cout = NULL; connected = 0; - krb4_quit(); + sec_end(); data = -1; if (!proxy) { macnum = 0; } } int confirm(char *cmd, char *file) { char line[BUFSIZ]; if (!interactive) return (1); printf("%s %s? ", cmd, file); fflush(stdout); if (fgets(line, sizeof line, stdin) == NULL) return (0); - return (*line != 'n' && *line != 'N'); + return (*line == 'y' || *line == 'Y'); } void fatal(char *msg) { errx(1, "%s", msg); } /* * Glob a local file name specification with * the expectation of a single return value. * Can't control multiple values being expanded * from the expression, we return only the first. */ int globulize(char **cpp) { glob_t gl; int flags; if (!doglob) return (1); flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; memset(&gl, 0, sizeof(gl)); if (glob(*cpp, flags, NULL, &gl) || gl.gl_pathc == 0) { warnx("%s: not found", *cpp); globfree(&gl); return (0); } *cpp = strdup(gl.gl_pathv[0]); /* XXX - wasted memory */ globfree(&gl); return (1); } void account(int argc, char **argv) { char acct[50]; if (argc > 1) { ++argv; --argc; - strncpy(acct,*argv,49); - acct[49] = '\0'; + strlcpy (acct, *argv, sizeof(acct)); while (argc > 1) { --argc; ++argv; - strncat(acct,*argv, 49-strlen(acct)); + strlcat(acct, *argv, sizeof(acct)); } } else { des_read_pw_string(acct, sizeof(acct), "Account:", 0); } command("ACCT %s", acct); } jmp_buf abortprox; static RETSIGTYPE proxabort(int sig) { if (!proxy) { pswitch(1); } if (connected) { proxflag = 1; } else { proxflag = 0; } pswitch(0); longjmp(abortprox,1); } void doproxy(int argc, char **argv) { struct cmd *c; RETSIGTYPE (*oldintr)(); if (argc < 2 && !another(&argc, &argv, "command")) { printf("usage: %s command\n", argv[0]); code = -1; return; } c = getcmd(argv[1]); if (c == (struct cmd *) -1) { printf("?Ambiguous command\n"); fflush(stdout); code = -1; return; } if (c == 0) { printf("?Invalid command\n"); fflush(stdout); code = -1; return; } if (!c->c_proxy) { printf("?Invalid proxy command\n"); fflush(stdout); code = -1; return; } if (setjmp(abortprox)) { code = -1; return; } oldintr = signal(SIGINT, proxabort); pswitch(1); if (c->c_conn && !connected) { printf("Not connected\n"); fflush(stdout); pswitch(0); signal(SIGINT, oldintr); code = -1; return; } (*c->c_handler)(argc-1, argv+1); if (connected) { proxflag = 1; } else { proxflag = 0; } pswitch(0); signal(SIGINT, oldintr); } void setcase(int argc, char **argv) { mcase = !mcase; printf("Case mapping %s.\n", onoff(mcase)); code = mcase; } void setcr(int argc, char **argv) { crflag = !crflag; printf("Carriage Return stripping %s.\n", onoff(crflag)); code = crflag; } void setntrans(int argc, char **argv) { if (argc == 1) { ntflag = 0; printf("Ntrans off.\n"); code = ntflag; return; } ntflag++; code = ntflag; - strncpy(ntin, argv[1], 16); - ntin[16] = '\0'; + strlcpy (ntin, argv[1], 17); if (argc == 2) { ntout[0] = '\0'; return; } - strncpy(ntout, argv[2], 16); - ntout[16] = '\0'; + strlcpy (ntout, argv[2], 17); } char * dotrans(char *name) { static char new[MaxPathLen]; char *cp1, *cp2 = new; int i, ostop, found; for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++) continue; for (cp1 = name; *cp1; cp1++) { found = 0; for (i = 0; *(ntin + i) && i < 16; i++) { if (*cp1 == *(ntin + i)) { found++; if (i < ostop) { *cp2++ = *(ntout + i); } break; } } if (!found) { *cp2++ = *cp1; } } *cp2 = '\0'; return (new); } void setnmap(int argc, char **argv) { char *cp; if (argc == 1) { mapflag = 0; printf("Nmap off.\n"); code = mapflag; return; } if (argc < 3 && !another(&argc, &argv, "mapout")) { printf("Usage: %s [mapin mapout]\n",argv[0]); code = -1; return; } mapflag = 1; code = 1; cp = strchr(altarg, ' '); if (proxy) { while(*++cp == ' ') continue; altarg = cp; cp = strchr(altarg, ' '); } *cp = '\0'; - strncpy(mapin, altarg, MaxPathLen - 1); + strlcpy(mapin, altarg, MaxPathLen); while (*++cp == ' ') continue; - strncpy(mapout, cp, MaxPathLen - 1); + strlcpy(mapout, cp, MaxPathLen); } char * domap(char *name) { static char new[MaxPathLen]; char *cp1 = name, *cp2 = mapin; char *tp[9], *te[9]; int i, toks[9], toknum = 0, match = 1; for (i=0; i < 9; ++i) { toks[i] = 0; } while (match && *cp1 && *cp2) { switch (*cp2) { case '\\': if (*++cp2 != *cp1) { match = 0; } break; case '$': if (*(cp2+1) >= '1' && (*cp2+1) <= '9') { if (*cp1 != *(++cp2+1)) { toks[toknum = *cp2 - '1']++; tp[toknum] = cp1; while (*++cp1 && *(cp2+1) != *cp1); te[toknum] = cp1; } cp2++; break; } /* FALLTHROUGH */ default: if (*cp2 != *cp1) { match = 0; } break; } if (match && *cp1) { cp1++; } if (match && *cp2) { cp2++; } } if (!match && *cp1) /* last token mismatch */ { toks[toknum] = 0; } cp1 = new; *cp1 = '\0'; cp2 = mapout; while (*cp2) { match = 0; switch (*cp2) { case '\\': if (*(cp2 + 1)) { *cp1++ = *++cp2; } break; case '[': LOOP: if (*++cp2 == '$' && isdigit(*(cp2+1))) { if (*++cp2 == '0') { char *cp3 = name; while (*cp3) { *cp1++ = *cp3++; } match = 1; } else if (toks[toknum = *cp2 - '1']) { char *cp3 = tp[toknum]; while (cp3 != te[toknum]) { *cp1++ = *cp3++; } match = 1; } } else { while (*cp2 && *cp2 != ',' && *cp2 != ']') { if (*cp2 == '\\') { cp2++; } else if (*cp2 == '$' && isdigit(*(cp2+1))) { if (*++cp2 == '0') { char *cp3 = name; while (*cp3) { *cp1++ = *cp3++; } } else if (toks[toknum = *cp2 - '1']) { char *cp3=tp[toknum]; while (cp3 != te[toknum]) { *cp1++ = *cp3++; } } } else if (*cp2) { *cp1++ = *cp2++; } } if (!*cp2) { printf("nmap: unbalanced brackets\n"); return (name); } match = 1; cp2--; } if (match) { while (*++cp2 && *cp2 != ']') { if (*cp2 == '\\' && *(cp2 + 1)) { cp2++; } } if (!*cp2) { printf("nmap: unbalanced brackets\n"); return (name); } break; } switch (*++cp2) { case ',': goto LOOP; case ']': break; default: cp2--; goto LOOP; } break; case '$': if (isdigit(*(cp2 + 1))) { if (*++cp2 == '0') { char *cp3 = name; while (*cp3) { *cp1++ = *cp3++; } } else if (toks[toknum = *cp2 - '1']) { char *cp3 = tp[toknum]; while (cp3 != te[toknum]) { *cp1++ = *cp3++; } } break; } /* intentional drop through */ default: *cp1++ = *cp2; break; } cp2++; } *cp1 = '\0'; if (!*new) { return (name); } return (new); } void setpassive(int argc, char **argv) { passivemode = !passivemode; printf("Passive mode %s.\n", onoff(passivemode)); code = passivemode; } void setsunique(int argc, char **argv) { sunique = !sunique; printf("Store unique %s.\n", onoff(sunique)); code = sunique; } void setrunique(int argc, char **argv) { runique = !runique; printf("Receive unique %s.\n", onoff(runique)); code = runique; } /* change directory to perent directory */ void cdup(int argc, char **argv) { if (command("CDUP") == ERROR && code == 500) { if (verbose) printf("CDUP command not recognized, trying XCUP\n"); command("XCUP"); } } /* restart transfer at specific point */ void restart(int argc, char **argv) { if (argc != 2) printf("restart: offset not specified\n"); else { restart_point = atol(argv[1]); printf("restarting at %ld. %s\n", (long)restart_point, "execute get, put or append to initiate transfer"); } } /* show remote system type */ void syst(int argc, char **argv) { command("SYST"); } void macdef(int argc, char **argv) { char *tmp; int c; if (macnum == 16) { printf("Limit of 16 macros have already been defined\n"); code = -1; return; } if (argc < 2 && !another(&argc, &argv, "macro name")) { printf("Usage: %s macro_name\n",argv[0]); code = -1; return; } if (interactive) { printf("Enter macro line by line, terminating it with a null line\n"); } - strncpy(macros[macnum].mac_name, argv[1], 8); + strlcpy(macros[macnum].mac_name, + argv[1], + sizeof(macros[macnum].mac_name)); if (macnum == 0) { macros[macnum].mac_start = macbuf; } else { macros[macnum].mac_start = macros[macnum - 1].mac_end + 1; } tmp = macros[macnum].mac_start; while (tmp != macbuf+4096) { if ((c = getchar()) == EOF) { printf("macdef:end of file encountered\n"); code = -1; return; } if ((*tmp = c) == '\n') { if (tmp == macros[macnum].mac_start) { macros[macnum++].mac_end = tmp; code = 0; return; } if (*(tmp-1) == '\0') { macros[macnum++].mac_end = tmp - 1; code = 0; return; } *tmp = '\0'; } tmp++; } while (1) { while ((c = getchar()) != '\n' && c != EOF) /* LOOP */; if (c == EOF || getchar() == '\n') { printf("Macro not defined - 4k buffer exceeded\n"); code = -1; return; } } } /* * get size of file on remote machine */ void sizecmd(int argc, char **argv) { if (argc < 2 && !another(&argc, &argv, "filename")) { printf("usage: %s filename\n", argv[0]); code = -1; return; } command("SIZE %s", argv[1]); } /* * get last modification time of file on remote machine */ void modtime(int argc, char **argv) { int overbose; if (argc < 2 && !another(&argc, &argv, "filename")) { printf("usage: %s filename\n", argv[0]); code = -1; return; } overbose = verbose; if (debug == 0) verbose = -1; if (command("MDTM %s", argv[1]) == COMPLETE) { int yy, mo, day, hour, min, sec; sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", &yy, &mo, &day, &hour, &min, &sec); /* might want to print this in local time */ printf("%s\t%02d/%02d/%04d %02d:%02d:%02d GMT\n", argv[1], mo, day, yy, hour, min, sec); } else printf("%s\n", reply_string); verbose = overbose; } /* * show status on reomte machine */ void rmtstatus(int argc, char **argv) { command(argc > 1 ? "STAT %s" : "STAT" , argv[1]); } /* * get file if modtime is more recent than current file */ void newer(int argc, char **argv) { - if (getit(argc, argv, -1, "w")) + if (getit(argc, argv, -1, curtype == TYPE_I ? "wb" : "w")) printf("Local file \"%s\" is newer than remote file \"%s\"\n", argv[2], argv[1]); } Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c (revision 62578) @@ -1,193 +1,202 @@ /* * Copyright (c) 1985, 1989, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "ftp_locl.h" /* * User FTP -- Command Tables. */ char accounthelp[] = "send account command to remote server"; char appendhelp[] = "append to a file"; char asciihelp[] = "set ascii transfer type"; char beephelp[] = "beep when command completed"; char binaryhelp[] = "set binary transfer type"; char casehelp[] = "toggle mget upper/lower case id mapping"; char cdhelp[] = "change remote working directory"; char cduphelp[] = "change remote working directory to parent directory"; char chmodhelp[] = "change file permissions of remote file"; char connecthelp[] = "connect to remote tftp"; char crhelp[] = "toggle carriage return stripping on ascii gets"; char deletehelp[] = "delete remote file"; char debughelp[] = "toggle/set debugging mode"; char dirhelp[] = "list contents of remote directory"; char disconhelp[] = "terminate ftp session"; char domachelp[] = "execute macro"; char formhelp[] = "set file transfer format"; char globhelp[] = "toggle metacharacter expansion of local file names"; char hashhelp[] = "toggle printing `#' for each buffer transferred"; char helphelp[] = "print local help information"; char idlehelp[] = "get (set) idle timer on remote side"; char lcdhelp[] = "change local working directory"; char lshelp[] = "list contents of remote directory"; char macdefhelp[] = "define a macro"; char mdeletehelp[] = "delete multiple files"; char mdirhelp[] = "list contents of multiple remote directories"; char mgethelp[] = "get multiple files"; char mkdirhelp[] = "make directory on the remote machine"; char mlshelp[] = "list contents of multiple remote directories"; char modtimehelp[] = "show last modification time of remote file"; char modehelp[] = "set file transfer mode"; char mputhelp[] = "send multiple files"; char newerhelp[] = "get file if remote file is newer than local file "; char nlisthelp[] = "nlist contents of remote directory"; char nmaphelp[] = "set templates for default file name mapping"; char ntranshelp[] = "set translation table for default file name mapping"; char porthelp[] = "toggle use of PORT cmd for each data connection"; char prompthelp[] = "force interactive prompting on multiple commands"; char proxyhelp[] = "issue command on alternate connection"; char pwdhelp[] = "print working directory on remote machine"; char quithelp[] = "terminate ftp session and exit"; char quotehelp[] = "send arbitrary ftp command"; char receivehelp[] = "receive file"; char regethelp[] = "get file restarting at end of local file"; char remotehelp[] = "get help from remote server"; char renamehelp[] = "rename file"; char restarthelp[]= "restart file transfer at bytecount"; char rmdirhelp[] = "remove directory on the remote machine"; char rmtstatushelp[]="show status of remote machine"; char runiquehelp[] = "toggle store unique for local files"; char resethelp[] = "clear queued command replies"; char sendhelp[] = "send one file"; char passivehelp[] = "enter passive transfer mode"; char sitehelp[] = "send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information"; char shellhelp[] = "escape to the shell"; char sizecmdhelp[] = "show size of remote file"; char statushelp[] = "show current status"; char structhelp[] = "set file transfer structure"; char suniquehelp[] = "toggle store unique on remote machine"; char systemhelp[] = "show remote system type"; char tenexhelp[] = "set tenex file transfer type"; char tracehelp[] = "toggle packet tracing"; char typehelp[] = "set file transfer type"; char umaskhelp[] = "get (set) umask on remote side"; char userhelp[] = "send new user information"; char verbosehelp[] = "toggle verbose mode"; char prothelp[] = "set protection level"; +#ifdef KRB4 char kauthhelp[] = "get remote tokens"; char klisthelp[] = "show remote tickets"; -char aklog[] = "obtain remote AFS tokens"; +char kdestroyhelp[] = "destroy remote tickets"; +char krbtkfilehelp[] = "set filename of remote tickets"; +char afsloghelp[] = "obtain remote AFS tokens"; +#endif struct cmd cmdtab[] = { { "!", shellhelp, 0, 0, 0, shell }, { "$", domachelp, 1, 0, 0, domacro }, { "account", accounthelp, 0, 1, 1, account}, { "append", appendhelp, 1, 1, 1, put }, { "ascii", asciihelp, 0, 1, 1, setascii }, { "bell", beephelp, 0, 0, 0, setbell }, { "binary", binaryhelp, 0, 1, 1, setbinary }, { "bye", quithelp, 0, 0, 0, quit }, { "case", casehelp, 0, 0, 1, setcase }, { "cd", cdhelp, 0, 1, 1, cd }, { "cdup", cduphelp, 0, 1, 1, cdup }, { "chmod", chmodhelp, 0, 1, 1, do_chmod }, { "close", disconhelp, 0, 1, 1, disconnect }, { "cr", crhelp, 0, 0, 0, setcr }, { "delete", deletehelp, 0, 1, 1, delete }, { "debug", debughelp, 0, 0, 0, setdebug }, { "dir", dirhelp, 1, 1, 1, ls }, { "disconnect", disconhelp, 0, 1, 1, disconnect }, { "form", formhelp, 0, 1, 1, setform }, { "get", receivehelp, 1, 1, 1, get }, { "glob", globhelp, 0, 0, 0, setglob }, { "hash", hashhelp, 0, 0, 0, sethash }, { "help", helphelp, 0, 0, 1, help }, { "idle", idlehelp, 0, 1, 1, ftp_idle }, { "image", binaryhelp, 0, 1, 1, setbinary }, { "lcd", lcdhelp, 0, 0, 0, lcd }, { "ls", lshelp, 1, 1, 1, ls }, { "macdef", macdefhelp, 0, 0, 0, macdef }, { "mdelete", mdeletehelp, 1, 1, 1, mdelete }, { "mdir", mdirhelp, 1, 1, 1, mls }, { "mget", mgethelp, 1, 1, 1, mget }, { "mkdir", mkdirhelp, 0, 1, 1, makedir }, { "mls", mlshelp, 1, 1, 1, mls }, { "mode", modehelp, 0, 1, 1, setftmode }, { "modtime", modtimehelp, 0, 1, 1, modtime }, { "mput", mputhelp, 1, 1, 1, mput }, { "newer", newerhelp, 1, 1, 1, newer }, { "nmap", nmaphelp, 0, 0, 1, setnmap }, { "nlist", nlisthelp, 1, 1, 1, ls }, { "ntrans", ntranshelp, 0, 0, 1, setntrans }, { "open", connecthelp, 0, 0, 1, setpeer }, { "passive", passivehelp, 0, 0, 0, setpassive }, { "prompt", prompthelp, 0, 0, 0, setprompt }, { "proxy", proxyhelp, 0, 0, 1, doproxy }, { "sendport", porthelp, 0, 0, 0, setport }, { "put", sendhelp, 1, 1, 1, put }, { "pwd", pwdhelp, 0, 1, 1, pwd }, { "quit", quithelp, 0, 0, 0, quit }, { "quote", quotehelp, 1, 1, 1, quote }, { "recv", receivehelp, 1, 1, 1, get }, { "reget", regethelp, 1, 1, 1, reget }, { "rstatus", rmtstatushelp, 0, 1, 1, rmtstatus }, { "rhelp", remotehelp, 0, 1, 1, rmthelp }, { "rename", renamehelp, 0, 1, 1, renamefile }, { "reset", resethelp, 0, 1, 1, reset }, { "restart", restarthelp, 1, 1, 1, restart }, { "rmdir", rmdirhelp, 0, 1, 1, removedir }, { "runique", runiquehelp, 0, 0, 1, setrunique }, { "send", sendhelp, 1, 1, 1, put }, { "site", sitehelp, 0, 1, 1, site }, { "size", sizecmdhelp, 1, 1, 1, sizecmd }, { "status", statushelp, 0, 0, 1, status }, { "struct", structhelp, 0, 1, 1, setstruct }, { "system", systemhelp, 0, 1, 1, syst }, { "sunique", suniquehelp, 0, 0, 1, setsunique }, { "tenex", tenexhelp, 0, 1, 1, settenex }, { "trace", tracehelp, 0, 0, 0, settrace }, { "type", typehelp, 0, 1, 1, settype }, { "user", userhelp, 0, 1, 1, user }, { "umask", umaskhelp, 0, 1, 1, do_umask }, { "verbose", verbosehelp, 0, 0, 0, setverbose }, { "?", helphelp, 0, 0, 1, help }, { "prot", prothelp, 0, 1, 0, sec_prot }, +#ifdef KRB4 { "kauth", kauthhelp, 0, 1, 0, kauth }, { "klist", klisthelp, 0, 1, 0, klist }, + { "kdestroy", kdestroyhelp, 0, 1, 0, kdestroy }, + { "krbtkfile", krbtkfilehelp, 0, 1, 0, krbtkfile }, + { "afslog", afsloghelp, 0, 1, 0, afslog }, +#endif { 0 }, }; int NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1; Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/domacro.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/domacro.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/domacro.c (revision 62578) @@ -1,138 +1,138 @@ /* * Copyright (c) 1985, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "ftp_locl.h" -RCSID("$Id: domacro.c,v 1.5 1996/11/17 20:23:10 assar Exp $"); +RCSID("$Id: domacro.c,v 1.7 1999/09/16 20:37:29 assar Exp $"); void domacro(int argc, char **argv) { int i, j, count = 2, loopflg = 0; char *cp1, *cp2, line2[200]; struct cmd *c; if (argc < 2 && !another(&argc, &argv, "macro name")) { printf("Usage: %s macro_name.\n", argv[0]); code = -1; return; } for (i = 0; i < macnum; ++i) { if (!strncmp(argv[1], macros[i].mac_name, 9)) { break; } } if (i == macnum) { printf("'%s' macro not found.\n", argv[1]); code = -1; return; } - strcpy(line2, line); + strlcpy(line2, line, sizeof(line2)); TOP: cp1 = macros[i].mac_start; while (cp1 != macros[i].mac_end) { while (isspace(*cp1)) { cp1++; } cp2 = line; while (*cp1 != '\0') { switch(*cp1) { case '\\': *cp2++ = *++cp1; break; case '$': if (isdigit(*(cp1+1))) { j = 0; while (isdigit(*++cp1)) { j = 10*j + *cp1 - '0'; } cp1--; if (argc - 2 >= j) { strcpy(cp2, argv[j+1]); cp2 += strlen(argv[j+1]); } break; } if (*(cp1+1) == 'i') { loopflg = 1; cp1++; if (count < argc) { strcpy(cp2, argv[count]); cp2 += strlen(argv[count]); } break; } /* intentional drop through */ default: *cp2++ = *cp1; break; } if (*cp1 != '\0') { cp1++; } } *cp2 = '\0'; makeargv(); c = getcmd(margv[0]); if (c == (struct cmd *)-1) { printf("?Ambiguous command\n"); code = -1; } else if (c == 0) { printf("?Invalid command\n"); code = -1; } else if (c->c_conn && !connected) { printf("Not connected.\n"); code = -1; } else { if (verbose) { printf("%s\n",line); } (*c->c_handler)(margc, margv); if (bell && c->c_bell) { putchar('\007'); } strcpy(line, line2); makeargv(); argc = margc; argv = margv; } if (cp1 != macros[i].mac_end) { cp1++; } } if (loopflg && ++count < argc) { goto TOP; } } Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/extern.h =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/extern.h (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/extern.h (revision 62578) @@ -1,167 +1,173 @@ /*- * Copyright (c) 1994 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)extern.h 8.3 (Berkeley) 10/9/94 */ -/* $Id: extern.h,v 1.13 1997/04/20 05:46:48 assar Exp $ */ +/* $Id: extern.h,v 1.18 1999/10/28 20:49:10 assar Exp $ */ #include #include #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_SELECT_H #include #endif void abort_remote (FILE *); void abortpt (int); void abortrecv (int); void account (int, char **); int another (int *, char ***, char *); void blkfree (char **); void cd (int, char **); void cdup (int, char **); void changetype (int, int); void cmdabort (int); void cmdscanner (int); int command (char *fmt, ...); int confirm (char *, char *); -FILE *dataconn (char *); +FILE *dataconn (const char *); void delete (int, char **); void disconnect (int, char **); void do_chmod (int, char **); void do_umask (int, char **); void domacro (int, char **); char *domap (char *); void doproxy (int, char **); char *dotrans (char *); int empty (fd_set *, int); void fatal (char *); void get (int, char **); struct cmd *getcmd (char *); int getit (int, char **, int, char *); int getreply (int); int globulize (char **); char *gunique (char *); void help (int, char **); -char *hookup (char *, int); +char *hookup (const char *, int); void ftp_idle (int, char **); int initconn (void); void intr (int); void lcd (int, char **); int login (char *); RETSIGTYPE lostpeer (int); void ls (int, char **); void macdef (int, char **); void makeargv (void); void makedir (int, char **); void mdelete (int, char **); void mget (int, char **); void mls (int, char **); void modtime (int, char **); void mput (int, char **); char *onoff (int); void newer (int, char **); void proxtrans (char *, char *, char *); void psabort (int); void pswitch (int); void ptransfer (char *, long, struct timeval *, struct timeval *); void put (int, char **); void pwd (int, char **); void quit (int, char **); void quote (int, char **); void quote1 (char *, int, char **); -void recvrequest (char *, char *, char *, char *, int); +void recvrequest (char *, char *, char *, char *, int, int); void reget (int, char **); char *remglob (char **, int); void removedir (int, char **); void renamefile (int, char **); void reset (int, char **); void restart (int, char **); void rmthelp (int, char **); void rmtstatus (int, char **); int ruserpass (char *, char **, char **, char **); -void sendrequest (char *, char *, char *, int); +void sendrequest (char *, char *, char *, char *, int); void setascii (int, char **); void setbell (int, char **); void setbinary (int, char **); void setcase (int, char **); void setcr (int, char **); void setdebug (int, char **); void setform (int, char **); void setftmode (int, char **); void setglob (int, char **); void sethash (int, char **); void setnmap (int, char **); void setntrans (int, char **); void setpassive (int, char **); void setpeer (int, char **); void setport (int, char **); void setprompt (int, char **); void setrunique (int, char **); void setstruct (int, char **); void setsunique (int, char **); void settenex (int, char **); void settrace (int, char **); void settype (int, char **); void setverbose (int, char **); void shell (int, char **); void site (int, char **); void sizecmd (int, char **); char *slurpstring (void); void status (int, char **); void syst (int, char **); void tvsub (struct timeval *, struct timeval *, struct timeval *); void user (int, char **); extern jmp_buf abortprox; extern int abrtflag; extern struct cmd cmdtab[]; extern FILE *cout; extern int data; extern char *home; extern jmp_buf jabort; extern int proxy; extern char reply_string[]; extern off_t restart_point; extern int NCMDS; extern char username[32]; extern char myhostname[]; extern char *mydomain; + +void afslog (int, char **); +void kauth (int, char **); +void kdestroy (int, char **); +void klist (int, char **); +void krbtkfile (int, char **); Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/ftp.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/ftp.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/ftp.c (revision 62578) @@ -1,1658 +1,1749 @@ /* * Copyright (c) 1985, 1989, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "ftp_locl.h" -RCSID("$Id: ftp.c,v 1.44 1997/05/18 20:00:31 assar Exp $"); +RCSID ("$Id: ftp.c,v 1.60 1999/10/28 19:32:17 assar Exp $"); -struct sockaddr_in hisctladdr; -struct sockaddr_in data_addr; +struct sockaddr_storage hisctladdr_ss; +struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss; +struct sockaddr_storage data_addr_ss; +struct sockaddr *data_addr = (struct sockaddr *)&data_addr_ss; +struct sockaddr_storage myctladdr_ss; +struct sockaddr *myctladdr = (struct sockaddr *)&myctladdr_ss; int data = -1; int abrtflag = 0; jmp_buf ptabort; int ptabflg; int ptflag = 0; -struct sockaddr_in myctladdr; off_t restart_point = 0; FILE *cin, *cout; typedef void (*sighand)(int); char * -hookup(char *host, int port) +hookup (const char *host, int port) { - struct hostent *hp = 0; - int s, len, tos; - static char hostnamebuf[80]; + struct hostent *hp = NULL; + int s, len; + static char hostnamebuf[MaxHostNameLen]; + int error; + int af; + char **h; + int ret; - memset(&hisctladdr, 0, sizeof (hisctladdr)); - if(inet_aton(host, &hisctladdr.sin_addr)){ - hisctladdr.sin_family = AF_INET; - strncpy(hostnamebuf, host, sizeof(hostnamebuf)); - } else { - hp = gethostbyname(host); - if (hp == NULL) { -#ifdef HAVE_H_ERRNO - warnx("%s: %s", host, hstrerror(h_errno)); -#else - warnx("%s: %s", host, "unknown error"); +#ifdef HAVE_IPV6 + if (hp == NULL) + hp = getipnodebyname (host, AF_INET6, 0, &error); #endif + if (hp == NULL) + hp = getipnodebyname (host, AF_INET, 0, &error); + + if (hp == NULL) { + warnx ("%s: %s", host, hstrerror(error)); code = -1; return NULL; - } - hisctladdr.sin_family = hp->h_addrtype; - memmove(&hisctladdr.sin_addr, - hp->h_addr_list[0], - sizeof(hisctladdr.sin_addr)); - strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf)); - hostnamebuf[sizeof(hostnamebuf) - 1] = '\0'; } + strlcpy (hostnamebuf, hp->h_name, sizeof(hostnamebuf)); hostname = hostnamebuf; - s = socket(hisctladdr.sin_family, SOCK_STREAM, 0); + af = hisctladdr->sa_family = hp->h_addrtype; + + for (h = hp->h_addr_list; + *h != NULL; + ++h) { + + s = socket (af, SOCK_STREAM, 0); if (s < 0) { warn("socket"); code = -1; + freehostent (hp); return (0); } - hisctladdr.sin_port = port; - while (connect(s, (struct sockaddr *)&hisctladdr, sizeof (hisctladdr)) < 0) { - if (hp && hp->h_addr_list[1]) { - int oerrno = errno; - char *ia; - ia = inet_ntoa(hisctladdr.sin_addr); - errno = oerrno; - warn("connect to address %s", ia); - hp->h_addr_list++; - memmove(&hisctladdr.sin_addr, - hp->h_addr_list[0], - sizeof(hisctladdr.sin_addr)); - fprintf(stdout, "Trying %s...\n", - inet_ntoa(hisctladdr.sin_addr)); + socket_set_address_and_port (hisctladdr, *h, port); + + ret = connect (s, hisctladdr, socket_sockaddr_size(hisctladdr)); + if (ret < 0) { + char addr[256]; + + if (inet_ntop (af, socket_get_address(hisctladdr), + addr, sizeof(addr)) == NULL) + strlcpy (addr, "unknown address", + sizeof(addr)); + warn ("connect %s", addr); close(s); - s = socket(hisctladdr.sin_family, SOCK_STREAM, 0); - if (s < 0) { - warn("socket"); - code = -1; - return (0); - } continue; } - warn("connect"); + break; + } + freehostent (hp); + if (ret < 0) { code = -1; - goto bad; + close (s); + return NULL; } - len = sizeof (myctladdr); - if (getsockname(s, (struct sockaddr *)&myctladdr, &len) < 0) { + + len = sizeof(myctladdr_ss); + if (getsockname (s, myctladdr, &len) < 0) { warn("getsockname"); code = -1; - goto bad; + close (s); + return NULL; } -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - tos = IPTOS_LOWDELAY; - if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0) - warn("setsockopt TOS (ignored)"); +#ifdef IPTOS_LOWDELAY + socket_set_tos (s, IPTOS_LOWDELAY); #endif cin = fdopen(s, "r"); cout = fdopen(s, "w"); if (cin == NULL || cout == NULL) { warnx("fdopen failed."); if (cin) fclose(cin); if (cout) fclose(cout); code = -1; goto bad; } if (verbose) printf("Connected to %s.\n", hostname); if (getreply(0) > 2) { /* read startup message from server */ if (cin) fclose(cin); if (cout) fclose(cout); code = -1; goto bad; } #if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT) { int on = 1; if (setsockopt(s, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) < 0 && debug) { warn("setsockopt"); } } #endif /* SO_OOBINLINE */ return (hostname); bad: close(s); return NULL; } int login(char *host) { char tmp[80]; char defaultpass[128]; char *user, *pass, *acct; int n, aflag = 0; char *myname = NULL; struct passwd *pw = k_getpwuid(getuid()); + if (pw != NULL) myname = pw->pw_name; user = pass = acct = 0; - if(do_klogin(host)) + if(sec_login(host)) printf("\n*** Using plaintext user and password ***\n\n"); else{ - printf("Kerberos authentication successful.\n\n"); + printf("Authentication successful.\n\n"); } if (ruserpass(host, &user, &pass, &acct) < 0) { code = -1; return (0); } while (user == NULL) { if (myname) printf("Name (%s:%s): ", host, myname); else printf("Name (%s): ", host); fgets(tmp, sizeof(tmp) - 1, stdin); tmp[strlen(tmp) - 1] = '\0'; if (*tmp == '\0') user = myname; else user = tmp; } - strcpy(username, user); + strlcpy(username, user, sizeof(username)); n = command("USER %s", user); if (n == CONTINUE) { - if(auth_complete) + if(sec_complete) pass = myname; else if (pass == NULL) { char prompt[128]; if(myname && (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){ - snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain); - snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass); + snprintf(defaultpass, sizeof(defaultpass), + "%s@%s", myname, mydomain); + snprintf(prompt, sizeof(prompt), + "Password (%s): ", defaultpass); }else{ - strcpy(defaultpass, ""); + *defaultpass = '\0'; snprintf(prompt, sizeof(prompt), "Password: "); } pass = defaultpass; des_read_pw_string (tmp, sizeof(tmp), prompt, 0); if(tmp[0]) pass = tmp; } n = command("PASS %s", pass); } if (n == CONTINUE) { aflag++; acct = tmp; des_read_pw_string(acct, 128, "Account:", 0); n = command("ACCT %s", acct); } if (n != COMPLETE) { warnx("Login failed."); return (0); } if (!aflag && acct != NULL) command("ACCT %s", acct); if (proxy) return (1); for (n = 0; n < macnum; ++n) { if (!strcmp("init", macros[n].mac_name)) { - strcpy(line, "$init"); + strlcpy (line, "$init", sizeof (line)); makeargv(); domacro(margc, margv); break; } } sec_set_protection_level(); return (1); } void cmdabort(int sig) { printf("\n"); fflush(stdout); abrtflag++; if (ptflag) longjmp(ptabort,1); } int command(char *fmt, ...) { va_list ap; int r; sighand oldintr; abrtflag = 0; if (cout == NULL) { warn("No control connection for command"); code = -1; return (0); } oldintr = signal(SIGINT, cmdabort); va_start(ap, fmt); if(debug){ printf("---> "); if (strncmp("PASS ", fmt, 5) == 0) printf("PASS XXXX"); else vfprintf(stdout, fmt, ap); va_start(ap, fmt); } - if(auth_complete) - krb4_write_enc(cout, fmt, ap); - else - vfprintf(cout, fmt, ap); + sec_vfprintf(cout, fmt, ap); va_end(ap); if(debug){ printf("\n"); fflush(stdout); } fprintf(cout, "\r\n"); fflush(cout); cpend = 1; r = getreply(!strcmp(fmt, "QUIT")); if (abrtflag && oldintr != SIG_IGN) (*oldintr)(SIGINT); signal(SIGINT, oldintr); return (r); } char reply_string[BUFSIZ]; /* last line of previous reply */ int getreply(int expecteof) { char *p; char *lead_string; int c; struct sigaction sa, osa; char buf[1024]; sigemptyset(&sa.sa_mask); sa.sa_flags = 0; sa.sa_handler = cmdabort; sigaction(SIGINT, &sa, &osa); p = buf; while(1){ c = getc(cin); switch(c){ case EOF: if (expecteof) { sigaction(SIGINT,&osa, NULL); code = 221; return 0; } lostpeer(0); if (verbose) { printf("421 Service not available, " "remote server has closed connection\n"); fflush(stdout); } code = 421; return (4); - break; case IAC: c = getc(cin); if(c == WILL || c == WONT) fprintf(cout, "%c%c%c", IAC, DONT, getc(cin)); if(c == DO || c == DONT) fprintf(cout, "%c%c%c", IAC, WONT, getc(cin)); continue; case '\n': - *p++ = 0; + *p++ = '\0'; if(isdigit(buf[0])){ sscanf(buf, "%d", &code); if(code == 631){ - krb4_read_mic(buf); + sec_read_msg(buf, prot_safe); sscanf(buf, "%d", &code); lead_string = "S:"; } else if(code == 632){ - krb4_read_enc(buf); + sec_read_msg(buf, prot_private); sscanf(buf, "%d", &code); lead_string = "P:"; }else if(code == 633){ - printf("Received confidential reply!\n"); - }else if(auth_complete) + sec_read_msg(buf, prot_confidential); + sscanf(buf, "%d", &code); + lead_string = "C:"; + }else if(sec_complete) lead_string = "!!"; else lead_string = ""; if(verbose > 0 || (verbose > -1 && code > 499)) fprintf(stdout, "%s%s\n", lead_string, buf); if(buf[3] == ' '){ strcpy(reply_string, buf); if (code >= 200) cpend = 0; sigaction(SIGINT, &osa, NULL); if (code == 421) lostpeer(0); #if 1 if (abrtflag && osa.sa_handler != cmdabort && osa.sa_handler != SIG_IGN) osa.sa_handler(SIGINT); #endif - if(code == 227){ + if (code == 227 || code == 229) { char *p, *q; + pasv[0] = 0; p = strchr(reply_string, '('); if(p){ p++; q = strchr(p, ')'); if(q){ - strncpy(pasv, p, q - p); + memcpy (pasv, p, q - p); pasv[q - p] = 0; } } } return code / 100; } }else{ if(verbose > 0 || (verbose > -1 && code > 499)){ - if(auth_complete) + if(sec_complete) fprintf(stdout, "!!"); fprintf(stdout, "%s\n", buf); } } p = buf; continue; default: *p++ = c; } } } #if 0 int getreply(int expecteof) { int c, n; int dig; int originalcode = 0, continuation = 0; sighand oldintr; int pflag = 0; char *cp, *pt = pasv; oldintr = signal(SIGINT, cmdabort); for (;;) { dig = n = code = 0; cp = reply_string; while ((c = getc(cin)) != '\n') { if (c == IAC) { /* handle telnet commands */ switch (c = getc(cin)) { case WILL: case WONT: c = getc(cin); fprintf(cout, "%c%c%c", IAC, DONT, c); fflush(cout); break; case DO: case DONT: c = getc(cin); fprintf(cout, "%c%c%c", IAC, WONT, c); fflush(cout); break; default: break; } continue; } dig++; if (c == EOF) { if (expecteof) { signal(SIGINT,oldintr); code = 221; return (0); } lostpeer(0); if (verbose) { printf("421 Service not available, remote server has closed connection\n"); fflush(stdout); } code = 421; return (4); } if (c != '\r' && (verbose > 0 || (verbose > -1 && n == '5' && dig > 4))) { if (proxflag && (dig == 1 || dig == 5 && verbose == 0)) printf("%s:",hostname); putchar(c); } if (dig < 4 && isdigit(c)) code = code * 10 + (c - '0'); if (!pflag && code == 227) pflag = 1; if (dig > 4 && pflag == 1 && isdigit(c)) pflag = 2; if (pflag == 2) { if (c != '\r' && c != ')') *pt++ = c; else { *pt = '\0'; pflag = 3; } } if (dig == 4 && c == '-') { if (continuation) code = 0; continuation++; } if (n == 0) n = c; if (cp < &reply_string[sizeof(reply_string) - 1]) *cp++ = c; } if (verbose > 0 || verbose > -1 && n == '5') { putchar(c); fflush (stdout); } if (continuation && code != originalcode) { if (originalcode == 0) originalcode = code; continue; } *cp = '\0'; - if(auth_complete){ + if(sec_complete){ if(code == 631) - krb4_read_mic(reply_string); - else - krb4_read_enc(reply_string); + sec_read_msg(reply_string, prot_safe); + else if(code == 632) + sec_read_msg(reply_string, prot_private); + else if(code == 633) + sec_read_msg(reply_string, prot_confidential); n = code / 100 + '0'; } - if (n != '1') cpend = 0; signal(SIGINT,oldintr); if (code == 421 || originalcode == 421) lostpeer(0); if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN) (*oldintr)(SIGINT); return (n - '0'); } } + #endif int empty(fd_set *mask, int sec) { struct timeval t; t.tv_sec = (long) sec; t.tv_usec = 0; return (select(32, mask, NULL, NULL, &t)); } jmp_buf sendabort; static RETSIGTYPE abortsend(int sig) { mflag = 0; abrtflag = 0; printf("\nsend aborted\nwaiting for remote to finish abort\n"); fflush(stdout); longjmp(sendabort, 1); } #define HASHBYTES 1024 static int copy_stream(FILE *from, FILE *to) { static size_t bufsize; static char *buf; int n; int bytes = 0; - int werr; + int werr = 0; int hashbytes = HASHBYTES; struct stat st; -#ifdef HAVE_MMAP +#if defined(HAVE_MMAP) && !defined(NO_MMAP) void *chunk; #ifndef MAP_FAILED #define MAP_FAILED (-1) #endif if(fstat(fileno(from), &st) == 0 && S_ISREG(st.st_mode)){ + /* + * mmap zero bytes has potential of loosing, don't do it. + */ + if (st.st_size == 0) + return 0; chunk = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fileno(from), 0); if (chunk != (void *)MAP_FAILED) { int res; res = sec_write(fileno(to), chunk, st.st_size); if (munmap(chunk, st.st_size) < 0) warn ("munmap"); sec_fflush(to); return res; } } #endif buf = alloc_buffer (buf, &bufsize, fstat(fileno(from), &st) >= 0 ? &st : NULL); if (buf == NULL) return -1; while((n = read(fileno(from), buf, bufsize)) > 0){ werr = sec_write(fileno(to), buf, n); if(werr < 0) break; bytes += werr; while(hash && bytes > hashbytes){ putchar('#'); hashbytes += HASHBYTES; } } sec_fflush(to); if(n < 0) warn("local"); if(werr < 0){ if(errno != EPIPE) warn("netout"); bytes = -1; } return bytes; } void -sendrequest(char *cmd, char *local, char *remote, int printnames) +sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames) { struct stat st; struct timeval start, stop; int c, d; FILE *fin, *dout = 0; int (*closefunc) (FILE *); RETSIGTYPE (*oldintr)(), (*oldintp)(); long bytes = 0, hashbytes = HASHBYTES; - char *lmode; + char *rmode = "w"; if (verbose && printnames) { - if (local && *local != '-') + if (local && strcmp (local, "-") != 0) printf("local: %s ", local); if (remote) printf("remote: %s\n", remote); } if (proxy) { proxtrans(cmd, local, remote); return; } if (curtype != type) changetype(type, 0); closefunc = NULL; oldintr = NULL; oldintp = NULL; - lmode = "w"; + if (setjmp(sendabort)) { while (cpend) { getreply(0); } if (data >= 0) { close(data); data = -1; } if (oldintr) signal(SIGINT,oldintr); if (oldintp) signal(SIGPIPE,oldintp); code = -1; return; } oldintr = signal(SIGINT, abortsend); if (strcmp(local, "-") == 0) fin = stdin; else if (*local == '|') { oldintp = signal(SIGPIPE,SIG_IGN); - fin = popen(local + 1, "r"); + fin = popen (local + 1, lmode); if (fin == NULL) { warn("%s", local + 1); signal(SIGINT, oldintr); signal(SIGPIPE, oldintp); code = -1; return; } closefunc = pclose; } else { - fin = fopen(local, "r"); + fin = fopen (local, lmode); if (fin == NULL) { warn("local: %s", local); signal(SIGINT, oldintr); code = -1; return; } closefunc = fclose; if (fstat(fileno(fin), &st) < 0 || (st.st_mode&S_IFMT) != S_IFREG) { fprintf(stdout, "%s: not a plain file.\n", local); signal(SIGINT, oldintr); fclose(fin); code = -1; return; } } if (initconn()) { signal(SIGINT, oldintr); if (oldintp) signal(SIGPIPE, oldintp); code = -1; if (closefunc != NULL) (*closefunc)(fin); return; } if (setjmp(sendabort)) goto abort; if (restart_point && (strcmp(cmd, "STOR") == 0 || strcmp(cmd, "APPE") == 0)) { int rc; switch (curtype) { case TYPE_A: rc = fseek(fin, (long) restart_point, SEEK_SET); break; case TYPE_I: case TYPE_L: rc = lseek(fileno(fin), restart_point, SEEK_SET); break; } if (rc < 0) { warn("local: %s", local); restart_point = 0; if (closefunc != NULL) (*closefunc)(fin); return; } if (command("REST %ld", (long) restart_point) != CONTINUE) { restart_point = 0; if (closefunc != NULL) (*closefunc)(fin); return; } restart_point = 0; - lmode = "r+w"; + rmode = "r+w"; } if (remote) { if (command("%s %s", cmd, remote) != PRELIM) { signal(SIGINT, oldintr); if (oldintp) signal(SIGPIPE, oldintp); if (closefunc != NULL) (*closefunc)(fin); return; } - } else - if (command("%s", cmd) != PRELIM) { + } else if (command ("%s", cmd) != PRELIM) { signal(SIGINT, oldintr); if (oldintp) signal(SIGPIPE, oldintp); if (closefunc != NULL) (*closefunc)(fin); return; } - dout = dataconn(lmode); + dout = dataconn(rmode); if (dout == NULL) goto abort; set_buffer_size(fileno(dout), 0); gettimeofday(&start, (struct timezone *)0); oldintp = signal(SIGPIPE, SIG_IGN); switch (curtype) { case TYPE_I: case TYPE_L: errno = d = c = 0; bytes = copy_stream(fin, dout); break; case TYPE_A: while ((c = getc(fin)) != EOF) { if (c == '\n') { while (hash && (bytes >= hashbytes)) { putchar('#'); fflush(stdout); hashbytes += HASHBYTES; } if (ferror(dout)) break; sec_putc('\r', dout); bytes++; } sec_putc(c, dout); bytes++; } sec_fflush(dout); if (hash) { if (bytes < hashbytes) putchar('#'); putchar('\n'); fflush(stdout); } if (ferror(fin)) warn("local: %s", local); if (ferror(dout)) { if (errno != EPIPE) warn("netout"); bytes = -1; } break; } if (closefunc != NULL) (*closefunc)(fin); fclose(dout); gettimeofday(&stop, (struct timezone *)0); getreply(0); signal(SIGINT, oldintr); if (oldintp) signal(SIGPIPE, oldintp); if (bytes > 0) ptransfer("sent", bytes, &start, &stop); return; abort: signal(SIGINT, oldintr); if (oldintp) signal(SIGPIPE, oldintp); if (!cpend) { code = -1; return; } if (data >= 0) { close(data); data = -1; } if (dout) fclose(dout); getreply(0); code = -1; if (closefunc != NULL && fin != NULL) (*closefunc)(fin); gettimeofday(&stop, (struct timezone *)0); if (bytes > 0) ptransfer("sent", bytes, &start, &stop); } jmp_buf recvabort; void abortrecv(int sig) { mflag = 0; abrtflag = 0; printf("\nreceive aborted\nwaiting for remote to finish abort\n"); fflush(stdout); longjmp(recvabort, 1); } void -recvrequest(char *cmd, char *local, char *remote, char *lmode, int printnames) +recvrequest (char *cmd, char *local, char *remote, + char *lmode, int printnames, int local_given) { FILE *fout, *din = 0; int (*closefunc) (FILE *); sighand oldintr, oldintp; int c, d, is_retr, tcrflag, bare_lfs = 0; static size_t bufsize; static char *buf; long bytes = 0, hashbytes = HASHBYTES; struct timeval start, stop; struct stat st; is_retr = strcmp(cmd, "RETR") == 0; if (is_retr && verbose && printnames) { - if (local && *local != '-') + if (local && strcmp (local, "-") != 0) printf("local: %s ", local); if (remote) printf("remote: %s\n", remote); } if (proxy && is_retr) { proxtrans(cmd, local, remote); return; } closefunc = NULL; oldintr = NULL; oldintp = NULL; tcrflag = !crflag && is_retr; if (setjmp(recvabort)) { while (cpend) { getreply(0); } if (data >= 0) { close(data); data = -1; } if (oldintr) signal(SIGINT, oldintr); code = -1; return; } oldintr = signal(SIGINT, abortrecv); - if (strcmp(local, "-") && *local != '|') { + if (!local_given || (strcmp (local, "-") && *local != '|')) { if (access(local, 2) < 0) { char *dir = strrchr(local, '/'); if (errno != ENOENT && errno != EACCES) { warn("local: %s", local); signal(SIGINT, oldintr); code = -1; return; } if (dir != NULL) *dir = 0; d = access(dir ? local : ".", 2); if (dir != NULL) *dir = '/'; if (d < 0) { warn("local: %s", local); signal(SIGINT, oldintr); code = -1; return; } if (!runique && errno == EACCES && chmod(local, 0600) < 0) { warn("local: %s", local); signal(SIGINT, oldintr); signal(SIGINT, oldintr); code = -1; return; } if (runique && errno == EACCES && (local = gunique(local)) == NULL) { signal(SIGINT, oldintr); code = -1; return; - } } - else if (runique && (local = gunique(local)) == NULL) { + } else if (runique && (local = gunique (local)) == NULL) { signal(SIGINT, oldintr); code = -1; return; } } if (!is_retr) { if (curtype != TYPE_A) changetype(TYPE_A, 0); } else if (curtype != type) changetype(type, 0); if (initconn()) { signal(SIGINT, oldintr); code = -1; return; } if (setjmp(recvabort)) goto abort; if (is_retr && restart_point && command("REST %ld", (long) restart_point) != CONTINUE) return; if (remote) { if (command("%s %s", cmd, remote) != PRELIM) { signal(SIGINT, oldintr); return; } } else { if (command("%s", cmd) != PRELIM) { signal(SIGINT, oldintr); return; } } din = dataconn("r"); if (din == NULL) goto abort; set_buffer_size(fileno(din), 1); - if (strcmp(local, "-") == 0) + if (local_given && strcmp (local, "-") == 0) fout = stdout; - else if (*local == '|') { + else if (local_given && *local == '|') { oldintp = signal(SIGPIPE, SIG_IGN); fout = popen(local + 1, "w"); if (fout == NULL) { warn("%s", local+1); goto abort; } closefunc = pclose; } else { fout = fopen(local, lmode); if (fout == NULL) { warn("local: %s", local); goto abort; } closefunc = fclose; } buf = alloc_buffer (buf, &bufsize, fstat(fileno(fout), &st) >= 0 ? &st : NULL); if (buf == NULL) goto abort; gettimeofday(&start, (struct timezone *)0); switch (curtype) { case TYPE_I: case TYPE_L: if (restart_point && lseek(fileno(fout), restart_point, SEEK_SET) < 0) { warn("local: %s", local); if (closefunc != NULL) (*closefunc)(fout); return; } errno = d = 0; while ((c = sec_read(fileno(din), buf, bufsize)) > 0) { if ((d = write(fileno(fout), buf, c)) != c) break; bytes += c; if (hash) { while (bytes >= hashbytes) { putchar('#'); hashbytes += HASHBYTES; } fflush(stdout); } } if (hash && bytes > 0) { if (bytes < HASHBYTES) putchar('#'); putchar('\n'); fflush(stdout); } if (c < 0) { if (errno != EPIPE) warn("netin"); bytes = -1; } if (d < c) { if (d < 0) warn("local: %s", local); else warnx("%s: short write", local); } break; case TYPE_A: if (restart_point) { int i, n, ch; if (fseek(fout, 0L, SEEK_SET) < 0) goto done; n = restart_point; for (i = 0; i++ < n;) { if ((ch = sec_getc(fout)) == EOF) goto done; if (ch == '\n') i++; } if (fseek(fout, 0L, SEEK_CUR) < 0) { done: warn("local: %s", local); if (closefunc != NULL) (*closefunc)(fout); return; } } - while ((c = sec_getc(din)) != EOF) { if (c == '\n') bare_lfs++; while (c == '\r') { while (hash && (bytes >= hashbytes)) { putchar('#'); fflush(stdout); hashbytes += HASHBYTES; } bytes++; if ((c = sec_getc(din)) != '\n' || tcrflag) { if (ferror(fout)) goto break2; putc('\r', fout); if (c == '\0') { bytes++; goto contin2; } if (c == EOF) goto contin2; } } putc(c, fout); bytes++; contin2: ; } break2: if (bare_lfs) { printf("WARNING! %d bare linefeeds received in ASCII mode\n", bare_lfs); printf("File may not have transferred correctly.\n"); } if (hash) { if (bytes < hashbytes) putchar('#'); putchar('\n'); fflush(stdout); } if (ferror(din)) { if (errno != EPIPE) warn("netin"); bytes = -1; } if (ferror(fout)) warn("local: %s", local); break; } if (closefunc != NULL) (*closefunc)(fout); signal(SIGINT, oldintr); if (oldintp) signal(SIGPIPE, oldintp); fclose(din); gettimeofday(&stop, (struct timezone *)0); getreply(0); if (bytes > 0 && is_retr) ptransfer("received", bytes, &start, &stop); return; abort: /* abort using RFC959 recommended IP,SYNC sequence */ if (oldintp) signal(SIGPIPE, oldintr); signal(SIGINT, SIG_IGN); if (!cpend) { code = -1; signal(SIGINT, oldintr); return; } - abort_remote(din); code = -1; if (data >= 0) { close(data); data = -1; } if (closefunc != NULL && fout != NULL) (*closefunc)(fout); if (din) fclose(din); gettimeofday(&stop, (struct timezone *)0); if (bytes > 0) ptransfer("received", bytes, &start, &stop); signal(SIGINT, oldintr); } -/* - * Need to start a listen on the data channel before we send the command, - * otherwise the server's connect may fail. - */ -int -initconn(void) +static int +parse_epsv (const char *str) { - int result, len, tmpno = 0; - int on = 1; - int a0, a1, a2, a3, p0, p1; + char sep; + char *end; + int port; - if (passivemode) { - data = socket(AF_INET, SOCK_STREAM, 0); - if (data < 0) { - perror("ftp: socket"); - return(1); + if (*str == '\0') + return -1; + sep = *str++; + if (sep != *str++) + return -1; + if (sep != *str++) + return -1; + port = strtol (str, &end, 0); + if (str == end) + return -1; + if (end[0] != sep || end[1] != '\0') + return -1; + return htons(port); } -#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) - if ((options & SO_DEBUG) && - setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, - sizeof (on)) < 0) - perror("ftp: setsockopt (ignored)"); -#endif - if (command("PASV") != COMPLETE) { - printf("Passive mode refused.\n"); - goto bad; - } +static int +parse_pasv (struct sockaddr_in *sin, const char *str) +{ + int a0, a1, a2, a3, p0, p1; + /* - * What we've got at this point is a string of comma - * separated one-byte unsigned integer values. - * The first four are the an IP address. The fifth is - * the MSB of the port number, the sixth is the LSB. - * From that we'll prepare a sockaddr_in. + * What we've got at this point is a string of comma separated + * one-byte unsigned integer values. The first four are the an IP + * address. The fifth is the MSB of the port number, the sixth is the + * LSB. From that we'll prepare a sockaddr_in. */ - if (sscanf(pasv,"%d,%d,%d,%d,%d,%d", + if (sscanf (str, "%d,%d,%d,%d,%d,%d", &a0, &a1, &a2, &a3, &p0, &p1) != 6) { printf("Passive mode address scan failure. " "Shouldn't happen!\n"); - goto bad; + return -1; } if(a0 < 0 || a0 > 255 || a1 < 0 || a1 > 255 || a2 < 0 || a2 > 255 || a3 < 0 || a3 > 255 || p0 < 0 || p0 > 255 || p1 < 0 || p1 > 255){ printf("Can't parse passive mode string.\n"); + return -1; + } + memset (sin, 0, sizeof(*sin)); + sin->sin_family = AF_INET; + sin->sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) | + (a2 << 8) | a3); + sin->sin_port = htons ((p0 << 8) | p1); + return 0; +} + +static int +passive_mode (void) +{ + int port; + + data = socket (myctladdr->sa_family, SOCK_STREAM, 0); + if (data < 0) { + warn ("socket"); + return (1); + } + if (options & SO_DEBUG) + socket_set_debug (data); + if (command ("EPSV") != COMPLETE) { + if (command ("PASV") != COMPLETE) { + printf ("Passive mode refused.\n"); goto bad; } + } - memset(&data_addr, 0, sizeof(data_addr)); - data_addr.sin_family = AF_INET; - data_addr.sin_addr.s_addr = htonl((a0 << 24) | (a1 << 16) | - (a2 << 8) | a3); - data_addr.sin_port = htons((p0 << 8) | p1); + /* + * Parse the reply to EPSV or PASV + */ - if (connect(data, (struct sockaddr *)&data_addr, - sizeof(data_addr)) < 0) { - perror("ftp: connect"); + port = parse_epsv (pasv); + if (port > 0) { + data_addr->sa_family = myctladdr->sa_family; + socket_set_address_and_port (data_addr, + socket_get_address (hisctladdr), + port); + } else { + if (parse_pasv ((struct sockaddr_in *)data_addr, pasv) < 0) goto bad; + } + + if (connect (data, data_addr, socket_sockaddr_size (data_addr)) < 0) { + warn ("connect"); + goto bad; } -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - on = IPTOS_THROUGHPUT; - if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, - sizeof(int)) < 0) - perror("ftp: setsockopt TOS (ignored)"); +#ifdef IPTOS_THROUGHPUT + socket_set_tos (data, IPTOS_THROUGHPUT); #endif return(0); +bad: + close (data); + data = -1; + sendport = 1; + return (1); } + +static int +active_mode (void) +{ + int tmpno = 0; + int len; + int result; + noport: - data_addr = myctladdr; - if (sendport) - data_addr.sin_port = 0; /* let system pick one */ + data_addr->sa_family = myctladdr->sa_family; + socket_set_address_and_port (data_addr, socket_get_address (myctladdr), + sendport ? 0 : socket_get_port (myctladdr)); + if (data != -1) close(data); - data = socket(AF_INET, SOCK_STREAM, 0); + data = socket (data_addr->sa_family, SOCK_STREAM, 0); if (data < 0) { warn("socket"); if (tmpno) sendport = 1; return (1); } -#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) if (!sendport) - if (setsockopt(data, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof (on)) < 0) { - warn("setsockopt (reuse address)"); - goto bad; - } -#endif - if (bind(data, (struct sockaddr *)&data_addr, sizeof (data_addr)) < 0) { + socket_set_reuseaddr (data, 1); + if (bind (data, data_addr, socket_sockaddr_size (data_addr)) < 0) { warn("bind"); goto bad; } -#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) - if (options & SO_DEBUG && - setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof (on)) < 0) - warn("setsockopt (ignored)"); -#endif - len = sizeof (data_addr); - if (getsockname(data, (struct sockaddr *)&data_addr, &len) < 0) { + if (options & SO_DEBUG) + socket_set_debug (data); + len = sizeof (data_addr_ss); + if (getsockname (data, data_addr, &len) < 0) { warn("getsockname"); goto bad; } if (listen(data, 1) < 0) warn("listen"); if (sendport) { - unsigned int a = ntohl(data_addr.sin_addr.s_addr); - unsigned int p = ntohs(data_addr.sin_port); + char *cmd; + char addr_str[256]; + int inet_af; + int overbose; + + if (inet_ntop (data_addr->sa_family, socket_get_address (data_addr), + addr_str, sizeof(addr_str)) == NULL) + errx (1, "inet_ntop failed"); + switch (data_addr->sa_family) { + case AF_INET : + inet_af = 1; + break; +#ifdef HAVE_IPV6 + case AF_INET6 : + inet_af = 2; + break; +#endif + default : + errx (1, "bad address family %d", data_addr->sa_family); + } + + asprintf (&cmd, "EPRT |%d|%s|%d|", + inet_af, addr_str, ntohs(socket_get_port (data_addr))); + + overbose = verbose; + if (debug == 0) + verbose = -1; + + result = command (cmd); + + verbose = overbose; + + if (result == ERROR) { + struct sockaddr_in *sin = (struct sockaddr_in *)data_addr; + + unsigned int a = ntohl(sin->sin_addr.s_addr); + unsigned int p = ntohs(sin->sin_port); + + if (data_addr->sa_family != AF_INET) { + warnx ("remote server doesn't support EPRT"); + goto bad; + } + result = command("PORT %d,%d,%d,%d,%d,%d", (a >> 24) & 0xff, (a >> 16) & 0xff, (a >> 8) & 0xff, a & 0xff, (p >> 8) & 0xff, p & 0xff); if (result == ERROR && sendport == -1) { sendport = 0; tmpno = 1; goto noport; } return (result != COMPLETE); } + return result != COMPLETE; + } if (tmpno) sendport = 1; -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - on = IPTOS_THROUGHPUT; - if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0) - warn("setsockopt TOS (ignored)"); + + +#ifdef IPTOS_THROUGHPUT + socket_set_tos (data, IPTOS_THROUGHPUT); #endif return (0); bad: - close(data), data = -1; + close (data); + data = -1; if (tmpno) sendport = 1; return (1); } +/* + * Need to start a listen on the data channel before we send the command, + * otherwise the server's connect may fail. + */ +int +initconn (void) +{ + if (passivemode) + return passive_mode (); + else + return active_mode (); +} + FILE * -dataconn(char *lmode) +dataconn (const char *lmode) { - struct sockaddr_in from; - int s, fromlen = sizeof (from), tos; + struct sockaddr_storage from_ss; + struct sockaddr *from = (struct sockaddr *)&from_ss; + int s, fromlen = sizeof (from_ss); if (passivemode) return (fdopen(data, lmode)); - s = accept(data, (struct sockaddr *) &from, &fromlen); + s = accept (data, from, &fromlen); if (s < 0) { warn("accept"); close(data), data = -1; return (NULL); } close(data); data = s; -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - tos = IPTOS_THROUGHPUT; - if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0) - warn("setsockopt TOS (ignored)"); +#ifdef IPTOS_THROUGHPUT + socket_set_tos (s, IPTOS_THROUGHPUT); #endif return (fdopen(data, lmode)); } void ptransfer(char *direction, long int bytes, struct timeval *t0, struct timeval *t1) { struct timeval td; float s; float bs; int prec; char *unit; if (verbose) { td.tv_sec = t1->tv_sec - t0->tv_sec; td.tv_usec = t1->tv_usec - t0->tv_usec; if(td.tv_usec < 0){ td.tv_sec--; td.tv_usec += 1000000; } s = td.tv_sec + (td.tv_usec / 1000000.); bs = bytes / (s?s:1); if(bs >= 1048576){ bs /= 1048576; unit = "M"; prec = 2; }else if(bs >= 1024){ bs /= 1024; unit = "k"; prec = 1; }else{ unit = ""; prec = 0; } printf("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n", bytes, direction, s, prec, bs, unit); } } void psabort(int sig) { abrtflag++; } void pswitch(int flag) { sighand oldintr; static struct comvars { int connect; char name[MaxHostNameLen]; - struct sockaddr_in mctl; - struct sockaddr_in hctl; + struct sockaddr_storage mctl; + struct sockaddr_storage hctl; FILE *in; FILE *out; int tpe; int curtpe; int cpnd; int sunqe; int runqe; int mcse; int ntflg; char nti[17]; char nto[17]; int mapflg; char mi[MaxPathLen]; char mo[MaxPathLen]; } proxstruct, tmpstruct; struct comvars *ip, *op; abrtflag = 0; oldintr = signal(SIGINT, psabort); if (flag) { if (proxy) return; ip = &tmpstruct; op = &proxstruct; proxy++; } else { if (!proxy) return; ip = &proxstruct; op = &tmpstruct; proxy = 0; } ip->connect = connected; connected = op->connect; if (hostname) { - strncpy(ip->name, hostname, sizeof(ip->name) - 1); - ip->name[strlen(ip->name)] = '\0'; + strlcpy (ip->name, hostname, sizeof (ip->name)); } else ip->name[0] = 0; hostname = op->name; - ip->hctl = hisctladdr; - hisctladdr = op->hctl; - ip->mctl = myctladdr; - myctladdr = op->mctl; + ip->hctl = hisctladdr_ss; + hisctladdr_ss = op->hctl; + ip->mctl = myctladdr_ss; + myctladdr_ss = op->mctl; ip->in = cin; cin = op->in; ip->out = cout; cout = op->out; ip->tpe = type; type = op->tpe; ip->curtpe = curtype; curtype = op->curtpe; ip->cpnd = cpend; cpend = op->cpnd; ip->sunqe = sunique; sunique = op->sunqe; ip->runqe = runique; runique = op->runqe; ip->mcse = mcase; mcase = op->mcse; ip->ntflg = ntflag; ntflag = op->ntflg; - strncpy(ip->nti, ntin, 16); - (ip->nti)[strlen(ip->nti)] = '\0'; - strcpy(ntin, op->nti); - strncpy(ip->nto, ntout, 16); - (ip->nto)[strlen(ip->nto)] = '\0'; - strcpy(ntout, op->nto); + strlcpy (ip->nti, ntin, sizeof (ip->nti)); + strlcpy (ntin, op->nti, 17); + strlcpy (ip->nto, ntout, sizeof (ip->nto)); + strlcpy (ntout, op->nto, 17); ip->mapflg = mapflag; mapflag = op->mapflg; - strncpy(ip->mi, mapin, MaxPathLen - 1); - (ip->mi)[strlen(ip->mi)] = '\0'; - strcpy(mapin, op->mi); - strncpy(ip->mo, mapout, MaxPathLen - 1); - (ip->mo)[strlen(ip->mo)] = '\0'; - strcpy(mapout, op->mo); + strlcpy (ip->mi, mapin, MaxPathLen); + strlcpy (mapin, op->mi, MaxPathLen); + strlcpy (ip->mo, mapout, MaxPathLen); + strlcpy (mapout, op->mo, MaxPathLen); signal(SIGINT, oldintr); if (abrtflag) { abrtflag = 0; (*oldintr)(SIGINT); } } void abortpt(int sig) { printf("\n"); fflush(stdout); ptabflg++; mflag = 0; abrtflag = 0; longjmp(ptabort, 1); } void proxtrans(char *cmd, char *local, char *remote) { sighand oldintr; int secndflag = 0, prox_type, nfnd; char *cmd2; fd_set mask; if (strcmp(cmd, "RETR")) cmd2 = "RETR"; else cmd2 = runique ? "STOU" : "STOR"; if ((prox_type = type) == 0) { if (unix_server && unix_proxy) prox_type = TYPE_I; else prox_type = TYPE_A; } if (curtype != prox_type) changetype(prox_type, 1); if (command("PASV") != COMPLETE) { printf("proxy server does not support third party transfers.\n"); return; } pswitch(0); if (!connected) { printf("No primary connection\n"); pswitch(1); code = -1; return; } if (curtype != prox_type) changetype(prox_type, 1); if (command("PORT %s", pasv) != COMPLETE) { pswitch(1); return; } if (setjmp(ptabort)) goto abort; oldintr = signal(SIGINT, abortpt); if (command("%s %s", cmd, remote) != PRELIM) { signal(SIGINT, oldintr); pswitch(1); return; } sleep(2); pswitch(1); secndflag++; if (command("%s %s", cmd2, local) != PRELIM) goto abort; ptflag++; getreply(0); pswitch(0); getreply(0); signal(SIGINT, oldintr); pswitch(1); ptflag = 0; printf("local: %s remote: %s\n", local, remote); return; abort: signal(SIGINT, SIG_IGN); ptflag = 0; if (strcmp(cmd, "RETR") && !proxy) pswitch(1); else if (!strcmp(cmd, "RETR") && proxy) pswitch(0); if (!cpend && !secndflag) { /* only here if cmd = "STOR" (proxy=1) */ if (command("%s %s", cmd2, local) != PRELIM) { pswitch(0); if (cpend) abort_remote((FILE *) NULL); } pswitch(1); if (ptabflg) code = -1; signal(SIGINT, oldintr); return; } if (cpend) abort_remote((FILE *) NULL); pswitch(!proxy); if (!cpend && !secndflag) { /* only if cmd = "RETR" (proxy=1) */ if (command("%s %s", cmd2, local) != PRELIM) { pswitch(0); if (cpend) abort_remote((FILE *) NULL); pswitch(1); if (ptabflg) code = -1; signal(SIGINT, oldintr); return; } } if (cpend) abort_remote((FILE *) NULL); pswitch(!proxy); if (cpend) { FD_ZERO(&mask); FD_SET(fileno(cin), &mask); if ((nfnd = empty(&mask, 10)) <= 0) { if (nfnd < 0) { warn("abort"); } if (ptabflg) code = -1; lostpeer(0); } getreply(0); getreply(0); } if (proxy) pswitch(0); pswitch(1); if (ptabflg) code = -1; signal(SIGINT, oldintr); } void reset(int argc, char **argv) { fd_set mask; int nfnd = 1; FD_ZERO(&mask); while (nfnd > 0) { FD_SET(fileno(cin), &mask); if ((nfnd = empty(&mask,0)) < 0) { warn("reset"); code = -1; lostpeer(0); - } - else if (nfnd) { + } else if (nfnd) { getreply(0); } } } char * gunique(char *local) { static char new[MaxPathLen]; char *cp = strrchr(local, '/'); int d, count=0; char ext = '1'; if (cp) *cp = '\0'; d = access(cp ? local : ".", 2); if (cp) *cp = '/'; if (d < 0) { warn("local: %s", local); return NULL; } - strcpy(new, local); + strlcpy (new, local, sizeof(new)); cp = new + strlen(new); *cp++ = '.'; while (!d) { if (++count == 100) { printf("runique: can't find unique file name.\n"); return NULL; } *cp++ = ext; *cp = '\0'; if (ext == '9') ext = '0'; else ext++; if ((d = access(new, 0)) < 0) break; if (ext != '0') cp--; else if (*(cp - 2) == '.') *(cp - 1) = '1'; else { *(cp - 2) = *(cp - 2) + 1; cp--; } } return (new); } void abort_remote(FILE *din) { char buf[BUFSIZ]; int nfnd; fd_set mask; /* * send IAC in urgent mode instead of DM because 4.3BSD places oob mark * after urgent byte rather than before as is protocol now */ snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC); if (send(fileno(cout), buf, 3, MSG_OOB) != 3) warn("abort"); fprintf(cout,"%cABOR\r\n", DM); fflush(cout); FD_ZERO(&mask); FD_SET(fileno(cin), &mask); if (din) { FD_SET(fileno(din), &mask); } if ((nfnd = empty(&mask, 10)) <= 0) { if (nfnd < 0) { warn("abort"); } if (ptabflg) code = -1; lostpeer(0); } if (din && FD_ISSET(fileno(din), &mask)) { while (read(fileno(din), buf, BUFSIZ) > 0) /* LOOP */; } if (getreply(0) == ERROR && code == 552) { /* 552 needed for nic style abort */ getreply(0); } getreply(0); } Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h (revision 62578) @@ -1,145 +1,139 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: ftp_locl.h,v 1.29 1997/05/20 18:40:28 bg Exp $ */ +/* $Id: ftp_locl.h,v 1.34 1999/12/02 16:58:29 joda Exp $ */ #ifndef __FTP_LOCL_H__ #define __FTP_LOCL_H__ #ifdef HAVE_CONFIG_H #include #endif -#include - #ifdef HAVE_PWD_H #include #endif #include #include #include #include #include #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_SYS_RESOURCE_H #include #endif #ifdef HAVE_SYS_WAIT_H #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_NETINET_IN_SYSTM_H #include #endif #ifdef HAVE_NETINET_IP_H #include #endif #ifdef HAVE_ARPA_FTP_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_ARPA_TELNET_H #include #endif #include #include #include #ifdef HAVE_NETDB_H #include #endif #ifdef HAVE_SYS_MMAN_H #include #endif #include #ifdef SOCKS #include -extern int LIBPREFIX(fclose) __P((FILE *)); +extern int LIBPREFIX(fclose) (FILE *); + +/* This doesn't belong here. */ +struct tm *localtime(const time_t *); +struct hostent *gethostbyname(const char *); + #endif #include "ftp_var.h" #include "extern.h" #include "common.h" #include "pathnames.h" -#include - -#include - -#include "krb4.h" - #include "roken.h" +#include "security.h" +#include /* for des_read_pw_string */ #if defined(__sun__) && !defined(__svr4) int fclose(FILE*); int pclose(FILE*); #endif #endif /* __FTP_LOCL_H__ */ Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/kauth.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/kauth.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/kauth.c (revision 62578) @@ -1,145 +1,198 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "ftp_locl.h" -RCSID("$Id: kauth.c,v 1.14 1997/05/11 04:08:04 assar Exp $"); +#include +RCSID("$Id: kauth.c,v 1.20 1999/12/02 16:58:29 joda Exp $"); -void kauth(int argc, char **argv) +void +kauth(int argc, char **argv) { int ret; char buf[1024]; des_cblock key; des_key_schedule schedule; KTEXT_ST tkt, tktcopy; char *name; char *p; int overbose; char passwd[100]; int tmp; + int save; + if(argc > 2){ printf("usage: %s [principal]\n", argv[0]); code = -1; return; } if(argc == 2) name = argv[1]; else name = username; overbose = verbose; verbose = 0; + save = set_command_prot(prot_private); ret = command("SITE KAUTH %s", name); if(ret != CONTINUE){ verbose = overbose; + set_command_prot(save); code = -1; return; } verbose = overbose; p = strstr(reply_string, "T="); if(!p){ printf("Bad reply from server.\n"); + set_command_prot(save); code = -1; return; } p += 2; tmp = base64_decode(p, &tkt.dat); if(tmp < 0){ printf("Failed to decode base64 in reply.\n"); + set_command_prot(save); code = -1; return; } tkt.length = tmp; tktcopy.length = tkt.length; p = strstr(reply_string, "P="); if(!p){ printf("Bad reply from server.\n"); verbose = overbose; + set_command_prot(save); code = -1; return; } name = p + 2; for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++); *p = 0; snprintf(buf, sizeof(buf), "Password for %s:", name); if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0)) *passwd = '\0'; des_string_to_key (passwd, &key); des_key_sched(&key, schedule); des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, tkt.length, schedule, &key, DES_DECRYPT); if (strcmp ((char*)tktcopy.dat + 8, KRB_TICKET_GRANTING_TICKET) != 0) { afs_string_to_key (passwd, krb_realmofhost(hostname), &key); des_key_sched (&key, schedule); des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, tkt.length, schedule, &key, DES_DECRYPT); } memset(key, 0, sizeof(key)); memset(schedule, 0, sizeof(schedule)); memset(passwd, 0, sizeof(passwd)); - base64_encode(tktcopy.dat, tktcopy.length, &p); + if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) { + printf("Out of memory base64-encoding.\n"); + set_command_prot(save); + code = -1; + return; + } memset (tktcopy.dat, 0, tktcopy.length); ret = command("SITE KAUTH %s %s", name, p); free(p); + set_command_prot(save); if(ret != COMPLETE){ code = -1; return; } code = 0; } -void klist(int argc, char **argv) +void +klist(int argc, char **argv) { int ret; if(argc != 1){ printf("usage: %s\n", argv[0]); code = -1; return; } ret = command("SITE KLIST"); + code = (ret == COMPLETE); +} + +void +kdestroy(int argc, char **argv) +{ + int ret; + if (argc != 1) { + printf("usage: %s\n", argv[0]); + code = -1; + return; + } + ret = command("SITE KDESTROY"); + code = (ret == COMPLETE); +} + +void +krbtkfile(int argc, char **argv) +{ + int ret; + if(argc != 2) { + printf("usage: %s tktfile\n", argv[0]); + code = -1; + return; + } + ret = command("SITE KRBTKFILE %s", argv[1]); + code = (ret == COMPLETE); +} + +void +afslog(int argc, char **argv) +{ + int ret; + if(argc > 2) { + printf("usage: %s [cell]\n", argv[0]); + code = -1; + return; + } + if(argc == 2) + ret = command("SITE AFSLOG %s", argv[1]); + else + ret = command("SITE AFSLOG"); code = (ret == COMPLETE); } Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/krb4.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/krb4.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/krb4.c (revision 62578) @@ -1,567 +1,334 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ +#ifdef FTP_SERVER +#include "ftpd_locl.h" +#else #include "ftp_locl.h" +#endif +#include -RCSID("$Id: krb4.c,v 1.18 1997/05/11 04:08:05 assar Exp $"); +RCSID("$Id: krb4.c,v 1.36.2.1 1999/12/06 17:29:45 assar Exp $"); -static KTEXT_ST krb4_adat; +#ifdef FTP_SERVER +#define LOCAL_ADDR ctrl_addr +#define REMOTE_ADDR his_addr +#else +#define LOCAL_ADDR myctladdr +#define REMOTE_ADDR hisctladdr +#endif -static des_cblock key; -static des_key_schedule schedule; +extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR; -static char *data_buffer; - -extern struct sockaddr_in hisctladdr, myctladdr; - -int auth_complete; - -static int command_prot; - -static int auth_pbsz; -static int data_prot; - -static int request_data_prot; - - -static struct { - int level; - char *name; -} level_names[] = { - { prot_clear, "clear" }, - { prot_safe, "safe" }, - { prot_confidential, "confidential" }, - { prot_private, "private" } +struct krb4_data { + des_cblock key; + des_key_schedule schedule; + char name[ANAME_SZ]; + char instance[INST_SZ]; + char realm[REALM_SZ]; }; -static char *level_to_name(int level) -{ - int i; - for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) - if(level_names[i].level == level) - return level_names[i].name; - return "unknown"; -} - -static int name_to_level(char *name) -{ - int i; - for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) - if(!strncasecmp(level_names[i].name, name, strlen(name))) - return level_names[i].level; - return -1; -} - -void sec_status(void) -{ - if(auth_complete){ - printf("Using KERBEROS_V4 for authentication.\n"); - - command_prot = prot_private; /* this variable is not used */ - - printf("Using %s command channel.\n", - level_to_name(command_prot)); - - printf("Using %s data channel.\n", - level_to_name(data_prot)); - if(auth_pbsz > 0) - printf("Protection buffer size: %d.\n", auth_pbsz); - }else{ - printf("Not using any security mechanism.\n"); - } -} - static int -sec_prot_internal(int level) +krb4_check_prot(void *app_data, int level) { - int ret; - char *p; - int s = 1048576; - - int old_verbose = verbose; - verbose = 0; - - if(!auth_complete){ - printf("No security data exchange has taken place.\n"); + if(level == prot_confidential) return -1; - } - - if(level){ - ret = command("PBSZ %d", s); - if(ret != COMPLETE){ - printf("Failed to set protection buffer size.\n"); - return -1; - } - auth_pbsz = s; - p = strstr(reply_string, "PBSZ="); - if(p) - sscanf(p, "PBSZ=%d", &s); - if(s < auth_pbsz) - auth_pbsz = s; - if(data_buffer) - free(data_buffer); - data_buffer = malloc(auth_pbsz); - } - verbose = old_verbose; - ret = command("PROT %c", level["CSEP"]); /* XXX :-) */ - if(ret != COMPLETE){ - printf("Failed to set protection level.\n"); - return -1; - } - - data_prot = level; return 0; } - -void -sec_prot(int argc, char **argv) -{ - int level = -1; - - if(argc != 2){ - printf("usage: %s (clear | safe | confidential | private)\n", - argv[0]); - code = -1; - return; - } - if(!auth_complete){ - printf("No security data exchange has taken place.\n"); - code = -1; - return; - } - level = name_to_level(argv[1]); - - if(level == -1){ - printf("usage: %s (clear | safe | confidential | private)\n", - argv[0]); - code = -1; - return; - } - - if(level == prot_confidential){ - printf("Confidential protection is not defined with Kerberos.\n"); - code = -1; - return; - } - - if(sec_prot_internal(level) < 0){ - code = -1; - return; - } - code = 0; -} - -void -sec_set_protection_level(void) -{ - if(auth_complete && data_prot != request_data_prot) - sec_prot_internal(request_data_prot); -} - - -int -sec_request_prot(char *level) -{ - int l = name_to_level(level); - if(l == -1) - return -1; - request_data_prot = l; - return 0; -} - - -int sec_getc(FILE *F) -{ - if(auth_complete && data_prot) - return krb4_getc(F); - else - return getc(F); -} - -int sec_read(int fd, void *data, int length) -{ - if(auth_complete && data_prot) - return krb4_read(fd, data, length); - else - return read(fd, data, length); -} - static int -krb4_recv(int fd) +krb4_decode(void *app_data, void *buf, int len, int level) { - int len; MSG_DAT m; - int kerror; + int e; + struct krb4_data *d = app_data; - krb_net_read(fd, &len, sizeof(len)); - len = ntohl(len); - krb_net_read(fd, data_buffer, len); - if(data_prot == prot_safe) - kerror = krb_rd_safe(data_buffer, len, &key, - &hisctladdr, &myctladdr, &m); + if(level == prot_safe) + e = krb_rd_safe(buf, len, &d->key, + (struct sockaddr_in *)REMOTE_ADDR, + (struct sockaddr_in *)LOCAL_ADDR, &m); else - kerror = krb_rd_priv(data_buffer, len, schedule, &key, - &hisctladdr, &myctladdr, &m); - if(kerror){ + e = krb_rd_priv(buf, len, d->schedule, &d->key, + (struct sockaddr_in *)REMOTE_ADDR, + (struct sockaddr_in *)LOCAL_ADDR, &m); + if(e){ + syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e)); return -1; } - memmove(data_buffer, m.app_data, m.app_length); + memmove(buf, m.app_data, m.app_length); return m.app_length; } - -int krb4_getc(FILE *F) +static int +krb4_overhead(void *app_data, int level, int len) { - static int bytes; - static int index; - if(bytes == 0){ - bytes = krb4_recv(fileno(F)); - index = 0; - } - if(bytes){ - bytes--; - return (unsigned char)data_buffer[index++]; - } - return EOF; + return 31; } -int krb4_read(int fd, char *data, int length) -{ - static int left; - static int index; - static int eof; - int len = left; - int rx = 0; - - if(eof){ - eof = 0; - return 0; - } - - if(left){ - if(length < len) - len = length; - memmove(data, data_buffer + index, len); - length -= len; - index += len; - rx += len; - left -= len; - } - - while(length){ - len = krb4_recv(fd); - if(len == 0){ - if(rx) - eof = 1; - return rx; - } - if(len > length){ - left = len - length; - len = index = length; - } - memmove(data, data_buffer, len); - length -= len; - data += len; - rx += len; - } - return rx; -} - - static int -krb4_encode(char *from, char *to, int length) +krb4_encode(void *app_data, void *from, int length, int level, void **to) { - if(data_prot == prot_safe) - return krb_mk_safe(from, to, length, &key, - &myctladdr, &hisctladdr); + struct krb4_data *d = app_data; + *to = malloc(length + 31); + if(level == prot_safe) + return krb_mk_safe(from, *to, length, &d->key, + (struct sockaddr_in *)LOCAL_ADDR, + (struct sockaddr_in *)REMOTE_ADDR); + else if(level == prot_private) + return krb_mk_priv(from, *to, length, d->schedule, &d->key, + (struct sockaddr_in *)LOCAL_ADDR, + (struct sockaddr_in *)REMOTE_ADDR); else - return krb_mk_priv(from, to, length, schedule, &key, - &myctladdr, &hisctladdr); + return -1; } +#ifdef FTP_SERVER + static int -krb4_overhead(int len) +krb4_adat(void *app_data, void *buf, size_t len) { - if(data_prot == prot_safe) - return 31; - else - return 26; -} + KTEXT_ST tkt; + AUTH_DAT auth_dat; + char *p; + int kerror; + u_int32_t cs; + char msg[35]; /* size of encrypted block */ + int tmp_len; + struct krb4_data *d = app_data; + char inst[INST_SZ]; + struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr; -static char p_buf[1024]; -static int p_index; + memcpy(tkt.dat, buf, len); + tkt.length = len; -int -sec_putc(int c, FILE *F) -{ - if(data_prot){ - if((c == '\n' && p_index) || p_index == sizeof(p_buf)){ - sec_write(fileno(F), p_buf, p_index); - p_index = 0; - } - p_buf[p_index++] = c; - return c; - } - return putc(c, F); + k_getsockinst(0, inst, sizeof(inst)); + kerror = krb_rd_req(&tkt, "ftp", inst, + his_addr_sin->sin_addr.s_addr, &auth_dat, ""); + if(kerror == RD_AP_UNDEC){ + k_getsockinst(0, inst, sizeof(inst)); + kerror = krb_rd_req(&tkt, "rcmd", inst, + his_addr_sin->sin_addr.s_addr, &auth_dat, ""); } -static int -sec_send(int fd, char *from, int length) -{ - int bytes; - bytes = krb4_encode(from, data_buffer, length); - bytes = htonl(bytes); - krb_net_write(fd, &bytes, sizeof(bytes)); - krb_net_write(fd, data_buffer, ntohl(bytes)); - return length; + if(kerror){ + reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); + return -1; } -int -sec_fflush(FILE *F) + memcpy(d->key, auth_dat.session, sizeof(d->key)); + des_set_key(&d->key, d->schedule); + + strlcpy(d->name, auth_dat.pname, sizeof(d->name)); + strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance)); + strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance)); + + cs = auth_dat.checksum + 1; { - if(data_prot){ - if(p_index){ - sec_write(fileno(F), p_buf, p_index); - p_index = 0; + unsigned char tmp[4]; + KRB_PUT_INT(cs, tmp, 4, sizeof(tmp)); + tmp_len = krb_mk_safe(tmp, msg, 4, &d->key, + (struct sockaddr_in *)LOCAL_ADDR, + (struct sockaddr_in *)REMOTE_ADDR); +} + if(tmp_len < 0){ + reply(535, "Error creating reply: %s.", strerror(errno)); + return -1; } - sec_send(fileno(F), NULL, 0); + len = tmp_len; + if(base64_encode(msg, len, &p) < 0) { + reply(535, "Out of memory base64-encoding."); + return -1; } - fflush(F); + reply(235, "ADAT=%s", p); + sec_complete = 1; + free(p); return 0; } -int -sec_write(int fd, char *data, int length) +static int +krb4_userok(void *app_data, char *user) { - int len = auth_pbsz; - int tx = 0; + struct krb4_data *d = app_data; + return krb_kuserok(d->name, d->instance, d->realm, user); +} - if(data_prot == prot_clear) - return write(fd, data, length); +struct sec_server_mech krb4_server_mech = { + "KERBEROS_V4", + sizeof(struct krb4_data), + NULL, /* init */ + NULL, /* end */ + krb4_check_prot, + krb4_overhead, + krb4_encode, + krb4_decode, + /* */ + NULL, + krb4_adat, + NULL, /* pbsz */ + NULL, /* ccc */ + krb4_userok +}; - len -= krb4_overhead(len); - while(length){ - if(length < len) - len = length; - sec_send(fd, data, len); - length -= len; - data += len; - tx += len; - } - return tx; -} +#else /* FTP_SERVER */ static int -do_auth(char *service, char *host, int checksum) +mk_auth(struct krb4_data *d, KTEXT adat, + char *service, char *host, int checksum) { int ret; CREDENTIALS cred; char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - strcpy(sname, service); - strcpy(inst, krb_get_phost(host)); - strcpy(realm, krb_realmofhost(host)); - ret = krb_mk_req(&krb4_adat, sname, inst, realm, checksum); + + strlcpy(sname, service, sizeof(sname)); + strlcpy(inst, krb_get_phost(host), sizeof(inst)); + strlcpy(realm, krb_realmofhost(host), sizeof(realm)); + ret = krb_mk_req(adat, sname, inst, realm, checksum); if(ret) return ret; - strcpy(sname, service); - strcpy(inst, krb_get_phost(host)); - strcpy(realm, krb_realmofhost(host)); + strlcpy(sname, service, sizeof(sname)); + strlcpy(inst, krb_get_phost(host), sizeof(inst)); + strlcpy(realm, krb_realmofhost(host), sizeof(realm)); ret = krb_get_cred(sname, inst, realm, &cred); - memmove(&key, &cred.session, sizeof(des_cblock)); - des_key_sched(&key, schedule); + memmove(&d->key, &cred.session, sizeof(des_cblock)); + des_key_sched(&d->key, d->schedule); memset(&cred, 0, sizeof(cred)); return ret; } - -int -do_klogin(char *host) +static int +krb4_auth(void *app_data, char *host) { int ret; char *p; int len; - char adat[1024]; + KTEXT_ST adat; MSG_DAT msg_data; int checksum; + u_int32_t cs; + struct krb4_data *d = app_data; + struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR; + struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR; - int old_verbose = verbose; - - verbose = 0; - printf("Trying KERBEROS_V4...\n"); - ret = command("AUTH KERBEROS_V4"); - if(ret != CONTINUE){ - if(code == 504){ - printf("Kerberos 4 is not supported by the server.\n"); - }else if(code == 534){ - printf("KERBEROS_V4 rejected as security mechanism.\n"); - }else if(ret == ERROR) - printf("The server doesn't understand the FTP " - "security extensions.\n"); - verbose = old_verbose; - return -1; - } - checksum = getpid(); - ret = do_auth("ftp", host, checksum); + ret = mk_auth(d, &adat, "ftp", host, checksum); if(ret == KDC_PR_UNKNOWN) - ret = do_auth("rcmd", host, checksum); + ret = mk_auth(d, &adat, "rcmd", host, checksum); if(ret){ printf("%s\n", krb_get_err_text(ret)); - verbose = old_verbose; - return ret; + return AUTH_CONTINUE; } - base64_encode(krb4_adat.dat, krb4_adat.length, &p); +#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM + if (krb_get_config_bool("nat_in_use")) { + struct in_addr natAddr; + + if (krb_get_our_ip_for_realm(krb_realmofhost(host), + &natAddr) != KSUCCESS + && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS) + printf("Can't get address for realm %s\n", + krb_realmofhost(host)); + else { + if (natAddr.s_addr != localaddr->sin_addr.s_addr) { + printf("Using NAT IP address (%s) for kerberos 4\n", + inet_ntoa(natAddr)); + localaddr->sin_addr = natAddr; + + /* + * This not the best place to do this, but it + * is here we know that (probably) NAT is in + * use! + */ + + passivemode = 1; + printf("Setting: Passive mode on.\n"); + } + } + } +#endif + + printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr)); + printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr)); + + if(base64_encode(adat.dat, adat.length, &p) < 0) { + printf("Out of memory base64-encoding.\n"); + return AUTH_CONTINUE; + } ret = command("ADAT %s", p); free(p); if(ret != COMPLETE){ printf("Server didn't accept auth data.\n"); - verbose = old_verbose; - return -1; + return AUTH_ERROR; } p = strstr(reply_string, "ADAT="); if(!p){ printf("Remote host didn't send adat reply.\n"); - verbose = old_verbose; - return -1; + return AUTH_ERROR; } p+=5; - len = base64_decode(p, adat); + len = base64_decode(p, adat.dat); if(len < 0){ printf("Failed to decode base64 from server.\n"); - verbose = old_verbose; - return -1; + return AUTH_ERROR; } - ret = krb_rd_safe(adat, len, &key, - &hisctladdr, &myctladdr, &msg_data); + adat.length = len; + ret = krb_rd_safe(adat.dat, adat.length, &d->key, + (struct sockaddr_in *)hisctladdr, + (struct sockaddr_in *)myctladdr, &msg_data); if(ret){ printf("Error reading reply from server: %s.\n", krb_get_err_text(ret)); - verbose = old_verbose; - return -1; + return AUTH_ERROR; } - { - /* the draft doesn't tell what size the return has */ - int i; - u_int32_t cs = 0; - for(i = 0; i < msg_data.app_length; i++) - cs = (cs<<8) + msg_data.app_data[i]; + krb_get_int(msg_data.app_data, &cs, 4, 0); if(cs - checksum != 1){ printf("Bad checksum returned from server.\n"); - verbose = old_verbose; - return -1; - } + return AUTH_ERROR; } - auth_complete = 1; - verbose = old_verbose; - return 0; + return AUTH_OK; } -void -krb4_quit(void) -{ - auth_complete = 0; -} +struct sec_client_mech krb4_client_mech = { + "KERBEROS_V4", + sizeof(struct krb4_data), + NULL, /* init */ + krb4_auth, + NULL, /* end */ + krb4_check_prot, + krb4_overhead, + krb4_encode, + krb4_decode +}; -int krb4_write_enc(FILE *F, char *fmt, va_list ap) -{ - int len; - char *p; - char buf[1024]; - char enc[1024]; - - vsnprintf(buf, sizeof(buf), fmt, ap); - len = krb_mk_priv(buf, enc, strlen(buf), schedule, &key, - &myctladdr, &hisctladdr); - base64_encode(enc, len, &p); - - fprintf(F, "ENC %s", p); - free (p); - return 0; -} - - -int krb4_read_msg(char *s, int priv) -{ - int len; - int ret; - char buf[1024]; - MSG_DAT m; - int code; - - len = base64_decode(s + 4, buf); - if(priv) - ret = krb_rd_priv(buf, len, schedule, &key, - &hisctladdr, &myctladdr, &m); - else - ret = krb_rd_safe(buf, len, &key, &hisctladdr, &myctladdr, &m); - if(ret){ - printf("%s\n", krb_get_err_text(ret)); - return -1; - } - - m.app_data[m.app_length] = 0; - if(m.app_data[3] == '-') - code = 0; - else - sscanf((char*)m.app_data, "%d", &code); - strncpy(s, (char*)m.app_data, strlen((char*)m.app_data)); - - s[m.app_length] = 0; - len = strlen(s); - if(s[len-1] == '\n') - s[len-1] = 0; - - return code; -} - -int -krb4_read_mic(char *s) -{ - return krb4_read_msg(s, 0); -} - -int -krb4_read_enc(char *s) -{ - return krb4_read_msg(s, 1); -} - +#endif /* FTP_SERVER */ Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/main.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/main.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/main.c (revision 62578) @@ -1,542 +1,549 @@ /* * Copyright (c) 1985, 1989, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * FTP User Program -- Command Interface. */ #include "ftp_locl.h" -RCSID("$Id: main.c,v 1.20 1997/04/20 16:14:55 joda Exp $"); +RCSID("$Id: main.c,v 1.27 1999/11/13 06:18:02 assar Exp $"); int main(int argc, char **argv) { int ch, top; struct passwd *pw = NULL; char homedir[MaxPathLen]; struct servent *sp; set_progname(argv[0]); sp = getservbyname("ftp", "tcp"); if (sp == 0) errx(1, "ftp/tcp: unknown service"); doglob = 1; interactive = 1; autologin = 1; + passivemode = 0; /* passive mode not active */ - while ((ch = getopt(argc, argv, "dgintv")) != EOF) { + while ((ch = getopt(argc, argv, "dginptv")) != -1) { switch (ch) { case 'd': options |= SO_DEBUG; debug++; break; case 'g': doglob = 0; break; case 'i': interactive = 0; break; case 'n': autologin = 0; break; + case 'p': + passivemode = 1; + break; case 't': trace++; break; case 'v': verbose++; break; default: fprintf(stderr, - "usage: ftp [-dgintv] [host [port]]\n"); + "usage: ftp [-dginptv] [host [port]]\n"); exit(1); } } argc -= optind; argv += optind; fromatty = isatty(fileno(stdin)); if (fromatty) verbose++; cpend = 0; /* no pending replies */ proxy = 0; /* proxy not active */ - passivemode = 0; /* passive mode not active */ crflag = 1; /* strip c.r. on ascii gets */ sendport = -1; /* not using ports */ /* * Set up the home directory in case we're globbing. */ pw = k_getpwuid(getuid()); if (pw != NULL) { + strlcpy(homedir, pw->pw_dir, sizeof(homedir)); home = homedir; - strcpy(home, pw->pw_dir); } if (argc > 0) { char *xargv[5]; if (setjmp(toplevel)) exit(0); signal(SIGINT, intr); signal(SIGPIPE, lostpeer); xargv[0] = (char*)__progname; xargv[1] = argv[0]; xargv[2] = argv[1]; xargv[3] = argv[2]; xargv[4] = NULL; setpeer(argc+1, xargv); } if(setjmp(toplevel) == 0) top = 1; else top = 0; if (top) { signal(SIGINT, intr); signal(SIGPIPE, lostpeer); } for (;;) { cmdscanner(top); top = 1; } } void intr(int sig) { longjmp(toplevel, 1); } #ifndef SHUT_RDWR #define SHUT_RDWR 2 #endif RETSIGTYPE lostpeer(int sig) { if (connected) { if (cout != NULL) { shutdown(fileno(cout), SHUT_RDWR); fclose(cout); cout = NULL; } if (data >= 0) { shutdown(data, SHUT_RDWR); close(data); data = -1; } connected = 0; } pswitch(1); if (connected) { if (cout != NULL) { shutdown(fileno(cout), SHUT_RDWR); fclose(cout); cout = NULL; } connected = 0; } proxflag = 0; pswitch(0); + sec_end(); SIGRETURN(0); } /* char * tail(filename) char *filename; { char *s; while (*filename) { s = strrchr(filename, '/'); if (s == NULL) break; if (s[1]) return (s + 1); *s = '\0'; } return (filename); } */ #ifndef HAVE_READLINE static char * readline(char *prompt) { char buf[BUFSIZ]; printf ("%s", prompt); fflush (stdout); if(fgets(buf, sizeof(buf), stdin) == NULL) return NULL; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = '\0'; return strdup(buf); } static void add_history(char *p) { } #else /* These should not really be here */ char *readline(char *); void add_history(char *); #endif /* * Command parser. */ void cmdscanner(int top) { struct cmd *c; int l; if (!top) putchar('\n'); for (;;) { if (fromatty) { char *p; p = readline("ftp> "); if(p == NULL) quit(0, 0); - strncpy(line, p, sizeof(line)); - line[sizeof(line) - 1] = 0; + strlcpy(line, p, sizeof(line)); add_history(p); free(p); } else{ if (fgets(line, sizeof line, stdin) == NULL) quit(0, 0); } /* XXX will break on long lines */ l = strlen(line); if (l == 0) break; if (line[--l] == '\n') { if (l == 0) break; line[l] = '\0'; } else if (l == sizeof(line) - 2) { printf("sorry, input line too long\n"); while ((l = getchar()) != '\n' && l != EOF) /* void */; break; } /* else it was a line without a newline */ makeargv(); if (margc == 0) { continue; } c = getcmd(margv[0]); if (c == (struct cmd *)-1) { printf("?Ambiguous command\n"); continue; } if (c == 0) { printf("?Invalid command\n"); continue; } if (c->c_conn && !connected) { printf("Not connected.\n"); continue; } (*c->c_handler)(margc, margv); if (bell && c->c_bell) putchar('\007'); if (c->c_handler != help) break; } signal(SIGINT, intr); signal(SIGPIPE, lostpeer); } struct cmd * getcmd(char *name) { char *p, *q; struct cmd *c, *found; int nmatches, longest; longest = 0; nmatches = 0; found = 0; for (c = cmdtab; (p = c->c_name); c++) { for (q = name; *q == *p++; q++) if (*q == 0) /* exact match? */ return (c); if (!*q) { /* the name was a prefix */ if (q - name > longest) { longest = q - name; nmatches = 1; found = c; } else if (q - name == longest) nmatches++; } } if (nmatches > 1) return ((struct cmd *)-1); return (found); } /* * Slice a string up into argc/argv. */ int slrflag; void makeargv(void) { char **argp; argp = margv; stringbase = line; /* scan from first of buffer */ argbase = argbuf; /* store from first of buffer */ slrflag = 0; for (margc = 0; ; margc++) { /* Expand array if necessary */ if (margc == margvlen) { + int i; + margv = (margvlen == 0) ? (char **)malloc(20 * sizeof(char *)) : (char **)realloc(margv, (margvlen + 20)*sizeof(char *)); if (margv == NULL) errx(1, "cannot realloc argv array"); + for(i = margvlen; i < margvlen + 20; ++i) + margv[i] = NULL; margvlen += 20; argp = margv + margc; } if ((*argp++ = slurpstring()) == NULL) break; } } /* * Parse string into argbuf; * implemented with FSM to * handle quoting and strings */ char * slurpstring(void) { int got_one = 0; char *sb = stringbase; char *ap = argbase; char *tmp = argbase; /* will return this if token found */ if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */ switch (slrflag) { /* and $ as token for macro invoke */ case 0: slrflag++; stringbase++; return ((*sb == '!') ? "!" : "$"); /* NOTREACHED */ case 1: slrflag++; altarg = stringbase; break; default: break; } } S0: switch (*sb) { case '\0': goto OUT; case ' ': case '\t': sb++; goto S0; default: switch (slrflag) { case 0: slrflag++; break; case 1: slrflag++; altarg = sb; break; default: break; } goto S1; } S1: switch (*sb) { case ' ': case '\t': case '\0': goto OUT; /* end of token */ case '\\': sb++; goto S2; /* slurp next character */ case '"': sb++; goto S3; /* slurp quoted string */ default: *ap++ = *sb++; /* add character to token */ got_one = 1; goto S1; } S2: switch (*sb) { case '\0': goto OUT; default: *ap++ = *sb++; got_one = 1; goto S1; } S3: switch (*sb) { case '\0': goto OUT; case '"': sb++; goto S1; default: *ap++ = *sb++; got_one = 1; goto S3; } OUT: if (got_one) *ap++ = '\0'; argbase = ap; /* update storage pointer */ stringbase = sb; /* update scan pointer */ if (got_one) { return (tmp); } switch (slrflag) { case 0: slrflag++; break; case 1: slrflag++; altarg = (char *) 0; break; default: break; } return NULL; } #define HELPINDENT ((int) sizeof ("directory")) /* * Help command. * Call each command handler with argc == 0 and argv[0] == name. */ void help(int argc, char **argv) { struct cmd *c; if (argc == 1) { int i, j, w, k; int columns, width = 0, lines; printf("Commands may be abbreviated. Commands are:\n\n"); for (c = cmdtab; c < &cmdtab[NCMDS]; c++) { int len = strlen(c->c_name); if (len > width) width = len; } width = (width + 8) &~ 7; columns = 80 / width; if (columns == 0) columns = 1; lines = (NCMDS + columns - 1) / columns; for (i = 0; i < lines; i++) { for (j = 0; j < columns; j++) { c = cmdtab + j * lines + i; if (c->c_name && (!proxy || c->c_proxy)) { printf("%s", c->c_name); } else if (c->c_name) { for (k=0; k < strlen(c->c_name); k++) { putchar(' '); } } if (c + lines >= &cmdtab[NCMDS]) { printf("\n"); break; } w = strlen(c->c_name); while (w < width) { w = (w + 8) &~ 7; putchar('\t'); } } } return; } while (--argc > 0) { char *arg; arg = *++argv; c = getcmd(arg); if (c == (struct cmd *)-1) printf("?Ambiguous help command %s\n", arg); else if (c == (struct cmd *)0) printf("?Invalid help command %s\n", arg); else printf("%-*s\t%s\n", HELPINDENT, c->c_name, c->c_help); } } Index: stable/3/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c (revision 62578) @@ -1,274 +1,312 @@ /* * Copyright (c) 1985, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "ftp_locl.h" -RCSID("$Id: ruserpass.c,v 1.10 1997/05/02 14:27:55 assar Exp $"); +RCSID("$Id: ruserpass.c,v 1.16 1999/09/16 20:37:31 assar Exp $"); static int token (void); static FILE *cfile; #define DEFAULT 1 #define LOGIN 2 #define PASSWD 3 #define ACCOUNT 4 #define MACDEF 5 #define PROT 6 #define ID 10 #define MACH 11 static char tokval[100]; static struct toktab { char *tokstr; int tval; } toktab[]= { { "default", DEFAULT }, { "login", LOGIN }, { "password", PASSWD }, { "passwd", PASSWD }, { "account", ACCOUNT }, { "machine", MACH }, { "macdef", MACDEF }, { "prot", PROT }, { NULL, 0 } }; +/* + * Write a copy of the hostname into `hostname, sz' and return a guess + * as to the `domain' of that hostname. + */ + +static char * +guess_domain (char *hostname, size_t sz) +{ + struct hostent *he; + char *dot; + char *a; + char **aliases; + + if (gethostname (hostname, sz) < 0) { + strlcpy (hostname, "", sz); + return ""; + } + dot = strchr (hostname, '.'); + if (dot != NULL) + return dot + 1; + + he = gethostbyname (hostname); + if (he == NULL) + return hostname; + + dot = strchr (he->h_name, '.'); + if (dot != NULL) { + strlcpy (hostname, he->h_name, sz); + return dot + 1; + } + for (aliases = he->h_aliases; (a = *aliases) != NULL; ++aliases) { + dot = strchr (a, '.'); + if (dot != NULL) { + strlcpy (hostname, a, sz); + return dot + 1; + } + } + return hostname; +} + int ruserpass(char *host, char **aname, char **apass, char **aacct) { char *hdir, buf[BUFSIZ], *tmp; int t, i, c, usedefault = 0; struct stat stb; - if(k_gethostname(myhostname, MaxHostNameLen) < 0) - strcpy(myhostname, ""); - if((mydomain = strchr(myhostname, '.')) == NULL) - mydomain = myhostname; - else - mydomain++; + mydomain = guess_domain (myhostname, MaxHostNameLen); + hdir = getenv("HOME"); if (hdir == NULL) hdir = "."; snprintf(buf, sizeof(buf), "%s/.netrc", hdir); cfile = fopen(buf, "r"); if (cfile == NULL) { if (errno != ENOENT) warn("%s", buf); return (0); } next: while ((t = token())) switch(t) { case DEFAULT: usedefault = 1; /* FALL THROUGH */ case MACH: if (!usedefault) { if (token() != ID) continue; /* * Allow match either for user's input host name * or official hostname. Also allow match of * incompletely-specified host in local domain. */ if (strcasecmp(host, tokval) == 0) goto match; if (strcasecmp(hostname, tokval) == 0) goto match; if ((tmp = strchr(hostname, '.')) != NULL && tmp++ && strcasecmp(tmp, mydomain) == 0 && strncasecmp(hostname, tokval, tmp-hostname) == 0 && tokval[tmp - hostname] == '\0') goto match; if ((tmp = strchr(host, '.')) != NULL && tmp++ && strcasecmp(tmp, mydomain) == 0 && strncasecmp(host, tokval, tmp - host) == 0 && tokval[tmp - host] == '\0') goto match; continue; } match: while ((t = token()) && t != MACH && t != DEFAULT) switch(t) { case LOGIN: - if (token()) + if (token()) { if (*aname == 0) { *aname = strdup(tokval); } else { if (strcmp(*aname, tokval)) goto next; } + } break; case PASSWD: if ((*aname == NULL || strcmp(*aname, "anonymous")) && fstat(fileno(cfile), &stb) >= 0 && (stb.st_mode & 077) != 0) { warnx("Error: .netrc file is readable by others."); warnx("Remove password or make file unreadable by others."); goto bad; } if (token() && *apass == 0) { *apass = strdup(tokval); } break; case ACCOUNT: if (fstat(fileno(cfile), &stb) >= 0 && (stb.st_mode & 077) != 0) { warnx("Error: .netrc file is readable by others."); warnx("Remove account or make file unreadable by others."); goto bad; } if (token() && *aacct == 0) { *aacct = strdup(tokval); } break; case MACDEF: if (proxy) { fclose(cfile); return (0); } - while ((c=getc(cfile)) != EOF && c == ' ' || c == '\t'); + while ((c=getc(cfile)) != EOF && + (c == ' ' || c == '\t')); if (c == EOF || c == '\n') { printf("Missing macdef name argument.\n"); goto bad; } if (macnum == 16) { printf("Limit of 16 macros have already been defined\n"); goto bad; } tmp = macros[macnum].mac_name; *tmp++ = c; for (i=0; i < 8 && (c=getc(cfile)) != EOF && !isspace(c); ++i) { *tmp++ = c; } if (c == EOF) { printf("Macro definition missing null line terminator.\n"); goto bad; } *tmp = '\0'; if (c != '\n') { while ((c=getc(cfile)) != EOF && c != '\n'); } if (c == EOF) { printf("Macro definition missing null line terminator.\n"); goto bad; } if (macnum == 0) { macros[macnum].mac_start = macbuf; } else { macros[macnum].mac_start = macros[macnum-1].mac_end + 1; } tmp = macros[macnum].mac_start; while (tmp != macbuf + 4096) { if ((c=getc(cfile)) == EOF) { printf("Macro definition missing null line terminator.\n"); goto bad; } *tmp = c; if (*tmp == '\n') { if (*(tmp-1) == '\0') { macros[macnum++].mac_end = tmp - 1; break; } *tmp = '\0'; } tmp++; } if (tmp == macbuf + 4096) { printf("4K macro buffer exceeded\n"); goto bad; } break; case PROT: token(); if(sec_request_prot(tokval) < 0) warnx("Unknown protection level \"%s\"", tokval); break; default: warnx("Unknown .netrc keyword %s", tokval); break; } goto done; } done: fclose(cfile); return (0); bad: fclose(cfile); return (-1); } static int token(void) { char *cp; int c; struct toktab *t; if (feof(cfile) || ferror(cfile)) return (0); while ((c = getc(cfile)) != EOF && (c == '\n' || c == '\t' || c == ' ' || c == ',')) continue; if (c == EOF) return (0); cp = tokval; if (c == '"') { while ((c = getc(cfile)) != EOF && c != '"') { if (c == '\\') c = getc(cfile); *cp++ = c; } } else { *cp++ = c; while ((c = getc(cfile)) != EOF && c != '\n' && c != '\t' && c != ' ' && c != ',') { if (c == '\\') c = getc(cfile); *cp++ = c; } } *cp = 0; if (tokval[0] == 0) return (0); for (t = toktab; t->tokstr; t++) if (!strcmp(t->tokstr, tokval)) return (t->tval); return (ID); } Index: stable/3/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in (revision 62578) @@ -1,84 +1,102 @@ # -# $Id: Makefile.in,v 1.31 1997/05/02 17:49:27 assar Exp $ +# $Id: Makefile.in,v 1.41 1999/10/03 16:39:27 joda Exp $ # srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ -topdir = ../../.. +top_builddir = ../../.. SHELL = /bin/sh CC = @CC@ YACC = @YACC@ RANLIB = @RANLIB@ DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +WFLAGS = @WFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) LD_FLAGS = @LD_FLAGS@ LIBS = @LIBS@ LIB_DBM = @LIB_DBM@ MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LN_S = @LN_S@ + prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ libexecdir = @libexecdir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ ATHENA = ../../.. INCTOP = $(ATHENA)/include LIBTOP = $(ATHENA)/lib LIBKAFS = @KRB_KAFS_LIB@ LIBKRB = -L$(LIBTOP)/krb -lkrb LIBDES = -L$(LIBTOP)/des -ldes -LIBOTP = -L$(LIBTOP)/otp -lotp +LIBOTP = @LIB_otp@ LIBROKEN= -L$(LIBTOP)/roken -lroken PROGS = ftpd$(EXECSUFFIX) -ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c popen.c auth.c krb4.c kauth.c -ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o popen.o auth.o krb4.o kauth.o +ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c ls.c popen.c security.c krb4.c kauth.c +ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o ls.o popen.o security.o krb4.o kauth.o SOURCES = $(ftpd_SOURCES) OBJECTS = $(ftpd_OBJS) all: $(PROGS) +$(ftpd_OBJS): security.h + +security.c: + $(LN_S) $(srcdir)/../ftp/security.c . +security.h: + $(LN_S) $(srcdir)/../ftp/security.h . +krb4.c: + $(LN_S) $(srcdir)/../ftp/krb4.c . +gssapi.c: + $(LN_S) $(srcdir)/../ftp/gssapi.c . + .c.o: - $(CC) -c $(CFLAGS) -I$(srcdir) -I$(srcdir)/../common -I$(INCTOP) $(DEFS) $< + $(CC) -c -DFTP_SERVER -I. -I$(srcdir) -I$(srcdir)/../common -I$(INCTOP) $(DEFS) $(CFLAGS) $(CPPFLAGS) $< install: all - $(MKINSTALLDIRS) $(libexecdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) for x in $(PROGS); do \ - $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done uninstall: for x in $(PROGS); do \ - rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done ftpd$(EXECSUFFIX): $(ftpd_OBJS) $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftpd_OBJS) -L../common -lcommon $(LIBKAFS) $(LIBKRB) $(LIBOTP) $(LIBDES) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) ftpcmd.c: ftpcmd.y $(YACC) $(YFLAGS) $< chmod a-w y.tab.c mv -f y.tab.c ftpcmd.c TAGS: $(SOURCES) etags $(SOURCES) +CLEANFILES = ftpd$(EXECSUFFIX) ftpcmd.c security.c security.h krb4.c gssapi.c + clean cleandir: - rm -f *~ *.o core ftpd ftpcmd.c \#* + rm -f *~ *.o core \#* $(CLEANFILES) distclean: rm -f Makefile + +.PHONY: all install uninstall clean cleandir distclean Index: stable/3/crypto/kerberosIV/appl/ftp/ftpd/extern.h =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftpd/extern.h (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftpd/extern.h (revision 62578) @@ -1,141 +1,160 @@ /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)extern.h 8.2 (Berkeley) 4/4/94 */ #ifndef _EXTERN_H_ #define _EXTERN_H_ +#ifdef HAVE_SYS_TYPES_H +#include +#endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_NETDB_H #include #endif #include #include #include #ifdef HAVE_PWD_H #include #endif -#ifdef HAVE_SYS_TYPES_H -#include + +#ifdef HAVE_LIMITS_H +#include #endif +#ifndef NBBY +#define NBBY CHAR_BIT +#endif + void abor(void); void blkfree(char **); char **copyblk(char **); void cwd(char *); void do_delete(char *); void dologout(int); +void eprt(char *); +void epsv(char *); void fatal(char *); int filename_check(char *); int ftpd_pclose(FILE *); FILE *ftpd_popen(char *, char *, int, int); -char *getline(char *, int); -void logwtmp(char *, char *, char *); +char *ftpd_getline(char *, int); +void ftpd_logwtmp(char *, char *, char *); void lreply(int, const char *, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 2, 3))) #endif ; void makedir(char *); void nack(char *); void nreply(const char *, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif ; void pass(char *); -void passive(void); -void perror_reply(int, char *); +void pasv(void); +void perror_reply(int, const char *); void pwd(void); void removedir(char *); void renamecmd(char *, char *); char *renamefrom(char *); void reply(int, const char *, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 2, 3))) #endif ; -void retrieve(char *, char *); +void retrieve(const char *, char *); void send_file_list(char *); void setproctitle(const char *, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif ; void statcmd(void); void statfilecmd(char *); void do_store(char *, char *, int); void upper(char *); void user(char *); void yyerror(char *); +void list_file(char*); + void kauth(char *, char*); void klist(void); +void cond_kdestroy(void); +void kdestroy(void); +void krbtkfile(const char *tkfile); +void afslog(const char *cell); +void afsunlog(void); int find(char *); +void builtin_ls(FILE*, const char*); + int do_login(int code, char *passwd); int klogin(char *name, char *password); const char *ftp_rooted(const char *path); -extern struct sockaddr_in ctrl_addr, his_addr; +extern struct sockaddr *ctrl_addr, *his_addr; extern char hostname[]; -extern struct sockaddr_in data_dest; +extern struct sockaddr *data_dest; extern int logged_in; extern struct passwd *pw; extern int guest; extern int logging; extern int type; extern int oobflag; extern off_t file_size; extern off_t byte_count; extern jmp_buf urgcatch; extern int form; extern int debug; extern int ftpd_timeout; extern int maxtimeout; extern int pdata; extern char hostname[], remotehost[]; extern char proctitle[]; extern int usedefault; extern int transflag; extern char tmpline[]; #endif /* _EXTERN_H_ */ Index: stable/3/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y (revision 62578) @@ -1,1408 +1,1455 @@ /* $NetBSD: ftpcmd.y,v 1.6 1995/06/03 22:46:45 mycroft Exp $ */ /* * Copyright (c) 1985, 1988, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)ftpcmd.y 8.3 (Berkeley) 4/6/94 */ /* * Grammar for FTP commands. * See RFC 959. */ %{ +#include "ftpd_locl.h" +RCSID("$Id: ftpcmd.y,v 1.56 1999/10/26 11:56:23 assar Exp $"); -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: ftpcmd.y,v 1.35 1997/05/25 14:38:49 assar Exp $"); - -#ifdef HAVE_SYS_TYPES_H -#include -#endif - -#ifdef HAVE_SYS_PARAM_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_SYS_STAT_H -#include -#endif - -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_FTP_H -#include -#endif - -#include -#include -#include -#ifdef HAVE_PWD_H -#include -#endif -#include -#include -#include -#include -#include -#ifdef HAVE_SYSLOG_H -#include -#endif -#include -#ifdef HAVE_UNISTD_H -#include -#endif - -#ifdef HAVE_BSD_BSD_H -#include -#endif - -#include - -#ifdef SOCKS -#include -extern int LIBPREFIX(fclose) __P((FILE *)); -#endif - -#include "extern.h" -#include "auth.h" - off_t restart_point; static int cmd_type; static int cmd_form; static int cmd_bytesz; -char cbuf[512]; +char cbuf[2048]; char *fromname; struct tab { char *name; short token; short state; short implemented; /* 1 if command is implemented */ char *help; }; extern struct tab cmdtab[]; extern struct tab sitetab[]; static char *copy (char *); static void help (struct tab *, char *); static struct tab * lookup (struct tab *, char *); static void sizecmd (char *); -static void toolong (int); +static RETSIGTYPE toolong (int); static int yylex (void); /* This is for bison */ #if !defined(alloca) && !defined(HAVE_ALLOCA) #define alloca(x) malloc(x) #endif %} %union { int i; char *s; } %token A B C E F I L N P R S T SP CRLF COMMA USER PASS ACCT REIN QUIT PORT PASV TYPE STRU MODE RETR STOR APPE MLFL MAIL MSND MSOM MSAM MRSQ MRCP ALLO REST RNFR RNTO ABOR DELE CWD LIST NLST SITE - STAT HELP NOOP MKD RMD PWD + sTAT HELP NOOP MKD RMD PWD CDUP STOU SMNT SYST SIZE MDTM + EPRT EPSV UMASK IDLE CHMOD AUTH ADAT PROT PBSZ CCC MIC CONF ENC - KAUTH KLIST FIND URL + KAUTH KLIST KDESTROY KRBTKFILE AFSLOG + LOCATE URL + FEAT OPTS + LEXERR %token STRING %token NUMBER -%type check_login check_login_no_guest octal_number byte_size +%type check_login check_login_no_guest check_secure octal_number byte_size %type struct_code mode_code type_code form_code %type pathstring pathname password username %start cmd_list %% cmd_list : /* empty */ | cmd_list cmd { fromname = (char *) 0; restart_point = (off_t) 0; } | cmd_list rcmd ; cmd : USER SP username CRLF { user($3); free($3); } - | AUTH SP STRING CRLF - { - auth($3); - free($3); - } - | ADAT SP STRING CRLF - { - adat($3); - free($3); - } - | PBSZ SP NUMBER CRLF - { - pbsz($3); - } - | PROT SP STRING CRLF - { - prot($3); - } - | CCC CRLF - { - ccc(); - } - | MIC SP STRING CRLF - { - mic($3); - free($3); - } - | CONF SP STRING CRLF - { - conf($3); - free($3); - } | PASS SP password CRLF { pass($3); memset ($3, 0, strlen($3)); free($3); } | PORT SP host_port CRLF { usedefault = 0; if (pdata >= 0) { close(pdata); pdata = -1; } reply(200, "PORT command successful."); } + | EPRT SP STRING CRLF + { + eprt ($3); + free ($3); + } | PASV CRLF { - passive(); + pasv (); } + | EPSV CRLF + { + epsv (NULL); + } + | EPSV SP STRING CRLF + { + epsv ($3); + free ($3); + } | TYPE SP type_code CRLF { switch (cmd_type) { case TYPE_A: if (cmd_form == FORM_N) { reply(200, "Type set to A."); type = cmd_type; form = cmd_form; } else reply(504, "Form must be N."); break; case TYPE_E: reply(504, "Type E not implemented."); break; case TYPE_I: reply(200, "Type set to I."); type = cmd_type; break; case TYPE_L: #if NBBY == 8 if (cmd_bytesz == 8) { reply(200, "Type set to L (byte size 8)."); type = cmd_type; } else reply(504, "Byte size must be 8."); #else /* NBBY == 8 */ UNIMPLEMENTED for NBBY != 8 #endif /* NBBY == 8 */ } } | STRU SP struct_code CRLF { switch ($3) { case STRU_F: reply(200, "STRU F ok."); break; default: reply(504, "Unimplemented STRU type."); } } | MODE SP mode_code CRLF { switch ($3) { case MODE_S: reply(200, "MODE S ok."); break; default: reply(502, "Unimplemented MODE type."); } } | ALLO SP NUMBER CRLF { reply(202, "ALLO command ignored."); } | ALLO SP NUMBER SP R SP NUMBER CRLF { reply(202, "ALLO command ignored."); } - | RETR check_login SP pathname CRLF + | RETR SP pathname CRLF check_login { - if ($2 && $4 != NULL) - retrieve((char *) 0, $4); - if ($4 != NULL) - free($4); + char *name = $3; + + if ($5 && name != NULL) + retrieve(0, name); + if (name != NULL) + free(name); } - | STOR check_login SP pathname CRLF + | STOR SP pathname CRLF check_login { - if ($2 && $4 != NULL) - do_store($4, "w", 0); - if ($4 != NULL) - free($4); + char *name = $3; + + if ($5 && name != NULL) + do_store(name, "w", 0); + if (name != NULL) + free(name); } - | APPE check_login SP pathname CRLF + | APPE SP pathname CRLF check_login { - if ($2 && $4 != NULL) - do_store($4, "a", 0); - if ($4 != NULL) - free($4); + char *name = $3; + + if ($5 && name != NULL) + do_store(name, "a", 0); + if (name != NULL) + free(name); } - | NLST check_login CRLF + | NLST CRLF check_login { - if ($2) + if ($3) send_file_list("."); } - | NLST check_login SP STRING CRLF + | NLST SP STRING CRLF check_login { - if ($2 && $4 != NULL) - send_file_list($4); - if ($4 != NULL) - free($4); + char *name = $3; + + if ($5 && name != NULL) + send_file_list(name); + if (name != NULL) + free(name); } - | LIST check_login CRLF + | LIST CRLF check_login { -#ifdef HAVE_LS_A - char *cmd = "/bin/ls -lA"; -#else - char *cmd = "/bin/ls -la"; -#endif - if ($2) - retrieve(cmd, ""); - + if($3) + list_file("."); } - | LIST check_login SP pathname CRLF + | LIST SP pathname CRLF check_login { -#ifdef HAVE_LS_A - char *cmd = "/bin/ls -lA %s"; -#else - char *cmd = "/bin/ls -la %s"; -#endif - if ($2 && $4 != NULL) - retrieve(cmd, $4); - if ($4 != NULL) - free($4); + if($5) + list_file($3); + free($3); } - | STAT check_login SP pathname CRLF + | sTAT SP pathname CRLF check_login { - if ($2 && $4 != NULL) - statfilecmd($4); - if ($4 != NULL) - free($4); + if ($5 && $3 != NULL) + statfilecmd($3); + if ($3 != NULL) + free($3); } - | STAT CRLF + | sTAT CRLF { if(oobflag){ if (file_size != (off_t) -1) - reply(213, "Status: %ld of %ld bytes transferred", - byte_count, file_size); + reply(213, "Status: %lu of %lu bytes transferred", + (unsigned long)byte_count, + (unsigned long)file_size); else - reply(213, "Status: %ld bytes transferred", byte_count); + reply(213, "Status: %lu bytes transferred", + (unsigned long)byte_count); }else statcmd(); } - | DELE check_login_no_guest SP pathname CRLF + | DELE SP pathname CRLF check_login_no_guest { - if ($2 && $4 != NULL) - do_delete($4); - if ($4 != NULL) - free($4); + if ($5 && $3 != NULL) + do_delete($3); + if ($3 != NULL) + free($3); } - | RNTO check_login_no_guest SP pathname CRLF + | RNTO SP pathname CRLF check_login_no_guest { - if($2){ + if($5){ if (fromname) { - renamecmd(fromname, $4); + renamecmd(fromname, $3); free(fromname); fromname = (char *) 0; } else { reply(503, "Bad sequence of commands."); } } - if ($4 != NULL) - free($4); + if ($3 != NULL) + free($3); } | ABOR CRLF { if(oobflag){ reply(426, "Transfer aborted. Data connection closed."); reply(226, "Abort successful"); oobflag = 0; longjmp(urgcatch, 1); }else reply(225, "ABOR command successful."); } - | CWD check_login CRLF + | CWD CRLF check_login { - if ($2) + if ($3) cwd(pw->pw_dir); } - | CWD check_login SP pathname CRLF + | CWD SP pathname CRLF check_login { - if ($2 && $4 != NULL) - cwd($4); - if ($4 != NULL) - free($4); + if ($5 && $3 != NULL) + cwd($3); + if ($3 != NULL) + free($3); } | HELP CRLF { help(cmdtab, (char *) 0); } | HELP SP STRING CRLF { char *cp = $3; if (strncasecmp(cp, "SITE", 4) == 0) { cp = $3 + 4; if (*cp == ' ') cp++; if (*cp) help(sitetab, cp); else help(sitetab, (char *) 0); } else help(cmdtab, $3); } | NOOP CRLF { reply(200, "NOOP command successful."); } - | MKD check_login SP pathname CRLF + | MKD SP pathname CRLF check_login { - if ($2 && $4 != NULL) - makedir($4); - if ($4 != NULL) - free($4); + if ($5 && $3 != NULL) + makedir($3); + if ($3 != NULL) + free($3); } - | RMD check_login_no_guest SP pathname CRLF + | RMD SP pathname CRLF check_login_no_guest { - if ($2 && $4 != NULL) - removedir($4); - if ($4 != NULL) - free($4); + if ($5 && $3 != NULL) + removedir($3); + if ($3 != NULL) + free($3); } - | PWD check_login CRLF + | PWD CRLF check_login { - if ($2) + if ($3) pwd(); } - | CDUP check_login CRLF + | CDUP CRLF check_login { - if ($2) + if ($3) cwd(".."); } + | FEAT CRLF + { + lreply(211, "Supported features:"); + lreply(0, " MDTM"); + lreply(0, " REST STREAM"); + lreply(0, " SIZE"); + reply(211, "End"); + } + | OPTS SP STRING CRLF + { + free ($3); + reply(501, "Bad options"); + } + | SITE SP HELP CRLF { help(sitetab, (char *) 0); } | SITE SP HELP SP STRING CRLF { help(sitetab, $5); } - | SITE SP UMASK check_login CRLF + | SITE SP UMASK CRLF check_login { - int oldmask; - - if ($4) { - oldmask = umask(0); + if ($5) { + int oldmask = umask(0); umask(oldmask); reply(200, "Current UMASK is %03o", oldmask); } } - | SITE SP UMASK check_login_no_guest SP octal_number CRLF + | SITE SP UMASK SP octal_number CRLF check_login_no_guest { - int oldmask; - - if ($4) { - if (($6 == -1) || ($6 > 0777)) { + if ($7) { + if (($5 == -1) || ($5 > 0777)) { reply(501, "Bad UMASK value"); } else { - oldmask = umask($6); + int oldmask = umask($5); reply(200, "UMASK set to %03o (was %03o)", - $6, oldmask); + $5, oldmask); } } } - | SITE SP CHMOD check_login_no_guest SP octal_number SP pathname CRLF + | SITE SP CHMOD SP octal_number SP pathname CRLF check_login_no_guest { - if ($4 && $8 != NULL) { - if ($6 > 0777) + if ($9 && $7 != NULL) { + if ($5 > 0777) reply(501, "CHMOD: Mode value must be between 0 and 0777"); - else if (chmod($8, $6) < 0) - perror_reply(550, $8); + else if (chmod($7, $5) < 0) + perror_reply(550, $7); else reply(200, "CHMOD command successful."); } - if ($8 != NULL) - free($8); + if ($7 != NULL) + free($7); } | SITE SP IDLE CRLF { reply(200, "Current IDLE time limit is %d seconds; max %d", ftpd_timeout, maxtimeout); } | SITE SP IDLE SP NUMBER CRLF { if ($5 < 30 || $5 > maxtimeout) { reply(501, "Maximum IDLE time must be between 30 and %d seconds", maxtimeout); } else { ftpd_timeout = $5; alarm((unsigned) ftpd_timeout); reply(200, "Maximum IDLE time set to %d seconds", ftpd_timeout); } } - | SITE SP KAUTH check_login SP STRING CRLF + | SITE SP KAUTH SP STRING CRLF check_login { +#ifdef KRB4 char *p; if(guest) reply(500, "Can't be done as guest."); else{ - if($4 && $6 != NULL){ - p = strpbrk($6, " \t"); + if($7 && $5 != NULL){ + p = strpbrk($5, " \t"); if(p){ *p++ = 0; - kauth($6, p + strspn(p, " \t")); + kauth($5, p + strspn(p, " \t")); }else - kauth($6, NULL); + kauth($5, NULL); } } - if($6 != NULL) - free($6); + if($5 != NULL) + free($5); +#else + reply(500, "Command not implemented."); +#endif } - | SITE SP KLIST check_login CRLF + | SITE SP KLIST CRLF check_login { - if($4) +#ifdef KRB4 + if($5) klist(); +#else + reply(500, "Command not implemented."); +#endif } - | SITE SP FIND check_login SP STRING CRLF + | SITE SP KDESTROY CRLF check_login { - if($4 && $6 != NULL) - find($6); - if($6 != NULL) - free($6); +#ifdef KRB4 + if($5) + kdestroy(); +#else + reply(500, "Command not implemented."); +#endif } + | SITE SP KRBTKFILE SP STRING CRLF check_login + { +#ifdef KRB4 + if(guest) + reply(500, "Can't be done as guest."); + else if($7 && $5) + krbtkfile($5); + if($5) + free($5); +#else + reply(500, "Command not implemented."); +#endif + } + | SITE SP AFSLOG CRLF check_login + { +#ifdef KRB4 + if(guest) + reply(500, "Can't be done as guest."); + else if($5) + afslog(NULL); +#else + reply(500, "Command not implemented."); +#endif + } + | SITE SP AFSLOG SP STRING CRLF check_login + { +#ifdef KRB4 + if(guest) + reply(500, "Can't be done as guest."); + else if($7) + afslog($5); + if($5) + free($5); +#else + reply(500, "Command not implemented."); +#endif + } + | SITE SP LOCATE SP STRING CRLF check_login + { + if($7 && $5 != NULL) + find($5); + if($5 != NULL) + free($5); + } | SITE SP URL CRLF { reply(200, "http://www.pdc.kth.se/kth-krb/"); } - | STOU check_login SP pathname CRLF + | STOU SP pathname CRLF check_login { - if ($2 && $4 != NULL) - do_store($4, "w", 1); - if ($4 != NULL) - free($4); + if ($5 && $3 != NULL) + do_store($3, "w", 1); + if ($3 != NULL) + free($3); } | SYST CRLF { #if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY) reply(215, "UNIX Type: L%d", NBBY); #else reply(215, "UNKNOWN Type: L%d", NBBY); #endif } /* * SIZE is not in RFC959, but Postel has blessed it and * it will be in the updated RFC. * * Return size of file in a format suitable for * using with RESTART (we just count bytes). */ - | SIZE check_login SP pathname CRLF + | SIZE SP pathname CRLF check_login { - if ($2 && $4 != NULL) - sizecmd($4); - if ($4 != NULL) - free($4); + if ($5 && $3 != NULL) + sizecmd($3); + if ($3 != NULL) + free($3); } /* * MDTM is not in RFC959, but Postel has blessed it and * it will be in the updated RFC. * * Return modification time of file as an ISO 3307 * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx * where xxx is the fractional second (of any precision, * not necessarily 3 digits) */ - | MDTM check_login SP pathname CRLF + | MDTM SP pathname CRLF check_login { - if ($2 && $4 != NULL) { + if ($5 && $3 != NULL) { struct stat stbuf; - if (stat($4, &stbuf) < 0) + if (stat($3, &stbuf) < 0) reply(550, "%s: %s", - $4, strerror(errno)); + $3, strerror(errno)); else if (!S_ISREG(stbuf.st_mode)) { - reply(550, "%s: not a plain file.", $4); + reply(550, + "%s: not a plain file.", $3); } else { struct tm *t; t = gmtime(&stbuf.st_mtime); reply(213, "%04d%02d%02d%02d%02d%02d", t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); } } - if ($4 != NULL) - free($4); + if ($3 != NULL) + free($3); } | QUIT CRLF { reply(221, "Goodbye."); dologout(0); } | error CRLF { yyerrok; } ; rcmd - : RNFR check_login_no_guest SP pathname CRLF + : RNFR SP pathname CRLF check_login_no_guest { restart_point = (off_t) 0; - if ($2 && $4) { - fromname = renamefrom($4); - if (fromname == (char *) 0 && $4) { - free($4); + if ($5 && $3) { + fromname = renamefrom($3); + if (fromname == (char *) 0 && $3) { + free($3); } } } | REST SP byte_size CRLF { fromname = (char *) 0; restart_point = $3; /* XXX $3 is only "int" */ reply(350, "Restarting at %ld. %s", (long)restart_point, "Send STORE or RETRIEVE to initiate transfer."); } + | AUTH SP STRING CRLF + { + auth($3); + free($3); + } + | ADAT SP STRING CRLF + { + adat($3); + free($3); + } + | PBSZ SP NUMBER CRLF + { + pbsz($3); + } + | PROT SP STRING CRLF + { + prot($3); + } + | CCC CRLF + { + ccc(); + } + | MIC SP STRING CRLF + { + mec($3, prot_safe); + free($3); + } + | CONF SP STRING CRLF + { + mec($3, prot_confidential); + free($3); + } | ENC SP STRING CRLF { - enc($3); + mec($3, prot_private); free($3); } ; username : STRING ; password : /* empty */ { $$ = (char *)calloc(1, sizeof(char)); } | STRING ; byte_size : NUMBER ; host_port : NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER { - data_dest.sin_family = AF_INET; - data_dest.sin_port = htons($9 * 256 + $11); - data_dest.sin_addr.s_addr = + struct sockaddr_in *sin = (struct sockaddr_in *)data_dest; + + sin->sin_family = AF_INET; + sin->sin_port = htons($9 * 256 + $11); + sin->sin_addr.s_addr = htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7); } ; form_code : N { $$ = FORM_N; } | T { $$ = FORM_T; } | C { $$ = FORM_C; } ; type_code : A { cmd_type = TYPE_A; cmd_form = FORM_N; } | A SP form_code { cmd_type = TYPE_A; cmd_form = $3; } | E { cmd_type = TYPE_E; cmd_form = FORM_N; } | E SP form_code { cmd_type = TYPE_E; cmd_form = $3; } | I { cmd_type = TYPE_I; } | L { cmd_type = TYPE_L; cmd_bytesz = NBBY; } | L SP byte_size { cmd_type = TYPE_L; cmd_bytesz = $3; } /* this is for a bug in the BBN ftp */ | L byte_size { cmd_type = TYPE_L; cmd_bytesz = $2; } ; struct_code : F { $$ = STRU_F; } | R { $$ = STRU_R; } | P { $$ = STRU_P; } ; mode_code : S { $$ = MODE_S; } | B { $$ = MODE_B; } | C { $$ = MODE_C; } ; pathname : pathstring { /* * Problem: this production is used for all pathname * processing, but only gives a 550 error reply. * This is a valid reply in some cases but not in others. */ if (logged_in && $1 && *$1 == '~') { glob_t gl; int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; memset(&gl, 0, sizeof(gl)); if (glob($1, flags, NULL, &gl) || gl.gl_pathc == 0) { reply(550, "not found"); $$ = NULL; } else { $$ = strdup(gl.gl_pathv[0]); } globfree(&gl); free($1); } else $$ = $1; } ; pathstring : STRING ; octal_number : NUMBER { int ret, dec, multby, digit; /* * Convert a number that was read as decimal number * to what it would be if it had been read as octal. */ dec = $1; multby = 1; ret = 0; while (dec) { digit = dec%10; if (digit > 7) { ret = -1; break; } ret += digit * multby; multby *= 8; dec /= 10; } $$ = ret; } ; check_login_no_guest : check_login { $$ = $1 && !guest; if($1 && !$$) reply(550, "Permission denied"); } ; -check_login - : /* empty */ +check_login : check_secure { - if(auth_complete && prot_level == prot_clear){ - reply(533, "Command protection level denied for paranoid reasons."); - $$ = 0; + if($1) { + if(($$ = logged_in) == 0) + reply(530, "Please login with USER and PASS."); }else - if (logged_in) + $$ = 0; + } + ; + +check_secure : /* empty */ + { $$ = 1; - else { - reply(530, "Please login with USER and PASS."); + if(sec_complete && !secure_command()) { $$ = 0; + reply(533, "Command protection level denied " + "for paranoid reasons."); } } ; %% extern jmp_buf errcatch; #define CMD 0 /* beginning of command */ #define ARGS 1 /* expect miscellaneous arguments */ #define STR1 2 /* expect SP followed by STRING */ #define STR2 3 /* expect STRING */ #define OSTR 4 /* optional SP then STRING */ #define ZSTR1 5 /* SP then optional STRING */ #define ZSTR2 6 /* optional STRING after SP */ #define SITECMD 7 /* SITE command */ #define NSTR 8 /* Number followed by a string */ struct tab cmdtab[] = { /* In order defined in RFC 765 */ { "USER", USER, STR1, 1, " username" }, { "PASS", PASS, ZSTR1, 1, " password" }, { "ACCT", ACCT, STR1, 0, "(specify account)" }, { "SMNT", SMNT, ARGS, 0, "(structure mount)" }, { "REIN", REIN, ARGS, 0, "(reinitialize server state)" }, { "QUIT", QUIT, ARGS, 1, "(terminate service)", }, { "PORT", PORT, ARGS, 1, " b0, b1, b2, b3, b4" }, + { "EPRT", EPRT, STR1, 1, " string" }, { "PASV", PASV, ARGS, 1, "(set server in passive mode)" }, + { "EPSV", EPSV, OSTR, 1, "[ foo]" }, { "TYPE", TYPE, ARGS, 1, " [ A | E | I | L ]" }, { "STRU", STRU, ARGS, 1, "(specify file structure)" }, { "MODE", MODE, ARGS, 1, "(specify transfer mode)" }, { "RETR", RETR, STR1, 1, " file-name" }, { "STOR", STOR, STR1, 1, " file-name" }, { "APPE", APPE, STR1, 1, " file-name" }, { "MLFL", MLFL, OSTR, 0, "(mail file)" }, { "MAIL", MAIL, OSTR, 0, "(mail to user)" }, { "MSND", MSND, OSTR, 0, "(mail send to terminal)" }, { "MSOM", MSOM, OSTR, 0, "(mail send to terminal or mailbox)" }, { "MSAM", MSAM, OSTR, 0, "(mail send to terminal and mailbox)" }, { "MRSQ", MRSQ, OSTR, 0, "(mail recipient scheme question)" }, { "MRCP", MRCP, STR1, 0, "(mail recipient)" }, { "ALLO", ALLO, ARGS, 1, "allocate storage (vacuously)" }, { "REST", REST, ARGS, 1, " offset (restart command)" }, { "RNFR", RNFR, STR1, 1, " file-name" }, { "RNTO", RNTO, STR1, 1, " file-name" }, { "ABOR", ABOR, ARGS, 1, "(abort operation)" }, { "DELE", DELE, STR1, 1, " file-name" }, { "CWD", CWD, OSTR, 1, "[ directory-name ]" }, { "XCWD", CWD, OSTR, 1, "[ directory-name ]" }, { "LIST", LIST, OSTR, 1, "[ path-name ]" }, { "NLST", NLST, OSTR, 1, "[ path-name ]" }, { "SITE", SITE, SITECMD, 1, "site-cmd [ arguments ]" }, { "SYST", SYST, ARGS, 1, "(get type of operating system)" }, - { "STAT", STAT, OSTR, 1, "[ path-name ]" }, + { "STAT", sTAT, OSTR, 1, "[ path-name ]" }, { "HELP", HELP, OSTR, 1, "[ ]" }, { "NOOP", NOOP, ARGS, 1, "" }, { "MKD", MKD, STR1, 1, " path-name" }, { "XMKD", MKD, STR1, 1, " path-name" }, { "RMD", RMD, STR1, 1, " path-name" }, { "XRMD", RMD, STR1, 1, " path-name" }, { "PWD", PWD, ARGS, 1, "(return current directory)" }, { "XPWD", PWD, ARGS, 1, "(return current directory)" }, { "CDUP", CDUP, ARGS, 1, "(change to parent directory)" }, { "XCUP", CDUP, ARGS, 1, "(change to parent directory)" }, { "STOU", STOU, STR1, 1, " file-name" }, { "SIZE", SIZE, OSTR, 1, " path-name" }, { "MDTM", MDTM, OSTR, 1, " path-name" }, - /* extensions from draft-ietf-cat-ftpsec-08 */ + /* extensions from RFC2228 */ { "AUTH", AUTH, STR1, 1, " auth-type" }, { "ADAT", ADAT, STR1, 1, " auth-data" }, { "PBSZ", PBSZ, ARGS, 1, " buffer-size" }, { "PROT", PROT, STR1, 1, " prot-level" }, { "CCC", CCC, ARGS, 1, "" }, { "MIC", MIC, STR1, 1, " integrity command" }, { "CONF", CONF, STR1, 1, " confidentiality command" }, { "ENC", ENC, STR1, 1, " privacy command" }, + /* RFC2389 */ + { "FEAT", FEAT, ARGS, 1, "" }, + { "OPTS", OPTS, ARGS, 1, " command [ options]" }, + { NULL, 0, 0, 0, 0 } }; struct tab sitetab[] = { { "UMASK", UMASK, ARGS, 1, "[ umask ]" }, { "IDLE", IDLE, ARGS, 1, "[ maximum-idle-time ]" }, { "CHMOD", CHMOD, NSTR, 1, " mode file-name" }, { "HELP", HELP, OSTR, 1, "[ ]" }, { "KAUTH", KAUTH, STR1, 1, " principal [ ticket ]" }, { "KLIST", KLIST, ARGS, 1, "(show ticket file)" }, + { "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" }, + { "KRBTKFILE", KRBTKFILE, STR1, 1, " ticket-file" }, + { "AFSLOG", AFSLOG, OSTR, 1, "[ cell]" }, - { "FIND", FIND, STR1, 1, " globexpr" }, + { "LOCATE", LOCATE, STR1, 1, " globexpr" }, + { "FIND", LOCATE, STR1, 1, " globexpr" }, { "URL", URL, ARGS, 1, "?" }, { NULL, 0, 0, 0, 0 } }; static struct tab * lookup(struct tab *p, char *cmd) { for (; p->name != NULL; p++) if (strcmp(cmd, p->name) == 0) return (p); return (0); } -#include - /* - * getline - a hacked up version of fgets to ignore TELNET escape codes. + * ftpd_getline - a hacked up version of fgets to ignore TELNET escape codes. */ char * -getline(char *s, int n) +ftpd_getline(char *s, int n) { int c; char *cs; cs = s; /* tmpline may contain saved command from urgent mode interruption */ if(ftp_command){ - strncpy(s, ftp_command, n); + strlcpy(s, ftp_command, n); if (debug) syslog(LOG_DEBUG, "command: %s", s); #ifdef XXX fprintf(stderr, "%s\n", s); #endif return s; } - prot_level = prot_clear; while ((c = getc(stdin)) != EOF) { c &= 0377; if (c == IAC) { if ((c = getc(stdin)) != EOF) { c &= 0377; switch (c) { case WILL: case WONT: c = getc(stdin); printf("%c%c%c", IAC, DONT, 0377&c); fflush(stdout); continue; case DO: case DONT: c = getc(stdin); printf("%c%c%c", IAC, WONT, 0377&c); fflush(stdout); continue; case IAC: break; default: continue; /* ignore command */ } } } *cs++ = c; if (--n <= 0 || c == '\n') break; } if (c == EOF && cs == s) return (NULL); *cs++ = '\0'; if (debug) { if (!guest && strncasecmp("pass ", s, 5) == 0) { /* Don't syslog passwords */ syslog(LOG_DEBUG, "command: %.5s ???", s); } else { char *cp; int len; /* Don't syslog trailing CR-LF */ len = strlen(s); cp = s + len - 1; while (cp >= s && (*cp == '\n' || *cp == '\r')) { --cp; --len; } syslog(LOG_DEBUG, "command: %.*s", len, s); } } #ifdef XXX fprintf(stderr, "%s\n", s); #endif return (s); } static RETSIGTYPE toolong(int signo) { reply(421, "Timeout (%d seconds): closing control connection.", ftpd_timeout); if (logging) syslog(LOG_INFO, "User %s timed out after %d seconds", (pw ? pw -> pw_name : "unknown"), ftpd_timeout); dologout(1); SIGRETURN(0); } static int yylex(void) { static int cpos, state; char *cp, *cp2; struct tab *p; int n; char c; for (;;) { switch (state) { case CMD: signal(SIGALRM, toolong); alarm((unsigned) ftpd_timeout); - if (getline(cbuf, sizeof(cbuf)-1) == NULL) { + if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) { reply(221, "You could at least say goodbye."); dologout(0); } alarm(0); -#ifdef HASSETPROCTITLE +#ifdef HAVE_SETPROCTITLE if (strncasecmp(cbuf, "PASS", 4) != NULL) setproctitle("%s: %s", proctitle, cbuf); -#endif /* HASSETPROCTITLE */ +#endif /* HAVE_SETPROCTITLE */ if ((cp = strchr(cbuf, '\r'))) { *cp++ = '\n'; *cp = '\0'; } if ((cp = strpbrk(cbuf, " \n"))) cpos = cp - cbuf; if (cpos == 0) cpos = 4; c = cbuf[cpos]; cbuf[cpos] = '\0'; strupr(cbuf); p = lookup(cmdtab, cbuf); cbuf[cpos] = c; if (p != 0) { if (p->implemented == 0) { nack(p->name); longjmp(errcatch,0); /* NOTREACHED */ } state = p->state; yylval.s = p->name; return (p->token); } break; case SITECMD: if (cbuf[cpos] == ' ') { cpos++; return (SP); } cp = &cbuf[cpos]; if ((cp2 = strpbrk(cp, " \n"))) cpos = cp2 - cbuf; c = cbuf[cpos]; cbuf[cpos] = '\0'; strupr(cp); p = lookup(sitetab, cp); cbuf[cpos] = c; if (p != 0) { if (p->implemented == 0) { state = CMD; nack(p->name); longjmp(errcatch,0); /* NOTREACHED */ } state = p->state; yylval.s = p->name; return (p->token); } state = CMD; break; case OSTR: if (cbuf[cpos] == '\n') { state = CMD; return (CRLF); } /* FALLTHROUGH */ case STR1: case ZSTR1: dostr1: if (cbuf[cpos] == ' ') { cpos++; - state = state == OSTR ? STR2 : ++state; + if(state == OSTR) + state = STR2; + else + state++; return (SP); } break; case ZSTR2: if (cbuf[cpos] == '\n') { state = CMD; return (CRLF); } /* FALLTHROUGH */ case STR2: cp = &cbuf[cpos]; n = strlen(cp); cpos += n - 1; /* * Make sure the string is nonempty and \n terminated. */ if (n > 1 && cbuf[cpos] == '\n') { cbuf[cpos] = '\0'; yylval.s = copy(cp); cbuf[cpos] = '\n'; state = ARGS; return (STRING); } break; case NSTR: if (cbuf[cpos] == ' ') { cpos++; return (SP); } if (isdigit(cbuf[cpos])) { cp = &cbuf[cpos]; while (isdigit(cbuf[++cpos])) ; c = cbuf[cpos]; cbuf[cpos] = '\0'; yylval.i = atoi(cp); cbuf[cpos] = c; state = STR1; return (NUMBER); } state = STR1; goto dostr1; case ARGS: if (isdigit(cbuf[cpos])) { cp = &cbuf[cpos]; while (isdigit(cbuf[++cpos])) ; c = cbuf[cpos]; cbuf[cpos] = '\0'; yylval.i = atoi(cp); cbuf[cpos] = c; return (NUMBER); } switch (cbuf[cpos++]) { case '\n': state = CMD; return (CRLF); case ' ': return (SP); case ',': return (COMMA); case 'A': case 'a': return (A); case 'B': case 'b': return (B); case 'C': case 'c': return (C); case 'E': case 'e': return (E); case 'F': case 'f': return (F); case 'I': case 'i': return (I); case 'L': case 'l': return (L); case 'N': case 'n': return (N); case 'P': case 'p': return (P); case 'R': case 'r': return (R); case 'S': case 's': return (S); case 'T': case 't': return (T); } break; default: fatal("Unknown state in scanner."); } yyerror((char *) 0); state = CMD; longjmp(errcatch,0); } } static char * copy(char *s) { char *p; p = strdup(s); if (p == NULL) fatal("Ran out of memory."); return p; } static void help(struct tab *ctab, char *s) { struct tab *c; int width, NCMDS; char *type; char buf[1024]; if (ctab == sitetab) type = "SITE "; else type = ""; width = 0, NCMDS = 0; for (c = ctab; c->name != NULL; c++) { int len = strlen(c->name); if (len > width) width = len; NCMDS++; } width = (width + 8) &~ 7; if (s == 0) { int i, j, w; int columns, lines; lreply(214, "The following %scommands are recognized %s.", type, "(* =>'s unimplemented)"); columns = 76 / width; if (columns == 0) columns = 1; lines = (NCMDS + columns - 1) / columns; for (i = 0; i < lines; i++) { - strcpy (buf, " "); + strlcpy (buf, " ", sizeof(buf)); for (j = 0; j < columns; j++) { c = ctab + j * lines + i; - snprintf (buf + strlen(buf), sizeof(buf) - strlen(buf), - "%s%c", c->name, c->implemented ? ' ' : '*'); + snprintf (buf + strlen(buf), + sizeof(buf) - strlen(buf), + "%s%c", + c->name, + c->implemented ? ' ' : '*'); if (c + lines >= &ctab[NCMDS]) break; w = strlen(c->name) + 1; while (w < width) { - strcat(buf, " "); + strlcat (buf, + " ", + sizeof(buf)); w++; } } - lreply(214, buf); + lreply(214, "%s", buf); } reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se"); return; } strupr(s); c = lookup(ctab, s); if (c == (struct tab *)0) { reply(502, "Unknown command %s.", s); return; } if (c->implemented) reply(214, "Syntax: %s%s %s", type, c->name, c->help); else reply(214, "%s%-*s\t%s; unimplemented.", type, width, c->name, c->help); } static void sizecmd(char *filename) { switch (type) { case TYPE_L: case TYPE_I: { struct stat stbuf; if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) reply(550, "%s: not a plain file.", filename); else reply(213, "%lu", (unsigned long)stbuf.st_size); - break; } + break; + } case TYPE_A: { FILE *fin; int c; - off_t count; + size_t count; struct stat stbuf; fin = fopen(filename, "r"); if (fin == NULL) { perror_reply(550, filename); return; } if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) { reply(550, "%s: not a plain file.", filename); fclose(fin); return; } count = 0; while((c=getc(fin)) != EOF) { if (c == '\n') /* will get expanded to \r\n */ count++; count++; } fclose(fin); - reply(213, "%ld", count); - break; } + reply(213, "%lu", (unsigned long)count); + break; + } default: reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]); } } Index: stable/3/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c (revision 62578) @@ -1,2089 +1,2265 @@ /* * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id$"); -#endif - -/* - * FTP server. - */ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_PARAM_H -#include -#endif -#ifdef HAVE_SYS_STAT_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 -#include -#endif -#ifdef TIME_WITH_SYS_TIME -#include -#include -#elif defined(HAVE_SYS_TIME_H) -#include -#else -#include -#endif -#ifdef HAVE_SYS_RESOURCE_H -#include -#endif -#ifdef HAVE_SYS_WAIT_H -#include -#endif - -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#ifdef HAVE_NETINET_IP_H -#include -#endif - -#ifdef HAVE_SYS_MMAN_H -#include -#endif - #define FTP_NAMES -#include -#ifdef HAVE_ARPA_INET_H -#include +#include "ftpd_locl.h" +#ifdef KRB5 +#include #endif -#ifdef HAVE_ARPA_TELNET_H -#include -#endif +#include "getarg.h" -#include -#ifdef HAVE_DIRENT_H -#include -#endif -#include -#ifdef HAVE_FCNTL_H -#include -#endif -#include -#include -#ifdef HAVE_PWD_H -#include -#endif -#include -#include -#include -#include -#include -#include -#ifdef HAVE_SYSLOG_H -#include -#endif -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef HAVE_GRP_H -#include -#endif +RCSID("$Id: ftpd.c,v 1.131 1999/11/30 19:18:38 assar Exp $"); -#include +static char version[] = "Version 6.00"; -#include "pathnames.h" -#include "extern.h" -#include "common.h" +extern off_t restart_point; +extern char cbuf[]; -#include "auth.h" +struct sockaddr_storage ctrl_addr_ss; +struct sockaddr *ctrl_addr = (struct sockaddr *)&ctrl_addr_ss; -#include +struct sockaddr_storage data_source_ss; +struct sockaddr *data_source = (struct sockaddr *)&data_source_ss; -#include -#include "roken.h" +struct sockaddr_storage data_dest_ss; +struct sockaddr *data_dest = (struct sockaddr *)&data_dest_ss; -#ifdef OTP -#include -#endif +struct sockaddr_storage his_addr_ss; +struct sockaddr *his_addr = (struct sockaddr *)&his_addr_ss; -#ifdef SOCKS -#include -extern int LIBPREFIX(fclose) __P((FILE *)); -#endif +struct sockaddr_storage pasv_addr_ss; +struct sockaddr *pasv_addr = (struct sockaddr *)&pasv_addr_ss; -void yyparse(); - -#ifndef LOG_FTP -#define LOG_FTP LOG_DAEMON -#endif - -static char version[] = "Version 6.00"; - -extern off_t restart_point; -extern char cbuf[]; - -struct sockaddr_in ctrl_addr; -struct sockaddr_in data_source; -struct sockaddr_in data_dest; -struct sockaddr_in his_addr; -struct sockaddr_in pasv_addr; - int data; jmp_buf errcatch, urgcatch; int oobflag; int logged_in; struct passwd *pw; -int debug; +int debug = 0; int ftpd_timeout = 900; /* timeout after 15 minutes of inactivity */ int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */ int logging; int guest; int dochroot; int type; int form; int stru; /* avoid C keyword */ int mode; int usedefault = 1; /* for data transfers */ int pdata = -1; /* for passive mode */ int transflag; off_t file_size; off_t byte_count; #if !defined(CMASK) || CMASK == 0 #undef CMASK #define CMASK 027 #endif int defumask = CMASK; /* default umask value */ int guest_umask = 0777; /* Paranoia for anonymous users */ char tmpline[10240]; char hostname[MaxHostNameLen]; char remotehost[MaxHostNameLen]; static char ttyline[20]; #define AUTH_PLAIN (1 << 0) /* allow sending passwords */ #define AUTH_OTP (1 << 1) /* passwords are one-time */ #define AUTH_FTP (1 << 2) /* allow anonymous login */ static int auth_level = 0; /* Only allow kerberos login by default */ /* * Timeout intervals for retrying connections * to hosts that don't accept PORT cmds. This * is a kludge, but given the problems with TCP... */ #define SWAITMAX 90 /* wait at most 90 seconds */ #define SWAITINT 5 /* interval between retries */ int swaitmax = SWAITMAX; int swaitint = SWAITINT; #ifdef HAVE_SETPROCTITLE char proctitle[BUFSIZ]; /* initial part of title */ #endif /* HAVE_SETPROCTITLE */ #define LOGCMD(cmd, file) \ if (logging > 1) \ syslog(LOG_INFO,"%s %s%s", cmd, \ *(file) == '/' ? "" : curdir(), file); #define LOGCMD2(cmd, file1, file2) \ if (logging > 1) \ syslog(LOG_INFO,"%s %s%s %s%s", cmd, \ *(file1) == '/' ? "" : curdir(), file1, \ *(file2) == '/' ? "" : curdir(), file2); #define LOGBYTES(cmd, file, cnt) \ if (logging > 1) { \ if (cnt == (off_t)-1) \ syslog(LOG_INFO,"%s %s%s", cmd, \ *(file) == '/' ? "" : curdir(), file); \ else \ syslog(LOG_INFO, "%s %s%s = %ld bytes", \ cmd, (*(file) == '/') ? "" : curdir(), file, (long)cnt); \ } static void ack (char *); static void myoob (int); static int checkuser (char *, char *); static int checkaccess (char *); -static FILE *dataconn (char *, off_t, char *); -static void dolog (struct sockaddr_in *); +static FILE *dataconn (const char *, off_t, const char *); +static void dolog (struct sockaddr *); static void end_login (void); -static FILE *getdatasock (char *); +static FILE *getdatasock (const char *); static char *gunique (char *); static RETSIGTYPE lostconn (int); static int receive_data (FILE *, FILE *); static void send_data (FILE *, FILE *); static struct passwd * sgetpwnam (char *); -static void usage(void); static char * curdir(void) { - static char path[MaxPathLen+1+1]; /* path + '/' + '\0' */ + static char path[MaxPathLen+1]; /* path + '/' + '\0' */ - if (getcwd(path, sizeof(path)-2) == NULL) + if (getcwd(path, sizeof(path)-1) == NULL) return (""); if (path[1] != '\0') /* special case for root dir. */ - strcat(path, "/"); + strlcat(path, "/", sizeof(path)); /* For guest account, skip / since it's chrooted */ return (guest ? path+1 : path); } #ifndef LINE_MAX #define LINE_MAX 1024 #endif static int parse_auth_level(char *str) { char *p; int ret = 0; char *foo = NULL; for(p = strtok_r(str, ",", &foo); p; p = strtok_r(NULL, ",", &foo)) { if(strcmp(p, "user") == 0) ; #ifdef OTP else if(strcmp(p, "otp") == 0) ret |= AUTH_PLAIN|AUTH_OTP; #endif else if(strcmp(p, "ftp") == 0 || strcmp(p, "safe") == 0) ret |= AUTH_FTP; else if(strcmp(p, "plain") == 0) ret |= AUTH_PLAIN; else if(strcmp(p, "none") == 0) ret |= AUTH_PLAIN|AUTH_FTP; else warnx("bad value for -a: `%s'", p); } return ret; } /* * Print usage and die. */ +static int debug_flag; +static int interactive_flag; +static char *guest_umask_string; +static char *port_string; +static char *umask_string; +static char *auth_string; + +int use_builtin_ls; + +static int help_flag; +static int version_flag; + +struct getargs args[] = { + { NULL, 'a', arg_string, &auth_string, "required authentication" }, + { NULL, 'i', arg_flag, &interactive_flag, "don't assume stdin is a socket" }, + { NULL, 'p', arg_string, &port_string, "what port to listen to" }, + { NULL, 'g', arg_string, &guest_umask_string, "umask for guest logins" }, + { NULL, 'l', arg_counter, &logging, "log more stuff", "" }, + { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" }, + { NULL, 'T', arg_integer, &maxtimeout, "max timeout" }, + { NULL, 'u', arg_string, &umask_string, "umask for user logins" }, + { NULL, 'd', arg_flag, &debug_flag, "enable debugging" }, + { NULL, 'v', arg_flag, &debug_flag, "enable debugging" }, + { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" }, + { "version", 0, arg_flag, &version_flag }, + { "help", 'h', arg_flag, &help_flag } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + static void -usage (void) +usage (int code) { - fprintf (stderr, - "Usage: %s [-d] [-i] [-g guest_umask] [-l] [-p port]" - " [-t timeout] [-T max_timeout] [-u umask] [-v]" - " [-a auth_level] \n", - __progname); - exit (1); + arg_printusage(args, num_args, NULL, ""); + exit (code); } int main(int argc, char **argv) { - int addrlen, ch, on = 1, tos; + int addrlen, on = 1, tos; char *cp, line[LINE_MAX]; FILE *fd; - int not_inetd = 0; int port; struct servent *sp; - char tkfile[1024]; + int optind = 0; + set_progname (argv[0]); +#ifdef KRB4 /* detach from any tickets and tokens */ - + { + char tkfile[1024]; snprintf(tkfile, sizeof(tkfile), "/tmp/ftp_%u", (unsigned)getpid()); krb_set_tkt_string(tkfile); if(k_hasafs()) k_setpag(); + } +#endif + if(getarg(args, num_args, argc, argv, &optind)) + usage(1); - sp = getservbyname("ftp", "tcp"); - if(sp) - port = sp->s_port; - else - port = htons(21); + if(help_flag) + usage(0); - while ((ch = getopt(argc, argv, "a:dg:ilp:t:T:u:v")) != EOF) { - switch (ch) { - case 'a': - auth_level = parse_auth_level(optarg); - break; - case 'd': - debug = 1; - break; + if(version_flag) { + print_version(NULL); + exit(0); + } - case 'i': - not_inetd = 1; - break; - case 'g': + if(auth_string) + auth_level = parse_auth_level(auth_string); { + char *p; long val = 0; - val = strtol(optarg, &optarg, 8); - if (*optarg != '\0' || val < 0) + if(guest_umask_string) { + val = strtol(guest_umask_string, &p, 8); + if (*p != '\0' || val < 0) warnx("bad value for -g"); else guest_umask = val; - break; } - case 'l': - logging++; /* > 1 == extra logging */ - break; - - case 'p': - sp = getservbyname(optarg, "tcp"); + if(umask_string) { + val = strtol(umask_string, &p, 8); + if (*p != '\0' || val < 0) + warnx("bad value for -u"); + else + defumask = val; + } + } + if(port_string) { + sp = getservbyname(port_string, "tcp"); if(sp) port = sp->s_port; else - if(isdigit(optarg[0])) - port = htons(atoi(optarg)); + if(isdigit(port_string[0])) + port = htons(atoi(port_string)); else warnx("bad value for -p"); - break; + } else { + sp = getservbyname("ftp", "tcp"); + if(sp) + port = sp->s_port; + else + port = htons(21); + } - case 't': - ftpd_timeout = atoi(optarg); if (maxtimeout < ftpd_timeout) maxtimeout = ftpd_timeout; - break; - case 'T': - maxtimeout = atoi(optarg); +#if 0 if (ftpd_timeout > maxtimeout) ftpd_timeout = maxtimeout; - break; +#endif - case 'u': - { - long val = 0; - val = strtol(optarg, &optarg, 8); - if (*optarg != '\0' || val < 0) - warnx("bad value for -u"); - else - defumask = val; - break; - } - - case 'v': - debug = 1; - break; - - default: - usage (); - } - } - - if(not_inetd) + if(interactive_flag) mini_inetd (port); /* * LOG_NDELAY sets up the logging connection immediately, * necessary for anonymous ftp's that chroot and can't do it later. */ openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); - addrlen = sizeof(his_addr); - if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + addrlen = sizeof(his_addr_ss); + if (getpeername(STDIN_FILENO, his_addr, &addrlen) < 0) { syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); exit(1); } - addrlen = sizeof(ctrl_addr); - if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) { + addrlen = sizeof(ctrl_addr_ss); + if (getsockname(STDIN_FILENO, ctrl_addr, &addrlen) < 0) { syslog(LOG_ERR, "getsockname (%s): %m",argv[0]); exit(1); } #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) tos = IPTOS_LOWDELAY; - if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&tos, sizeof(int)) < 0) + if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS, + (void *)&tos, sizeof(int)) < 0) syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); #endif - data_source.sin_port = htons(ntohs(ctrl_addr.sin_port) - 1); - debug = 0; + data_source->sa_family = ctrl_addr->sa_family; + socket_set_port (data_source, + htons(ntohs(socket_get_port(ctrl_addr)) - 1)); /* set this here so it can be put in wtmp */ snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid()); /* freopen(_PATH_DEVNULL, "w", stderr); */ signal(SIGPIPE, lostconn); signal(SIGCHLD, SIG_IGN); #ifdef SIGURG if (signal(SIGURG, myoob) == SIG_ERR) syslog(LOG_ERR, "signal: %m"); #endif - auth_init(); - /* Try to handle urgent data inline */ #if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT) if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (void *)&on, sizeof(on)) < 0) syslog(LOG_ERR, "setsockopt: %m"); #endif #ifdef F_SETOWN if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1) syslog(LOG_ERR, "fcntl F_SETOWN: %m"); #endif - dolog(&his_addr); + dolog(his_addr); /* * Set up default state */ data = -1; type = TYPE_A; form = FORM_N; stru = STRU_F; mode = MODE_S; tmpline[0] = '\0'; /* If logins are disabled, print out the message. */ if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) { while (fgets(line, sizeof(line), fd) != NULL) { if ((cp = strchr(line, '\n')) != NULL) *cp = '\0'; lreply(530, "%s", line); } fflush(stdout); fclose(fd); reply(530, "System not available."); exit(0); } if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) { while (fgets(line, sizeof(line), fd) != NULL) { if ((cp = strchr(line, '\n')) != NULL) *cp = '\0'; lreply(220, "%s", line); } fflush(stdout); fclose(fd); /* reply(220,) must follow */ } - k_gethostname(hostname, sizeof(hostname)); - reply(220, "%s FTP server (%s+%s) ready.", hostname, - version, krb4_version); + gethostname(hostname, sizeof(hostname)); + + reply(220, "%s FTP server (%s" +#ifdef KRB5 + "+%s" +#endif +#ifdef KRB4 + "+%s" +#endif + ") ready.", hostname, version +#ifdef KRB5 + ,heimdal_version +#endif +#ifdef KRB4 + ,krb4_version +#endif + ); + setjmp(errcatch); for (;;) yyparse(); /* NOTREACHED */ } static RETSIGTYPE lostconn(int signo) { if (debug) syslog(LOG_DEBUG, "lost connection"); dologout(-1); } /* * Helper function for sgetpwnam(). */ static char * sgetsave(char *s) { char *new = strdup(s); if (new == NULL) { perror_reply(421, "Local resource failure: malloc"); dologout(1); /* NOTREACHED */ } return new; } /* * Save the result of a getpwnam. Used for USER command, since * the data returned must not be clobbered by any other command * (e.g., globbing). */ static struct passwd * sgetpwnam(char *name) { static struct passwd save; struct passwd *p; if ((p = k_getpwnam(name)) == NULL) return (p); if (save.pw_name) { free(save.pw_name); free(save.pw_passwd); free(save.pw_gecos); free(save.pw_dir); free(save.pw_shell); } save = *p; save.pw_name = sgetsave(p->pw_name); save.pw_passwd = sgetsave(p->pw_passwd); save.pw_gecos = sgetsave(p->pw_gecos); save.pw_dir = sgetsave(p->pw_dir); save.pw_shell = sgetsave(p->pw_shell); return (&save); } static int login_attempts; /* number of failed login attempts */ static int askpasswd; /* had user command, ask for passwd */ static char curname[10]; /* current USER name */ #ifdef OTP OtpContext otp_ctx; #endif /* * USER command. * Sets global passwd pointer pw if named account exists and is acceptable; * sets askpasswd if a PASS command is expected. If logged in previously, * need to reset state. If name is "ftp" or "anonymous", the name is not in * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return. * If account doesn't exist, ask for passwd anyway. Otherwise, check user * requesting login privileges. Disallow anyone who does not have a standard * shell as returned by getusershell(). Disallow anyone mentioned in the file * _PATH_FTPUSERS to allow people such as root and uucp to be avoided. */ void user(char *name) { char *cp, *shell; - if(auth_level == 0 && !auth_complete){ + if(auth_level == 0 && !sec_complete){ reply(530, "No login allowed without authorization."); return; } if (logged_in) { if (guest) { reply(530, "Can't change user from guest login."); return; } else if (dochroot) { reply(530, "Can't change user from chroot user."); return; } end_login(); } guest = 0; if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { if ((auth_level & AUTH_FTP) == 0 || checkaccess("ftp") || checkaccess("anonymous")) reply(530, "User %s access denied.", name); else if ((pw = sgetpwnam("ftp")) != NULL) { guest = 1; defumask = guest_umask; /* paranoia for incoming */ askpasswd = 1; reply(331, "Guest login ok, type your name as password."); } else reply(530, "User %s unknown.", name); - if (!askpasswd && logging) + if (!askpasswd && logging) { + char data_addr[256]; + + if (inet_ntop (his_addr->sa_family, + socket_get_address(his_addr), + data_addr, sizeof(data_addr)) == NULL) + strlcpy (data_addr, "unknown address", + sizeof(data_addr)); + syslog(LOG_NOTICE, "ANONYMOUS FTP LOGIN REFUSED FROM %s(%s)", - remotehost, inet_ntoa(his_addr.sin_addr)); + remotehost, data_addr); + } return; } - if((auth_level & AUTH_PLAIN) == 0 && !auth_complete){ + if((auth_level & AUTH_PLAIN) == 0 && !sec_complete){ reply(530, "Only authorized and anonymous login allowed."); return; } if ((pw = sgetpwnam(name))) { if ((shell = pw->pw_shell) == NULL || *shell == 0) shell = _PATH_BSHELL; while ((cp = getusershell()) != NULL) if (strcmp(cp, shell) == 0) break; endusershell(); if (cp == NULL || checkaccess(name)) { reply(530, "User %s access denied.", name); - if (logging) + if (logging) { + char data_addr[256]; + + if (inet_ntop (his_addr->sa_family, + socket_get_address(his_addr), + data_addr, + sizeof(data_addr)) == NULL) + strlcpy (data_addr, + "unknown address", + sizeof(data_addr)); + syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s(%s), %s", remotehost, - inet_ntoa(his_addr.sin_addr), + data_addr, name); + } pw = (struct passwd *) NULL; return; } } if (logging) - strncpy(curname, name, sizeof(curname)-1); - if(auth_ok()) - ct->userok(name); -#ifdef OTP - else { + strlcpy(curname, name, sizeof(curname)); + if(sec_complete) { + if(sec_userok(name) == 0) + do_login(232, name); + else + reply(530, "User %s access denied.", name); + } else { char ss[256]; +#ifdef OTP if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) { reply(331, "Password %s for %s required.", ss, name); askpasswd = 1; - } else if ((auth_level & AUTH_OTP) == 0) { + } else +#endif + if ((auth_level & AUTH_OTP) == 0) { reply(331, "Password required for %s.", name); askpasswd = 1; } else { char *s; - if (s = otp_error (&otp_ctx)) +#ifdef OTP + if ((s = otp_error (&otp_ctx)) != NULL) lreply(530, "OTP: %s", s); +#endif reply(530, - "Only authorized, anonymous and OTP " + "Only authorized, anonymous" +#ifdef OTP + " and OTP " +#endif "login allowed."); } } #endif /* * Delay before reading passwd after first failed * attempt to slow down passwd-guessing programs. */ if (login_attempts) sleep(login_attempts); } /* * Check if a user is in the file "fname" */ static int checkuser(char *fname, char *name) { FILE *fd; int found = 0; char *p, line[BUFSIZ]; if ((fd = fopen(fname, "r")) != NULL) { while (fgets(line, sizeof(line), fd) != NULL) if ((p = strchr(line, '\n')) != NULL) { *p = '\0'; if (line[0] == '#') continue; if (strcmp(line, name) == 0) { found = 1; break; } } fclose(fd); } return (found); } /* * Determine whether a user has access, based on information in * _PATH_FTPUSERS. The users are listed one per line, with `allow' * or `deny' after the username. If anything other than `allow', or * just nothing, is given after the username, `deny' is assumed. * * If the user is not found in the file, but the pseudo-user `*' is, * the permission is taken from that line. * * This preserves the old semantics where if a user was listed in the * file he was denied, otherwise he was allowed. * * Return 1 if the user is denied, or 0 if he is allowed. */ static int match(const char *pattern, const char *string) { -#ifdef HAVE_FNMATCH return fnmatch(pattern, string, FNM_NOESCAPE); -#else - return strcmp(pattern, "*") != 0 && strcmp(pattern, string) != 0; -#endif } static int checkaccess(char *name) { #define ALLOWED 0 #define NOT_ALLOWED 1 FILE *fd; int allowed = ALLOWED; char *user, *perm, line[BUFSIZ]; char *foo; fd = fopen(_PATH_FTPUSERS, "r"); if(fd == NULL) return allowed; while (fgets(line, sizeof(line), fd) != NULL) { foo = NULL; user = strtok_r(line, " \t\n", &foo); if (user == NULL || user[0] == '#') continue; perm = strtok_r(NULL, " \t\n", &foo); if (match(user, name) == 0){ if(perm && strcmp(perm, "allow") == 0) allowed = ALLOWED; else allowed = NOT_ALLOWED; break; } } fclose(fd); return allowed; } #undef ALLOWED #undef NOT_ALLOWED +/* output contents of /etc/issue.net, or /etc/issue */ +static void +show_issue(int code) +{ + FILE *f; + char buf[128]; + + f = fopen("/etc/issue.net", "r"); + if(f == NULL) + f = fopen("/etc/issue", "r"); + if(f){ + while(fgets(buf, sizeof(buf), f)){ + buf[strcspn(buf, "\r\n")] = '\0'; + lreply(code, "%s", buf); + } + fclose(f); + } +} + int do_login(int code, char *passwd) { FILE *fd; login_attempts = 0; /* this time successful */ if (setegid((gid_t)pw->pw_gid) < 0) { reply(550, "Can't set gid."); return -1; } initgroups(pw->pw_name, pw->pw_gid); /* open wtmp before chroot */ - logwtmp(ttyline, pw->pw_name, remotehost); + ftpd_logwtmp(ttyline, pw->pw_name, remotehost); logged_in = 1; dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name); if (guest) { /* * We MUST do a chdir() after the chroot. Otherwise * the old current directory will be accessible as "." * outside the new root! */ if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { reply(550, "Can't set guest privileges."); return -1; } } else if (dochroot) { if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { reply(550, "Can't change root."); return -1; } } else if (chdir(pw->pw_dir) < 0) { if (chdir("/") < 0) { reply(530, "User %s: can't change directory to %s.", pw->pw_name, pw->pw_dir); return -1; } else lreply(code, "No directory! Logging in with home=/"); } if (seteuid((uid_t)pw->pw_uid) < 0) { reply(550, "Can't set uid."); return -1; } /* * Display a login message, if it exists. * N.B. reply(code,) must follow the message. */ if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) { char *cp, line[LINE_MAX]; while (fgets(line, sizeof(line), fd) != NULL) { if ((cp = strchr(line, '\n')) != NULL) *cp = '\0'; lreply(code, "%s", line); } } if (guest) { + show_issue(code); reply(code, "Guest login ok, access restrictions apply."); #ifdef HAVE_SETPROCTITLE snprintf (proctitle, sizeof(proctitle), "%s: anonymous/%s", remotehost, passwd); + setproctitle(proctitle); #endif /* HAVE_SETPROCTITLE */ - if (logging) + if (logging) { + char data_addr[256]; + + if (inet_ntop (his_addr->sa_family, + socket_get_address(his_addr), + data_addr, sizeof(data_addr)) == NULL) + strlcpy (data_addr, "unknown address", + sizeof(data_addr)); + syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s", remotehost, - inet_ntoa(his_addr.sin_addr), + data_addr, passwd); + } } else { + show_issue(code); reply(code, "User %s logged in.", pw->pw_name); #ifdef HAVE_SETPROCTITLE snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name); setproctitle(proctitle); #endif /* HAVE_SETPROCTITLE */ - if (logging) + if (logging) { + char data_addr[256]; + + if (inet_ntop (his_addr->sa_family, + socket_get_address(his_addr), + data_addr, sizeof(data_addr)) == NULL) + strlcpy (data_addr, "unknown address", + sizeof(data_addr)); + syslog(LOG_INFO, "FTP LOGIN FROM %s(%s) as %s", remotehost, - inet_ntoa(his_addr.sin_addr), + data_addr, pw->pw_name); } + } umask(defumask); return 0; } /* * Terminate login as previous user, if any, resetting state; * used when USER command is given or login fails. */ static void end_login(void) { seteuid((uid_t)0); if (logged_in) - logwtmp(ttyline, "", ""); + ftpd_logwtmp(ttyline, "", ""); pw = NULL; logged_in = 0; guest = 0; dochroot = 0; } void pass(char *passwd) { int rval; /* some clients insists on sending a password */ if (logged_in && askpasswd == 0){ reply(230, "Dumpucko!"); return; } if (logged_in || askpasswd == 0) { reply(503, "Login with USER first."); return; } askpasswd = 0; rval = 1; if (!guest) { /* "ftp" is only account allowed no password */ if (pw == NULL) rval = 1; /* failure below */ #ifdef OTP - else if (otp_verify_user (&otp_ctx, passwd) == 0) + else if (otp_verify_user (&otp_ctx, passwd) == 0) { rval = 0; + } #endif else if((auth_level & AUTH_OTP) == 0) { +#ifdef KRB4 char realm[REALM_SZ]; if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS) - rval = krb_verify_user(pw->pw_name, "", realm, - passwd, 1, NULL); + rval = krb_verify_user(pw->pw_name, + "", realm, + passwd, + KRB_VERIFY_SECURE, NULL); if (rval == KSUCCESS ){ + chown (tkt_string(), pw->pw_uid, pw->pw_gid); if(k_hasafs()) - k_afsklog(0, 0); + krb_afslog(0, 0); }else +#endif rval = unix_verify_user(pw->pw_name, passwd); } #ifdef OTP else { char *s; - if (s = otp_error(&otp_ctx)) +#ifdef OTP + if ((s = otp_error(&otp_ctx)) != NULL) lreply(530, "OTP: %s", s); - } #endif + } memset (passwd, 0, strlen(passwd)); /* * If rval == 1, the user failed the authentication * check above. If rval == 0, either Kerberos or * local authentication succeeded. */ if (rval) { + char data_addr[256]; + + if (inet_ntop (his_addr->sa_family, + socket_get_address(his_addr), + data_addr, sizeof(data_addr)) == NULL) + strlcpy (data_addr, "unknown address", + sizeof(data_addr)); + reply(530, "Login incorrect."); if (logging) syslog(LOG_NOTICE, "FTP LOGIN FAILED FROM %s(%s), %s", remotehost, - inet_ntoa(his_addr.sin_addr), + data_addr, curname); pw = NULL; if (login_attempts++ >= 5) { syslog(LOG_NOTICE, "repeated login failures from %s(%s)", remotehost, - inet_ntoa(his_addr.sin_addr)); + data_addr); exit(0); } return; } } if(!do_login(230, passwd)) return; /* Forget all about it... */ end_login(); } void -retrieve(char *cmd, char *name) +retrieve(const char *cmd, char *name) { FILE *fin = NULL, *dout; struct stat st; int (*closefunc) (FILE *); char line[BUFSIZ]; if (cmd == 0) { fin = fopen(name, "r"); closefunc = fclose; st.st_size = 0; if(fin == NULL){ + int save_errno = errno; struct cmds { - char *ext; - char *cmd; + const char *ext; + const char *cmd; + const char *rev_cmd; } cmds[] = { - {".tar", "/bin/gtar cPf - %s"}, - {".tar.gz", "/bin/gtar zcPf - %s"}, - {".tar.Z", "/bin/gtar ZcPf - %s"}, - {".gz", "/bin/gzip -c %s"}, - {".Z", "/bin/compress -c %s"}, + {".tar", "/bin/gtar cPf - %s", NULL}, + {".tar.gz", "/bin/gtar zcPf - %s", NULL}, + {".tar.Z", "/bin/gtar ZcPf - %s", NULL}, + {".gz", "/bin/gzip -c %s", "/bin/gzip -c -d %s"}, + {".Z", "/bin/compress -c %s", "/bin/uncompress -c -d %s"}, {NULL, NULL} }; struct cmds *p; for(p = cmds; p->ext; p++){ char *tail = name + strlen(name) - strlen(p->ext); char c = *tail; if(strcmp(tail, p->ext) == 0 && (*tail = 0) == 0 && access(name, R_OK) == 0){ snprintf (line, sizeof(line), p->cmd, name); *tail = c; break; } *tail = c; + if (p->rev_cmd != NULL) { + char *ext; + + asprintf(&ext, "%s%s", name, p->ext); + if (ext != NULL) { + if (access(ext, R_OK) == 0) { + snprintf (line, sizeof(line), + p->rev_cmd, ext); + free(ext); + break; + } + free(ext); + } } + + } if(p->ext){ fin = ftpd_popen(line, "r", 0, 0); closefunc = ftpd_pclose; st.st_size = -1; cmd = line; - } + } else + errno = save_errno; } } else { snprintf(line, sizeof(line), cmd, name); name = line; fin = ftpd_popen(line, "r", 1, 0); closefunc = ftpd_pclose; st.st_size = -1; } if (fin == NULL) { if (errno != 0) { perror_reply(550, name); if (cmd == 0) { LOGCMD("get", name); } } return; } byte_count = -1; if (cmd == 0){ if(fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode)) { reply(550, "%s: not a plain file.", name); goto done; } } if (restart_point) { if (type == TYPE_A) { off_t i, n; int c; n = restart_point; i = 0; while (i++ < n) { if ((c=getc(fin)) == EOF) { perror_reply(550, name); goto done; } if (c == '\n') i++; } } else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) { perror_reply(550, name); goto done; } } dout = dataconn(name, st.st_size, "w"); if (dout == NULL) goto done; set_buffer_size(fileno(dout), 0); send_data(fin, dout); fclose(dout); data = -1; pdata = -1; done: if (cmd == 0) LOGBYTES("get", name, byte_count); (*closefunc)(fin); } /* filename sanity check */ int filename_check(char *filename) { static const char good_chars[] = "+-=_,."; char *p; p = strrchr(filename, '/'); if(p) filename = p + 1; p = filename; if(isalnum(*p)){ p++; while(*p && (isalnum(*p) || strchr(good_chars, *p))) p++; if(*p == '\0') return 0; } lreply(553, "\"%s\" is an illegal filename.", filename); lreply(553, "The filename must start with an alphanumeric " "character and must only"); reply(553, "consist of alphanumeric characters or any of the following: %s", good_chars); return 1; } void do_store(char *name, char *mode, int unique) { FILE *fout, *din; struct stat st; int (*closefunc) (FILE *); if(guest && filename_check(name)) return; if (unique && stat(name, &st) == 0 && (name = gunique(name)) == NULL) { LOGCMD(*mode == 'w' ? "put" : "append", name); return; } if (restart_point) mode = "r+"; fout = fopen(name, mode); closefunc = fclose; if (fout == NULL) { perror_reply(553, name); LOGCMD(*mode == 'w' ? "put" : "append", name); return; } byte_count = -1; if (restart_point) { if (type == TYPE_A) { off_t i, n; int c; n = restart_point; i = 0; while (i++ < n) { if ((c=getc(fout)) == EOF) { perror_reply(550, name); goto done; } if (c == '\n') i++; } /* * We must do this seek to "current" position * because we are changing from reading to * writing. */ if (fseek(fout, 0L, SEEK_CUR) < 0) { perror_reply(550, name); goto done; } } else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) { perror_reply(550, name); goto done; } } din = dataconn(name, (off_t)-1, "r"); if (din == NULL) goto done; set_buffer_size(fileno(din), 1); if (receive_data(din, fout) == 0) { if (unique) reply(226, "Transfer complete (unique file name:%s).", name); else reply(226, "Transfer complete."); } fclose(din); data = -1; pdata = -1; done: LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count); (*closefunc)(fout); } static FILE * -getdatasock(char *mode) +getdatasock(const char *mode) { - int on = 1, s, t, tries; + int s, t, tries; if (data >= 0) return (fdopen(data, mode)); - seteuid((uid_t)0); - s = socket(AF_INET, SOCK_STREAM, 0); + seteuid(0); + s = socket(ctrl_addr->sa_family, SOCK_STREAM, 0); if (s < 0) goto bad; -#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) - if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, - (void *) &on, sizeof(on)) < 0) - goto bad; -#endif + socket_set_reuseaddr (s, 1); /* anchor socket to avoid multi-homing problems */ - data_source.sin_family = AF_INET; - data_source.sin_addr = ctrl_addr.sin_addr; + socket_set_address_and_port (data_source, + socket_get_address (ctrl_addr), + socket_get_port (data_source)); + for (tries = 1; ; tries++) { - if (bind(s, (struct sockaddr *)&data_source, - sizeof(data_source)) >= 0) + if (bind(s, data_source, + socket_sockaddr_size (data_source)) >= 0) break; if (errno != EADDRINUSE || tries > 10) goto bad; sleep(tries); } - seteuid((uid_t)pw->pw_uid); -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - on = IPTOS_THROUGHPUT; - if (setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0) - syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); + seteuid(pw->pw_uid); +#ifdef IPTOS_THROUGHPUT + socket_set_tos (s, IPTOS_THROUGHPUT); #endif return (fdopen(s, mode)); bad: /* Return the real value of errno (close may change it) */ t = errno; seteuid((uid_t)pw->pw_uid); close(s); errno = t; return (NULL); } static FILE * -dataconn(char *name, off_t size, char *mode) +dataconn(const char *name, off_t size, const char *mode) { char sizebuf[32]; FILE *file; - int retry = 0, tos; + int retry = 0; file_size = size; byte_count = 0; - if (size != (off_t) -1) - snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", size); + if (size >= 0) + snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", (long)size); else - strcpy(sizebuf, ""); + *sizebuf = '\0'; if (pdata >= 0) { - struct sockaddr_in from; - int s, fromlen = sizeof(from); + struct sockaddr_storage from_ss; + struct sockaddr *from = (struct sockaddr *)&from; + int s; + int fromlen = sizeof(from_ss); - s = accept(pdata, (struct sockaddr *)&from, &fromlen); + s = accept(pdata, from, &fromlen); if (s < 0) { reply(425, "Can't open data connection."); close(pdata); pdata = -1; return (NULL); } close(pdata); pdata = s; #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - tos = IPTOS_THROUGHPUT; + { + int tos = IPTOS_THROUGHPUT; + setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos, - sizeof(int)); + sizeof(tos)); + } #endif reply(150, "Opening %s mode data connection for '%s'%s.", type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); return (fdopen(pdata, mode)); } if (data >= 0) { reply(125, "Using existing data connection for '%s'%s.", name, sizebuf); usedefault = 1; return (fdopen(data, mode)); } if (usedefault) data_dest = his_addr; usedefault = 1; file = getdatasock(mode); if (file == NULL) { + char data_addr[256]; + + if (inet_ntop (data_source->sa_family, + socket_get_address(data_source), + data_addr, sizeof(data_addr)) == NULL) + strlcpy (data_addr, "unknown address", + sizeof(data_addr)); + reply(425, "Can't create data socket (%s,%d): %s.", - inet_ntoa(data_source.sin_addr), - ntohs(data_source.sin_port), strerror(errno)); + data_addr, + socket_get_port (data_source), + strerror(errno)); return (NULL); } data = fileno(file); - while (connect(data, (struct sockaddr *)&data_dest, - sizeof(data_dest)) < 0) { + while (connect(data, data_dest, + socket_sockaddr_size(data_dest)) < 0) { if (errno == EADDRINUSE && retry < swaitmax) { - sleep((unsigned) swaitint); + sleep(swaitint); retry += swaitint; continue; } perror_reply(425, "Can't build data connection"); fclose(file); data = -1; return (NULL); } reply(150, "Opening %s mode data connection for '%s'%s.", type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); return (file); } /* * Tranfer the contents of "instr" to "outstr" peer using the appropriate * encapsulation of the data subject * to Mode, Structure, and Type. * * NB: Form isn't handled. */ static void send_data(FILE *instr, FILE *outstr) { int c, cnt, filefd, netfd; static char *buf; static size_t bufsize; - int i = 0; - char s[1024]; transflag++; if (setjmp(urgcatch)) { transflag = 0; return; } switch (type) { case TYPE_A: while ((c = getc(instr)) != EOF) { byte_count++; - if(i > 1022){ - auth_write(fileno(outstr), s, i); - i = 0; - } if(c == '\n') - s[i++] = '\r'; - s[i++] = c; + sec_putc('\r', outstr); + sec_putc(c, outstr); } - if(i) - auth_write(fileno(outstr), s, i); - auth_write(fileno(outstr), s, 0); - fflush(outstr); + sec_fflush(outstr); transflag = 0; if (ferror(instr)) goto file_err; if (ferror(outstr)) goto data_err; reply(226, "Transfer complete."); return; case TYPE_I: case TYPE_L: -#ifdef HAVE_MMAP +#if defined(HAVE_MMAP) && !defined(NO_MMAP) #ifndef MAP_FAILED #define MAP_FAILED (-1) #endif { struct stat st; char *chunk; int in = fileno(instr); - if(fstat(in, &st) == 0 && S_ISREG(st.st_mode)) { - chunk = mmap(0, st.st_size, PROT_READ, MAP_SHARED, in, 0); - if(chunk != (void *)MAP_FAILED) { + if(fstat(in, &st) == 0 && S_ISREG(st.st_mode) + && st.st_size > 0) { + /* + * mmap zero bytes has potential of loosing, don't do it. + */ + chunk = mmap(0, st.st_size, PROT_READ, + MAP_SHARED, in, 0); + if((void *)chunk != (void *)MAP_FAILED) { cnt = st.st_size - restart_point; - auth_write(fileno(outstr), - chunk + restart_point, - cnt); - munmap(chunk, st.st_size); - auth_write(fileno(outstr), NULL, 0); + sec_write(fileno(outstr), chunk + restart_point, cnt); + if (munmap(chunk, st.st_size) < 0) + warn ("munmap"); + sec_fflush(outstr); byte_count = cnt; transflag = 0; } } } - #endif if(transflag){ struct stat st; netfd = fileno(outstr); filefd = fileno(instr); buf = alloc_buffer (buf, &bufsize, fstat(filefd, &st) >= 0 ? &st : NULL); if (buf == NULL) { transflag = 0; perror_reply(451, "Local resource failure: malloc"); return; } while ((cnt = read(filefd, buf, bufsize)) > 0 && - auth_write(netfd, buf, cnt) == cnt) + sec_write(netfd, buf, cnt) == cnt) byte_count += cnt; - auth_write(netfd, buf, 0); /* to end an encrypted stream */ + sec_fflush(outstr); /* to end an encrypted stream */ transflag = 0; if (cnt != 0) { if (cnt < 0) goto file_err; goto data_err; } } reply(226, "Transfer complete."); return; default: transflag = 0; reply(550, "Unimplemented TYPE %d in send_data", type); return; } data_err: transflag = 0; perror_reply(426, "Data connection"); return; file_err: transflag = 0; perror_reply(551, "Error on input file"); } /* * Transfer data from peer to "outstr" using the appropriate encapulation of * the data subject to Mode, Structure, and Type. * * N.B.: Form isn't handled. */ static int receive_data(FILE *instr, FILE *outstr) { int cnt, bare_lfs = 0; static char *buf; static size_t bufsize; struct stat st; transflag++; if (setjmp(urgcatch)) { transflag = 0; return (-1); } buf = alloc_buffer (buf, &bufsize, fstat(fileno(outstr), &st) >= 0 ? &st : NULL); if (buf == NULL) { transflag = 0; perror_reply(451, "Local resource failure: malloc"); return -1; } switch (type) { case TYPE_I: case TYPE_L: - while ((cnt = auth_read(fileno(instr), buf, bufsize)) > 0) { + while ((cnt = sec_read(fileno(instr), buf, bufsize)) > 0) { if (write(fileno(outstr), buf, cnt) != cnt) goto file_err; byte_count += cnt; } if (cnt < 0) goto data_err; transflag = 0; return (0); case TYPE_E: reply(553, "TYPE E not implemented."); transflag = 0; return (-1); case TYPE_A: { char *p, *q; int cr_flag = 0; - while ((cnt = auth_read(fileno(instr), + while ((cnt = sec_read(fileno(instr), buf + cr_flag, bufsize - cr_flag)) > 0){ byte_count += cnt; cnt += cr_flag; cr_flag = 0; for(p = buf, q = buf; p < buf + cnt;) { if(*p == '\n') bare_lfs++; - if(*p == '\r') + if(*p == '\r') { if(p == buf + cnt - 1){ cr_flag = 1; p++; continue; }else if(p[1] == '\n'){ *q++ = '\n'; p += 2; continue; } + } *q++ = *p++; } fwrite(buf, q - buf, 1, outstr); if(cr_flag) buf[0] = '\r'; } if(cr_flag) putc('\r', outstr); fflush(outstr); if (ferror(instr)) goto data_err; if (ferror(outstr)) goto file_err; transflag = 0; if (bare_lfs) { lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n" " File may not have transferred correctly.\r\n", bare_lfs); } return (0); } default: reply(550, "Unimplemented TYPE %d in receive_data", type); transflag = 0; return (-1); } data_err: transflag = 0; perror_reply(426, "Data Connection"); return (-1); file_err: transflag = 0; perror_reply(452, "Error writing file"); return (-1); } void statfilecmd(char *filename) { FILE *fin; int c; char line[LINE_MAX]; snprintf(line, sizeof(line), "/bin/ls -la %s", filename); fin = ftpd_popen(line, "r", 1, 0); lreply(211, "status of %s:", filename); while ((c = getc(fin)) != EOF) { if (c == '\n') { if (ferror(stdout)){ perror_reply(421, "control connection"); ftpd_pclose(fin); dologout(1); /* NOTREACHED */ } if (ferror(fin)) { perror_reply(551, filename); ftpd_pclose(fin); return; } putc('\r', stdout); } putc(c, stdout); } ftpd_pclose(fin); reply(211, "End of Status"); } void statcmd(void) { #if 0 struct sockaddr_in *sin; u_char *a, *p; - lreply(211, "%s FTP server status:", hostname, version); + lreply(211, "%s FTP server (%s) status:", hostname, version); printf(" %s\r\n", version); printf(" Connected to %s", remotehost); if (!isdigit(remotehost[0])) printf(" (%s)", inet_ntoa(his_addr.sin_addr)); printf("\r\n"); if (logged_in) { if (guest) printf(" Logged in anonymously\r\n"); else printf(" Logged in as %s\r\n", pw->pw_name); } else if (askpasswd) printf(" Waiting for password\r\n"); else printf(" Waiting for user name\r\n"); printf(" TYPE: %s", typenames[type]); if (type == TYPE_A || type == TYPE_E) printf(", FORM: %s", formnames[form]); if (type == TYPE_L) #if NBBY == 8 printf(" %d", NBBY); #else printf(" %d", bytesize); /* need definition! */ #endif printf("; STRUcture: %s; transfer MODE: %s\r\n", strunames[stru], modenames[mode]); if (data != -1) printf(" Data connection open\r\n"); else if (pdata != -1) { printf(" in Passive mode"); sin = &pasv_addr; goto printaddr; } else if (usedefault == 0) { printf(" PORT"); sin = &data_dest; printaddr: a = (u_char *) &sin->sin_addr; p = (u_char *) &sin->sin_port; #define UC(b) (((int) b) & 0xff) printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); #undef UC } else printf(" No data connection\r\n"); #endif reply(211, "End of status"); } void fatal(char *s) { reply(451, "Error in server: %s\n", s); reply(221, "Closing connection due to server error."); dologout(0); /* NOTREACHED */ } static void int_reply(int, char *, const char *, va_list) #ifdef __GNUC__ __attribute__ ((format (printf, 3, 0))) #endif ; static void int_reply(int n, char *c, const char *fmt, va_list ap) { char buf[10240]; char *p; p=buf; if(n){ snprintf(p, sizeof(buf), "%d%s", n, c); p+=strlen(p); } vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap); p+=strlen(p); snprintf(p, sizeof(buf) - strlen(p), "\r\n"); p+=strlen(p); - auth_printf("%s", buf); + sec_fprintf(stdout, "%s", buf); fflush(stdout); if (debug) syslog(LOG_DEBUG, "<--- %s- ", buf); } void reply(int n, const char *fmt, ...) { va_list ap; va_start(ap, fmt); int_reply(n, " ", fmt, ap); delete_ftp_command(); va_end(ap); } void lreply(int n, const char *fmt, ...) { va_list ap; va_start(ap, fmt); int_reply(n, "-", fmt, ap); va_end(ap); } void nreply(const char *fmt, ...) { va_list ap; va_start(ap, fmt); int_reply(0, NULL, fmt, ap); va_end(ap); } static void ack(char *s) { reply(250, "%s command successful.", s); } void nack(char *s) { reply(502, "%s command not implemented.", s); } /* ARGSUSED */ void yyerror(char *s) { char *cp; if ((cp = strchr(cbuf,'\n'))) *cp = '\0'; reply(500, "'%s': command not understood.", cbuf); } void do_delete(char *name) { struct stat st; LOGCMD("delete", name); if (stat(name, &st) < 0) { perror_reply(550, name); return; } if ((st.st_mode&S_IFMT) == S_IFDIR) { if (rmdir(name) < 0) { perror_reply(550, name); return; } goto done; } if (unlink(name) < 0) { perror_reply(550, name); return; } done: ack("DELE"); } void cwd(char *path) { if (chdir(path) < 0) perror_reply(550, path); else ack("CWD"); } void makedir(char *name) { LOGCMD("mkdir", name); if(guest && filename_check(name)) return; if (mkdir(name, 0777) < 0) perror_reply(550, name); else{ if(guest) chmod(name, 0700); /* guest has umask 777 */ reply(257, "MKD command successful."); } } void removedir(char *name) { LOGCMD("rmdir", name); if (rmdir(name) < 0) perror_reply(550, name); else ack("RMD"); } void pwd(void) { - char path[MaxPathLen + 1]; + char path[MaxPathLen]; char *ret; /* SunOS has a broken getcwd that does popen(pwd) (!!!), this * failes miserably when running chroot */ ret = getcwd(path, sizeof(path)); if (ret == NULL) reply(550, "%s.", strerror(errno)); else reply(257, "\"%s\" is current directory.", path); } char * renamefrom(char *name) { struct stat st; if (stat(name, &st) < 0) { perror_reply(550, name); return NULL; } reply(350, "File exists, ready for destination name"); return (name); } void renamecmd(char *from, char *to) { LOGCMD2("rename", from, to); if(guest && filename_check(to)) return; if (rename(from, to) < 0) perror_reply(550, "rename"); else ack("RNTO"); } static void -dolog(struct sockaddr_in *sin) +dolog(struct sockaddr *sa) { + struct sockaddr_in *sin = (struct sockaddr_in *)sa; + inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost)); #ifdef HAVE_SETPROCTITLE snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost); setproctitle(proctitle); #endif /* HAVE_SETPROCTITLE */ - if (logging) + if (logging) { + char data_addr[256]; + + if (inet_ntop (his_addr->sa_family, + socket_get_address(his_addr), + data_addr, sizeof(data_addr)) == NULL) + strlcpy (data_addr, "unknown address", + sizeof(data_addr)); + + syslog(LOG_INFO, "connection from %s(%s)", remotehost, - inet_ntoa(his_addr.sin_addr)); + data_addr); } +} /* * Record logout in wtmp file * and exit with supplied status. */ void dologout(int status) { transflag = 0; if (logged_in) { seteuid((uid_t)0); - logwtmp(ttyline, "", ""); - dest_tkt(); - if(k_hasafs()) - k_unlog(); + ftpd_logwtmp(ttyline, "", ""); +#ifdef KRB4 + cond_kdestroy(); +#endif } /* beware of flushing buffers after a SIGPIPE */ #ifdef XXX exit(status); #else _exit(status); #endif } void abor(void) { } static void myoob(int signo) { #if 0 char *cp; #endif /* only process if transfer occurring */ if (!transflag) return; /* This is all XXX */ oobflag = 1; /* if the command resulted in a new command, parse that as well */ do{ yyparse(); } while(ftp_command); oobflag = 0; #if 0 cp = tmpline; - if (getline(cp, 7) == NULL) { + if (ftpd_getline(cp, 7) == NULL) { reply(221, "You could at least say goodbye."); dologout(0); } upper(cp); if (strcmp(cp, "ABOR\r\n") == 0) { tmpline[0] = '\0'; reply(426, "Transfer aborted. Data connection closed."); reply(226, "Abort successful"); longjmp(urgcatch, 1); } if (strcmp(cp, "STAT\r\n") == 0) { if (file_size != (off_t) -1) reply(213, "Status: %ld of %ld bytes transferred", (long)byte_count, (long)file_size); else reply(213, "Status: %ld bytes transferred" (long)byte_count); } #endif } /* * Note: a response of 425 is not mentioned as a possible response to * the PASV command in RFC959. However, it has been blessed as * a legitimate response by Jon Postel in a telephone conversation * with Rick Adams on 25 Jan 89. */ void -passive(void) +pasv(void) { int len; char *p, *a; + struct sockaddr_in *sin; - pdata = socket(AF_INET, SOCK_STREAM, 0); + if (ctrl_addr->sa_family != AF_INET) { + reply(425, + "You cannot do PASV with something that's not IPv4"); + return; + } + + pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0); if (pdata < 0) { perror_reply(425, "Can't open passive connection"); return; } - pasv_addr = ctrl_addr; - pasv_addr.sin_port = 0; - seteuid((uid_t)0); - if (bind(pdata, (struct sockaddr *)&pasv_addr, sizeof(pasv_addr)) < 0) { - seteuid((uid_t)pw->pw_uid); + pasv_addr->sa_family = ctrl_addr->sa_family; + socket_set_address_and_port (pasv_addr, + socket_get_address (ctrl_addr), + 0); + seteuid(0); + if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { + seteuid(pw->pw_uid); goto pasv_error; } - seteuid((uid_t)pw->pw_uid); - len = sizeof(pasv_addr); - if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0) + seteuid(pw->pw_uid); + len = sizeof(pasv_addr_ss); + if (getsockname(pdata, pasv_addr, &len) < 0) goto pasv_error; if (listen(pdata, 1) < 0) goto pasv_error; - a = (char *) &pasv_addr.sin_addr; - p = (char *) &pasv_addr.sin_port; + sin = (struct sockaddr_in *)pasv_addr; + a = (char *) &sin->sin_addr; + p = (char *) &sin->sin_port; #define UC(b) (((int) b) & 0xff) reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); return; pasv_error: close(pdata); pdata = -1; perror_reply(425, "Can't open passive connection"); return; } +void +epsv(char *proto) +{ + int len; + + pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0); + if (pdata < 0) { + perror_reply(425, "Can't open passive connection"); + return; + } + pasv_addr->sa_family = ctrl_addr->sa_family; + socket_set_address_and_port (pasv_addr, + socket_get_address (ctrl_addr), + 0); + seteuid(0); + if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { + seteuid(pw->pw_uid); + goto pasv_error; + } + seteuid(pw->pw_uid); + len = sizeof(pasv_addr_ss); + if (getsockname(pdata, pasv_addr, &len) < 0) + goto pasv_error; + if (listen(pdata, 1) < 0) + goto pasv_error; + + reply(229, "Entering Extended Passive Mode (|||%d|)", + ntohs(socket_get_port (pasv_addr))); + return; + +pasv_error: + close(pdata); + pdata = -1; + perror_reply(425, "Can't open passive connection"); + return; +} + +void +eprt(char *str) +{ + char *end; + char sep; + int af; + int ret; + int port; + + usedefault = 0; + if (pdata >= 0) { + close(pdata); + pdata = -1; + } + + sep = *str++; + if (sep == '\0') { + reply(500, "Bad syntax in EPRT"); + return; + } + af = strtol (str, &end, 0); + if (af == 0 || *end != sep) { + reply(500, "Bad syntax in EPRT"); + return; + } + str = end + 1; + switch (af) { +#ifdef HAVE_IPV6 + case 2 : + data_dest->sa_family = AF_INET6; + break; +#endif + case 1 : + data_dest->sa_family = AF_INET; + break; + default : + reply(522, "Network protocol %d not supported, use (1" +#ifdef HAVE_IPV6 + ",2" +#endif + ")", af); + return; + } + end = strchr (str, sep); + if (end == NULL) { + reply(500, "Bad syntax in EPRT"); + return; + } + *end = '\0'; + ret = inet_pton (data_dest->sa_family, str, + socket_get_address (data_dest)); + + if (ret != 1) { + reply(500, "Bad address syntax in EPRT"); + return; + } + str = end + 1; + port = strtol (str, &end, 0); + if (port == 0 || *end != sep) { + reply(500, "Bad port syntax in EPRT"); + return; + } + socket_set_port (data_dest, htons(port)); + reply(200, "EPRT command successful."); +} + /* * Generate unique name for file with basename "local". * The file named "local" is already known to exist. * Generates failure reply on error. */ static char * gunique(char *local) { static char new[MaxPathLen]; struct stat st; int count; char *cp; cp = strrchr(local, '/'); if (cp) *cp = '\0'; if (stat(cp ? local : ".", &st) < 0) { perror_reply(553, cp ? local : "."); return NULL; } if (cp) *cp = '/'; for (count = 1; count < 100; count++) { snprintf (new, sizeof(new), "%s.%d", local, count); if (stat(new, &st) < 0) return (new); } reply(452, "Unique file name cannot be created."); return (NULL); } /* * Format and send reply containing system error number. */ void -perror_reply(int code, char *string) +perror_reply(int code, const char *string) { reply(code, "%s: %s.", string, strerror(errno)); } static char *onefile[] = { "", 0 }; void +list_file(char *file) +{ + if(use_builtin_ls) { + FILE *dout; + dout = dataconn(file, -1, "w"); + if (dout == NULL) + return; + set_buffer_size(fileno(dout), 0); + builtin_ls(dout, file); + reply(226, "Transfer complete."); + fclose(dout); + data = -1; + pdata = -1; + } else { +#ifdef HAVE_LS_A + const char *cmd = "/bin/ls -lA %s"; +#else + const char *cmd = "/bin/ls -la %s"; +#endif + retrieve(cmd, file); + } +} + +void send_file_list(char *whichf) { struct stat st; DIR *dirp = NULL; struct dirent *dir; FILE *dout = NULL; char **dirlist, *dirname; int simple = 0; int freeglob = 0; glob_t gl; char buf[MaxPathLen]; if (strpbrk(whichf, "~{[*?") != NULL) { int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; memset(&gl, 0, sizeof(gl)); freeglob = 1; if (glob(whichf, flags, 0, &gl)) { reply(550, "not found"); goto out; } else if (gl.gl_pathc == 0) { errno = ENOENT; perror_reply(550, whichf); goto out; } dirlist = gl.gl_pathv; } else { onefile[0] = whichf; dirlist = onefile; simple = 1; } if (setjmp(urgcatch)) { transflag = 0; goto out; } while ((dirname = *dirlist++)) { if (stat(dirname, &st) < 0) { /* * If user typed "ls -l", etc, and the client * used NLST, do what the user meant. */ if (dirname[0] == '-' && *dirlist == NULL && transflag == 0) { retrieve("/bin/ls %s", dirname); goto out; } perror_reply(550, whichf); if (dout != NULL) { fclose(dout); transflag = 0; data = -1; pdata = -1; } goto out; } if (S_ISREG(st.st_mode)) { if (dout == NULL) { dout = dataconn("file list", (off_t)-1, "w"); if (dout == NULL) goto out; transflag++; } snprintf(buf, sizeof(buf), "%s%s\n", dirname, type == TYPE_A ? "\r" : ""); - auth_write(fileno(dout), buf, strlen(buf)); + sec_write(fileno(dout), buf, strlen(buf)); byte_count += strlen(dirname) + 1; continue; } else if (!S_ISDIR(st.st_mode)) continue; if ((dirp = opendir(dirname)) == NULL) continue; while ((dir = readdir(dirp)) != NULL) { char nbuf[MaxPathLen]; if (!strcmp(dir->d_name, ".")) continue; if (!strcmp(dir->d_name, "..")) continue; snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name); /* * We have to do a stat to insure it's * not a directory or special file. */ if (simple || (stat(nbuf, &st) == 0 && S_ISREG(st.st_mode))) { if (dout == NULL) { dout = dataconn("file list", (off_t)-1, "w"); if (dout == NULL) goto out; transflag++; } if(strncmp(nbuf, "./", 2) == 0) snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2, type == TYPE_A ? "\r" : ""); else snprintf(buf, sizeof(buf), "%s%s\n", nbuf, type == TYPE_A ? "\r" : ""); - auth_write(fileno(dout), buf, strlen(buf)); + sec_write(fileno(dout), buf, strlen(buf)); byte_count += strlen(nbuf) + 1; } } closedir(dirp); } if (dout == NULL) reply(550, "No files found."); else if (ferror(dout) != 0) perror_reply(550, "Data connection"); else reply(226, "Transfer complete."); transflag = 0; if (dout != NULL){ - auth_write(fileno(dout), buf, 0); /* XXX flush */ + sec_write(fileno(dout), buf, 0); /* XXX flush */ fclose(dout); } data = -1; pdata = -1; out: if (freeglob) { freeglob = 0; globfree(&gl); } } int find(char *pattern) { char line[1024]; FILE *f; snprintf(line, sizeof(line), "/bin/locate -d %s %s", ftp_rooted("/etc/locatedb"), pattern); f = ftpd_popen(line, "r", 1, 1); if(f == NULL){ perror_reply(550, "/bin/locate"); return 1; } lreply(200, "Output from find."); while(fgets(line, sizeof(line), f)){ if(line[strlen(line)-1] == '\n') line[strlen(line)-1] = 0; nreply("%s", line); } reply(200, "Done"); ftpd_pclose(f); return 0; } Index: stable/3/crypto/kerberosIV/appl/ftp/ftpd/kauth.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftpd/kauth.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftpd/kauth.c (revision 62578) @@ -1,325 +1,365 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "ftpd_locl.h" -RCSID("$Id: kauth.c,v 1.14 1997/05/07 02:21:30 assar Exp $"); +RCSID("$Id: kauth.c,v 1.25 1999/12/02 16:58:31 joda Exp $"); -#include -#include -#include - -#include -#ifdef HAVE_SYS_TIME_H -#include -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif - -#include - -#include -#include -#include - -#include "extern.h" -#include "krb4.h" -#include "auth.h" -#include "base64.h" - static KTEXT_ST cip; static unsigned int lifetime; static time_t local_time; static krb_principal pr; +static int do_destroy_tickets = 1; + static int -save_tkt(char *user, char *instance, char *realm, void *arg, - int (*key_proc)(char*, char*, char*, void*, des_cblock*), KTEXT *cipp) +save_tkt(const char *user, + const char *instance, + const char *realm, + const void *arg, + key_proc_t key_proc, + KTEXT *cipp) { local_time = time(0); memmove(&cip, *cipp, sizeof(cip)); return -1; } static int store_ticket(KTEXT cip) { char *ptr; des_cblock session; krb_principal sp; unsigned char kvno; KTEXT_ST tkt; int left = cip->length; - + int len; int kerror; - time_t kdc_time; - ptr = (char *) cip->dat; /* extract session key */ memmove(session, ptr, 8); ptr += 8; left -= 8; - if (strnlen(ptr, left) == left) + len = strnlen(ptr, left); + if (len == left) return(INTK_BADPW); /* extract server's name */ - strcpy(sp.name, ptr); - ptr += strlen(sp.name) + 1; - left -= strlen(sp.name) + 1; + strlcpy(sp.name, ptr, sizeof(sp.name)); + ptr += len + 1; + left -= len + 1; - if (strnlen(ptr, left) == left) + len = strnlen(ptr, left); + if (len == left) return(INTK_BADPW); /* extract server's instance */ - strcpy(sp.instance, ptr); - ptr += strlen(sp.instance) + 1; - left -= strlen(sp.instance) + 1; + strlcpy(sp.instance, ptr, sizeof(sp.instance)); + ptr += len + 1; + left -= len + 1; - if (strnlen(ptr, left) == left) + len = strnlen(ptr, left); + if (len == left) return(INTK_BADPW); /* extract server's realm */ - strcpy(sp.realm,ptr); - ptr += strlen(sp.realm) + 1; - left -= strlen(sp.realm) + 1; + strlcpy(sp.realm, ptr, sizeof(sp.realm)); + ptr += len + 1; + left -= len + 1; if(left < 3) return INTK_BADPW; /* extract ticket lifetime, server key version, ticket length */ /* be sure to avoid sign extension on lifetime! */ lifetime = (unsigned char) ptr[0]; kvno = (unsigned char) ptr[1]; tkt.length = (unsigned char) ptr[2]; ptr += 3; left -= 3; if (tkt.length > left) return(INTK_BADPW); /* extract ticket itself */ memmove(tkt.dat, ptr, tkt.length); ptr += tkt.length; left -= tkt.length; /* Here is where the time should be verified against the KDC. * Unfortunately everything is sent in host byte order (receiver * makes wrong) , and at this stage there is no way for us to know * which byteorder the KDC has. So we simply ignore the time, * there are no security risks with this, the only thing that can * happen is that we might receive a replayed ticket, which could * at most be useless. */ #if 0 /* check KDC time stamp */ + { + time_t kdc_time; + memmove(&kdc_time, ptr, sizeof(kdc_time)); if (swap_bytes) swap_u_long(kdc_time); ptr += 4; if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) { return(RD_AP_TIME); /* XXX should probably be better code */ } + } #endif /* initialize ticket cache */ if (tf_create(TKT_FILE) != KSUCCESS) return(INTK_ERR); if (tf_put_pname(pr.name) != KSUCCESS || tf_put_pinst(pr.instance) != KSUCCESS) { tf_close(); return(INTK_ERR); } kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session, lifetime, kvno, &tkt, local_time); tf_close(); return(kerror); } -void kauth(char *principal, char *ticket) +void +kauth(char *principal, char *ticket) { char *p; int ret; + if(get_command_prot() != prot_private) { + reply(500, "Request denied (bad protection level)"); + return; + } ret = krb_parse_name(principal, &pr); if(ret){ reply(500, "Bad principal: %s.", krb_get_err_text(ret)); return; } if(pr.realm[0] == 0) krb_get_lrealm(pr.realm, 1); if(ticket){ cip.length = base64_decode(ticket, &cip.dat); if(cip.length == -1){ reply(500, "Failed to decode data."); return; } ret = store_ticket(&cip); if(ret){ reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); memset(&cip, 0, sizeof(cip)); return; } + do_destroy_tickets = 1; + if(k_hasafs()) - k_afsklog(0, 0); + krb_afslog(0, 0); reply(200, "Tickets will be destroyed on exit."); return; } ret = krb_get_in_tkt (pr.name, pr.instance, pr.realm, KRB_TICKET_GRANTING_TICKET, pr.realm, DEFAULT_TKT_LIFE, NULL, save_tkt, NULL); if(ret != INTK_BADPW){ reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); return; } - base64_encode(cip.dat, cip.length, &p); + if(base64_encode(cip.dat, cip.length, &p) < 0) { + reply(500, "Out of memory while base64-encoding."); + return; + } reply(300, "P=%s T=%s", krb_unparse_name(&pr), p); free(p); memset(&cip, 0, sizeof(cip)); } static char * short_date(int32_t dp) { char *cp; time_t t = (time_t)dp; if (t == (time_t)(-1L)) return "*** Never *** "; cp = ctime(&t) + 4; cp[15] = '\0'; return (cp); } -void klist(void) +void +klist(void) { int err; char *file = tkt_string(); krb_principal pr; char buf1[128], buf2[128]; int header = 1; CREDENTIALS c; err = tf_init(file, R_TKT_FIL); if(err != KSUCCESS){ reply(500, "%s", krb_get_err_text(err)); return; } tf_close(); /* * We must find the realm of the ticket file here before calling * tf_init because since the realm of the ticket file is not * really stored in the principal section of the file, the * routine we use must itself call tf_init and tf_close. */ err = krb_get_tf_realm(file, pr.realm); if(err != KSUCCESS){ reply(500, "%s", krb_get_err_text(err)); return; } err = tf_init(file, R_TKT_FIL); if(err != KSUCCESS){ reply(500, "%s", krb_get_err_text(err)); return; } err = tf_get_pname(pr.name); if(err != KSUCCESS){ reply(500, "%s", krb_get_err_text(err)); return; } err = tf_get_pinst(pr.instance); if(err != KSUCCESS){ reply(500, "%s", krb_get_err_text(err)); return; } /* * You may think that this is the obvious place to get the * realm of the ticket file, but it can't be done here as the * routine to do this must open the ticket file. This is why * it was done before tf_init. */ + lreply(200, "Ticket file: %s", tkt_string()); + lreply(200, "Principal: %s", krb_unparse_name(&pr)); while ((err = tf_get_cred(&c)) == KSUCCESS) { if (header) { lreply(200, "%-15s %-15s %s", " Issued", " Expires", " Principal (kvno)"); header = 0; } - strcpy(buf1, short_date(c.issue_date)); + strlcpy(buf1, short_date(c.issue_date), sizeof(buf1)); c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); if (time(0) < (unsigned long) c.issue_date) - strcpy(buf2, short_date(c.issue_date)); + strlcpy(buf2, short_date(c.issue_date), sizeof(buf2)); else - strcpy(buf2, ">>> Expired <<< "); + strlcpy(buf2, ">>> Expired <<< ", sizeof(buf2)); lreply(200, "%s %s %s (%d)", buf1, buf2, krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno); } if (header && err == EOF) { lreply(200, "No tickets in file."); } reply(200, ""); +} + +/* + * Only destroy if we created the tickets + */ + +void +cond_kdestroy(void) +{ + if (do_destroy_tickets) + dest_tkt(); + afsunlog(); +} + +void +kdestroy(void) +{ + dest_tkt(); + afsunlog(); + reply(200, "Tickets destroyed"); +} + +void +krbtkfile(const char *tkfile) +{ + do_destroy_tickets = 0; + krb_set_tkt_string(tkfile); + reply(200, "Using ticket file %s", tkfile); +} + +void +afslog(const char *cell) +{ + if(k_hasafs()) { + krb_afslog(cell, 0); + reply(200, "afslog done"); + } else { + reply(200, "no AFS present"); + } +} + +void +afsunlog(void) +{ + if(k_hasafs()) + k_unlog(); } Index: stable/3/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c (revision 62578) @@ -1,136 +1,137 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: logwtmp.c,v 1.10 1997/05/25 15:17:56 assar Exp $"); +RCSID("$Id: logwtmp.c,v 1.14 1999/12/02 16:58:31 joda Exp $"); #endif #include #include #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #ifdef HAVE_UTMP_H #include #endif #ifdef HAVE_UTMPX_H #include #endif #include "extern.h" #ifndef WTMP_FILE #ifdef _PATH_WTMP #define WTMP_FILE _PATH_WTMP #else #define WTMP_FILE "/var/adm/wtmp" #endif #endif void -logwtmp(char *line, char *name, char *host) +ftpd_logwtmp(char *line, char *name, char *host) { static int init = 0; - static int fd, fdx; - struct timeval tv; + static int fd; +#ifdef WTMPX_FILE + static int fdx; +#endif struct utmp ut; #ifdef WTMPX_FILE struct utmpx utx; #endif memset(&ut, 0, sizeof(struct utmp)); -#ifdef HAVE_UT_TYPE +#ifdef HAVE_STRUCT_UTMP_UT_TYPE if(name[0]) ut.ut_type = USER_PROCESS; else ut.ut_type = DEAD_PROCESS; #endif strncpy(ut.ut_line, line, sizeof(ut.ut_line)); strncpy(ut.ut_name, name, sizeof(ut.ut_name)); -#ifdef HAVE_UT_PID +#ifdef HAVE_STRUCT_UTMP_UT_PID ut.ut_pid = getpid(); #endif -#ifdef HAVE_UT_HOST +#ifdef HAVE_STRUCT_UTMP_UT_HOST strncpy(ut.ut_host, host, sizeof(ut.ut_host)); #endif ut.ut_time = time(NULL); #ifdef WTMPX_FILE strncpy(utx.ut_line, line, sizeof(utx.ut_line)); strncpy(utx.ut_user, name, sizeof(utx.ut_user)); strncpy(utx.ut_host, host, sizeof(utx.ut_host)); -#ifdef HAVE_UT_SYSLEN +#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN utx.ut_syslen = strlen(host) + 1; if (utx.ut_syslen > sizeof(utx.ut_host)) utx.ut_syslen = sizeof(utx.ut_host); #endif + { + struct timeval tv; + gettimeofday (&tv, 0); utx.ut_tv.tv_sec = tv.tv_sec; utx.ut_tv.tv_usec = tv.tv_usec; + } if(name[0]) utx.ut_type = USER_PROCESS; else utx.ut_type = DEAD_PROCESS; #endif if(!init){ fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0); #ifdef WTMPX_FILE fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0); #endif init = 1; } if(fd >= 0) { write(fd, &ut, sizeof(struct utmp)); /* XXX */ #ifdef WTMPX_FILE write(fdx, &utx, sizeof(struct utmpx)); #endif } } Index: stable/3/crypto/kerberosIV/appl/ftp/ftpd/popen.c =================================================================== --- stable/3/crypto/kerberosIV/appl/ftp/ftpd/popen.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/ftp/ftpd/popen.c (revision 62578) @@ -1,224 +1,224 @@ /* * Copyright (c) 1988, 1993, 1994 * The Regents of the University of California. All rights reserved. * * This code is derived from software written by Ken Arnold and * published in UNIX Review, Vol. 6, No. 8. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: popen.c,v 1.16 1997/06/01 03:14:06 assar Exp $"); +RCSID("$Id: popen.c,v 1.19 1999/09/16 20:38:45 assar Exp $"); #endif #include #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_RESOURCE_H #include #endif #include #include #include #include #include #include #include #include #include "extern.h" #include /* * Special version of popen which avoids call to shell. This ensures * no one may create a pipe to a hidden program as a side effect of a * list or dir command. */ static int *pids; static int fds; extern int dochroot; /* return path prepended with ~ftp if that file exists, otherwise * return path unchanged */ const char * ftp_rooted(const char *path) { static char home[MaxPathLen] = ""; static char newpath[MaxPathLen]; struct passwd *pwd; if(!home[0]) if((pwd = k_getpwnam("ftp"))) - strcpy(home, pwd->pw_dir); + strlcpy(home, pwd->pw_dir, sizeof(home)); snprintf(newpath, sizeof(newpath), "%s/%s", home, path); if(access(newpath, X_OK)) - strcpy(newpath, path); + strlcpy(newpath, path, sizeof(newpath)); return newpath; } FILE * ftpd_popen(char *program, char *type, int do_stderr, int no_glob) { char *cp; FILE *iop; int argc, gargc, pdes[2], pid; char **pop, *argv[100], *gargv[1000]; char *foo; if (strcmp(type, "r") && strcmp(type, "w")) return (NULL); if (!pids) { /* This function is ugly and should be rewritten, in * modern unices there is no such thing as a maximum * filedescriptor. */ fds = getdtablesize(); pids = (int*)calloc(fds, sizeof(int)); if(!pids) return NULL; } if (pipe(pdes) < 0) return (NULL); /* break up string into pieces */ - for (argc = 0, cp = program;; cp = NULL) { foo = NULL; + for (argc = 0, cp = program;; cp = NULL) { if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo))) break; } gargv[0] = (char*)ftp_rooted(argv[0]); /* glob each piece */ for (gargc = argc = 1; argv[argc]; argc++) { glob_t gl; int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; memset(&gl, 0, sizeof(gl)); if (no_glob || glob(argv[argc], flags, NULL, &gl)) gargv[gargc++] = strdup(argv[argc]); else for (pop = gl.gl_pathv; *pop; pop++) gargv[gargc++] = strdup(*pop); globfree(&gl); } gargv[gargc] = NULL; iop = NULL; switch(pid = fork()) { case -1: /* error */ close(pdes[0]); close(pdes[1]); goto pfree; /* NOTREACHED */ case 0: /* child */ if (*type == 'r') { if (pdes[1] != STDOUT_FILENO) { dup2(pdes[1], STDOUT_FILENO); close(pdes[1]); } if(do_stderr) dup2(STDOUT_FILENO, STDERR_FILENO); close(pdes[0]); } else { if (pdes[0] != STDIN_FILENO) { dup2(pdes[0], STDIN_FILENO); close(pdes[0]); } close(pdes[1]); } execv(gargv[0], gargv); gargv[0] = argv[0]; execv(gargv[0], gargv); _exit(1); } /* parent; assume fdopen can't fail... */ if (*type == 'r') { iop = fdopen(pdes[0], type); close(pdes[1]); } else { iop = fdopen(pdes[1], type); close(pdes[0]); } pids[fileno(iop)] = pid; pfree: for (argc = 1; gargv[argc] != NULL; argc++) free(gargv[argc]); return (iop); } int ftpd_pclose(FILE *iop) { int fdes, status; pid_t pid; sigset_t sigset, osigset; /* * pclose returns -1 if stream is not associated with a * `popened' command, or, if already `pclosed'. */ if (pids == 0 || pids[fdes = fileno(iop)] == 0) return (-1); fclose(iop); sigemptyset(&sigset); sigaddset(&sigset, SIGINT); sigaddset(&sigset, SIGQUIT); sigaddset(&sigset, SIGHUP); sigprocmask(SIG_BLOCK, &sigset, &osigset); while ((pid = waitpid(pids[fdes], &status, 0)) < 0 && errno == EINTR) continue; sigprocmask(SIG_SETMASK, &osigset, NULL); pids[fdes] = 0; if (pid < 0) return (pid); if (WIFEXITED(status)) return (WEXITSTATUS(status)); return (1); } Index: stable/3/crypto/kerberosIV/appl/kauth/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/appl/kauth/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kauth/Makefile.in (revision 62578) @@ -1,112 +1,110 @@ -# $Id: Makefile.in,v 1.33 1997/04/05 21:24:35 assar Exp $ +# $Id: Makefile.in,v 1.40 1999/03/10 19:01:11 joda Exp $ SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ -topdir = ../.. +top_builddir = ../.. CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ DEFS = @DEFS@ -DBINDIR='"$(bindir)"' -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ LIBS = @LIBS@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ libexecdir = @libexecdir@ bindir = @bindir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ PROG_BIN = kauth$(EXECSUFFIX) ksrvtgt PROG_LIBEXEC = kauthd$(EXECSUFFIX) PROGS = $(PROG_BIN) $(PROG_LIBEXEC) SOURCES_KAUTH = kauth.c rkinit.c SOURCES_KAUTHD = kauthd.c SOURCES_COMMON = encdata.c marshall.c OBJECTS_KAUTH = kauth.o rkinit.o OBJECTS_KAUTHD = kauthd.o OBJECTS_COMMON = marshall.o encdata.o OBJECTS = $(OBJECTS_KAUTH) $(OBJECTS_KAUTHD) SOURCES = $(SOURCES_KAUTH) $(SOURCES_KAUTHD) $(SOURCES_COMMON) KRB_KAFS_LIB = @KRB_KAFS_LIB@ all: $(PROGS) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + $(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $< install: all - $(MKINSTALLDIRS) $(bindir) $(libexecdir) + $(MKINSTALLDIRS) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) for x in $(PROG_BIN); do \ - $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ done - if test -f $(bindir)/zrefresh -o -r $(bindir)/zrefresh; then \ + if test -f $(DESTDIR)$(bindir)/zrefresh -o -r $(DESTDIR)$(bindir)/zrefresh; then \ true; \ else \ - $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(bindir)/`echo zrefresh | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(DESTDIR)$(bindir)/`echo zrefresh | sed '$(transform)'`; \ fi for x in $(PROG_LIBEXEC); do \ - $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \ done uninstall: for x in $(PROG_BIN); do \ - rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \ + rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ done for x in $(PROG_LIBEXEC); do \ - rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + rm -f $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \ done TAGS: $(SOURCES) etags $(SOURCES) check: clean: rm -f *.a *.o $(PROGS) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes LIBROKEN=-L../../lib/roken -lroken kauth$(EXECSUFFIX): $(OBJECTS_KAUTH) $(OBJECTS_COMMON) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTH) $(OBJECTS_COMMON) $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTH) $(OBJECTS_COMMON) $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) kauthd$(EXECSUFFIX): $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) ksrvtgt: ksrvtgt.in sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@ chmod +x $@ $(OBJECTS): ../../include/config.h + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/appl/kauth/encdata.c =================================================================== --- stable/3/crypto/kerberosIV/appl/kauth/encdata.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kauth/encdata.c (revision 62578) @@ -1,101 +1,96 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kauth.h" -RCSID("$Id: encdata.c,v 1.9 1997/04/01 08:17:30 joda Exp $"); +RCSID("$Id: encdata.c,v 1.10 1999/12/02 16:58:31 joda Exp $"); int write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule, des_cblock *session, struct sockaddr_in *me, struct sockaddr_in *him) { void *outbuf; int32_t outlen, l; int i; unsigned char tmp[4]; outbuf = malloc(len + 30); if (outbuf == NULL) return -1; outlen = krb_mk_priv (buf, outbuf, len, schedule, session, me, him); if (outlen < 0) { free(outbuf); return -1; } l = outlen; for(i = 3; i >= 0; i--, l = l >> 8) tmp[i] = l & 0xff; if (krb_net_write (fd, tmp, 4) != 4 || krb_net_write (fd, outbuf, outlen) != outlen) { free(outbuf); return -1; } free(outbuf); return 0; } int read_encrypted (int fd, void *buf, size_t len, void **ret, des_key_schedule schedule, des_cblock *session, struct sockaddr_in *him, struct sockaddr_in *me) { int status; int32_t l; MSG_DAT msg; unsigned char tmp[4]; l = krb_net_read (fd, tmp, 4); if (l != 4) return l; l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; if (l > len) return -1; if (krb_net_read (fd, buf, l) != l) return -1; status = krb_rd_priv (buf, l, schedule, session, him, me, &msg); if (status != RD_AP_OK) { fprintf (stderr, "read_encrypted: %s\n", krb_get_err_text(status)); return -1; } *ret = msg.app_data; return msg.app_length; } Index: stable/3/crypto/kerberosIV/appl/kauth/kauth.c =================================================================== --- stable/3/crypto/kerberosIV/appl/kauth/kauth.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kauth/kauth.c (revision 62578) @@ -1,312 +1,385 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Little program that reads an srvtab or password and * creates a suitable ticketfile and associated AFS tokens. * * If an optional command is given the command is executed in a * new PAG and when the command exits the tickets are destroyed. */ #include "kauth.h" -RCSID("$Id: kauth.c,v 1.75 1997/05/02 15:09:24 assar Exp $"); +RCSID("$Id: kauth.c,v 1.97 1999/12/02 16:58:31 joda Exp $"); krb_principal princ; -static char srvtab[MaxPathLen + 1]; +static char srvtab[MaxPathLen]; static int lifetime = DEFAULT_TKT_LIFE; -static char remote_tktfile[MaxPathLen + 1]; +static char remote_tktfile[MaxPathLen]; static char remoteuser[100]; static char *cell = 0; static void usage(void) { fprintf(stderr, - "Usage: %s [-n ] [-r remoteuser] [-t remote ticketfile]" - "[-l lifetime (in minutes) ] [-h hosts... ]" - "[-f srvtab ] [-c AFS cell name ] [command ... ]\n", - __progname); - fprintf(stderr, "\nA fully qualified name can be given user[.instance][@realm]\nRealm is converted to uppercase!\n"); + "Usage:\n" + " %s [name]\n" + "or\n" + " %s [-ad] [-n name] [-r remoteuser] [-t remote ticketfile]\n" + " [-l lifetime (in minutes) ] [-f srvtab ] [-c AFS cell name ]\n" + " [-h hosts... [--]] [command ... ]\n\n", + __progname, __progname); + fprintf(stderr, + "A fully qualified name can be given: user[.instance][@realm]\n" + "Realm is converted to uppercase!\n"); exit(1); } -static void +#define EX_NOEXEC 126 +#define EX_NOTFOUND 127 + +static int doexec(int argc, char **argv) { - int status; - pid_t ret; - - switch (fork()) { - case -1: - err (1, "fork"); - break; - case 0: - /* in child */ - execvp(argv[0], argv); - err (1, "Can't exec program ``%s''", argv[0]); - break; - default: - /* in parent */ - do { - ret = wait(&status); - } while ((ret > 0 && !WIFEXITED(status)) || (ret < 0 && errno == EINTR)); + int ret = simple_execvp(argv[0], argv); + if(ret == -2) + warn ("fork"); + if(ret == -3) + warn("waitpid"); if (ret < 0) - perror("wait"); - dest_tkt(); - if (k_hasafs()) - k_unlog(); - break; - } + return EX_NOEXEC; + if(ret == EX_NOEXEC || ret == EX_NOTFOUND) + warnx("Can't exec program ``%s''", argv[0]); + + return ret; } static RETSIGTYPE renew(int sig) { int code; signal(SIGALRM, renew); code = krb_get_svc_in_tkt(princ.name, princ.instance, princ.realm, KRB_TICKET_GRANTING_TICKET, princ.realm, lifetime, srvtab); if (code) warnx ("%s", krb_get_err_text(code)); else if (k_hasafs()) { - if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) { + if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) { warnx ("%s", krb_get_err_text(code)); } } alarm(krb_life_to_time(0, lifetime)/2 - 60); SIGRETURN(0); } static int zrefresh(void) { switch (fork()) { case -1: err (1, "Warning: Failed to fork zrefresh"); return -1; case 0: /* Child */ execlp("zrefresh", "zrefresh", 0); execl(BINDIR "/zrefresh", "zrefresh", 0); exit(1); default: /* Parent */ break; } return 0; } static int -key_to_key(char *user, char *instance, char *realm, void *arg, +key_to_key(const char *user, + char *instance, + const char *realm, + const void *arg, des_cblock *key) { memcpy(key, arg, sizeof(des_cblock)); return 0; } +static int +get_ticket_address(krb_principal *princ, des_cblock *key) +{ + int code; + unsigned char flags; + krb_principal service; + u_int32_t addr; + struct in_addr addr2; + des_cblock session; + int life; + u_int32_t time_sec; + des_key_schedule schedule; + CREDENTIALS c; + + code = get_ad_tkt(princ->name, princ->instance, princ->realm, 0); + if(code) { + warnx("get_ad_tkt: %s\n", krb_get_err_text(code)); + return code; + } + code = krb_get_cred(princ->name, princ->instance, princ->realm, &c); + if(code) { + warnx("krb_get_cred: %s\n", krb_get_err_text(code)); + return code; + } + + des_set_key(key, schedule); + code = decomp_ticket(&c.ticket_st, + &flags, + princ->name, + princ->instance, + princ->realm, + &addr, + session, + &life, + &time_sec, + service.name, + service.instance, + key, + schedule); + if(code) { + warnx("decomp_ticket: %s\n", krb_get_err_text(code)); + return code; + } + memset(&session, 0, sizeof(session)); + memset(schedule, 0, sizeof(schedule)); + addr2.s_addr = addr; + fprintf(stdout, "ticket address = %s\n", inet_ntoa(addr2)); +} + + int main(int argc, char **argv) { int code, more_args; int ret; int c; char *file; int pflag = 0; + int aflag = 0; + int version_flag = 0; char passwd[100]; des_cblock key; char **host; int nhost; char tf[MaxPathLen]; set_progname (argv[0]); if ((file = getenv("KRBTKFILE")) == 0) file = TKT_FILE; memset(&princ, 0, sizeof(princ)); memset(srvtab, 0, sizeof(srvtab)); *remoteuser = '\0'; nhost = 0; + host = NULL; - while ((c = getopt(argc, argv, "r:t:f:hl:n:c:")) != EOF) + /* Look for kerberos name */ + if (argc > 1 && + argv[1][0] != '-' && + krb_parse_name(argv[1], &princ) == 0) + { + argc--; argv++; + strupr(princ.realm); + } + + while ((c = getopt(argc, argv, "ar:t:f:hdl:n:c:v")) != -1) switch (c) { + case 'a': + aflag++; + break; + case 'd': + krb_enable_debug(); + _kafs_debug = 1; + aflag++; + break; case 'f': - strncpy(srvtab, optarg, sizeof(srvtab)); + strlcpy(srvtab, optarg, sizeof(srvtab)); break; case 't': - strncpy(remote_tktfile, optarg, sizeof(remote_tktfile)); + strlcpy(remote_tktfile, optarg, sizeof(remote_tktfile)); break; case 'r': - strncpy(remoteuser, optarg, sizeof(remoteuser)); + strlcpy(remoteuser, optarg, sizeof(remoteuser)); break; case 'l': lifetime = atoi(optarg); if (lifetime == -1) lifetime = 255; else if (lifetime < 5) lifetime = 1; else lifetime = krb_time_to_life(0, lifetime*60); if (lifetime > 255) lifetime = 255; break; case 'n': if ((code = krb_parse_name(optarg, &princ)) != 0) { warnx ("%s", krb_get_err_text(code)); usage(); } strupr(princ.realm); pflag = 1; break; case 'c': cell = optarg; break; case 'h': host = argv + optind; for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind) ++nhost; + if(nhost == 0) + usage(); break; + case 'v': + version_flag++; + print_version(NULL); + break; case '?': default: usage(); break; } - /* Look for kerberos name */ - if (!pflag && optind < argc && krb_parse_name(argv[optind], &princ) == 0) { - ++optind; - strupr(princ.realm); + if(version_flag) { + print_version(NULL); + exit(0); } - if (princ.name[0] == '\0' && krb_get_default_principal (princ.name, princ.instance, princ.realm) < 0) errx (1, "Could not get default principal"); - if (*remoteuser == '\0') - strcpy (remoteuser, princ.name); + /* With root tickets assume remote user is root */ + if (*remoteuser == '\0') { + if (strcmp(princ.instance, "root") == 0) + strlcpy(remoteuser, princ.instance, sizeof(remoteuser)); + else + strlcpy(remoteuser, princ.name, sizeof(remoteuser)); + } more_args = argc - optind; if (princ.realm[0] == '\0') if (krb_get_lrealm(princ.realm, 1) != KSUCCESS) - strcpy(princ.realm, KRB_REALM); + strlcpy(princ.realm, KRB_REALM, REALM_SZ); if (more_args) { int f; do{ - snprintf(tf, sizeof(tf), - TKT_ROOT "%u_%u", - (unsigned)getuid(), + snprintf(tf, sizeof(tf), "%s%u_%u", TKT_ROOT, (unsigned)getuid(), (unsigned)(getpid()*time(0))); f = open(tf, O_CREAT|O_EXCL|O_RDWR); }while(f < 0); close(f); unlink(tf); setenv("KRBTKFILE", tf, 1); krb_set_tkt_string (tf); } if (srvtab[0]) { signal(SIGALRM, renew); code = read_service_key (princ.name, princ.instance, princ.realm, 0, srvtab, (char *)&key); if (code == KSUCCESS) code = krb_get_in_tkt(princ.name, princ.instance, princ.realm, KRB_TICKET_GRANTING_TICKET, princ.realm, lifetime, key_to_key, NULL, key); alarm(krb_life_to_time(0, lifetime)/2 - 60); } else { char prompt[128]; snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&princ)); if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){ memset(passwd, 0, sizeof(passwd)); exit(1); } - des_string_to_key (passwd, &key); - code = krb_get_in_tkt (princ.name, princ.instance, princ.realm, - KRB_TICKET_GRANTING_TICKET, - princ.realm, lifetime, - key_to_key, NULL, key); - if(code == INTK_BADPW) { - afs_string_to_key (passwd, princ.realm, &key); - code = krb_get_in_tkt (princ.name, princ.instance, princ.realm, - KRB_TICKET_GRANTING_TICKET, - princ.realm, lifetime, - key_to_key, NULL, key); - } + code = krb_get_pw_in_tkt2(princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, princ.realm, + lifetime, passwd, &key); + memset(passwd, 0, sizeof(passwd)); } if (code) { memset (key, 0, sizeof(key)); errx (1, "%s", krb_get_err_text(code)); } + if(aflag) + get_ticket_address(&princ, &key); + if (k_hasafs()) { if (more_args) k_setpag(); - if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) + if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) { + if(code > 0) warnx ("%s", krb_get_err_text(code)); + else + warnx ("failed to store AFS token"); + } } for(ret = 0; nhost-- > 0; host++) ret += rkinit(&princ, lifetime, remoteuser, remote_tktfile, &key, *host); if (ret) return ret; - if (more_args) - doexec(more_args, &argv[optind]); + if (more_args) { + ret = doexec(more_args, &argv[optind]); + dest_tkt(); + if (k_hasafs()) + k_unlog(); + } else zrefresh(); - return 0; + return ret; } Index: stable/3/crypto/kerberosIV/appl/kauth/kauth.h =================================================================== --- stable/3/crypto/kerberosIV/appl/kauth/kauth.h (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kauth/kauth.h (revision 62578) @@ -1,118 +1,116 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: kauth.h,v 1.18 1997/05/20 18:40:31 bg Exp $ */ +/* $Id: kauth.h,v 1.21 1999/12/02 16:58:31 joda Exp $ */ #ifdef HAVE_CONFIG_H #include #endif /* HAVE_CONFIG_H */ #include #include #include #include #include #ifdef HAVE_FCNTL_H #include #endif #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_PWD_H #include #endif #ifdef HAVE_GRP_H #include #endif #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_RESOURCE_H #include #endif /* HAVE_SYS_RESOURCE_H */ #ifdef HAVE_SYS_WAIT_H #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_NETDB_H #include #endif #ifdef SOCKS #include +/* This doesn't belong here. */ +struct tm *localtime(const time_t *); +struct hostent *gethostbyname(const char *); #endif #include #include #include #include #define KAUTH_PORT 2120 #define KAUTH_VERSION "RKINIT.0" int rkinit (krb_principal*, int, char*, char*, des_cblock*, char*); int write_encrypted (int, void*, size_t, des_key_schedule, des_cblock*, struct sockaddr_in*, struct sockaddr_in*); int read_encrypted (int, void*, size_t, void **, des_key_schedule, des_cblock*, struct sockaddr_in*, struct sockaddr_in*); -unsigned pack_args (char *, krb_principal*, int, char*, char*); +int pack_args (char *, size_t, krb_principal*, int, const char*, const char*); -int unpack_args (char*, krb_principal*, int*, char*, char*); +int unpack_args (const char*, krb_principal*, int*, char*, char*); Index: stable/3/crypto/kerberosIV/appl/kauth/kauthd.c =================================================================== --- stable/3/crypto/kerberosIV/appl/kauth/kauthd.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kauth/kauthd.c (revision 62578) @@ -1,201 +1,200 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kauth.h" -RCSID("$Id: kauthd.c,v 1.22 1997/05/18 20:37:55 assar Exp $"); +RCSID("$Id: kauthd.c,v 1.25 1999/12/02 16:58:31 joda Exp $"); krb_principal princ; -static char locuser[SNAME_SZ + 1]; +static char locuser[SNAME_SZ]; static int lifetime; -static char tktfile[MaxPathLen + 1]; +static char tktfile[MaxPathLen]; struct remote_args { int sock; des_key_schedule *schedule; des_cblock *session; struct sockaddr_in *me, *her; }; static int -decrypt_remote_tkt (char *user, char *inst, char *realm, void *varg, - key_proc_t key_proc, KTEXT *cipp) +decrypt_remote_tkt (const char *user, + const char *inst, + const char *realm, + const void *varg, + key_proc_t key_proc, + KTEXT *cipp) { char buf[BUFSIZ]; void *ptr; int len; KTEXT cip = *cipp; struct remote_args *args = (struct remote_args *)varg; write_encrypted (args->sock, cip->dat, cip->length, *args->schedule, args->session, args->me, args->her); len = read_encrypted (args->sock, buf, sizeof(buf), &ptr, *args->schedule, args->session, args->her, args->me); memcpy(cip->dat, ptr, cip->length); return 0; } static int doit(int sock) { int status; KTEXT_ST ticket; AUTH_DAT auth; - char instance[INST_SZ + 1]; + char instance[INST_SZ]; des_key_schedule schedule; struct sockaddr_in thisaddr, thataddr; int addrlen; int len; char buf[BUFSIZ]; void *data; struct passwd *passwd; char version[KRB_SENDAUTH_VLEN + 1]; char remotehost[MaxHostNameLen]; addrlen = sizeof(thisaddr); if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 || addrlen != sizeof(thisaddr)) { return 1; } addrlen = sizeof(thataddr); if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 || addrlen != sizeof(thataddr)) { return 1; } inaddr2str (thataddr.sin_addr, remotehost, sizeof(remotehost)); k_getsockinst (sock, instance, sizeof(instance)); status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance, &thataddr, &thisaddr, &auth, "", schedule, version); if (status != KSUCCESS || strncmp(version, KAUTH_VERSION, KRB_SENDAUTH_VLEN) != 0) { return 1; } len = read_encrypted (sock, buf, sizeof(buf), &data, schedule, &auth.session, &thataddr, &thisaddr); if (len < 0) { write_encrypted (sock, "read_enc failed", sizeof("read_enc failed") - 1, schedule, &auth.session, &thisaddr, &thataddr); return 1; } if (unpack_args(data, &princ, &lifetime, locuser, tktfile)) { write_encrypted (sock, "unpack_args failed", sizeof("unpack_args failed") - 1, schedule, &auth.session, &thisaddr, &thataddr); return 1; } if( kuserok(&auth, locuser) != 0) { snprintf(buf, sizeof(buf), "%s cannot get tickets for %s", locuser, krb_unparse_name(&princ)); syslog (LOG_ERR, buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; } passwd = k_getpwnam (locuser); if (passwd == NULL) { snprintf (buf, sizeof(buf), "No user '%s'", locuser); syslog (LOG_ERR, buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; } if (setgid (passwd->pw_gid) || initgroups(passwd->pw_name, passwd->pw_gid) || setuid(passwd->pw_uid)) { snprintf (buf, sizeof(buf), "Could not change user"); syslog (LOG_ERR, buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; } write_encrypted (sock, "ok", sizeof("ok") - 1, schedule, &auth.session, &thisaddr, &thataddr); if (*tktfile == 0) snprintf(tktfile, sizeof(tktfile), "%s%u", TKT_ROOT, (unsigned)getuid()); krb_set_tkt_string (tktfile); { struct remote_args arg; arg.sock = sock; arg.schedule = &schedule; arg.session = &auth.session; arg.me = &thisaddr; arg.her = &thataddr; status = krb_get_in_tkt (princ.name, princ.instance, princ.realm, KRB_TICKET_GRANTING_TICKET, princ.realm, lifetime, NULL, decrypt_remote_tkt, &arg); } if (status == KSUCCESS) { syslog (LOG_INFO, "from %s(%s): %s -> %s", remotehost, inet_ntoa(thataddr.sin_addr), locuser, krb_unparse_name (&princ)); write_encrypted (sock, "ok", sizeof("ok") - 1, schedule, &auth.session, &thisaddr, &thataddr); return 0; } else { snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status)); syslog (LOG_NOTICE, buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; } } int main (int argc, char **argv) { openlog ("kauthd", LOG_ODELAY, LOG_AUTH); if(argc > 1 && strcmp(argv[1], "-i") == 0) mini_inetd (k_getportbyname("kauth", "tcp", htons(KAUTH_PORT))); return doit(STDIN_FILENO); } Index: stable/3/crypto/kerberosIV/appl/kauth/ksrvtgt.in =================================================================== --- stable/3/crypto/kerberosIV/appl/kauth/ksrvtgt.in (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kauth/ksrvtgt.in (revision 62578) @@ -1,14 +1,14 @@ #! /bin/sh -# $Id$ +# $Id: ksrvtgt.in,v 1.3 1997/09/13 03:39:03 joda Exp $ usage="Usage: `basename $0` name instance [[realm] srvtab]" if [ $# -lt 2 -o $# -gt 4 ]; then echo "$usage" exit 1 fi srvtab="${4-${3-/etc/kerberosIV/srvtab}}" realm="${4+@$3}" -kauth -n "$1.$2$realm" -l 5 -f "$srvtab " +%bindir%/kauth -n "$1.$2$realm" -l 5 -f "$srvtab" Index: stable/3/crypto/kerberosIV/appl/kauth/marshall.c =================================================================== --- stable/3/crypto/kerberosIV/appl/kauth/marshall.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kauth/marshall.c (revision 62578) @@ -1,97 +1,126 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kauth.h" -RCSID("$Id: marshall.c,v 1.7 1997/04/01 08:17:32 joda Exp $"); +RCSID("$Id: marshall.c,v 1.10 1999/12/02 16:58:31 joda Exp $"); -unsigned -pack_args (char *buf, krb_principal *pr, int lifetime, - char *locuser, char *tktfile) +int +pack_args (char *buf, + size_t sz, + krb_principal *pr, + int lifetime, + const char *locuser, + const char *tktfile) { - char *p; + char *p = buf; + int len; p = buf; - strcpy (p, pr->name); - p += strlen (pr->name) + 1; - strcpy (p, pr->instance); - p += strlen (pr->instance) + 1; - strcpy (p, pr->realm); - p += strlen (pr->realm) + 1; + + len = strlen(pr->name); + if (len >= sz) + return -1; + memcpy (p, pr->name, len + 1); + p += len + 1; + sz -= len + 1; + + len = strlen(pr->instance); + if (len >= sz) + return -1; + memcpy (p, pr->instance, len + 1); + p += len + 1; + sz -= len + 1; + + len = strlen(pr->realm); + if (len >= sz) + return -1; + memcpy(p, pr->realm, len + 1); + p += len + 1; + sz -= len + 1; + + if (sz < 1) + return -1; *p++ = (unsigned char)lifetime; - strcpy(p, locuser); - p += strlen (locuser) + 1; - strcpy(p, tktfile); - p += strlen(tktfile) + 1; + + len = strlen(locuser); + if (len >= sz) + return -1; + memcpy (p, locuser, len + 1); + p += len + 1; + sz -= len + 1; + + len = strlen(tktfile); + if (len >= sz) + return -1; + memcpy (p, tktfile, len + 1); + p += len + 1; + sz -= len + 1; + return p - buf; } int -unpack_args (char *buf, krb_principal *pr, int *lifetime, +unpack_args (const char *buf, krb_principal *pr, int *lifetime, char *locuser, char *tktfile) { int len; len = strlen(buf); - if (len > SNAME_SZ) + if (len >= SNAME_SZ) return -1; - strncpy(pr->name, buf, len + 1); + strlcpy (pr->name, buf, ANAME_SZ); buf += len + 1; len = strlen (buf); - if (len > INST_SZ) + if (len >= INST_SZ) return -1; - strncpy (pr->instance, buf, len + 1); + strlcpy (pr->instance, buf, INST_SZ); buf += len + 1; len = strlen (buf); - if (len > REALM_SZ) + if (len >= REALM_SZ) return -1; - strncpy (pr->realm, buf, len + 1); + strlcpy (pr->realm, buf, REALM_SZ); buf += len + 1; *lifetime = (unsigned char)*buf++; len = strlen(buf); - if (len > SNAME_SZ) + if (len >= SNAME_SZ) return -1; - strncpy (locuser, buf, len + 1); + strlcpy (locuser, buf, SNAME_SZ); buf += len + 1; len = strlen(buf); - if (len > MaxPathLen) + if (len >= MaxPathLen) return -1; - strncpy (tktfile, buf, len + 1); + strlcpy (tktfile, buf, MaxPathLen); buf += len + 1; return 0; } Index: stable/3/crypto/kerberosIV/appl/kauth/rkinit.c =================================================================== --- stable/3/crypto/kerberosIV/appl/kauth/rkinit.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kauth/rkinit.c (revision 62578) @@ -1,222 +1,226 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kauth.h" -RCSID("$Id: rkinit.c,v 1.19 1997/04/01 08:17:33 joda Exp $"); +RCSID("$Id: rkinit.c,v 1.22.2.1 1999/12/06 17:27:56 assar Exp $"); static struct in_addr * getalladdrs (char *hostname, unsigned *count) { struct hostent *hostent; struct in_addr **h; struct in_addr *addr; unsigned naddr; unsigned maxaddr; hostent = gethostbyname (hostname); if (hostent == NULL) { warnx ("gethostbyname '%s' failed: %s\n", hostname, -#ifdef HAVE_H_ERRNO - hstrerror(h_errno) -#else - "unknown error" -#endif - ); + hstrerror(h_errno)); return NULL; } maxaddr = 1; naddr = 0; addr = malloc(sizeof(*addr) * maxaddr); if (addr == NULL) { warnx ("out of memory"); return NULL; } for (h = (struct in_addr **)(hostent->h_addr_list); *h != NULL; h++) { if (naddr >= maxaddr) { maxaddr *= 2; addr = realloc (addr, sizeof(*addr) * maxaddr); if (addr == NULL) { warnx ("out of memory"); return NULL; } } addr[naddr++] = **h; } addr = realloc (addr, sizeof(*addr) * naddr); if (addr == NULL) { warnx ("out of memory"); return NULL; } *count = naddr; return addr; } static int doit_host (krb_principal *princ, int lifetime, char *locuser, char *tktfile, des_cblock *key, int s, char *hostname) { char buf[BUFSIZ]; int inlen; KTEXT_ST text; CREDENTIALS cred; MSG_DAT msg; int status; des_key_schedule schedule; struct sockaddr_in thisaddr, thataddr; int addrlen; void *ret; addrlen = sizeof(thisaddr); if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 || addrlen != sizeof(thisaddr)) { warn ("getsockname(%s)", hostname); return 1; } addrlen = sizeof(thataddr); if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0 || addrlen != sizeof(thataddr)) { warn ("getpeername(%s)", hostname); return 1; } + if (krb_get_config_bool("nat_in_use")) { + struct in_addr natAddr; + + if (krb_get_our_ip_for_realm(krb_realmofhost(hostname), + &natAddr) == KSUCCESS + || krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS) + thisaddr.sin_addr = natAddr; + } + status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd", hostname, krb_realmofhost (hostname), getpid(), &msg, &cred, schedule, &thisaddr, &thataddr, KAUTH_VERSION); if (status != KSUCCESS) { warnx ("%s: %s\n", hostname, krb_get_err_text(status)); return 1; } - inlen = pack_args (buf, princ, lifetime, locuser, tktfile); + inlen = pack_args (buf, sizeof(buf), + princ, lifetime, locuser, tktfile); + if (inlen < 0) { + warn ("cannot marshall arguments to %s", hostname); + return 1; + } if (write_encrypted(s, buf, inlen, schedule, &cred.session, &thisaddr, &thataddr) < 0) { warn ("write to %s", hostname); return 1; } inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule, &cred.session, &thataddr, &thisaddr); if (inlen < 0) { warn ("read from %s failed", hostname); return 1; } if (strncmp(ret, "ok", inlen) != 0) { warnx ("error from %s: %.*s\n", hostname, inlen, (char *)ret); return 1; } inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule, &cred.session, &thataddr, &thisaddr); if (inlen < 0) { warn ("read from %s", hostname); return 1; } { des_key_schedule key_s; des_key_sched(key, key_s); des_pcbc_encrypt(ret, ret, inlen, key_s, key, DES_DECRYPT); memset(key_s, 0, sizeof(key_s)); } write_encrypted (s, ret, inlen, schedule, &cred.session, &thisaddr, &thataddr); inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule, &cred.session, &thataddr, &thisaddr); if (inlen < 0) { warn ("read from %s", hostname); return 1; } if (strncmp(ret, "ok", inlen) != 0) { warnx ("error from %s: %.*s\n", hostname, inlen, (char *)ret); return 1; } return 0; } int rkinit (krb_principal *princ, int lifetime, char *locuser, char *tktfile, des_cblock *key, char *hostname) { struct in_addr *addr; unsigned naddr; unsigned i; int port; int success; addr = getalladdrs (hostname, &naddr); if (addr == NULL) return 1; port = k_getportbyname ("kauth", "tcp", htons(KAUTH_PORT)); success = 0; for (i = 0; !success && i < naddr; ++i) { struct sockaddr_in a; int s; memset(&a, 0, sizeof(a)); a.sin_family = AF_INET; a.sin_port = port; a.sin_addr = addr[i]; s = socket (AF_INET, SOCK_STREAM, 0); if (s < 0) { warn("socket"); return 1; } if (connect(s, (struct sockaddr *)&a, sizeof(a)) < 0) { warn("connect(%s)", hostname); continue; } success = success || !doit_host (princ, lifetime, locuser, tktfile, key, s, hostname); close (s); } return !success; } Index: stable/3/crypto/kerberosIV/appl/kip/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/appl/kip/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kip/Makefile.in (revision 62578) @@ -1,96 +1,94 @@ -# $Id: Makefile.in,v 1.12 1997/03/23 13:04:03 assar Exp $ +# $Id: Makefile.in,v 1.18 1999/03/10 19:01:11 joda Exp $ SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ LIBS = @LIBS@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libexecdir = @libexecdir@ libdir = @libdir@ bindir = @bindir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ PROG_BIN = kip$(EXECSUFFIX) PROG_LIBEXEC = kipd$(EXECSUFFIX) PROGS = $(PROG_BIN) $(PROG_LIBEXEC) SOURCES_KIP = kip.c SOURCES_KIPD = kipd.c SOURCES_COMMON = common.c OBJECTS_KIP = kip.o common.o OBJECTS_KIPD = kipd.o common.o OBJECTS = $(OBJECTS_KIP) $(OBJECTS_KIPD) SOURCES = $(SOURCES_KIP) $(SOURCES_KIPD) $(SOURCES_COMMON) all: $(PROGS) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + $(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $< install: all - $(MKINSTALLDIRS) $(bindir) $(libexecdir) + $(MKINSTALLDIRS) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) for x in $(PROG_BIN); do \ - $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done for x in $(PROG_LIBEXEC); do \ - $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done uninstall: for x in $(PROG_BIN); do \ - rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done for x in $(PROG_LIBEXEC); do \ - rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done TAGS: $(SOURCES) etags $(SOURCES) check: clean: rm -f *.a *.o $(PROGS) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes LIBROKEN=-L../../lib/roken -lroken kip$(EXECSUFFIX): $(OBJECTS_KIP) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIP) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIP) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) kipd$(EXECSUFFIX): $(OBJECTS_KIPD) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIPD) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIPD) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(OBJECTS): ../../include/config.h + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/appl/kip/common.c =================================================================== --- stable/3/crypto/kerberosIV/appl/kip/common.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kip/common.c (revision 62578) @@ -1,178 +1,173 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kip.h" -RCSID("$Id: common.c,v 1.12 1997/05/02 14:28:06 assar Exp $"); +RCSID("$Id: common.c,v 1.13 1999/12/02 16:58:31 joda Exp $"); /* * Copy packets from `tundev' to `netdev' or vice versa. * Mode is used when reading from `tundev' */ int copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, des_key_schedule schedule) { des_cblock iv1, iv2; int num1 = 0, num2 = 0; u_char *buf; buf = malloc (mtu + 2); if (buf == NULL) { warnx("malloc(%d) failed", mtu); return 1; } memcpy (&iv1, iv, sizeof(iv1)); memcpy (&iv2, iv, sizeof(iv2)); for (;;) { fd_set fdset; int ret, len; FD_ZERO(&fdset); FD_SET(tundev, &fdset); FD_SET(netdev, &fdset); ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL); if (ret < 0 && errno != EINTR) { warn ("select"); return 1; } if (FD_ISSET(tundev, &fdset)) { ret = read (tundev, buf + 2, mtu); if (ret == 0) return 0; if (ret < 0) { if (errno == EINTR) continue; else { warn("read"); return ret; } } buf[0] = ret >> 8; buf[1] = ret & 0xFF; ret += 2; des_cfb64_encrypt (buf, buf, ret, schedule, &iv1, &num1, DES_ENCRYPT); ret = krb_net_write (netdev, buf, ret); if (ret < 0) { warn("write"); return ret; } } if (FD_ISSET(netdev, &fdset)) { ret = read (netdev, buf, 2); if (ret == 0) return 0; if (ret < 0) { if (errno == EINTR) continue; else { warn("read"); return ret; } } des_cfb64_encrypt (buf, buf, 2, schedule, &iv2, &num2, DES_DECRYPT); len = (buf[0] << 8 ) | buf[1]; ret = krb_net_read (netdev, buf + 2, len); if (ret == 0) return 0; if (ret < 0) { if (errno == EINTR) continue; else { warn("read"); return ret; } } des_cfb64_encrypt (buf + 2, buf + 2, len, schedule, &iv2, &num2, DES_DECRYPT); ret = krb_net_write (tundev, buf + 2, len); if (ret < 0) { warn("write"); return ret; } } } } /* * Signal handler that justs waits for the children when they die. */ RETSIGTYPE childhandler (int sig) { pid_t pid; int status; do { pid = waitpid (-1, &status, WNOHANG|WUNTRACED); } while(pid > 0); signal (SIGCHLD, childhandler); SIGRETURN(0); } /* * Find a free tunnel device and open it. */ int tunnel_open (void) { int fd; int i; char name[64]; for (i = 0; i < 256; ++i) { snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i); fd = open (name, O_RDWR, 0); if (fd >= 0) break; if (errno == ENOENT || errno == ENODEV) { warn("open %s", name); return fd; } } if (fd < 0) warn("open %s" ,name); return fd; } Index: stable/3/crypto/kerberosIV/appl/kip/kip.c =================================================================== --- stable/3/crypto/kerberosIV/appl/kip/kip.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kip/kip.c (revision 62578) @@ -1,179 +1,170 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kip.h" -RCSID("$Id: kip.c,v 1.15 1997/05/11 10:54:51 assar Exp $"); +RCSID("$Id: kip.c,v 1.18 1999/12/02 16:58:31 joda Exp $"); static void -usage() +usage(void) { fprintf (stderr, "Usage: %s host\n", __progname); exit (1); } /* * Establish authenticated connection */ static int connect_host (char *host, des_cblock *key, des_key_schedule schedule) { CREDENTIALS cred; KTEXT_ST text; MSG_DAT msg; int status; struct sockaddr_in thisaddr, thataddr; int addrlen; struct hostent *hostent; int s; u_char b; char **p; hostent = gethostbyname (host); if (hostent == NULL) { warnx ("gethostbyname '%s': %s", host, -#ifdef HAVE_H_ERRNO - hstrerror(h_errno) -#else - "unknown error" -#endif - ); + hstrerror(h_errno)); return -1; } memset (&thataddr, 0, sizeof(thataddr)); thataddr.sin_family = AF_INET; thataddr.sin_port = k_getportbyname ("kip", "tcp", htons(KIPPORT)); for(p = hostent->h_addr_list; *p; ++p) { - int one = 1; - memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr)); s = socket (AF_INET, SOCK_STREAM, 0); if (s < 0) { warn ("socket"); return -1; } #if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT) - setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one)); + { + int one = 1; + + setsockopt (s, IPPROTO_TCP, TCP_NODELAY, + (void *)&one, sizeof(one)); + } #endif if (connect (s, (struct sockaddr *)&thataddr, sizeof(thataddr)) < 0) { warn ("connect(%s)", host); close (s); continue; } else { break; } } if (*p == NULL) return -1; addrlen = sizeof(thisaddr); if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 || addrlen != sizeof(thisaddr)) { warn ("getsockname(%s)", host); return -1; } status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd", host, krb_realmofhost (host), getpid(), &msg, &cred, schedule, &thisaddr, &thataddr, KIP_VERSION); if (status != KSUCCESS) { warnx("%s: %s", host, krb_get_err_text(status)); return -1; } if (read (s, &b, sizeof(b)) != sizeof(b)) { warn ("read"); return -1; } if (b) { char buf[BUFSIZ]; read (s, buf, sizeof(buf)); buf[BUFSIZ - 1] = '\0'; warnx ("%s: %s", host, buf); return -1; } memcpy(key, &cred.session, sizeof(des_cblock)); return s; } /* * Connect to the given host. */ static int doit (char *host) { des_key_schedule schedule; des_cblock iv; int other, this; - struct ifreq ifreq; - int sock; other = connect_host (host, &iv, schedule); if (other < 0) return 1; this = tunnel_open (); if (this < 0) return 1; return copy_packets (this, other, TUNMTU, &iv, schedule); } /* * kip - forward IP packets over a kerberos-encrypted channel. * */ int main(int argc, char **argv) { set_progname (argv[0]); if (argc != 2) usage (); return doit (argv[1]); } Index: stable/3/crypto/kerberosIV/appl/kip/kip.h =================================================================== --- stable/3/crypto/kerberosIV/appl/kip/kip.h (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kip/kip.h (revision 62578) @@ -1,106 +1,104 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: kip.h,v 1.16 1997/05/20 18:40:31 bg Exp $ */ +/* $Id: kip.h,v 1.18 1999/12/02 16:58:31 joda Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" #endif /* HAVE_CONFIG_H */ #include #include #include #include #include #include #include #include #include #ifdef HAVE_SYSLOG_H #include #endif #include #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_RESOURCE_H #include #endif #ifdef HAVE_SYS_SELECT_H #include #endif #include #include #include #include +#ifdef HAVE_NETINET_TCP_H +#include +#endif #include #include #include #ifdef HAVE_NET_IF_VAR_H #include #endif #include #include #ifdef SOCKS #include #endif #include #include #define TUNDEV "tun" #define KIPPORT 2112 #define KIP_VERSION "KIPSRV.0" int copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, des_key_schedule schedule); RETSIGTYPE childhandler (int); int tunnel_open (void); Index: stable/3/crypto/kerberosIV/appl/kip/kipd.c =================================================================== --- stable/3/crypto/kerberosIV/appl/kip/kipd.c (revision 62577) +++ stable/3/crypto/kerberosIV/appl/kip/kipd.c (revision 62578) @@ -1,128 +1,123 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kip.h" -RCSID("$Id: kipd.c,v 1.13 1997/05/18 20:38:01 assar Exp $"); +RCSID("$Id: kipd.c,v 1.16 1999/12/02 16:58:31 joda Exp $"); static int fatal (int fd, char *s) { u_char err = 1; write (fd, &err, sizeof(err)); write (fd, s, strlen(s)+1); syslog(LOG_ERR, s); return err; } static int recv_conn (int sock, des_cblock *key, des_key_schedule schedule, struct sockaddr_in *retaddr) { int status; KTEXT_ST ticket; AUTH_DAT auth; - char instance[INST_SZ + 1]; + char instance[INST_SZ]; struct sockaddr_in thisaddr, thataddr; int addrlen; char version[KRB_SENDAUTH_VLEN + 1]; u_char ok = 0; struct passwd *passwd; addrlen = sizeof(thisaddr); if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 || addrlen != sizeof(thisaddr)) { return 1; } addrlen = sizeof(thataddr); if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 || addrlen != sizeof(thataddr)) { return 1; } k_getsockinst (sock, instance, sizeof(instance)); status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance, &thataddr, &thisaddr, &auth, "", schedule, version); if (status != KSUCCESS || strncmp(version, KIP_VERSION, KRB_SENDAUTH_VLEN) != 0) { return 1; } passwd = k_getpwnam ("root"); if (passwd == NULL) return fatal (sock, "Cannot find root"); if (kuserok(&auth, "root") != 0) return fatal (sock, "Permission denied"); if (write (sock, &ok, sizeof(ok)) != sizeof(ok)) return 1; memcpy(key, &auth.session, sizeof(des_cblock)); *retaddr = thataddr; return 0; } static int doit(int sock) { struct sockaddr_in thataddr; des_key_schedule schedule; des_cblock key; int this; if (recv_conn (sock, &key, schedule, &thataddr)) return 1; this = tunnel_open (); if (this < 0) fatal (sock, "Cannot open " _PATH_DEV TUNDEV); return copy_packets (this, sock, TUNMTU, &key, schedule); } /* * kipd - receive forwarded IP */ int main (int argc, char **argv) { set_progname (argv[0]); - openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON); + roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON); signal (SIGCHLD, childhandler); return doit(0); } Index: stable/3/crypto/kerberosIV/cf/check-getpwnam_r-posix.m4 =================================================================== --- stable/3/crypto/kerberosIV/cf/check-getpwnam_r-posix.m4 (revision 62577) +++ stable/3/crypto/kerberosIV/cf/check-getpwnam_r-posix.m4 (revision 62578) @@ -1,24 +1,24 @@ dnl $Id: check-getpwnam_r-posix.m4,v 1.2 1999/03/23 16:47:31 joda Exp $ dnl dnl check for getpwnam_r, and if it's posix or not AC_DEFUN(AC_CHECK_GETPWNAM_R_POSIX,[ AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r) if test "$ac_cv_func_getpwnam_r" = yes; then AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix, ac_libs="$LIBS" LIBS="$LIBS $LIB_getpwnam_r" AC_TRY_RUN([ #include int main() { struct passwd pw, *pwd; return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; } ],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:) LIBS="$ac_libs") if test "$ac_cv_func_getpwnam_r_posix" = yes; then AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.]) fi fi -]) \ No newline at end of file +]) Index: stable/3/crypto/kerberosIV/cf/check-man.m4 =================================================================== --- stable/3/crypto/kerberosIV/cf/check-man.m4 (revision 62577) +++ stable/3/crypto/kerberosIV/cf/check-man.m4 (revision 62578) @@ -1,59 +1,59 @@ dnl $Id: check-man.m4,v 1.2 1999/03/21 14:30:50 joda Exp $ dnl check how to format manual pages dnl AC_DEFUN(AC_CHECK_MAN, [AC_PATH_PROG(NROFF, nroff) AC_PATH_PROG(GROFF, groff) AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format, [cat > conftest.1 << END .Dd January 1, 1970 .Dt CONFTEST 1 .Sh NAME .Nm conftest .Nd foobar END if test "$NROFF" ; then for i in "-mdoc" "-mandoc"; do if "$NROFF" $i conftest.1 2> /dev/null | \ grep Jan > /dev/null 2>&1 ; then ac_cv_sys_man_format="$NROFF $i" break fi done fi if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then for i in "-mdoc" "-mandoc"; do if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \ grep Jan > /dev/null 2>&1 ; then ac_cv_sys_man_format="$GROFF -Tascii $i" break fi done fi if test "$ac_cv_sys_man_format"; then ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@" fi ]) if test "$ac_cv_sys_man_format"; then CATMAN="$ac_cv_sys_man_format" AC_SUBST(CATMAN) fi AM_CONDITIONAL(CATMAN, test "$CATMAN") AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext, [if grep _suffix /etc/man.conf > /dev/null 2>&1; then ac_cv_sys_catman_ext=0 else ac_cv_sys_catman_ext=number fi ]) if test "$ac_cv_sys_catman_ext" = number; then CATMANEXT='$$ext' else CATMANEXT=0 fi AC_SUBST(CATMANEXT) -]) \ No newline at end of file +]) Index: stable/3/crypto/kerberosIV/cf/proto-compat.m4 =================================================================== --- stable/3/crypto/kerberosIV/cf/proto-compat.m4 (revision 62577) +++ stable/3/crypto/kerberosIV/cf/proto-compat.m4 (revision 62578) @@ -1,22 +1,22 @@ dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $ dnl dnl dnl Check if the prototype of a function is compatible with another one dnl dnl AC_PROTO_COMPAT(includes, function, prototype) AC_DEFUN(AC_PROTO_COMPAT, [ AC_CACHE_CHECK([if $2 is compatible with system prototype], ac_cv_func_$2_proto_compat, AC_TRY_COMPILE([$1], [$3;], eval "ac_cv_func_$2_proto_compat=yes", eval "ac_cv_func_$2_proto_compat=no")) define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE]) if test "$ac_cv_func_$2_proto_compat" = yes; then AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with $3]) fi undefine([foo]) -]) \ No newline at end of file +]) Index: stable/3/crypto/kerberosIV/config.guess =================================================================== --- stable/3/crypto/kerberosIV/config.guess (revision 62577) +++ stable/3/crypto/kerberosIV/config.guess (revision 62578) @@ -1,696 +1,896 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. +# Copyright (C) 1992, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc. # # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Written by Per Bothner . # The master version of this file is at the FSF in /home/gd/gnu/lib. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # The plan is that this can be called by configure scripts if you # don't specify an explicit system type (host/target name). # # Only a few systems have been added to this list; please add others # (but try to keep the structure clean). # # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 8/24/94.) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in alpha:OSF1:*:*) + if test $UNAME_RELEASE = "V4.0"; then + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + fi # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` + cat <dummy.s + .globl main + .ent main +main: + .frame \$30,0,\$26,0 + .prologue 0 + .long 0x47e03d80 # implver $0 + lda \$2,259 + .long 0x47e20c21 # amask $2,$1 + srl \$1,8,\$2 + sll \$2,2,\$2 + sll \$0,3,\$0 + addl \$1,\$0,\$0 + addl \$2,\$0,\$0 + ret \$31,(\$26),1 + .end main +EOF + ${CC-cc} dummy.s -o dummy 2>/dev/null + if test "$?" = 0 ; then + ./dummy + case "$?" in + 7) + UNAME_MACHINE="alpha" + ;; + 15) + UNAME_MACHINE="alphaev5" + ;; + 14) + UNAME_MACHINE="alphaev56" + ;; + 10) + UNAME_MACHINE="alphapca56" + ;; + 16) + UNAME_MACHINE="alphaev6" + ;; + esac + fi + rm -f dummy.s dummy + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr [[A-Z]] [[a-z]]` exit 0 ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit 0 ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-cbm-sysv4 exit 0;; amiga:NetBSD:*:*) echo m68k-cbm-netbsd${UNAME_RELEASE} exit 0 ;; amiga:OpenBSD:*:*) - echo m68k-cbm-openbsd${UNAME_RELEASE} + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + arc64:OpenBSD:*:*) + echo mips64el-unknown-openbsd${UNAME_RELEASE} exit 0 ;; + arc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hkmips:OpenBSD:*:*) + echo mips-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + pmax:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mips-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + wgrisc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit 0;; + arm32:NetBSD:*:*) + echo arm-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + SR2?01:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit 0 ;; NILE:*:*:dcosx) echo pyramid-pyramid-svr4 exit 0 ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; i86pc:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit 0 ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit 0 ;; atari*:NetBSD:*:*) echo m68k-atari-netbsd${UNAME_RELEASE} exit 0 ;; atari*:OpenBSD:*:*) - echo m68k-atari-openbsd${UNAME_RELEASE} + echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; sun3*:NetBSD:*:*) echo m68k-sun-netbsd${UNAME_RELEASE} exit 0 ;; sun3*:OpenBSD:*:*) - echo m68k-sun-openbsd${UNAME_RELEASE} + echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mac68k:NetBSD:*:*) echo m68k-apple-netbsd${UNAME_RELEASE} exit 0 ;; mac68k:OpenBSD:*:*) - echo m68k-apple-openbsd${UNAME_RELEASE} + echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit 0 ;; + Power\ Macintosh:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit 0 ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit 0 ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit 0 ;; + 2020:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; mips:*:*:UMIPS | mips:*:*:RISCos) sed 's/^ //' << EOF >dummy.c int main (argc, argv) int argc; char **argv; { #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF ${CC-cc} dummy.c -o dummy \ && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ && rm dummy.c dummy && exit 0 rm -f dummy.c dummy echo mips-mips-riscos${UNAME_RELEASE} exit 0 ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit 0 ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit 0 ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit 0 ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit 0 ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ -o ${TARGET_BINARY_INTERFACE}x = x ] ; then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit 0 ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit 0 ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit 0 ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit 0 ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit 0 ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit 0 ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i?86:AIX:*:*) echo i386-ibm-aix exit 0 ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then sed 's/^ //' << EOF >dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 rm -f dummy.c dummy echo rs6000-ibm-aix3.2.5 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit 0 ;; *:AIX:*:4) if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=4.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit 0 ;; *:AIX:*:*) echo rs6000-ibm-aix exit 0 ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit 0 ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit 0 ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit 0 ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit 0 ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit 0 ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit 0 ;; 9000/[3478]??:HP-UX:*:*) case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; 9000/8?? ) HP_ARCH=hppa1.0 ;; esac HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit 0 ;; 3050*:HI-UX:*:*) sed 's/^ //' << EOF >dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 rm -f dummy.c dummy echo unknown-hitachi-hiuxwe2 exit 0 ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit 0 ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit 0 ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit 0 ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit 0 ;; i?86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit 0 ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit 0 ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit 0 ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit 0 ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit 0 ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit 0 ;; CRAY*X-MP:*:*:*) echo xmp-cray-unicos exit 0 ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} exit 0 ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ exit 0 ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} exit 0 ;; CRAY-2:*:*:*) echo cray2-cray-unicos exit 0 ;; F300:UNIX_System_V:*:*) FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit 0 ;; F301:UNIX_System_V:*:*) echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` exit 0 ;; hp3[0-9][05]:NetBSD:*:*) echo m68k-hp-netbsd${UNAME_RELEASE} exit 0 ;; - hp3[0-9][05]:OpenBSD:*:*) - echo m68k-hp-openbsd${UNAME_RELEASE} + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; - i?86:BSD/386:*:* | *:BSD/OS:*:*) + i?86:BSD/386:*:* | *:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit 0 ;; *:FreeBSD:*:*) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit 0 ;; *:NetBSD:*:*) echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` exit 0 ;; *:OpenBSD:*:*) echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` exit 0 ;; i*:CYGWIN*:*) - echo i386-pc-cygwin32 + echo ${UNAME_MACHINE}-pc-cygwin32 exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin32 exit 0 ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; *:GNU:*:*) - echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit 0 ;; *:Linux:*:*) + # uname on the ARM produces all sorts of strangeness, and we need to + # filter it out. + case "$UNAME_MACHINE" in + arm* | sa110*) UNAME_MACHINE="arm" ;; + esac + # The BFD linker knows what the default object file format is, so # first see if it will tell us. ld_help_string=`ld --help 2>&1` - if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then - echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then - echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then - echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then - echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then - echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then - echo "powerpc-unknown-linux-gnu" ; exit 0 - elif test "${UNAME_MACHINE}" = "alpha" ; then - echo alpha-unknown-linux-gnu ; exit 0 - elif test "${UNAME_MACHINE}" = "sparc" ; then - echo sparc-unknown-linux-gnu ; exit 0 + ld_supported_emulations=`echo $ld_help_string \ + | sed -ne '/supported emulations:/!d + s/[ ][ ]*/ /g + s/.*supported emulations: *// + s/ .*// + p'` + case "$ld_supported_emulations" in + i?86linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 ;; + i?86coff) echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 ;; + sparclinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;; + armlinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;; + m68klinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;; + elf32ppc) echo "powerpc-unknown-linux-gnu" ; exit 0 ;; + esac + + if test "${UNAME_MACHINE}" = "alpha" ; then + sed 's/^ //' <dummy.s + .globl main + .ent main + main: + .frame \$30,0,\$26,0 + .prologue 0 + .long 0x47e03d80 # implver $0 + lda \$2,259 + .long 0x47e20c21 # amask $2,$1 + srl \$1,8,\$2 + sll \$2,2,\$2 + sll \$0,3,\$0 + addl \$1,\$0,\$0 + addl \$2,\$0,\$0 + ret \$31,(\$26),1 + .end main +EOF + LIBC="" + ${CC-cc} dummy.s -o dummy 2>/dev/null + if test "$?" = 0 ; then + ./dummy + case "$?" in + 7) + UNAME_MACHINE="alpha" + ;; + 15) + UNAME_MACHINE="alphaev5" + ;; + 14) + UNAME_MACHINE="alphaev56" + ;; + 10) + UNAME_MACHINE="alphapca56" + ;; + 16) + UNAME_MACHINE="alphaev6" + ;; + esac + + objdump --private-headers dummy | \ + grep ld.so.1 > /dev/null + if test "$?" = 0 ; then + LIBC="libc1" + fi + fi + rm -f dummy.s dummy + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ; exit 0 + elif test "${UNAME_MACHINE}" = "mips" ; then + cat >dummy.c </dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy else - # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us - # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. - test ! -d /usr/lib/ldscripts/. \ - && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 + # Either a pre-BFD a.out linker (linux-gnuoldld) + # or one that does not give us useful --help. + # GCC wants to distinguish between linux-gnuoldld and linux-gnuaout. + # If ld does not provide *any* "supported emulations:" + # that means it is gnuoldld. + echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations:" + test $? != 0 && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 + + case "${UNAME_MACHINE}" in + i?86) + VENDOR=pc; + ;; + *) + VENDOR=unknown; + ;; + esac # Determine whether the default compiler is a.out or elf cat >dummy.c < main(argc, argv) int argc; char *argv[]; { #ifdef __ELF__ - printf ("%s-pc-linux-gnu\n", argv[1]); +# ifdef __GLIBC__ +# if __GLIBC__ >= 2 + printf ("%s-${VENDOR}-linux-gnu\n", argv[1]); +# else + printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]); +# endif #else - printf ("%s-pc-linux-gnuaout\n", argv[1]); + printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]); #endif +#else + printf ("%s-${VENDOR}-linux-gnuaout\n", argv[1]); +#endif return 0; } EOF ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 rm -f dummy.c dummy fi ;; # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions # are messed up and put the nodename in both sysname and nodename. i?86:DYNIX/ptx:4*:*) echo i386-sequent-sysv4 exit 0 ;; + i?86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} fi exit 0 ;; i?86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit 0 ;; + pc:*:*:*) + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit 0 ;; paragon:*:*:*) echo i860-intel-osf1 exit 0 ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit 0 ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit 0 ;; M68*:*:R3V[567]*:*) test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4.3${OS_REL} && exit 0 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4 && exit 0 ;; m68*:LynxOS:2.*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit 0 ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit 0 ;; i?86:LynxOS:2.*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit 0 ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit 0 ;; rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit 0 ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit 0 ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit 0 ;; + PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit 0 ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit 0 ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit 0 ;; + news*:NEWS-OS:*:6*) + echo mips-sony-newsos6 + exit 0 ;; R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi - exit 0 ;; - PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 exit 0 ;; *:OS/2:*:*) echo ${UNAME_MACHINE}-pc-os2_emx exit 0 ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 cat >dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) #if !defined (ultrix) printf ("vax-dec-bsd\n"); exit (0); #else printf ("vax-dec-ultrix\n"); exit (0); #endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 rm -f dummy.c dummy # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit 0 ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; c34*) echo c34-convex-bsd exit 0 ;; c38*) echo c38-convex-bsd exit 0 ;; c4*) echo c4-convex-bsd exit 0 ;; esac fi #echo '(Unable to guess system type)' 1>&2 exit 1 Index: stable/3/crypto/kerberosIV/config.sub =================================================================== --- stable/3/crypto/kerberosIV/config.sub (revision 62577) +++ stable/3/crypto/kerberosIV/config.sub (revision 62578) @@ -1,932 +1,959 @@ #! /bin/sh # Configuration validation subroutine script, version 1.1. -# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. +# Copyright (C) 1991, 92-97, 1998 Free Software Foundation, Inc. # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. if [ x$1 = x ] then echo Configuration name missing. 1>&2 echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 echo "or $0 ALIAS" 1>&2 echo where ALIAS is a recognized configuration type. 1>&2 exit 1 fi # First pass through any local machine types. case $1 in *local*) echo $1 exit 0 ;; *) ;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in linux-gnu*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple) os= basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco5) os=sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. - tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ - | arme[lb] | pyramid \ + tahoe | i860 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \ + | arme[lb] | pyramid | mn10200 | mn10300 \ | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ - | alpha | we32k | ns16k | clipper | i370 | sh \ - | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ - | pdp11 | mips64el | mips64orion | mips64orionel \ - | sparc | sparclet | sparclite | sparc64) + | alpha | alphaev5 | alphaev56 | we32k | ns16k | clipper \ + | i370 | sh | powerpc | powerpcle | 1750a | dsp16xx | pdp11 \ + | mips64 | mipsel | mips64el | mips64orion | mips64orionel \ + | mipstx39 | mipstx39el \ + | sparc | sparclet | sparclite | sparc64 | v850) basic_machine=$basic_machine-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. - i[3456]86) + i[34567]86) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. - vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ - | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ - | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ - | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ - | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ - | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ - | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ - | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) + vax-* | tahoe-* | i[34567]86-* | i860-* | m32r-* | m68k-* | m68000-* \ + | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | arm-* | c[123]* \ + | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \ + | power-* | none-* | 580-* | cray2-* | h8300-* | i960-* \ + | xmp-* | ymp-* | hppa-* | hppa1.0-* | hppa1.1-* \ + | alpha-* | alphaev5-* | alphaev56-* | we32k-* | cydra-* \ + | ns16k-* | pn-* | np1-* | xps100-* | clipper-* | orion-* \ + | sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \ + | sparc64-* | mips64-* | mipsel-* \ + | mips64el-* | mips64orion-* | mips64orionel-* \ + | mipstx39-* | mipstx39el-* \ + | f301-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-cbm ;; - amigados) + amigaos | amigados) basic_machine=m68k-cbm - os=-amigados + os=-amigaos ;; amigaunix | amix) basic_machine=m68k-cbm os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | ymp) basic_machine=ymp-cray os=-unicos ;; cray2) basic_machine=cray2-cray os=-unicos ;; [ctj]90-cray) #basic_machine=c90-cray os=-unicos ;; crds | unos) basic_machine=m68k-crds ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; i370-ibm* | ibm*) basic_machine=i370-ibm os=-mvs ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? - i[3456]86v32) + i[34567]86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; - i[3456]86v4*) + i[34567]86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; - i[3456]86v) + i[34567]86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; - i[3456]86sol2) + i[34567]86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; miniframe) basic_machine=m68000-convergent ;; + mipsel*-linux*) + basic_machine=mipsel-unknown + os=-linux-gnu + ;; + mips*-linux*) + basic_machine=mips-unknown + os=-linux-gnu + ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; np1) basic_machine=np1-gould ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; - pentium | p5) - basic_machine=i586-intel + pentium | p5 | k5 | nexen) + basic_machine=i586-pc ;; - pentiumpro | p6) - basic_machine=i686-intel + pentiumpro | p6 | k6 | 6x86) + basic_machine=i686-pc ;; - pentium-* | p5-*) + pentiumii | pentium2) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | nexen-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - pentiumpro-* | p6-*) + pentiumpro-* | p6-* | k6-* | 6x86-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - k5) - # We don't have specific support for AMD's K5 yet, so just call it a Pentium - basic_machine=i586-amd + pentiumii-* | pentium2-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - nexen) - # We don't have specific support for Nexgen yet, so just call it a Pentium - basic_machine=i586-nexgen - ;; pn) basic_machine=pn-gould ;; power) basic_machine=rs6000-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; symmetry) basic_machine=i386-sequent os=-dynix ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; tower | tower-32) basic_machine=m68k-ncr ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; vaxv) basic_machine=vax-dec os=-sysv ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; xmp) basic_machine=xmp-cray os=-unicos ;; xps | xps100) basic_machine=xps100-honeywell ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. mips) + if [ x$os = x-linux-gnu ]; then + basic_machine=mips-unknown + else basic_machine=mips-mips + fi ;; romp) basic_machine=romp-ibm ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sparc) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; - -unixware* | svr4*) + -svr4*) os=-sysv4 ;; + -unixware*) + os=-sysv4.2uw + ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -linux-gnu* | -uxpv*) + | -mingw32* | -linux-gnu* | -uxpv*) # Remember, each alternative MUST END IN *, to match a version number. ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -ctix* | -uts*) os=-sysv ;; -ns2 ) os=-nextstep2 ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -xenix) os=-xenix ;; -os2*) ;; + -rhapsody*) + ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in *-acorn) os=-riscix1.2 ;; arm*-semi) os=-aout ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-ibm) os=-aix ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) - os=-amigados + os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f301-fujitsu) os=-uxpv ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -aix*) vendor=ibm ;; -hpux*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs*) vendor=ibm ;; -ptx*) vendor=sequent ;; -vxsim* | -vxworks*) vendor=wrs ;; -aux*) vendor=apple ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os Index: stable/3/crypto/kerberosIV/configure =================================================================== --- stable/3/crypto/kerberosIV/configure (revision 62577) +++ stable/3/crypto/kerberosIV/configure (revision 62578) @@ -1,9343 +1,11555 @@ #! /bin/sh -# From configure.in Revision: 1.285 +# From configure.in Revision: 1.432.2.2 + + +# Define a conditional. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + # Guess values for system-dependent variables and create Makefiles. -# Generated automatically using autoconf version 2.12 +# Generated automatically using autoconf version 2.13 # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. # Defaults: ac_help= ac_default_prefix=/usr/local # Any additions from configure.in: ac_default_prefix=/usr/athena ac_help="$ac_help --with-socks=dir use socks in dir" ac_help="$ac_help - --with-socks-lib=dir use socks-lib in dir" + --with-socks-lib=dir use socks libraries in dir" ac_help="$ac_help - --with-socks-include=dir use socks-include in dir" + --with-socks-include=dir use socks headers in dir" ac_help="$ac_help - --with-shared create shared libraries for Kerberos" + --enable-legacy-kdestroy kdestroy doesn't destroy tokens by default" ac_help="$ac_help + --enable-match-subdomains match realm in subdomains" +ac_help="$ac_help + --with-ld-flags=flags what flags use when linking" +ac_help="$ac_help --with-cracklib=dir use the cracklib.a in dir" ac_help="$ac_help --with-dictpath=path use this dictionary with cracklib " ac_help="$ac_help --with-mailspool=dir this is the mail spool directory " ac_help="$ac_help + --with-db-dir=dir this is the database directory (default /var/kerberos)" +ac_help="$ac_help --enable-random-mkey use new code for master keys" ac_help="$ac_help --with-mkey=file where to put the master key" ac_help="$ac_help + --disable-otp if you don't want OTP support" +ac_help="$ac_help + --enable-osfc2 enable some OSF C2 support" +ac_help="$ac_help + --disable-mmap disable use of mmap" +ac_help="$ac_help + --disable-dynamic-afs don't use loaded AFS library with AIX" +ac_help="$ac_help --without-berkeley-db if you don't want berkeley db" ac_help="$ac_help --without-afs-support if you don't want support for afs" ac_help="$ac_help --with-des-quad-checksum=kind default checksum to use (new, old, or guess)" ac_help="$ac_help + --with-afsws=dir use AFS includes and libraries from dir=/usr/afsws" +ac_help="$ac_help + --enable-rxkad build rxkad library" +ac_help="$ac_help + --disable-cat-manpages don't install any preformatted manpages" +ac_help="$ac_help --with-readline=dir use readline in dir" ac_help="$ac_help - --with-readline-lib=dir use readline-lib in dir" + --with-readline-lib=dir use readline libraries in dir" ac_help="$ac_help - --with-readline-include=dir use readline-include in dir" + --with-readline-include=dir use readline headers in dir" ac_help="$ac_help + --with-mips-abi=abi ABI to use for IRIX (32, n32, or 64)" +ac_help="$ac_help + --with-hesiod=dir use hesiod in dir" +ac_help="$ac_help + --with-hesiod-lib=dir use hesiod libraries in dir" +ac_help="$ac_help + --with-hesiod-include=dir use hesiod headers in dir" +ac_help="$ac_help + --enable-shared create shared libraries for Kerberos" +ac_help="$ac_help --with-x use the X Window System" # Initialize some variables set by options. # The variables have the same names as the options, with # dashes changed to underlines. build=NONE cache_file=./config.cache exec_prefix=NONE host=NONE no_create= nonopt=NONE no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= target=NONE verbose= x_includes=NONE x_libraries=NONE bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datadir='${prefix}/share' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' libdir='${exec_prefix}/lib' includedir='${prefix}/include' oldincludedir='/usr/include' infodir='${prefix}/info' mandir='${prefix}/man' # Initialize some other variables. subdirs= MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} # Maximum number of lines to put in a shell here document. ac_max_here_lines=12 ac_prev= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" ac_prev= continue fi case "$ac_option" in -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) ac_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case "$ac_option" in -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir="$ac_optarg" ;; -build | --build | --buil | --bui | --bu) ac_prev=build ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build="$ac_optarg" ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file="$ac_optarg" ;; -datadir | --datadir | --datadi | --datad | --data | --dat | --da) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ | --da=*) datadir="$ac_optarg" ;; -disable-* | --disable-*) ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } fi ac_feature=`echo $ac_feature| sed 's/-/_/g'` eval "enable_${ac_feature}=no" ;; -enable-* | --enable-*) ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } fi ac_feature=`echo $ac_feature| sed 's/-/_/g'` case "$ac_option" in *=*) ;; *) ac_optarg=yes ;; esac eval "enable_${ac_feature}='$ac_optarg'" ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix="$ac_optarg" ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he) # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat << EOF Usage: configure [options] [host] Options: [defaults in brackets after descriptions] Configuration: --cache-file=FILE cache test results in FILE --help print this message --no-create do not create output files --quiet, --silent do not print \`checking...' messages --version print the version of autoconf that created configure Directory and file names: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [same as prefix] --bindir=DIR user executables in DIR [EPREFIX/bin] --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] --libexecdir=DIR program executables in DIR [EPREFIX/libexec] --datadir=DIR read-only architecture-independent data in DIR [PREFIX/share] --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data in DIR [PREFIX/com] --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] --libdir=DIR object code libraries in DIR [EPREFIX/lib] --includedir=DIR C header files in DIR [PREFIX/include] --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] --infodir=DIR info documentation in DIR [PREFIX/info] --mandir=DIR man documentation in DIR [PREFIX/man] --srcdir=DIR find the sources in DIR [configure dir or ..] --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names EOF cat << EOF Host type: --build=BUILD configure for building on BUILD [BUILD=HOST] --host=HOST configure for HOST [guessed] --target=TARGET configure for TARGET [TARGET=HOST] Features and packages: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --x-includes=DIR X include files are in DIR --x-libraries=DIR X library files are in DIR EOF if test -n "$ac_help"; then echo "--enable and --with options recognized:$ac_help" fi exit 0 ;; -host | --host | --hos | --ho) ac_prev=host ;; -host=* | --host=* | --hos=* | --ho=*) host="$ac_optarg" ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir="$ac_optarg" ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir="$ac_optarg" ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir="$ac_optarg" ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir="$ac_optarg" ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ | --locals | --local | --loca | --loc | --lo) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) localstatedir="$ac_optarg" ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir="$ac_optarg" ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir="$ac_optarg" ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix="$ac_optarg" ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix="$ac_optarg" ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix="$ac_optarg" ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name="$ac_optarg" ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir="$ac_optarg" ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir="$ac_optarg" ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site="$ac_optarg" ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir="$ac_optarg" ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir="$ac_optarg" ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target="$ac_optarg" ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers) - echo "configure generated by autoconf version 2.12" + echo "configure generated by autoconf version 2.13" exit 0 ;; -with-* | --with-*) ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } fi ac_package=`echo $ac_package| sed 's/-/_/g'` case "$ac_option" in *=*) ;; *) ac_optarg=yes ;; esac eval "with_${ac_package}='$ac_optarg'" ;; -without-* | --without-*) ac_package=`echo $ac_option|sed -e 's/-*without-//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } fi ac_package=`echo $ac_package| sed 's/-/_/g'` eval "with_${ac_package}=no" ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes="$ac_optarg" ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries="$ac_optarg" ;; -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } ;; *) if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then echo "configure: warning: $ac_option: invalid host type" 1>&2 fi if test "x$nonopt" != xNONE; then { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } fi nonopt="$ac_option" ;; esac done if test -n "$ac_prev"; then { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } fi trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 # File descriptor usage: # 0 standard input # 1 file creation # 2 errors and warnings # 3 some systems may open it to /dev/tty # 4 used on the Kubota Titan # 6 checking for... messages and results # 5 compiler messages saved in config.log if test "$silent" = yes; then exec 6>/dev/null else exec 6>&1 fi exec 5>./config.log echo "\ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. " 1>&5 # Strip out --no-create and --no-recursion so they do not pile up. # Also quote any args containing shell metacharacters. ac_configure_args= for ac_arg do case "$ac_arg" in -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c) ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) ac_configure_args="$ac_configure_args '$ac_arg'" ;; *) ac_configure_args="$ac_configure_args $ac_arg" ;; esac done # NLS nuisances. # Only set these to C if already set. These must not be set unconditionally # because not all systems understand e.g. LANG=C (notably SCO). # Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! # Non-C LC_CTYPE values break the ctype check. if test "${LANG+set}" = set; then LANG=C; export LANG; fi if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -rf conftest* confdefs.h # AIX cpp loses on an empty file, so make sure it contains at least a newline. echo > confdefs.h # A filename unique to this package, relative to the directory that # configure is in, which we can look for to find out if srcdir is correct. ac_unique_file=lib/krb/getrealm.c # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then its parent. ac_prog=$0 ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. srcdir=$ac_confdir if test ! -r $srcdir/$ac_unique_file; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r $srcdir/$ac_unique_file; then if test "$ac_srcdir_defaulted" = yes; then { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } else { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } fi fi srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` # Prefer explicitly selected file to automatically selected ones. if test -z "$CONFIG_SITE"; then if test "x$prefix" != xNONE; then CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" else CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then echo "loading site script $ac_site_file" . "$ac_site_file" fi done if test -r "$cache_file"; then echo "loading cache $cache_file" . $cache_file else echo "creating cache $cache_file" > $cache_file fi ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' cross_compiling=$ac_cv_prog_cc_cross +ac_exeext= +ac_objext=o if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then ac_n= ac_c=' ' ac_t=' ' else ac_n=-n ac_c= ac_t= fi else ac_n= ac_c='\c' ac_t= fi PACKAGE=krb4 -VERSION=0.9.6 +VERSION=1.0 +cat >> confdefs.h <> confdefs.h <&2; exit 1; } fi ac_config_guess=$ac_aux_dir/config.guess ac_config_sub=$ac_aux_dir/config.sub ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. # Make sure we can run config.sub. -if $ac_config_sub sun4 >/dev/null 2>&1; then : +if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:648: checking host system type" >&5 +echo "configure:750: checking host system type" >&5 host_alias=$host case "$host_alias" in NONE) case $nonopt in NONE) - if host_alias=`$ac_config_guess`; then : + if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } fi ;; *) host_alias=$nonopt ;; esac ;; esac -host=`$ac_config_sub $host_alias` +host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$host" 1>&6 +CANONICAL_HOST=$host + + + +sunos=no +case "$host" in +*-*-sunos4*) + sunos=40 + ;; +*-*-solaris2.7) + sunos=57 + ;; +*-*-solaris2*) + sunos=50 + ;; +esac +if test "$sunos" != no; then + cat >> confdefs.h <&6 -echo "configure:669: checking whether ${MAKE-make} sets \${MAKE}" >&5 +echo "configure:794: checking whether ${MAKE-make} sets \${MAKE}" >&5 set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftestmake <<\EOF all: @echo 'ac_maketemp="${MAKE}"' EOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=` if test -n "$ac_maketemp"; then eval ac_cv_prog_make_${ac_make}_set=yes else eval ac_cv_prog_make_${ac_make}_set=no fi rm -f conftestmake fi if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then echo "$ac_t""yes" 1>&6 SET_MAKE= else echo "$ac_t""no" 1>&6 SET_MAKE="MAKE=${MAKE-make}" fi if test "$program_transform_name" = s,x,x,; then program_transform_name= else # Double any \ or $. echo might interpret backslashes. cat <<\EOF_SED > conftestsed s,\\,\\\\,g; s,\$,$$,g EOF_SED program_transform_name="`echo $program_transform_name|sed -f conftestsed`" rm -f conftestsed fi test "$program_prefix" != NONE && program_transform_name="s,^,${program_prefix},; $program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s,\$\$,${program_suffix},; $program_transform_name" # sed with no file args requires a program. test "$program_transform_name" = "" && program_transform_name="s,x,x," # We want these before the checks, so the checks can modify their values. test -z "$LDFLAGS" && LDFLAGS=-g echo $ac_n "checking for ln -s or something else""... $ac_c" 1>&6 -echo "configure:720: checking for ln -s or something else" >&5 +echo "configure:845: checking for ln -s or something else" >&5 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else rm -f conftestdata if ln -s X conftestdata 2>/dev/null then rm -f conftestdata ac_cv_prog_LN_S="ln -s" else touch conftestdata1 if ln conftestdata1 conftestdata2; then rm -f conftestdata* ac_cv_prog_LN_S=ln else ac_cv_prog_LN_S=cp fi fi fi LN_S="$ac_cv_prog_LN_S" echo "$ac_t""$ac_cv_prog_LN_S" 1>&6 # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:745: checking for $ac_word" >&5 +echo "configure:870: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_CC="gcc" break fi done IFS="$ac_save_ifs" fi fi CC="$ac_cv_prog_CC" if test -n "$CC"; then echo "$ac_t""$CC" 1>&6 else echo "$ac_t""no" 1>&6 fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:774: checking for $ac_word" >&5 +echo "configure:900: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ac_prog_rejected=no - for ac_dir in $PATH; do + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" break fi done IFS="$ac_save_ifs" if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# -gt 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift set dummy "$ac_dir/$ac_word" "$@" shift ac_cv_prog_CC="$@" fi fi fi fi CC="$ac_cv_prog_CC" if test -n "$CC"; then echo "$ac_t""$CC" 1>&6 else echo "$ac_t""no" 1>&6 fi + if test -z "$CC"; then + case "`uname -s`" in + *win32* | *WIN32*) + # Extract the first word of "cl", so it can be a program name with args. +set dummy cl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:951: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="cl" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + ;; + esac + fi test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:822: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:983: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:999: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then ac_cv_prog_cc_cross=no else ac_cv_prog_cc_cross=yes fi else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 ac_cv_prog_cc_works=no fi rm -fr conftest* +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:856: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:1025: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:861: checking whether we are using GNU C" >&5 +echo "configure:1030: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:1039: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no fi fi echo "$ac_t""$ac_cv_prog_gcc" 1>&6 if test $ac_cv_prog_gcc = yes; then GCC=yes +else + GCC= +fi + ac_test_CFLAGS="${CFLAGS+set}" ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:885: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:1058: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else echo 'void f(){}' > conftest.c if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then ac_cv_prog_cc_g=yes else ac_cv_prog_cc_g=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 if test "$ac_test_CFLAGS" = set; then CFLAGS="$ac_save_CFLAGS" elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then CFLAGS="-g -O2" else - CFLAGS="-O2" + CFLAGS="-g" fi else - GCC= - test "${CFLAGS+set}" = set || CFLAGS="-g" + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi fi echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:913: checking how to run the C preprocessor" >&5 +echo "configure:1090: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else # This must be in double quotes, not single quotes, because CPP may get # substituted into the Makefile and "${CC-cc}" will confuse make. CPP="${CC-cc} -E" # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:934: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:951: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* CPP=/lib/cpp fi rm -f conftest* fi rm -f conftest* +fi +rm -f conftest* ac_cv_prog_CPP="$CPP" fi CPP="$ac_cv_prog_CPP" else ac_cv_prog_CPP="$CPP" fi echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 -echo "configure:974: checking for POSIXized ISC" >&5 +echo "configure:1170: checking for POSIXized ISC" >&5 if test -d /etc/conf/kconfig.d && grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 then echo "$ac_t""yes" 1>&6 ISC=yes # If later tests want to check for ISC. cat >> confdefs.h <<\EOF #define _POSIX_SOURCE 1 EOF if test "$GCC" = yes; then CC="$CC -posix" else CC="$CC -Xp" fi else echo "$ac_t""no" 1>&6 ISC= fi for ac_prog in byacc yacc 'bison -y' do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:999: checking for $ac_word" >&5 +echo "configure:1195: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_YACC="$ac_prog" break fi done IFS="$ac_save_ifs" fi fi YACC="$ac_cv_prog_YACC" if test -n "$YACC"; then echo "$ac_t""$YACC" 1>&6 else echo "$ac_t""no" 1>&6 fi test -n "$YACC" && break done # Extract the first word of "flex", so it can be a program name with args. set dummy flex; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1030: checking for $ac_word" >&5 +echo "configure:1227: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_LEX'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$LEX"; then ac_cv_prog_LEX="$LEX" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_LEX="flex" break fi done IFS="$ac_save_ifs" test -z "$ac_cv_prog_LEX" && ac_cv_prog_LEX="lex" fi fi LEX="$ac_cv_prog_LEX" if test -n "$LEX"; then echo "$ac_t""$LEX" 1>&6 else echo "$ac_t""no" 1>&6 fi if test -z "$LEXLIB" then case "$LEX" in flex*) ac_lib=fl ;; *) ac_lib=l ;; esac echo $ac_n "checking for yywrap in -l$ac_lib""... $ac_c" 1>&6 -echo "configure:1063: checking for yywrap in -l$ac_lib" >&5 +echo "configure:1261: checking for yywrap in -l$ac_lib" >&5 ac_lib_var=`echo $ac_lib'_'yywrap | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-l$ac_lib $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1280: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 LEXLIB="-l$ac_lib" else echo "$ac_t""no" 1>&6 fi fi # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1107: checking for $ac_word" >&5 +echo "configure:1305: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_RANLIB="ranlib" break fi done IFS="$ac_save_ifs" test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":" fi fi RANLIB="$ac_cv_prog_RANLIB" if test -n "$RANLIB"; then echo "$ac_t""$RANLIB" 1>&6 else echo "$ac_t""no" 1>&6 fi # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:1144: checking for a BSD compatible install" >&5 +echo "configure:1344: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="${IFS}:" + IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" for ac_dir in $PATH; do # Account for people who put trailing slashes in PATH elements. case "$ac_dir/" in /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. - for ac_prog in ginstall installbsd scoinst install; do + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do if test -f $ac_dir/$ac_prog; then if test $ac_prog = install && grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. - # OSF/1 installbsd also uses dspmsg, but is usable. : else ac_cv_path_install="$ac_dir/$ac_prog -c" break 2 fi fi done ;; esac done IFS="$ac_save_IFS" fi if test "${ac_cv_path_install+set}" = set; then INSTALL="$ac_cv_path_install" else # As a last resort, use the slow shell script. We don't cache a # path for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the path is relative. INSTALL="$ac_install_sh" fi fi echo "$ac_t""$INSTALL" 1>&6 # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' + test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' +for ac_prog in mawk gawk nawk awk +do +# Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:1401: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_AWK'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_AWK="$ac_prog" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +AWK="$ac_cv_prog_AWK" +if test -n "$AWK"; then + echo "$ac_t""$AWK" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +test -n "$AWK" && break +done + # Extract the first word of "makeinfo", so it can be a program name with args. set dummy makeinfo; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1196: checking for $ac_word" >&5 +echo "configure:1433: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_MAKEINFO'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$MAKEINFO"; then ac_cv_prog_MAKEINFO="$MAKEINFO" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_MAKEINFO="makeinfo" break fi done IFS="$ac_save_ifs" test -z "$ac_cv_prog_MAKEINFO" && ac_cv_prog_MAKEINFO=":" fi fi MAKEINFO="$ac_cv_prog_MAKEINFO" if test -n "$MAKEINFO"; then echo "$ac_t""$MAKEINFO" 1>&6 else echo "$ac_t""no" 1>&6 fi +WFLAGS="" +WFLAGS_NOUNUSED="" +WFLAGS_NOIMPLICITINT="" -echo $ac_n "checking for socks""... $ac_c" 1>&6 -echo "configure:1226: checking for socks" >&5 + # Check whether --with-socks or --without-socks was given. if test "${with_socks+set}" = set; then withval="$with_socks" - if test "$with_socks" = "no"; then - with_socks= + : fi -fi - # Check whether --with-socks-lib or --without-socks-lib was given. if test "${with_socks_lib+set}" = set; then withval="$with_socks_lib" if test "$withval" = "yes" -o "$withval" = "no"; then { echo "configure: error: No argument for --with-socks-lib" 1>&2; exit 1; } elif test "X$with_socks" = "X"; then with_socks=yes fi - fi # Check whether --with-socks-include or --without-socks-include was given. if test "${with_socks_include+set}" = set; then withval="$with_socks_include" if test "$withval" = "yes" -o "$withval" = "no"; then { echo "configure: error: No argument for --with-socks-include" 1>&2; exit 1; } elif test "X$with_socks" = "X"; then with_socks=yes fi - fi +echo $ac_n "checking for socks""... $ac_c" 1>&6 +echo "configure:1495: checking for socks" >&5 -: << END -@@@syms="$syms SOCKS"@@@ -END - -if test -n "$with_socks"; then - cat >> confdefs.h <<\EOF -#define SOCKS 1 -EOF - - if test "$with_socks" != "yes"; then - socks_dir=$with_socks +case "$with_socks" in +yes) ;; +no) ;; +"") ;; +*) if test "$with_socks_include" = ""; then + with_socks_include="$with_socks/include" fi - if test -n "$with_socks_include"; then - trydir=$with_socks_include - elif test "$with_socks" != "yes"; then - trydir="$with_socks $with_socks/include" - else - trydir= - fi - found= - for i in $trydir ""; do - if test -n "$i"; then - if test -f $i/socks.h; then - found=yes; res=$i; break + if test "$with_socks_lib" = ""; then + with_socks_lib="$with_socks/lib$abilibdirext" fi - else + ;; +esac +header_dirs= +lib_dirs= +d='' +for i in $d; do + header_dirs="$header_dirs $i/include" + lib_dirs="$lib_dirs $i/lib$abilibdirext" +done + +case "$with_socks_include" in +yes) ;; +no) ;; +*) header_dirs="$with_socks_include $header_dirs";; +esac +case "$with_socks_lib" in +yes) ;; +no) ;; +*) lib_dirs="$with_socks_lib $lib_dirs";; +esac + +save_CFLAGS="$CFLAGS" +save_LIBS="$LIBS" +ires= lres= +for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" cat > conftest.$ac_ext < +int main() { + +; return 0; } EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1292: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then +if { (eval echo configure:1541: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - found=yes; res=$i; break + ires=$i;break else - echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* - fi done - if test -n "$found"; then - socks_include=$res - else - { echo "configure: error: Cannot find socks.h" 1>&2; exit 1; } - fi - if test -n "$with_socks_lib"; then - trydir=$with_socks_lib - elif test "$with_socks" != "yes"; then - trydir="$with_socks $with_socks/lib" - else - trydir= - fi - found= - for i in $trydir ""; do - if test -n "$i"; then - if test -f $i/libsocks5.a; then - found=yes; res=$i; break - fi - else - old_LIBS=$LIBS - LIBS="-lsocks5 $LIBS" +for i in $lib_dirs; do + LIBS="-L$i -lsocks5 $save_LIBS" cat > conftest.$ac_ext < int main() { ; return 0; } EOF -if { (eval echo configure:1334: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1560: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* - found=yes; res=$i; LIBS=$old_LIBS; break + lres=$i;break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* - LIBS=$old_LIBS - fi done - if test -n "$found"; then - socks_lib=$res +CFLAGS="$save_CFLAGS" +LIBS="$save_LIBS" + +if test "$ires" -a "$lres" -a "$with_socks" != "no"; then + socks_includedir="$ires" + socks_libdir="$lres" + INCLUDE_socks="-I$socks_includedir" + LIB_socks="-L$socks_libdir -lsocks5" + cat >> confdefs.h <&6 else - { echo "configure: error: Cannot find libsocks5.a" 1>&2; exit 1; } + INCLUDE_socks= + LIB_socks= + with_socks=no + echo "$ac_t""$with_socks" 1>&6 fi - echo "$ac_t""headers $socks_include, libraries $socks_lib" 1>&6 - cat >> confdefs.h <> confdefs.h <<\EOF +#define LEGACY_KDESTROY 1 EOF - if test -n "$socks_include"; then - SOCKSINCLUDE="-I$socks_include" fi - if test -n "$socks_lib"; then - SOCKSLIB="-L$socks_lib" fi - SOCKSLIB="$SOCKSLIB -lsocks5" -else - echo "$ac_t""no" 1>&6 + +# Check whether --enable-match-subdomains or --disable-match-subdomains was given. +if test "${enable_match_subdomains+set}" = set; then + enableval="$enable_match_subdomains" + if test "$enableval" = "yes"; then + cat >> confdefs.h <<\EOF +#define MATCH_SUBDOMAINS 1 +EOF + fi +fi -CFLAGS="$SOCKSINCLUDE $CFLAGS" -LIBS="$SOCKSLIB $LIBS" -# Check whether --with-shared or --without-shared was given. -if test "${with_shared+set}" = set; then - withval="$with_shared" +# Check whether --with-ld-flags or --without-ld-flags was given. +if test "${with_ld_flags+set}" = set; then + withval="$with_ld_flags" : fi # Check whether --with-cracklib or --without-cracklib was given. if test "${with_cracklib+set}" = set; then withval="$with_cracklib" : fi # Check whether --with-dictpath or --without-dictpath was given. if test "${with_dictpath+set}" = set; then withval="$with_dictpath" : fi (test -z "$with_cracklib" && test -n "$with_dictpath") || (test -n "$with_cracklib" && test -z "$with_dictpath") && { echo "configure: error: --with-cracklib requires --with-dictpath and vice versa" 1>&2; exit 1; } test -n "$with_cracklib" && CRACKLIB="-L$with_cracklib -lcrack" && echo "$ac_t""Using cracklib in $with_cracklib" 1>&6 test -n "$with_dictpath" && echo "$ac_t""Using dictpath=$with_dictpath" 1>&6 && cat >> confdefs.h <> confdefs.h <> confdefs.h <> confdefs.h <<\EOF #define RANDOM_MKEY 1 EOF fi fi # Check whether --with-mkey or --without-mkey was given. if test "${with_mkey+set}" = set; then withval="$with_mkey" if test -n "$withval"; then cat >> confdefs.h <> confdefs.h <<\EOF +#define OTP 1 +EOF + + LIB_otp='-L$(top_builddir)/lib/otp -lotp' + OTP_dir=otp + LIB_SUBDIRS="$LIB_SUBDIRS otp" +fi + + + + +# Check whether --enable-osfc2 or --disable-osfc2 was given. +if test "${enable_osfc2+set}" = set; then + enableval="$enable_osfc2" + : +fi + +LIB_security= +if test "$enable_osfc2" = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_OSFC2 1 +EOF + + LIB_security=-lsecurity +fi + + + +mmap=yes +# Check whether --enable-mmap or --disable-mmap was given. +if test "${enable_mmap+set}" = set; then + enableval="$enable_mmap" + +if test "$enableval" = "no"; then + mmap=no +fi + +fi + +if test "$mmap" = "no"; then + cat >> confdefs.h <<\EOF +#define NO_MMAP 1 +EOF + +fi + +aix_dynamic_afs=yes +# Check whether --enable-dynamic-afs or --disable-dynamic-afs was given. +if test "${enable_dynamic_afs+set}" = set; then + enableval="$enable_dynamic_afs" + +if test "$enableval" = "no"; then + aix_dynamic_afs=no +fi + +fi + + berkeley_db=db # Check whether --with-berkeley-db or --without-berkeley-db was given. if test "${with_berkeley_db+set}" = set; then withval="$with_berkeley_db" if test "$withval" = no; then berkeley_db="" fi fi afs_support=yes # Check whether --with-afs-support or --without-afs-support was given. if test "${with_afs_support+set}" = set; then withval="$with_afs_support" if test "$withval" = no; then cat >> confdefs.h <<\EOF #define NO_AFS 1 EOF afs_support=no fi fi des_quad=guess # Check whether --with-des-quad-checksum or --without-des-quad-checksum was given. if test "${with_des_quad_checksum+set}" = set; then withval="$with_des_quad_checksum" des_quad="$withval" fi if test "$des_quad" = "new"; then - cat >> confdefs.h <<\EOF -#define DES_QUAD_DEFAULT DES_QUAD_NEW -EOF - + ac_x=DES_QUAD_NEW elif test "$des_quad" = "old"; then - cat >> confdefs.h <<\EOF -#define DES_QUAD_DEFAULT DES_QUAD_OLD + ac_x=DES_QUAD_OLD +else + ac_x=DES_QUAD_GUESS +fi +cat >> confdefs.h <> confdefs.h <<\EOF -#define DES_QUAD_DEFAULT DES_QUAD_GUESS -EOF + AFSWS=/usr/afsws fi +test "$AFSWS" = "yes" && AFSWS=/usr/afsws -echo $ac_n "checking for readline""... $ac_c" 1>&6 -echo "configure:1503: checking for readline" >&5 + +# Check whether --enable-rxkad or --disable-rxkad was given. +if test "${enable_rxkad+set}" = set; then + enableval="$enable_rxkad" + : +else + +test -f $AFSWS/include/rx/rx.h && enable_rxkad=yes + +fi + + +if test "$afs_support" = yes -a "$enable_rxkad" = yes; then + LIB_SUBDIRS="$LIB_SUBDIRS rxkad" +fi + + +# Check whether --enable-cat-manpages or --disable-cat-manpages was given. +if test "${enable_cat_manpages+set}" = set; then + enableval="$enable_cat_manpages" + +if test "$enableval" = "no"; then + disable_cat_manpages=yes +fi + +fi + + + + # Check whether --with-readline or --without-readline was given. if test "${with_readline+set}" = set; then withval="$with_readline" - if test "$with_readline" = "no"; then - with_readline= + : fi -fi - # Check whether --with-readline-lib or --without-readline-lib was given. if test "${with_readline_lib+set}" = set; then withval="$with_readline_lib" if test "$withval" = "yes" -o "$withval" = "no"; then { echo "configure: error: No argument for --with-readline-lib" 1>&2; exit 1; } elif test "X$with_readline" = "X"; then with_readline=yes fi - fi # Check whether --with-readline-include or --without-readline-include was given. if test "${with_readline_include+set}" = set; then withval="$with_readline_include" if test "$withval" = "yes" -o "$withval" = "no"; then { echo "configure: error: No argument for --with-readline-include" 1>&2; exit 1; } elif test "X$with_readline" = "X"; then with_readline=yes fi +fi + +echo $ac_n "checking for readline""... $ac_c" 1>&6 +echo "configure:1900: checking for readline" >&5 + +case "$with_readline" in +yes) ;; +no) ;; +"") ;; +*) if test "$with_readline_include" = ""; then + with_readline_include="$with_readline/include" + fi + if test "$with_readline_lib" = ""; then + with_readline_lib="$with_readline/lib$abilibdirext" fi + ;; +esac +header_dirs= +lib_dirs= +d='' +for i in $d; do + header_dirs="$header_dirs $i/include" + lib_dirs="$lib_dirs $i/lib$abilibdirext" +done +case "$with_readline_include" in +yes) ;; +no) ;; +*) header_dirs="$with_readline_include $header_dirs";; +esac +case "$with_readline_lib" in +yes) ;; +no) ;; +*) lib_dirs="$with_readline_lib $lib_dirs";; +esac +save_CFLAGS="$CFLAGS" +save_LIBS="$LIBS" +ires= lres= +for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" + cat > conftest.$ac_ext < +#include -if test -n "$with_readline"; then - cat >> confdefs.h <<\EOF -#define READLINE 1 +int main() { + +; return 0; } EOF +if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ires=$i;break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +done +for i in $lib_dirs; do + LIBS="-L$i -lreadline $save_LIBS" + cat > conftest.$ac_ext < +#include + +int main() { + +; return 0; } +EOF +if { (eval echo configure:1971: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + lres=$i;break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 fi - if test -n "$with_readline_include"; then - trydir=$with_readline_include - elif test "$with_readline" != "yes"; then - trydir="$with_readline $with_readline/include" +rm -f conftest* +done +CFLAGS="$save_CFLAGS" +LIBS="$save_LIBS" + +if test "$ires" -a "$lres" -a "$with_readline" != "no"; then + readline_includedir="$ires" + readline_libdir="$lres" + INCLUDE_readline="-I$readline_includedir" + LIB_readline="-L$readline_libdir -lreadline" + cat >> confdefs.h <&6 else - trydir= + INCLUDE_readline= + LIB_readline= + with_readline=no + echo "$ac_t""$with_readline" 1>&6 fi - found= - for i in $trydir ""; do - if test -n "$i"; then - if test -f $i/readline.h; then - found=yes; res=$i; break + + + + + +# Check whether --with-mips_abi or --without-mips_abi was given. +if test "${with_mips_abi+set}" = set; then + withval="$with_mips_abi" + : fi + + +case "$host_os" in +irix*) +with_mips_abi="${with_mips_abi:-yes}" +if test -n "$GCC"; then + +# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select +# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs. +# +# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old +# GCC and revert back to O32. The same goes if O32 is asked for - old +# GCCs doesn't like the -mabi option, and new GCCs can't output O32. +# +# Don't you just love *all* the different SGI ABIs? + +case "${with_mips_abi}" in + 32|o32) abi='-mabi=32'; abilibdirext='' ;; + n32|yes) abi='-mabi=n32'; abilibdirext='32' ;; + 64) abi='-mabi=64'; abilibdirext='64' ;; + no) abi=''; abilibdirext='';; + *) { echo "configure: error: "Invalid ABI specified"" 1>&2; exit 1; } ;; +esac +if test -n "$abi" ; then +ac_foo=krb_cv_gcc_`echo $abi | tr =- __` +echo $ac_n "checking if $CC supports the $abi option""... $ac_c" 1>&6 +echo "configure:2036: checking if $CC supports the $abi option" >&5 +if eval "test \"`echo '$''{'$ac_foo'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 else + +save_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS $abi" cat > conftest.$ac_ext < + +int main() { +int x; +; return 0; } EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1569: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then +if { (eval echo configure:2051: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - found=yes; res=$i; break + eval $ac_foo=yes else - echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 + rm -rf conftest* + eval $ac_foo=no fi rm -f conftest* +CFLAGS="$save_CFLAGS" + fi - done - if test -n "$found"; then - readline_include=$res + +ac_res=`eval echo \\\$$ac_foo` +echo "$ac_t""$ac_res" 1>&6 +if test $ac_res = no; then +# Try to figure out why that failed... +case $abi in + -mabi=32) + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -mabi=n32" + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_res=yes else - { echo "configure: error: Cannot find readline.h" 1>&2; exit 1; } + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_res=no fi - if test -n "$with_readline_lib"; then - trydir=$with_readline_lib - elif test "$with_readline" != "yes"; then - trydir="$with_readline $with_readline/lib" - else - trydir= +rm -f conftest* + CLAGS="$save_CFLAGS" + if test $ac_res = yes; then + # New GCC + { echo "configure: error: $CC does not support the $with_mips_abi ABI" 1>&2; exit 1; } fi - found= - for i in $trydir ""; do - if test -n "$i"; then - if test -f $i/libreadline.a; then - found=yes; res=$i; break + # Old GCC + abi='' + abilibdirext='' + ;; + -mabi=n32|-mabi=64) + if test $with_mips_abi = yes; then + # Old GCC, default to O32 + abi='' + abilibdirext='' + else + # Some broken GCC + { echo "configure: error: $CC does not support the $with_mips_abi ABI" 1>&2; exit 1; } fi + ;; +esac +fi #if test $ac_res = no; then +fi #if test -n "$abi" ; then else - old_LIBS=$LIBS - LIBS="-lreadline $LIBS" +case "${with_mips_abi}" in + 32|o32) abi='-32'; abilibdirext='' ;; + n32|yes) abi='-n32'; abilibdirext='32' ;; + 64) abi='-64'; abilibdirext='64' ;; + no) abi=''; abilibdirext='';; + *) { echo "configure: error: "Invalid ABI specified"" 1>&2; exit 1; } ;; +esac +fi #if test -n "$GCC"; then +;; +esac + + + +# Check whether --with-hesiod or --without-hesiod was given. +if test "${with_hesiod+set}" = set; then + withval="$with_hesiod" + : +fi + +# Check whether --with-hesiod-lib or --without-hesiod-lib was given. +if test "${with_hesiod_lib+set}" = set; then + withval="$with_hesiod_lib" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-hesiod-lib" 1>&2; exit 1; } +elif test "X$with_hesiod" = "X"; then + with_hesiod=yes +fi +fi + +# Check whether --with-hesiod-include or --without-hesiod-include was given. +if test "${with_hesiod_include+set}" = set; then + withval="$with_hesiod_include" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-hesiod-include" 1>&2; exit 1; } +elif test "X$with_hesiod" = "X"; then + with_hesiod=yes +fi +fi + + +echo $ac_n "checking for hesiod""... $ac_c" 1>&6 +echo "configure:2155: checking for hesiod" >&5 + +case "$with_hesiod" in +yes) ;; +no) ;; +"") ;; +*) if test "$with_hesiod_include" = ""; then + with_hesiod_include="$with_hesiod/include" + fi + if test "$with_hesiod_lib" = ""; then + with_hesiod_lib="$with_hesiod/lib$abilibdirext" + fi + ;; +esac +header_dirs= +lib_dirs= +d='' +for i in $d; do + header_dirs="$header_dirs $i/include" + lib_dirs="$lib_dirs $i/lib$abilibdirext" +done + +case "$with_hesiod_include" in +yes) ;; +no) ;; +*) header_dirs="$with_hesiod_include $header_dirs";; +esac +case "$with_hesiod_lib" in +yes) ;; +no) ;; +*) lib_dirs="$with_hesiod_lib $lib_dirs";; +esac + +save_CFLAGS="$CFLAGS" +save_LIBS="$LIBS" +ires= lres= +for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" cat > conftest.$ac_ext < int main() { ; return 0; } EOF -if { (eval echo configure:1611: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2201: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - found=yes; res=$i; LIBS=$old_LIBS; break + ires=$i;break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* - LIBS=$old_LIBS - fi done - if test -n "$found"; then - readline_lib=$res +for i in $lib_dirs; do + LIBS="-L$i -lhesiod $save_LIBS" + cat > conftest.$ac_ext < +int main() { + +; return 0; } +EOF +if { (eval echo configure:2220: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + lres=$i;break else - { echo "configure: error: Cannot find libreadline.a" 1>&2; exit 1; } + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 fi - echo "$ac_t""headers $readline_include, libraries $readline_lib" 1>&6 +rm -f conftest* +done +CFLAGS="$save_CFLAGS" +LIBS="$save_LIBS" + +if test "$ires" -a "$lres" -a "$with_hesiod" != "no"; then + hesiod_includedir="$ires" + hesiod_libdir="$lres" + INCLUDE_hesiod="-I$hesiod_includedir" + LIB_hesiod="-L$hesiod_libdir -lhesiod" cat >> confdefs.h <&6 +else + INCLUDE_hesiod= + LIB_hesiod= + with_hesiod=no + echo "$ac_t""$with_hesiod" 1>&6 fi - if test -n "$readline_lib"; then - READLINELIB="-L$readline_lib" - fi - READLINELIB="$READLINELIB -lreadline" -else - echo "$ac_t""no" 1>&6 -fi +# Check whether --enable-shared or --disable-shared was given. +if test "${enable_shared+set}" = set; then + enableval="$enable_shared" + : +fi -case ${with_shared} in - yes ) with_shared=yes;; - no ) with_shared=no;; - * ) with_shared=no;; + + +case ${enable_shared} in + yes ) enable_shared=yes;; + no ) enable_shared=no;; + * ) enable_shared=no;; esac # NOTE: Building shared libraries may not work if you do not use gcc! # # OS $SHLIBEXT # HP-UX sl # Linux so # NetBSD so # FreeBSD so # OSF so # SunOS5 so # SunOS4 so.0.5 # Irix so # # LIBEXT is the extension we should build (.a or $SHLIBEXT) +LINK='$(CC)' + +lib_deps=yes REAL_PICFLAGS="-fpic" LDSHARED='$(CC) $(PICFLAGS) -shared' LIBPREFIX=lib +build_symlink_command=@true +install_symlink_command=@true +install_symlink_command2=@true REAL_SHLIBEXT=so SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'` +SHLIB_SONAME=`echo $VERSION | sed 's/\([0-9]*\).*/\1/'` case "${host}" in *-*-hpux*) REAL_SHLIBEXT=sl REAL_LD_FLAGS='-Wl,+b$(libdir)' if test -z "$GCC"; then LDSHARED="ld -b" REAL_PICFLAGS="+z" fi + lib_deps=no ;; *-*-linux*) + LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}" REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_SHLIBEXT=so.$SHLIB_VERSION + build_symlink_command='$(LN_S) -f $@ $(LIBNAME).so' + install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so' + install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so' ;; +*-*-freebsd[34]*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + REAL_LD_FLAGS='-Wl,-R$(libdir)' + build_symlink_command='$(LN_S) -f $@ $(LIBNAME).so' + install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so' + install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so' + ;; *-*-*bsd*) REAL_SHLIBEXT=so.$SHLIB_VERSION LDSHARED='ld -Bshareable' REAL_LD_FLAGS='-Wl,-R$(libdir)' ;; *-*-osf*) REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' REAL_PICFLAGS= LDSHARED='ld -shared -expect_unresolved \*' ;; *-*-solaris2*) REAL_LD_FLAGS='-Wl,-R$(libdir)' if test -z "$GCC"; then LDSHARED='$(CC) -G' REAL_PICFLAGS="-Kpic" fi ;; +*-fujitsu-uxpv*) + REAL_LD_FLAGS='' # really: LD_RUN_PATH=$(libdir) cc -o ... + REAL_LINK='LD_RUN_PATH=$(libdir) $(CC)' + LDSHARED='$(CC) -G' + REAL_PICFLAGS="-Kpic" + lib_deps=no # fails in mysterious ways + ;; *-*-sunos*) REAL_SHLIBEXT=so.$SHLIB_VERSION REAL_LD_FLAGS='-Wl,-L$(libdir)' + lib_deps=no ;; *-*-irix*) - REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + libdir="${libdir}${abilibdirext}" + REAL_LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)" + LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)" + LDSHARED="\$(CC) -shared ${abi}" REAL_PICFLAGS= + CFLAGS="${abi} ${CFLAGS}" ;; -*-*-os2_emx*) - LD_FLAGS='-Zexe' +*-*-os2*) LIBPREFIX= EXECSUFFIX='.exe' RANLIB=EMXOMF + LD_FLAGS=-Zcrtdll REAL_SHLIBEXT=nobuild ;; *-*-cygwin32*) EXECSUFFIX='.exe' REAL_SHLIBEXT=nobuild ;; *) REAL_SHLIBEXT=nobuild REAL_PICFLAGS= ;; esac -if test "${with_shared}" != "yes" ; then +if test "${enable_shared}" != "yes" ; then PICFLAGS="" SHLIBEXT="nobuild" LIBEXT="a" + build_symlink_command=@true + install_symlink_command=@true + install_symlink_command2=@true else PICFLAGS="$REAL_PICFLAGS" SHLIBEXT="$REAL_SHLIBEXT" LIBEXT="$SHLIBEXT" + echo $ac_n "checking whether to use -rpath""... $ac_c" 1>&6 +echo "configure:2384: checking whether to use -rpath" >&5 + case "$libdir" in + /lib | /usr/lib | /usr/local/lib) + echo "$ac_t""no" 1>&6 + REAL_LD_FLAGS= + LD_FLAGS= + ;; + *) LD_FLAGS="$REAL_LD_FLAGS" + test "$REAL_LINK" && LINK="$REAL_LINK" + echo "$ac_t""$LD_FLAGS" 1>&6 + ;; + esac fi - +if test "$lib_deps" = yes; then + lib_deps_yes="" + lib_deps_no="# " +else + lib_deps_yes="# " + lib_deps_no="" +fi -if test "${with_shared}" = "yes"; then -echo $ac_n "checking for pragma weak""... $ac_c" 1>&6 -echo "configure:1743: checking for pragma weak" >&5 -if eval "test \"`echo '$''{'ac_have_pragma_weak'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else +# use supplied ld-flags, or none if `no' +if test "$with_ld_flags" = no; then + LD_FLAGS= +elif test -n "$with_ld_flags"; then + LD_FLAGS="$with_ld_flags" +fi -ac_have_pragma_weak=no -cat > conftest_foo.$ac_ext <<'EOF' -#line 1750 "configure" -#include "confdefs.h" -#pragma weak foo = _foo -int _foo = 17; -EOF -cat > conftest_bar.$ac_ext <<'EOF' -#line 1756 "configure" -#include "confdefs.h" -extern int foo; -int t() { - return foo; -} -int main() { - return t(); -} -EOF -if { (eval echo configure:1768: \"$'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5'\") 1>&5; (eval $'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5') 2>&5; }; then -ac_have_pragma_weak=yes -fi -rm -rf conftest* -fi -if test "$ac_have_pragma_weak" = "yes"; then - cat >> confdefs.h <<\EOF -#define HAVE_PRAGMA_WEAK 1 -EOF -fi -echo "$ac_t""$ac_have_pragma_weak" 1>&6 -fi - - echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 -echo "configure:1785: checking whether byte ordering is bigendian" >&5 +echo "configure:2421: checking whether byte ordering is bigendian" >&5 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_bigendian=unknown # See if sys/param.h defines the BYTE_ORDER macro. cat > conftest.$ac_ext < #include int main() { #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN bogus endian macros #endif ; return 0; } EOF -if { (eval echo configure:1803: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2439: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* # It does; now see whether it defined to BIG_ENDIAN or not. cat > conftest.$ac_ext < #include int main() { #if BYTE_ORDER != BIG_ENDIAN not big endian #endif ; return 0; } EOF -if { (eval echo configure:1818: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2454: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_bigendian=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_c_bigendian=no fi rm -f conftest* else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* if test $ac_cv_c_bigendian = unknown; then if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2487: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_bigendian=no else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* ac_cv_c_bigendian=yes fi rm -fr conftest* fi fi fi echo "$ac_t""$ac_cv_c_bigendian" 1>&6 if test $ac_cv_c_bigendian = yes; then cat >> confdefs.h <<\EOF #define WORDS_BIGENDIAN 1 EOF fi echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:1876: checking for working const" >&5 +echo "configure:2512: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; } ; return 0; } EOF -if { (eval echo configure:1930: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2566: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_c_const=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_c_const" 1>&6 if test $ac_cv_c_const = no; then cat >> confdefs.h <<\EOF #define const EOF fi +echo $ac_n "checking for inline""... $ac_c" 1>&6 +echo "configure:2588: checking for inline" >&5 +if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_inline=$ac_kw; break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +done +fi + +echo "$ac_t""$ac_cv_c_inline" 1>&6 +case "$ac_cv_c_inline" in + inline | yes) ;; + no) cat >> confdefs.h <<\EOF +#define inline +EOF + ;; + *) cat >> confdefs.h <&6 +echo "configure:2630: checking for __attribute__" >&5 +if eval "test \"`echo '$''{'ac_cv___attribute__'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < + +int main() { + +static void foo(void) __attribute__ ((noreturn)); + +static void +foo(void) +{ + exit(1); +} + +; return 0; } +EOF +if { (eval echo configure:2653: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv___attribute__=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv___attribute__=no +fi +rm -f conftest* +fi + +if test "$ac_cv___attribute__" = "yes"; then + cat >> confdefs.h <<\EOF +#define HAVE___ATTRIBUTE__ 1 +EOF + +fi +echo "$ac_t""$ac_cv___attribute__" 1>&6 + + + + echo $ac_n "checking for NEXTSTEP""... $ac_c" 1>&6 -echo "configure:1954: checking for NEXTSTEP" >&5 +echo "configure:2677: checking for NEXTSTEP" >&5 if eval "test \"`echo '$''{'krb_cv_sys_nextstep'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5 | egrep "yes" >/dev/null 2>&1; then rm -rf conftest* krb_cv_sys_nextstep=yes else rm -rf conftest* krb_cv_sys_nextstep=no fi rm -f conftest* fi if test "$krb_cv_sys_nextstep" = "yes"; then CFLAGS="$CFLAGS -posix" LIBS="$LIBS -posix" fi echo "$ac_t""$krb_cv_sys_nextstep" 1>&6 echo $ac_n "checking for AIX""... $ac_c" 1>&6 -echo "configure:1986: checking for AIX" >&5 +echo "configure:2709: checking for AIX" >&5 if eval "test \"`echo '$''{'krb_cv_sys_aix'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5 | egrep "yes" >/dev/null 2>&1; then rm -rf conftest* krb_cv_sys_aix=yes else rm -rf conftest* krb_cv_sys_aix=no fi rm -f conftest* fi echo "$ac_t""$krb_cv_sys_aix" 1>&6 if test "$krb_cv_sys_aix" = yes ;then - AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o' - + if test "$aix_dynamic_afs" = yes; then + AFS_EXTRA_OBJS= AFS_EXTRA_LIBS=afslib.so + # this works differently in AIX <=3 and 4 + if test `uname -v` = 4 ; then + AFS_EXTRA_LD="-bnoentry" + else + AFS_EXTRA_LD="-e _nostart" + fi + AFS_EXTRA_DEFS= + + + +echo $ac_n "checking for dlopen""... $ac_c" 1>&6 +echo "configure:2751: checking for dlopen" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_dlopen'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" dl; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + else + ac_lib="" + fi + LIBS=" $ac_lib $ac_save_LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_dlopen=\${ac_cv_funclib_dlopen-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_dlopen" + +: << END +@@@funcs="$funcs dlopen"@@@ +@@@libs="$libs "" dl"@@@ +END + +# dlopen +eval "ac_tr_func=HAVE_`echo dlopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_dlopen=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dlopen=yes" + eval "LIB_dlopen=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_dlopen=no" + eval "LIB_dlopen=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_dlopen=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + if test "$ac_cv_funclib_dlopen" = yes; then + AIX_EXTRA_KAFS= + elif test "$ac_cv_funclib_dlopen" != no; then + AIX_EXTRA_KAFS="$ac_cv_funclib_dlopen" + else + AFS_EXTRA_OBJS="$AFS_EXTRA_OBJS dlfcn.o" + AIX_EXTRA_KAFS=-lld fi + else + AFS_EXTRA_OBJS='$(srcdir)/afsl.exp afslib.o' + AFS_EXTRA_LIBS= + AFS_EXTRA_DEFS='-DSTATIC_AFS_SYSCALLS' + AIX_EXTRA_KAFS= + fi + fi # # AIX needs /lib/pse.exp for getmsg, but alas that file is broken in # AIX414 # +case "${host}" in +*-*-aix4.1*) if test -f /lib/pse.exp ;then - LIBS="$LIBS -Wl,-bI:/lib/pse.exp" + LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp" fi +;; +esac echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:2031: checking for ANSI C header files" >&5 +echo "configure:2863: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include #include #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2044: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:2876: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* ac_cv_header_stdc=yes else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "memchr" >/dev/null 2>&1; then : else rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "free" >/dev/null 2>&1; then : else rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') #define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } EOF -if { (eval echo configure:2111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2943: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* ac_cv_header_stdc=no fi rm -fr conftest* fi fi fi echo "$ac_t""$ac_cv_header_stdc" 1>&6 if test $ac_cv_header_stdc = yes; then cat >> confdefs.h <<\EOF #define STDC_HEADERS 1 EOF fi -for ac_hdr in arpa/ftp.h arpa/inet.h arpa/nameser.h +for ac_hdr in arpa/ftp.h \ + arpa/inet.h \ + arpa/nameser.h \ + arpa/telnet.h \ + bsd/bsd.h \ + bsdsetjmp.h \ + capability.h \ + crypt.h \ + curses.h \ + db.h \ + dbm.h \ + dirent.h \ + err.h \ + errno.h \ + fcntl.h \ + fnmatch.h \ + grp.h \ + inttypes.h \ + io.h \ + lastlog.h \ + libutil.h \ + limits.h \ + login.h \ + maillock.h \ + ndbm.h \ + net/if.h \ + net/if_tun.h \ + net/if_var.h \ + netdb.h \ + netinet/in.h \ + netinet/in6_machtypes.h \ + netinet/in_systm.h \ + paths.h \ + pty.h \ + pwd.h \ + resolv.h \ + rpcsvc/dbm.h \ + rpcsvc/ypclnt.h \ + sac.h \ + security/pam_modules.h \ + shadow.h \ + siad.h \ + signal.h \ + stropts.h \ + sys/bitypes.h \ + sys/category.h \ + sys/file.h \ + sys/filio.h \ + sys/ioccom.h \ + sys/ioctl.h \ + sys/locking.h \ + sys/mman.h \ + sys/param.h \ + sys/proc.h \ + sys/pty.h \ + sys/ptyio.h \ + sys/ptyvar.h \ + sys/resource.h \ + sys/select.h \ + sys/socket.h \ + sys/sockio.h \ + sys/stat.h \ + sys/str_tty.h \ + sys/stream.h \ + sys/stropts.h \ + sys/strtty.h \ + sys/syscall.h \ + sys/sysctl.h \ + sys/termio.h \ + sys/time.h \ + sys/timeb.h \ + sys/times.h \ + sys/tty.h \ + sys/types.h \ + sys/uio.h \ + sys/un.h \ + sys/utsname.h \ + sys/wait.h \ + syslog.h \ + term.h \ + termcap.h \ + termio.h \ + termios.h \ + tmpdir.h \ + ttyent.h \ + udb.h \ + ulimit.h \ + unistd.h \ + userpw.h \ + usersec.h \ + util.h \ + utime.h \ + utmp.h \ + utmpx.h \ + wait.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2139: checking for $ac_hdr" >&5 +echo "configure:3065: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2149: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:3075: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` cat >> confdefs.h <&6 fi done -for ac_hdr in arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2179: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2189: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2219: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then +echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +echo "configure:3103: checking whether time.h and sys/time.h may both be included" >&5 +if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < +#include +#include +#include +int main() { +struct tm *tp; +; return 0; } EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2229: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then +if { (eval echo configure:3117: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" + ac_cv_header_time=yes else - echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" + ac_cv_header_time=no fi rm -f conftest* fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in lastlog.h login.h maillock.h ndbm.h net/if.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2259: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < +echo "$ac_t""$ac_cv_header_time" 1>&6 +if test $ac_cv_header_time = yes; then + cat >> confdefs.h <<\EOF +#define TIME_WITH_SYS_TIME 1 EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2269: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 fi -done -for ac_hdr in net/if_tun.h net/if_var.h netdb.h netinet/in.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2299: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then +echo $ac_n "checking for sys_siglist declaration in signal.h or unistd.h""... $ac_c" 1>&6 +echo "configure:3138: checking for sys_siglist declaration in signal.h or unistd.h" >&5 +if eval "test \"`echo '$''{'ac_cv_decl_sys_siglist'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < +#include +#include +/* NetBSD declares sys_siglist in unistd.h. */ +#ifdef HAVE_UNISTD_H +#include +#endif +int main() { +char *msg = *(sys_siglist + 1); +; return 0; } EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2309: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then +if { (eval echo configure:3155: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" + ac_cv_decl_sys_siglist=yes else - echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" + ac_cv_decl_sys_siglist=no fi rm -f conftest* fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in netinet/in6_machtypes.h netinet/in_systm.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2339: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < +echo "$ac_t""$ac_cv_decl_sys_siglist" 1>&6 +if test $ac_cv_decl_sys_siglist = yes; then + cat >> confdefs.h <<\EOF +#define SYS_SIGLIST_DECLARED 1 EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2349: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 fi -done -for ac_hdr in netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2379: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2389: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2419: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2429: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in shadow.h siad.h signal.h stropts.h sys/bitypes.h +for ac_hdr in standards.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2459: checking for $ac_hdr" >&5 +echo "configure:3181: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2469: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:3191: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` cat >> confdefs.h <&6 fi done -for ac_hdr in sys/category.h sys/cdefs.h sys/file.h sys/filio.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2499: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2509: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done +for i in netinet/ip.h netinet/tcp.h; do -for ac_hdr in sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2539: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2549: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done +cv=`echo "$i" | sed 'y%./+-%__p_%'` -for ac_hdr in sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2579: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then +echo $ac_n "checking for $i""... $ac_c" 1>&6 +echo "configure:3222: checking for $i" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$cv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2589: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done +\ +#ifdef HAVE_STANDARDS_H +#include +#endif +#include <$i> -for ac_hdr in sys/resource.h sys/select.h sys/socket.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2619: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2629: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:3237: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" + eval "ac_cv_header_$cv=yes" else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" + eval "ac_cv_header_$cv=no" fi rm -f conftest* fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2659: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2669: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` +echo "$ac_t""`eval echo \\$ac_cv_header_$cv`" 1>&6 +if test `eval echo \\$ac_cv_header_$cv` = yes; then + ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` cat >> confdefs.h <&6 fi done +: << END +@@@headers="$headers netinet/ip.h netinet/tcp.h"@@@ +END -for ac_hdr in sys/stropts.h sys/strtty.h sys/syscall.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2699: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2709: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2739: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2749: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in sys/times.h sys/tty.h sys/types.h sys/uio.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2779: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2789: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" +EXTRA_LOCL_HEADERS= +EXTRA_HEADERS= +if test "$ac_cv_header_err_h" != yes; then + EXTRA_HEADERS="$EXTRA_HEADERS err.h" fi -rm -f conftest* +if test "$ac_cv_header_fnmatch_h" != yes; then + EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS fnmatch.h" fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in sys/un.h sys/utsname.h sys/wait.h syslog.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2819: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2829: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2859: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2869: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in unistd.h userpw.h usersec.h util.h utime.h utmp.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2899: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2909: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done -for ac_hdr in utmpx.h wait.h winsock.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2939: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then +for i in int8_t int16_t int32_t int64_t; do + echo $ac_n "checking for $i""... $ac_c" 1>&6 +echo "configure:3281: checking for $i" >&5 + +if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2949: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done - - -echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 -echo "configure:2977: checking whether time.h and sys/time.h may both be included" >&5 -if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_TYPES_H #include -#include -#include -int main() { -struct tm *tp; -; return 0; } -EOF -if { (eval echo configure:2991: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_header_time=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_header_time=no -fi -rm -f conftest* -fi - -echo "$ac_t""$ac_cv_header_time" 1>&6 -if test $ac_cv_header_time = yes; then - cat >> confdefs.h <<\EOF -#define TIME_WITH_SYS_TIME 1 -EOF - -fi - -echo $ac_n "checking for sys_siglist declaration in signal.h or unistd.h""... $ac_c" 1>&6 -echo "configure:3012: checking for sys_siglist declaration in signal.h or unistd.h" >&5 -if eval "test \"`echo '$''{'ac_cv_decl_sys_siglist'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -#include -/* NetBSD declares sys_siglist in unistd.h. */ -#ifdef HAVE_UNISTD_H -#include #endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_BIND_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif + int main() { -char *msg = *(sys_siglist + 1); +$i x; + ; return 0; } EOF -if { (eval echo configure:3029: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3311: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - ac_cv_decl_sys_siglist=yes + eval ac_cv_type_$i=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - ac_cv_decl_sys_siglist=no + eval ac_cv_type_$i=no fi rm -f conftest* fi -echo "$ac_t""$ac_cv_decl_sys_siglist" 1>&6 -if test $ac_cv_decl_sys_siglist = yes; then - cat >> confdefs.h <<\EOF -#define SYS_SIGLIST_DECLARED 1 + eval ac_res=\$ac_cv_type_$i + if test "$ac_res" = yes; then + type=HAVE_`echo $i | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` + cat >> confdefs.h <&6 +done - -for i in int8_t int16_t int32_t int64_t; do +for i in u_int8_t u_int16_t u_int32_t u_int64_t; do echo $ac_n "checking for $i""... $ac_c" 1>&6 -echo "configure:3053: checking for $i" >&5 +echo "configure:3337: checking for $i" >&5 if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < +#endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_BITYPES_H #include #endif #ifdef HAVE_BIND_BITYPES_H #include #endif #ifdef HAVE_NETINET_IN6_MACHTYPES_H #include #endif int main() { $i x; ; return 0; } EOF -if { (eval echo configure:3081: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3367: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval ac_cv_type_$i=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval ac_cv_type_$i=no fi rm -f conftest* fi eval ac_res=\$ac_cv_type_$i if test "$ac_res" = yes; then - type=HAVE_`echo $i | tr 'a-z' 'A-Z'` - cat >> confdefs.h <> confdefs.h <&6 done -for i in u_int8_t u_int16_t u_int32_t u_int64_t; do - echo $ac_n "checking for $i""... $ac_c" 1>&6 -echo "configure:3107: checking for $i" >&5 - -if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then +echo $ac_n "checking for strange sys/bitypes.h""... $ac_c" 1>&6 +echo "configure:3392: checking for strange sys/bitypes.h" >&5 +if eval "test \"`echo '$''{'krb_cv_int8_t_ifdef'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else + cat > conftest.$ac_ext < #endif #ifdef HAVE_SYS_BITYPES_H #include #endif -#ifdef HAVE_BIND_BITYPES_H -#include -#endif #ifdef HAVE_NETINET_IN6_MACHTYPES_H #include #endif int main() { -$i x; +int8_t x; ; return 0; } EOF -if { (eval echo configure:3135: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3416: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - eval ac_cv_type_$i=yes + krb_cv_int8_t_ifdef=no else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - eval ac_cv_type_$i=no + krb_cv_int8_t_ifdef=yes fi rm -f conftest* fi + +echo "$ac_t""$krb_cv_int8_t_ifdef" 1>&6 +if test "$krb_cv_int8_t_ifdef" = "yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_STRANGE_INT8_T 1 +EOF +fi - eval ac_res=\$ac_cv_type_$i - if test "$ac_res" = yes; then - type=HAVE_`echo $i | tr 'a-z' 'A-Z'` - cat >> confdefs.h <&6 +echo "configure:3440: checking for crypt" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_crypt'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_crypt\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" crypt; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + else + ac_lib="" + fi + LIBS=" $ac_lib $ac_save_LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_crypt=\${ac_cv_funclib_crypt-no}" + LIBS="$ac_save_LIBS" +fi - fi - echo "$ac_t""$ac_res" 1>&6 -done +fi +eval "ac_res=\$ac_cv_funclib_crypt" +: << END +@@@funcs="$funcs crypt"@@@ +@@@libs="$libs "" crypt"@@@ +END +# crypt +eval "ac_tr_func=HAVE_`echo crypt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_crypt=$ac_res" +case "$ac_res" in + yes) + eval "ac_cv_func_crypt=yes" + eval "LIB_crypt=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_crypt=no" + eval "LIB_crypt=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_crypt=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + + + + + + echo $ac_n "checking for socket""... $ac_c" 1>&6 -echo "configure:3165: checking for socket" >&5 +echo "configure:3527: checking for socket" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_socket'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_socket\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" socket; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext < #endif #ifdef HAVE_SYS_SOCKET_H #include #endif int main() { socket(0,0,0) ; return 0; } EOF -if { (eval echo configure:3190: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3554: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}" LIBS="$ac_save_LIBS" fi - + fi eval "ac_res=\$ac_cv_funclib_socket" -# autoheader tricks *sigh* : << END @@@funcs="$funcs socket"@@@ -@@@libs="$libs socket"@@@ +@@@libs="$libs "" socket"@@@ END -eval "ac_tr_func=HAVE_`echo socket | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# socket +eval "ac_tr_func=HAVE_`echo socket | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_socket=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_socket=yes" eval "LIB_socket=" cat >> confdefs.h <&6 ;; no) eval "ac_cv_func_socket=no" eval "LIB_socket=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_socket=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_socket"; then LIBS="$LIB_socket $LIBS" fi + echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 -echo "configure:3257: checking for gethostbyname" >&5 +echo "configure:3622: checking for gethostbyname" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_gethostbyname'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" nsl; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext < #endif #ifdef HAVE_SYS_SOCKET_H #include #endif int main() { gethostbyname("foo") ; return 0; } EOF -if { (eval echo configure:3282: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3649: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_gethostbyname" -# autoheader tricks *sigh* : << END @@@funcs="$funcs gethostbyname"@@@ -@@@libs="$libs nsl"@@@ +@@@libs="$libs "" nsl"@@@ END -eval "ac_tr_func=HAVE_`echo gethostbyname | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# gethostbyname +eval "ac_tr_func=HAVE_`echo gethostbyname | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_gethostbyname=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_gethostbyname=yes" eval "LIB_gethostbyname=" - cat >> confdefs.h <> confdefs.h <&6 ;; no) eval "ac_cv_func_gethostbyname=no" eval "LIB_gethostbyname=" - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_gethostbyname=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_gethostbyname"; then LIBS="$LIB_gethostbyname $LIBS" fi + echo $ac_n "checking for odm_initialize""... $ac_c" 1>&6 -echo "configure:3351: checking for odm_initialize" >&5 +echo "configure:3719: checking for odm_initialize" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_odm_initialize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_odm_initialize\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" odm; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3741: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_odm_initialize=$ac_lib; else ac_cv_funclib_odm_initialize=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_odm_initialize=\${ac_cv_funclib_odm_initialize-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_odm_initialize" -# autoheader tricks *sigh* : << END @@@funcs="$funcs odm_initialize"@@@ -@@@libs="$libs odm"@@@ +@@@libs="$libs "" odm"@@@ END -eval "ac_tr_func=HAVE_`echo odm_initialize | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# odm_initialize +eval "ac_tr_func=HAVE_`echo odm_initialize | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_odm_initialize=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_odm_initialize=yes" eval "LIB_odm_initialize=" - cat >> confdefs.h <> confdefs.h <&6 ;; no) eval "ac_cv_func_odm_initialize=no" eval "LIB_odm_initialize=" - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_odm_initialize=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_odm_initialize"; then LIBS="$LIB_odm_initialize $LIBS" fi + echo $ac_n "checking for getattr""... $ac_c" 1>&6 -echo "configure:3438: checking for getattr" >&5 +echo "configure:3809: checking for getattr" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_getattr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_getattr\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" cfg; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3831: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_getattr=$ac_lib; else ac_cv_funclib_getattr=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_getattr=\${ac_cv_funclib_getattr-no}" LIBS="$ac_save_LIBS" fi - + fi eval "ac_res=\$ac_cv_funclib_getattr" -# autoheader tricks *sigh* : << END @@@funcs="$funcs getattr"@@@ -@@@libs="$libs cfg"@@@ +@@@libs="$libs "" cfg"@@@ END -eval "ac_tr_func=HAVE_`echo getattr | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# getattr +eval "ac_tr_func=HAVE_`echo getattr | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_getattr=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_getattr=yes" eval "LIB_getattr=" cat >> confdefs.h <&6 + echo "$ac_t""yes" 1>&6 ;; no) eval "ac_cv_func_getattr=no" eval "LIB_getattr=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_getattr=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >> confdefs.h <> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_getattr"; then LIBS="$LIB_getattr $LIBS" fi + echo $ac_n "checking for setpcred""... $ac_c" 1>&6 -echo "configure:3525: checking for setpcred" >&5 +echo "configure:3899: checking for setpcred" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_setpcred'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_setpcred\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" s; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3921: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_setpcred=$ac_lib; else ac_cv_funclib_setpcred=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_setpcred=\${ac_cv_funclib_setpcred-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_setpcred" -# autoheader tricks *sigh* : << END @@@funcs="$funcs setpcred"@@@ -@@@libs="$libs s"@@@ +@@@libs="$libs "" s"@@@ END -eval "ac_tr_func=HAVE_`echo setpcred | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# setpcred +eval "ac_tr_func=HAVE_`echo setpcred | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_setpcred=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_setpcred=yes" eval "LIB_setpcred=" - cat >> confdefs.h <> confdefs.h <&6 ;; no) eval "ac_cv_func_setpcred=no" eval "LIB_setpcred=" - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_setpcred=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_setpcred"; then LIBS="$LIB_setpcred $LIBS" fi + echo $ac_n "checking for logwtmp""... $ac_c" 1>&6 -echo "configure:3612: checking for logwtmp" >&5 +echo "configure:3989: checking for logwtmp" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_logwtmp'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" util; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_logwtmp" -# autoheader tricks *sigh* : << END @@@funcs="$funcs logwtmp"@@@ -@@@libs="$libs util"@@@ +@@@libs="$libs "" util"@@@ END -eval "ac_tr_func=HAVE_`echo logwtmp | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# logwtmp +eval "ac_tr_func=HAVE_`echo logwtmp | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_logwtmp=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_logwtmp=yes" eval "LIB_logwtmp=" - cat >> confdefs.h <> confdefs.h <&6 ;; no) eval "ac_cv_func_logwtmp=no" eval "LIB_logwtmp=" - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_logwtmp=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_logwtmp"; then LIBS="$LIB_logwtmp $LIBS" fi + echo $ac_n "checking for logout""... $ac_c" 1>&6 -echo "configure:3700: checking for logout" >&5 +echo "configure:4080: checking for logout" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_logout'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_logout\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" util; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4102: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}" LIBS="$ac_save_LIBS" fi - + fi eval "ac_res=\$ac_cv_funclib_logout" -# autoheader tricks *sigh* : << END @@@funcs="$funcs logout"@@@ -@@@libs="$libs util"@@@ +@@@libs="$libs "" util"@@@ END -eval "ac_tr_func=HAVE_`echo logout | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# logout +eval "ac_tr_func=HAVE_`echo logout | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_logout=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_logout=yes" eval "LIB_logout=" cat >> confdefs.h <&6 + echo "$ac_t""yes" 1>&6 ;; no) eval "ac_cv_func_logout=no" eval "LIB_logout=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_logout=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >> confdefs.h <> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_logout"; then LIBS="$LIB_logout $LIBS" fi + echo $ac_n "checking for tgetent""... $ac_c" 1>&6 -echo "configure:3786: checking for tgetent" >&5 +echo "configure:4169: checking for tgetent" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_tgetent'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then ac_save_LIBS="$LIBS" - for ac_lib in "" termcap; do + for ac_lib in "" termcap ncurses curses; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4191: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_tgetent" -# autoheader tricks *sigh* : << END @@@funcs="$funcs tgetent"@@@ -@@@libs="$libs termcap"@@@ +@@@libs="$libs "" termcap ncurses curses"@@@ END -eval "ac_tr_func=HAVE_`echo tgetent | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# tgetent +eval "ac_tr_func=HAVE_`echo tgetent | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_tgetent=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_tgetent=yes" eval "LIB_tgetent=" - cat >> confdefs.h <> confdefs.h <&6 ;; no) eval "ac_cv_func_tgetent=no" eval "LIB_tgetent=" - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_tgetent=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac # If we find X, set shell vars x_includes and x_libraries to the # paths, otherwise set no_x=yes. # Uses ac_ vars as temps to allow command line to override cache and checks. # --without-x overrides everything else, but does not touch the cache. echo $ac_n "checking for X""... $ac_c" 1>&6 -echo "configure:3871: checking for X" >&5 +echo "configure:4256: checking for X" >&5 # Check whether --with-x or --without-x was given. if test "${with_x+set}" = set; then withval="$with_x" : fi # $have_x is `yes', `no', `disabled', or empty when we do not yet know. if test "x$with_x" = xno; then # The user explicitly disabled X. have_x=disabled else if test "x$x_includes" != xNONE && test "x$x_libraries" != xNONE; then # Both variables are already set. have_x=yes else if eval "test \"`echo '$''{'ac_cv_have_x'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else # One or both of the vars are not set, and there is no cached value. ac_x_includes=NO ac_x_libraries=NO rm -fr conftestdir if mkdir conftestdir; then cd conftestdir # Make sure to not put "make" in the Imakefile rules, since we grep it out. cat > Imakefile <<'EOF' acfindx: @echo 'ac_im_incroot="${INCROOT}"; ac_im_usrlibdir="${USRLIBDIR}"; ac_im_libdir="${LIBDIR}"' EOF if (xmkmf) >/dev/null 2>/dev/null && test -f Makefile; then # GNU make sometimes prints "make[1]: Entering...", which would confuse us. eval `${MAKE-make} acfindx 2>/dev/null | grep -v make` # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR. for ac_extension in a so sl; do if test ! -f $ac_im_usrlibdir/libX11.$ac_extension && test -f $ac_im_libdir/libX11.$ac_extension; then ac_im_usrlibdir=$ac_im_libdir; break - fi +fi done # Screen out bogus values from the imake configuration. They are # bogus both because they are the default anyway, and because # using them would break gcc on systems where it needs fixed includes. case "$ac_im_incroot" in /usr/include) ;; *) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes="$ac_im_incroot" ;; esac case "$ac_im_usrlibdir" in /usr/lib | /lib) ;; *) test -d "$ac_im_usrlibdir" && ac_x_libraries="$ac_im_usrlibdir" ;; esac - fi +fi cd .. rm -fr conftestdir fi if test "$ac_x_includes" = NO; then # Guess where to find include files, by looking for this one X11 .h file. test -z "$x_direct_test_include" && x_direct_test_include=X11/Intrinsic.h # First, try using that file with no special directory specified. -cat > conftest.$ac_ext < conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3938: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:4323: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* # We can compile using X headers with no special include directory. ac_x_includes= else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* # Look for the header file in a standard set of common directories. # Check X11 before X11Rn because it is often a symlink to the current release. for ac_dir in \ /usr/X11/include \ /usr/X11R6/include \ /usr/X11R5/include \ /usr/X11R4/include \ \ /usr/include/X11 \ /usr/include/X11R6 \ /usr/include/X11R5 \ /usr/include/X11R4 \ \ /usr/local/X11/include \ /usr/local/X11R6/include \ /usr/local/X11R5/include \ /usr/local/X11R4/include \ \ /usr/local/include/X11 \ /usr/local/include/X11R6 \ /usr/local/include/X11R5 \ /usr/local/include/X11R4 \ \ /usr/X386/include \ /usr/x386/include \ /usr/XFree86/include/X11 \ \ /usr/include \ /usr/local/include \ /usr/unsupported/include \ /usr/athena/include \ /usr/local/x11r5/include \ /usr/lpp/Xamples/include \ \ /usr/openwin/include \ /usr/openwin/share/include \ ; \ do if test -r "$ac_dir/$x_direct_test_include"; then ac_x_includes=$ac_dir break - fi +fi done fi rm -f conftest* fi # $ac_x_includes = NO if test "$ac_x_libraries" = NO; then # Check for the libraries. test -z "$x_direct_test_library" && x_direct_test_library=Xt test -z "$x_direct_test_function" && x_direct_test_function=XtMalloc # See if we find them without any special options. # Don't add to $LIBS permanently. ac_save_LIBS="$LIBS" LIBS="-l$x_direct_test_library $LIBS" -cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4399: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* LIBS="$ac_save_LIBS" # We can link X programs with no special library path. ac_x_libraries= else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* LIBS="$ac_save_LIBS" # First see if replacing the include by lib works. # Check X11 before X11Rn because it is often a symlink to the current release. for ac_dir in `echo "$ac_x_includes" | sed s/include/lib/` \ /usr/X11/lib \ /usr/X11R6/lib \ /usr/X11R5/lib \ /usr/X11R4/lib \ \ /usr/lib/X11 \ /usr/lib/X11R6 \ /usr/lib/X11R5 \ /usr/lib/X11R4 \ \ /usr/local/X11/lib \ /usr/local/X11R6/lib \ /usr/local/X11R5/lib \ /usr/local/X11R4/lib \ \ /usr/local/lib/X11 \ /usr/local/lib/X11R6 \ /usr/local/lib/X11R5 \ /usr/local/lib/X11R4 \ \ /usr/X386/lib \ /usr/x386/lib \ /usr/XFree86/lib/X11 \ \ /usr/lib \ /usr/local/lib \ /usr/unsupported/lib \ /usr/athena/lib \ /usr/local/x11r5/lib \ /usr/lpp/Xamples/lib \ /lib/usr/lib/X11 \ \ /usr/openwin/lib \ /usr/openwin/share/lib \ ; \ do for ac_extension in a so sl; do if test -r $ac_dir/lib${x_direct_test_library}.$ac_extension; then ac_x_libraries=$ac_dir break 2 - fi +fi done done fi rm -f conftest* fi # $ac_x_libraries = NO if test "$ac_x_includes" = NO || test "$ac_x_libraries" = NO; then # Didn't find X anywhere. Cache the known absence of X. ac_cv_have_x="have_x=no" else # Record where we found X for the cache. ac_cv_have_x="have_x=yes \ ac_x_includes=$ac_x_includes ac_x_libraries=$ac_x_libraries" fi fi fi eval "$ac_cv_have_x" fi # $with_x != no if test "$have_x" != yes; then echo "$ac_t""$have_x" 1>&6 no_x=yes else # If each of the values was on the command line, it overrides each guess. test "x$x_includes" = xNONE && x_includes=$ac_x_includes test "x$x_libraries" = xNONE && x_libraries=$ac_x_libraries # Update the cache value to reflect the command line values. ac_cv_have_x="have_x=yes \ ac_x_includes=$x_includes ac_x_libraries=$x_libraries" echo "$ac_t""libraries $x_libraries, headers $x_includes" 1>&6 fi + if test "$no_x" = yes; then # Not all programs may use this symbol, but it does not hurt to define it. cat >> confdefs.h <<\EOF #define X_DISPLAY_MISSING 1 EOF - + X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS= else if test -n "$x_includes"; then X_CFLAGS="$X_CFLAGS -I$x_includes" fi # It would also be nice to do this for all -L options, not just this one. if test -n "$x_libraries"; then X_LIBS="$X_LIBS -L$x_libraries" # For Solaris; some versions of Sun CC require a space after -R and # others require no space. Words are not sufficient . . . . case "`(uname -sr) 2>/dev/null`" in "SunOS 5"*) echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6 -echo "configure:4120: checking whether -R must be followed by a space" >&5 +echo "configure:4506: checking whether -R must be followed by a space" >&5 ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4516: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_R_nospace=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_R_nospace=no fi rm -f conftest* if test $ac_R_nospace = yes; then echo "$ac_t""no" 1>&6 X_LIBS="$X_LIBS -R$x_libraries" - else +else LIBS="$ac_xsave_LIBS -R $x_libraries" - cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4539: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_R_space=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_R_space=no fi rm -f conftest* if test $ac_R_space = yes; then echo "$ac_t""yes" 1>&6 X_LIBS="$X_LIBS -R $x_libraries" else echo "$ac_t""neither works" 1>&6 +fi fi - fi LIBS="$ac_xsave_LIBS" esac fi # Check for system-dependent libraries X programs must link with. # Do this before checking for the system-independent R6 libraries # (-lICE), since we may need -lsocket or whatever for X linking. if test "$ISC" = yes; then X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl_s -linet" else # Martyn.Johnson@cl.cam.ac.uk says this is needed for Ultrix, if the X # libraries were built with DECnet support. And karl@cs.umb.edu says # the Alpha needs dnet_stub (dnet does not exist). echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6 -echo "configure:4185: checking for dnet_ntoa in -ldnet" >&5 +echo "configure:4571: checking for dnet_ntoa in -ldnet" >&5 ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - ac_save_LIBS="$LIBS" + ac_save_LIBS="$LIBS" LIBS="-ldnet $LIBS" -cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4590: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* -LIBS="$ac_save_LIBS" + LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + echo "$ac_t""yes" 1>&6 X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet" else - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 fi if test $ac_cv_lib_dnet_dnet_ntoa = no; then echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6 -echo "configure:4226: checking for dnet_ntoa in -ldnet_stub" >&5 +echo "configure:4612: checking for dnet_ntoa in -ldnet_stub" >&5 ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - ac_save_LIBS="$LIBS" + ac_save_LIBS="$LIBS" LIBS="-ldnet_stub $LIBS" -cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4631: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* -LIBS="$ac_save_LIBS" + LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub" else echo "$ac_t""no" 1>&6 fi fi # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT, # to get the SysV transport functions. # chad@anasazi.com says the Pyramis MIS-ES running DC/OSx (SVR4) # needs -lnsl. # The nsl library prevents programs from opening the X display # on Irix 5.2, according to dickey@clark.net. echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 -echo "configure:4274: checking for gethostbyname" >&5 +echo "configure:4660: checking for gethostbyname" >&5 if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char gethostbyname(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_gethostbyname) || defined (__stub___gethostbyname) choke me #else gethostbyname(); #endif ; return 0; } EOF -if { (eval echo configure:4302: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4688: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_gethostbyname=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_gethostbyname=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'gethostbyname`\" = yes"; then - echo "$ac_t""yes" 1>&6 + echo "$ac_t""yes" 1>&6 : else - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 fi if test $ac_cv_func_gethostbyname = no; then echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6 -echo "configure:4323: checking for gethostbyname in -lnsl" >&5 +echo "configure:4709: checking for gethostbyname in -lnsl" >&5 ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - ac_save_LIBS="$LIBS" + ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" -cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* -LIBS="$ac_save_LIBS" + LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl" else echo "$ac_t""no" 1>&6 fi fi # lieder@skyler.mavd.honeywell.com says without -lsocket, # socket/setsockopt and other routines are undefined under SCO ODT # 2.0. But -lsocket is broken on IRIX 5.2 (and is not necessary # on later versions), says simon@lia.di.epfl.ch: it contains # gethostby* variants that don't use the nameserver (or something). # -lsocket must be given before -lnsl if both are needed. # We assume that if connect needs -lnsl, so does gethostbyname. echo $ac_n "checking for connect""... $ac_c" 1>&6 -echo "configure:4372: checking for connect" >&5 +echo "configure:4758: checking for connect" >&5 if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - cat > conftest.$ac_ext < conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char connect(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_connect) || defined (__stub___connect) choke me #else connect(); #endif ; return 0; } EOF -if { (eval echo configure:4400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_connect=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_connect=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'connect`\" = yes"; then - echo "$ac_t""yes" 1>&6 + echo "$ac_t""yes" 1>&6 : else - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 fi if test $ac_cv_func_connect = no; then echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 -echo "configure:4421: checking for connect in -lsocket" >&5 +echo "configure:4807: checking for connect in -lsocket" >&5 ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - ac_save_LIBS="$LIBS" + ac_save_LIBS="$LIBS" LIBS="-lsocket $X_EXTRA_LIBS $LIBS" -cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4826: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* -LIBS="$ac_save_LIBS" + LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + echo "$ac_t""yes" 1>&6 X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS" else - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 fi fi # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX. echo $ac_n "checking for remove""... $ac_c" 1>&6 -echo "configure:4464: checking for remove" >&5 +echo "configure:4850: checking for remove" >&5 if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - cat > conftest.$ac_ext < conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char remove(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_remove) || defined (__stub___remove) choke me #else remove(); #endif ; return 0; } EOF -if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4878: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_remove=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_remove=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'remove`\" = yes"; then echo "$ac_t""yes" 1>&6 : else echo "$ac_t""no" 1>&6 fi if test $ac_cv_func_remove = no; then echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6 -echo "configure:4513: checking for remove in -lposix" >&5 +echo "configure:4899: checking for remove in -lposix" >&5 ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lposix $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4918: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix" else echo "$ac_t""no" 1>&6 fi fi # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay. echo $ac_n "checking for shmat""... $ac_c" 1>&6 -echo "configure:4556: checking for shmat" >&5 +echo "configure:4942: checking for shmat" >&5 if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char shmat(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_shmat) || defined (__stub___shmat) choke me #else shmat(); #endif ; return 0; } EOF -if { (eval echo configure:4584: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4970: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_shmat=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_shmat=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'shmat`\" = yes"; then - echo "$ac_t""yes" 1>&6 + echo "$ac_t""yes" 1>&6 : else - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 fi if test $ac_cv_func_shmat = no; then echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6 -echo "configure:4605: checking for shmat in -lipc" >&5 +echo "configure:4991: checking for shmat in -lipc" >&5 ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lipc $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5010: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc" else echo "$ac_t""no" 1>&6 fi fi fi # Check for libraries that X11R6 Xt/Xaw programs need. ac_save_LDFLAGS="$LDFLAGS" test -n "$x_libraries" && LDFLAGS="$LDFLAGS -L$x_libraries" # SM needs ICE to (dynamically) link under SunOS 4.x (so we have to # check for ICE first), but we must link in the order -lSM -lICE or # we get undefined symbols. So assume we have SM if we have ICE. # These have to be linked with before -lX11, unlike the other # libraries we check for below, so use a different variable. # --interran@uluru.Stanford.EDU, kb@cs.umb.edu. echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6 -echo "configure:4657: checking for IceConnectionNumber in -lICE" >&5 +echo "configure:5043: checking for IceConnectionNumber in -lICE" >&5 ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" -LIBS="-lICE $LIBS" +LIBS="-lICE $X_EXTRA_LIBS $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5062: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE" else echo "$ac_t""no" 1>&6 fi LDFLAGS="$ac_save_LDFLAGS" fi + +# try to figure out if we need any additional ld flags, like -R +# and yes, the autoconf X test is utterly broken +if test "$no_x" != yes; then + echo $ac_n "checking for special X linker flags""... $ac_c" 1>&6 +echo "configure:5091: checking for special X linker flags" >&5 +if eval "test \"`echo '$''{'krb_cv_sys_x_libs_rpath'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + ac_save_libs="$LIBS" + ac_save_cflags="$CFLAGS" + CFLAGS="$CFLAGS $X_CFLAGS" + krb_cv_sys_x_libs_rpath="" + krb_cv_sys_x_libs="" + for rflag in "" "-R" "-R " "-rpath "; do + if test "$rflag" = ""; then + foo="$X_LIBS" + else + foo="" + for flag in $X_LIBS; do + case $flag in + -L*) + foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`" + ;; + *) + foo="$foo $flag" + ;; +esac + done + fi + LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS" + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext < + foo() + { + XOpenDisplay(NULL); + } + main() + { + return 0; + } + +EOF +if { (eval echo configure:5136: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + : +fi +rm -fr conftest* +fi + + done + LIBS="$ac_save_libs" + CFLAGS="$ac_save_cflags" + +fi + +echo "$ac_t""$krb_cv_sys_x_libs_rpath" 1>&6 + X_LIBS="$krb_cv_sys_x_libs" +fi + if test "$no_x" = "yes" ; then MAKE_X_PROGS_BIN="" MAKE_X_PROGS_LIBEXEC="" else MAKE_X_PROGS_BIN='$(X_PROGS_BIN)' MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)' fi + save_CFLAGS="$CFLAGS" CFLAGS="$X_CFLAGS $CFLAGS" save_LIBS="$LIBS" LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS" save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $X_LIBS" -echo $ac_n "checking for XauReadAuth""... $ac_c" 1>&6 -echo "configure:4718: checking for XauReadAuth" >&5 -if eval "test \"`echo '$''{'ac_cv_funclib_XauReadAuth'+set}'`\" = set"; then + + +echo $ac_n "checking for XauWriteAuth""... $ac_c" 1>&6 +echo "configure:5179: checking for XauWriteAuth" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_XauWriteAuth'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then +if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then ac_save_LIBS="$LIBS" - for ac_lib in "" Xau X11; do + for ac_lib in "" X11 Xau; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS=" $ac_lib $ac_save_LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* - eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break + eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done - eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}" + eval "ac_cv_funclib_XauWriteAuth=\${ac_cv_funclib_XauWriteAuth-no}" LIBS="$ac_save_LIBS" fi fi -eval "ac_res=\$ac_cv_funclib_XauReadAuth" +eval "ac_res=\$ac_cv_funclib_XauWriteAuth" -# autoheader tricks *sigh* : << END -@@@funcs="$funcs XauReadAuth"@@@ -@@@libs="$libs Xau X11"@@@ +@@@funcs="$funcs XauWriteAuth"@@@ +@@@libs="$libs "" X11 Xau"@@@ END -eval "ac_tr_func=HAVE_`echo XauReadAuth | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" -eval "LIB_XauReadAuth=$ac_res" +# XauWriteAuth +eval "ac_tr_func=HAVE_`echo XauWriteAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_XauWriteAuth=$ac_res" case "$ac_res" in yes) - eval "ac_cv_func_XauReadAuth=yes" - eval "LIB_XauReadAuth=" + eval "ac_cv_func_XauWriteAuth=yes" + eval "LIB_XauWriteAuth=" cat >> confdefs.h <&6 ;; no) - eval "ac_cv_func_XauReadAuth=no" - eval "LIB_XauReadAuth=" + eval "ac_cv_func_XauWriteAuth=no" + eval "LIB_XauWriteAuth=" echo "$ac_t""no" 1>&6 ;; *) - eval "ac_cv_func_XauReadAuth=yes" + eval "ac_cv_func_XauWriteAuth=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac ac_xxx="$LIBS" -LIBS="$LIB_XauReadAuth $LIBS" -for ac_func in XauWriteAuth -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4802: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); +LIBS="$LIB_XauWriteAuth $LIBS" -int main() { -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif -; return 0; } -EOF -if { (eval echo configure:4830: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 -fi -done - -if test "$ac_cv_func_XauWriteAuth" != "yes"; then - XauWriteAuth_c=writeauth.c - XauWriteAuth_o=writeauth.o -fi -LIBS="$ac_xxx" - -CFLAGS=$save_CFLAGS -LIBS=$save_LIBS -LDFLAGS=$save_LDFLAGS - - -save_LIBS="$LIBS" - - -echo $ac_n "checking for dbopen""... $ac_c" 1>&6 -echo "configure:4869: checking for dbopen" >&5 -if eval "test \"`echo '$''{'ac_cv_funclib_dbopen'+set}'`\" = set"; then +echo $ac_n "checking for XauReadAuth""... $ac_c" 1>&6 +echo "configure:5266: checking for XauReadAuth" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_XauReadAuth'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then +if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then ac_save_LIBS="$LIBS" - for ac_lib in "" $berkeley_db; do + for ac_lib in "" X11 Xau; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS=" $ac_lib $ac_save_LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5288: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* - eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break + eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done - eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}" + eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}" LIBS="$ac_save_LIBS" fi fi -eval "ac_res=\$ac_cv_funclib_dbopen" +eval "ac_res=\$ac_cv_funclib_XauReadAuth" -# autoheader tricks *sigh* : << END -@@@funcs="$funcs dbopen"@@@ -@@@libs="$libs $berkeley_db"@@@ +@@@funcs="$funcs XauReadAuth"@@@ +@@@libs="$libs "" X11 Xau"@@@ END -eval "ac_tr_func=HAVE_`echo dbopen | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" -eval "LIB_dbopen=$ac_res" +# XauReadAuth +eval "ac_tr_func=HAVE_`echo XauReadAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_XauReadAuth=$ac_res" case "$ac_res" in yes) - eval "ac_cv_func_dbopen=yes" - eval "LIB_dbopen=" + eval "ac_cv_func_XauReadAuth=yes" + eval "LIB_XauReadAuth=" cat >> confdefs.h <&6 ;; no) - eval "ac_cv_func_dbopen=no" - eval "LIB_dbopen=" + eval "ac_cv_func_XauReadAuth=no" + eval "LIB_XauReadAuth=" echo "$ac_t""no" 1>&6 ;; *) - eval "ac_cv_func_dbopen=yes" + eval "ac_cv_func_XauReadAuth=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac -LIBS="$LIB_dbopen $LIBS" +LIBS="$LIB_XauReadAauth $LIBS" + -echo $ac_n "checking for dbm_firstkey""... $ac_c" 1>&6 -echo "configure:4952: checking for dbm_firstkey" >&5 -if eval "test \"`echo '$''{'ac_cv_funclib_dbm_firstkey'+set}'`\" = set"; then +echo $ac_n "checking for XauFileName""... $ac_c" 1>&6 +echo "configure:5352: checking for XauFileName" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_XauFileName'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - -if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then + +if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then ac_save_LIBS="$LIBS" - for ac_lib in "" $berkeley_db gdbm ndbm; do + for ac_lib in "" X11 Xau; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" - fi - cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* - eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break + eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 -fi + fi rm -f conftest* - done - eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}" +done + eval "ac_cv_funclib_XauFileName=\${ac_cv_funclib_XauFileName-no}" LIBS="$ac_save_LIBS" fi -fi + fi -eval "ac_res=\$ac_cv_funclib_dbm_firstkey" +eval "ac_res=\$ac_cv_funclib_XauFileName" -# autoheader tricks *sigh* : << END -@@@funcs="$funcs dbm_firstkey"@@@ -@@@libs="$libs $berkeley_db gdbm ndbm"@@@ +@@@funcs="$funcs XauFileName"@@@ +@@@libs="$libs "" X11 Xau"@@@ END -eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" -eval "LIB_dbm_firstkey=$ac_res" +# XauFileName +eval "ac_tr_func=HAVE_`echo XauFileName | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_XauFileName=$ac_res" case "$ac_res" in yes) - eval "ac_cv_func_dbm_firstkey=yes" - eval "LIB_dbm_firstkey=" + eval "ac_cv_func_XauFileName=yes" + eval "LIB_XauFileName=" cat >> confdefs.h <&6 ;; no) - eval "ac_cv_func_dbm_firstkey=no" - eval "LIB_dbm_firstkey=" + eval "ac_cv_func_XauFileName=no" + eval "LIB_XauFileName=" echo "$ac_t""no" 1>&6 ;; *) - eval "ac_cv_func_dbm_firstkey=yes" + eval "ac_cv_func_XauFileName=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac -if test -n "$LIB_dbopen"; then - LIB_DBM="$LIB_dbopen" +LIBS="$ac_xxx" + +case "$ac_cv_funclib_XauWriteAuth" in +yes) ;; +no) ;; +*) if test "$ac_cv_funclib_XauReadAuth" = yes; then + if test "$ac_cv_funclib_XauFileName" = yes; then + LIB_XauReadAuth="$LIB_XauWriteAuth" + else + LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName" + fi + else + if test "$ac_cv_funclib_XauFileName" = yes; then + LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth" + else + LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName" + fi + fi + ;; +esac + +if test "$AUTOMAKE" != ""; then + + +if test "$ac_cv_func_XauWriteAuth" != "yes"; then + NEED_WRITEAUTH_TRUE= + NEED_WRITEAUTH_FALSE='#' else - LIB_DBM="$LIB_dbm_firstkey" + NEED_WRITEAUTH_TRUE='#' + NEED_WRITEAUTH_FALSE= fi -LIBS="$save_LIBS" +else + + + if test "$ac_cv_func_XauWriteAuth" != "yes"; then + NEED_WRITEAUTH_TRUE= + NEED_WRITEAUTH_FALSE='#' + else + NEED_WRITEAUTH_TRUE='#' + NEED_WRITEAUTH_FALSE= + fi +fi +CFLAGS=$save_CFLAGS +LIBS=$save_LIBS +LDFLAGS=$save_LDFLAGS + +lib_dbm=no +lib_db=no + +for i in "" $berkeley_db gdbm ndbm; do + + if test "$i"; then + m="lib$i" + l="-l$i" + else + m="libc" + l="" + fi + + echo $ac_n "checking for dbm_open in $m""... $ac_c" 1>&6 +echo "configure:5497: checking for dbm_open in $m" >&5 + if eval "test \"`echo '$''{'ac_cv_krb_dbm_open_$m'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + + save_LIBS="$LIBS" + LIBS="$l $LIBS" + if test "$cross_compiling" = yes; then + ac_res=no +else + cat > conftest.$ac_ext < +#include +#if defined(HAVE_NDBM_H) +#include +#elif defined(HAVE_DBM_H) +#include +#elif defined(HAVE_RPCSVC_DBM_H) +#include +#elif defined(HAVE_DB_H) +#define DB_DBM_HSEARCH 1 +#include +#endif +int main() +{ + DBM *d; + + d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); + if(d == NULL) + return 1; + dbm_close(d); + return 0; +} +EOF +if { (eval echo configure:5535: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + + if test -f conftest.db; then + ac_res=db + else + ac_res=dbm + fi +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_res=no +fi +rm -fr conftest* +fi + + + LIBS="$save_LIBS" + + eval ac_cv_krb_dbm_open_$m=$ac_res +fi + + eval ac_res=\$ac_cv_krb_dbm_open_$m + echo "$ac_t""$ac_res" 1>&6 + + if test "$lib_dbm" = no -a $ac_res = dbm; then + lib_dbm="$l" + elif test "$lib_db" = no -a $ac_res = db; then + lib_db="$l" + break + fi +done + +echo $ac_n "checking for NDBM library""... $ac_c" 1>&6 +echo "configure:5570: checking for NDBM library" >&5 +ac_ndbm=no +if test "$lib_db" != no; then + LIB_DBM="$lib_db" + ac_ndbm=yes + cat >> confdefs.h <<\EOF +#define HAVE_NEW_DB 1 +EOF + + if test "$LIB_DBM"; then + ac_res="yes, $LIB_DBM" + else + ac_res=yes + fi +elif test "$lib_dbm" != no; then + LIB_DBM="$lib_dbm" + ac_ndbm=yes + if test "$LIB_DBM"; then + ac_res="yes, $LIB_DBM" + else + ac_res=yes + fi +else + LIB_DBM="" + ac_res=no +fi +test "$ac_ndbm" = yes && cat >> confdefs.h <<\EOF +#define NDBM 1 +EOF + +DBLIB="$LIB_DBM" + +echo "$ac_t""$ac_res" 1>&6 + + + + + + + echo $ac_n "checking for syslog""... $ac_c" 1>&6 -echo "configure:5042: checking for syslog" >&5 +echo "configure:5611: checking for syslog" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_syslog'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_syslog\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" syslog; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS=" $ac_lib $ac_save_LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5633: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_syslog" -# autoheader tricks *sigh* : << END @@@funcs="$funcs syslog"@@@ -@@@libs="$libs syslog"@@@ +@@@libs="$libs "" syslog"@@@ END -eval "ac_tr_func=HAVE_`echo syslog | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# syslog +eval "ac_tr_func=HAVE_`echo syslog | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_syslog=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_syslog=yes" eval "LIB_syslog=" cat >> confdefs.h <&6 ;; no) eval "ac_cv_func_syslog=no" eval "LIB_syslog=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_syslog=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_syslog"; then LIBS="$LIB_syslog $LIBS" fi + echo $ac_n "checking for working snprintf""... $ac_c" 1>&6 -echo "configure:5127: checking for working snprintf" >&5 +echo "configure:5699: checking for working snprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_snprintf_working'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_func_snprintf_working=yes if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #include int main() { char foo[3]; snprintf(foo, 2, "12"); return strcmp(foo, "1"); } EOF -if { (eval echo configure:5148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5720: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* ac_cv_func_snprintf_working=no fi rm -fr conftest* fi fi echo "$ac_t""$ac_cv_func_snprintf_working" 1>&6 -: << END -@@@funcs="$funcs snprintf"@@@ -END + if test "$ac_cv_func_snprintf_working" = yes; then - foo=HAVE_SNPRINTF cat >> confdefs.h <&6 -echo "configure:5177: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then +if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then +echo $ac_n "checking if snprintf needs a prototype""... $ac_c" 1>&6 +echo "configure:5746: checking if snprintf needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_snprintf_noproto'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - +#include int main() { +struct foo { int foo; } xx; +extern int snprintf (struct foo*); +snprintf(&xx); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif - ; return 0; } EOF -if { (eval echo configure:5205: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5761: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" + eval "ac_cv_func_snprintf_noproto=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - eval "ac_cv_func_$ac_func=no" + eval "ac_cv_func_snprintf_noproto=no" fi rm -f conftest* fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 + +if test "$ac_cv_func_snprintf_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_SNPRINTF_PROTO 1 EOF - -else - echo "$ac_t""no" 1>&6 + fi -done +fi +fi -for ac_func in _getpty _scrsize _setsid _stricmp fchmod fcntl flock -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5234: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + +echo $ac_n "checking for working glob""... $ac_c" 1>&6 +echo "configure:5788: checking for working glob" >&5 +if eval "test \"`echo '$''{'ac_cv_func_glob_working'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - cat > conftest.$ac_ext < conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); +#include +#include int main() { -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif +glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL); ; return 0; } EOF -if { (eval echo configure:5262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5805: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" + : else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - eval "ac_cv_func_$ac_func=no" + ac_cv_func_glob_working=no fi rm -f conftest* fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 + +if test "$ac_cv_func_glob_working" = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_GLOB 1 EOF - -else - echo "$ac_t""no" 1>&6 + fi -done +if test "$ac_cv_func_glob_working" = yes; then -for ac_func in forkpty frevoke gethostname getlogin getpriority getservbyname -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5289: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then +if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then +echo $ac_n "checking if glob needs a prototype""... $ac_c" 1>&6 +echo "configure:5829: checking if glob needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_glob_noproto'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - +#include +#include int main() { +struct foo { int foo; } xx; +extern int glob (struct foo*); +glob(&xx); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif - ; return 0; } EOF -if { (eval echo configure:5317: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5845: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" + eval "ac_cv_func_glob_noproto=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - eval "ac_cv_func_$ac_func=no" + eval "ac_cv_func_glob_noproto=no" fi rm -f conftest* fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 + +if test "$ac_cv_func_glob_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_GLOB_PROTO 1 EOF - -else - echo "$ac_t""no" 1>&6 + fi -done -for ac_func in getspnam getspuid gettimeofday getuid grantpt -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5344: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); +fi -int main() { +fi -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif -; return 0; } -EOF -if { (eval echo configure:5372: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" +if test "$ac_cv_func_glob_working" != yes; then + EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS glob.h" + LIBOBJS="$LIBOBJS glob.o" fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 -fi -done - -for ac_func in innetgr iruserok mktime ptsname rand random +for ac_func in \ + _getpty \ + _scrsize \ + _setsid \ + _stricmp \ + asnprintf \ + asprintf \ + atexit \ + cgetent \ + chroot \ + fattach \ + fchmod \ + fcntl \ + forkpty \ + frevoke \ + getpriority \ + getrlimit \ + getservbyname \ + getspnam \ + gettimeofday \ + gettosbyname \ + getuid \ + grantpt \ + mktime \ + on_exit \ + parsetos \ + ptsname \ + rand \ + random \ + revoke \ + setitimer \ + setpgid \ + setpriority \ + setproctitle \ + setregid \ + setresgid \ + setresuid \ + setreuid \ + setsid \ + setutent \ + sigaction \ + sysconf \ + sysctl \ + ttyname \ + ttyslot \ + ulimit \ + uname \ + unlockpt \ + vasnprintf \ + vasprintf \ + vhangup \ + vsnprintf \ + yp_get_default_domain \ + do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5399: checking for $ac_func" >&5 +echo "configure:5932: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:5427: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi done -for ac_func in revoke setitimer setlogin setpgid setpriority -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5454: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); -int main() { -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif -; return 0; } -EOF -if { (eval echo configure:5482: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 -fi -done - -for ac_func in setproctitle setregid setresgid setresuid setreuid setsid +for ac_hdr in capability.h sys/capability.h do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5509: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:5991: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif - -; return 0; } +#include <$ac_hdr> EOF -if { (eval echo configure:5537: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:6001: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" + eval "ac_cv_header_$ac_safe=yes" else + echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - eval "ac_cv_func_$ac_func=no" + eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi - -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` cat >> confdefs.h <&6 fi done -for ac_func in setutent swab ttyname ttyslot ulimit uname + +for ac_func in sgi_getcapabilitybyname cap_set_proc do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5564: checking for $ac_func" >&5 +echo "configure:6031: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:5592: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6059: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi done -for ac_func in unlockpt vhangup yp_get_default_domain -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5619: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); -int main() { -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif -; return 0; } -EOF -if { (eval echo configure:5647: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 -fi -done - echo $ac_n "checking for getpwnam_r""... $ac_c" 1>&6 -echo "configure:5674: checking for getpwnam_r" >&5 +echo "configure:6090: checking for getpwnam_r" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_getpwnam_r'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" c_r; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS=" $ac_lib $ac_save_LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6112: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_getpwnam_r" -# autoheader tricks *sigh* : << END @@@funcs="$funcs getpwnam_r"@@@ -@@@libs="$libs c_r"@@@ +@@@libs="$libs "" c_r"@@@ END -eval "ac_tr_func=HAVE_`echo getpwnam_r | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# getpwnam_r +eval "ac_tr_func=HAVE_`echo getpwnam_r | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_getpwnam_r=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_getpwnam_r=yes" eval "LIB_getpwnam_r=" cat >> confdefs.h <&6 ;; no) eval "ac_cv_func_getpwnam_r=no" eval "LIB_getpwnam_r=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_getpwnam_r=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test "$ac_cv_func_getpwnam_r" = yes; then echo $ac_n "checking if getpwnam_r is posix""... $ac_c" 1>&6 -echo "configure:5755: checking if getpwnam_r is posix" >&5 +echo "configure:6173: checking if getpwnam_r is posix" >&5 if eval "test \"`echo '$''{'ac_cv_func_getpwnam_r_posix'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_libs="$LIBS" LIBS="$LIBS $LIB_getpwnam_r" if test "$cross_compiling" = yes; then : else - cat > conftest.$ac_ext < conftest.$ac_ext < int main() { struct passwd pw, *pwd; return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; } EOF -if { (eval echo configure:5776: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6194: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_getpwnam_r_posix=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* ac_cv_func_getpwnam_r_posix=no fi rm -fr conftest* fi LIBS="$ac_libs" fi echo "$ac_t""$ac_cv_func_getpwnam_r_posix" 1>&6 if test "$ac_cv_func_getpwnam_r_posix" = yes; then cat >> confdefs.h <<\EOF #define POSIX_GETPWNAM_R 1 EOF fi fi + + echo $ac_n "checking for getsockopt""... $ac_c" 1>&6 -echo "configure:5803: checking for getsockopt" >&5 +echo "configure:6223: checking for getsockopt" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_getsockopt'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" ; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS=" $ac_lib $ac_save_LIBS" cat > conftest.$ac_ext < #endif #ifdef HAVE_SYS_SOCKET_H #include #endif int main() { getsockopt(0,0,0,0,0) ; return 0; } EOF -if { (eval echo configure:5828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_getsockopt" -# autoheader tricks *sigh* : << END @@@funcs="$funcs getsockopt"@@@ -@@@libs="$libs "@@@ +@@@libs="$libs "" "@@@ END -eval "ac_tr_func=HAVE_`echo getsockopt | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# getsockopt +eval "ac_tr_func=HAVE_`echo getsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_getsockopt=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_getsockopt=yes" eval "LIB_getsockopt=" cat >> confdefs.h <&6 ;; no) eval "ac_cv_func_getsockopt=no" eval "LIB_getsockopt=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_getsockopt=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac + echo $ac_n "checking for setsockopt""... $ac_c" 1>&6 -echo "configure:5890: checking for setsockopt" >&5 +echo "configure:6313: checking for setsockopt" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_setsockopt'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" ; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS=" $ac_lib $ac_save_LIBS" cat > conftest.$ac_ext < #endif #ifdef HAVE_SYS_SOCKET_H #include #endif int main() { setsockopt(0,0,0,0,0) ; return 0; } EOF -if { (eval echo configure:5915: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_setsockopt" -# autoheader tricks *sigh* : << END @@@funcs="$funcs setsockopt"@@@ -@@@libs="$libs "@@@ +@@@libs="$libs "" "@@@ END -eval "ac_tr_func=HAVE_`echo setsockopt | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# setsockopt +eval "ac_tr_func=HAVE_`echo setsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_setsockopt=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_setsockopt=yes" eval "LIB_setsockopt=" cat >> confdefs.h <&6 ;; no) eval "ac_cv_func_setsockopt=no" eval "LIB_setsockopt=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_setsockopt=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac for ac_func in getudbnam setlim do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5978: checking for $ac_func" >&5 +echo "configure:6403: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:6006: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6431: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 + echo "$ac_t""yes" 1>&6 ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 -fi + fi done + echo $ac_n "checking for res_search""... $ac_c" 1>&6 -echo "configure:6035: checking for res_search" >&5 +echo "configure:6461: checking for res_search" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_res_search'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_res_search\" != yes" ; then - ac_save_LIBS="$LIBS" + ac_save_LIBS="$LIBS" for ac_lib in "" resolv; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext < #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_ARPA_NAMESER_H #include #endif #ifdef HAVE_RESOLV_H #include #endif int main() { res_search(0,0,0,0,0) ; return 0; } EOF -if { (eval echo configure:6069: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6497: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}" - LIBS="$ac_save_LIBS" +LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_res_search" -# autoheader tricks *sigh* : << END @@@funcs="$funcs res_search"@@@ -@@@libs="$libs resolv"@@@ +@@@libs="$libs "" resolv"@@@ END -eval "ac_tr_func=HAVE_`echo res_search | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# res_search +eval "ac_tr_func=HAVE_`echo res_search | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_res_search=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_res_search=yes" eval "LIB_res_search=" cat >> confdefs.h <&6 + echo "$ac_t""yes" 1>&6 ;; no) eval "ac_cv_func_res_search=no" eval "LIB_res_search=" - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_res_search=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_res_search"; then LIBS="$LIB_res_search $LIBS" fi + echo $ac_n "checking for dn_expand""... $ac_c" 1>&6 -echo "configure:6137: checking for dn_expand" >&5 +echo "configure:6566: checking for dn_expand" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_dn_expand'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then - ac_save_LIBS="$LIBS" + ac_save_LIBS="$LIBS" for ac_lib in "" resolv; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi - cat > conftest.$ac_ext < conftest.$ac_ext < #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_ARPA_NAMESER_H #include #endif #ifdef HAVE_RESOLV_H #include #endif int main() { dn_expand(0,0,0,0,0) ; return 0; } EOF -if { (eval echo configure:6171: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6602: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}" - LIBS="$ac_save_LIBS" +LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_dn_expand" -# autoheader tricks *sigh* : << END @@@funcs="$funcs dn_expand"@@@ -@@@libs="$libs resolv"@@@ +@@@libs="$libs "" resolv"@@@ END -eval "ac_tr_func=HAVE_`echo dn_expand | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# dn_expand +eval "ac_tr_func=HAVE_`echo dn_expand | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_dn_expand=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_dn_expand=yes" eval "LIB_dn_expand=" cat >> confdefs.h <&6 + echo "$ac_t""yes" 1>&6 ;; no) eval "ac_cv_func_dn_expand=no" eval "LIB_dn_expand=" - echo "$ac_t""no" 1>&6 + echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_dn_expand=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_dn_expand"; then LIBS="$LIB_dn_expand $LIBS" fi for ac_hdr in unistd.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:6240: checking for $ac_hdr" >&5 +echo "configure:6671: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - cat > conftest.$ac_ext < conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:6250: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:6681: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` cat >> confdefs.h <&6 -fi + fi done for ac_func in getpagesize do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6279: checking for $ac_func" >&5 +echo "configure:6710: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:6307: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi done echo $ac_n "checking for working mmap""... $ac_c" 1>&6 -echo "configure:6332: checking for working mmap" >&5 +echo "configure:6763: checking for working mmap" >&5 if eval "test \"`echo '$''{'ac_cv_func_mmap_fixed_mapped'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then ac_cv_func_mmap_fixed_mapped=no else - cat > conftest.$ac_ext < conftest.$ac_ext < #include #include /* This mess was copied from the GNU getpagesize.h. */ #ifndef HAVE_GETPAGESIZE # ifdef HAVE_UNISTD_H # include # endif /* Assume that all systems that can run configure have sys/param.h. */ # ifndef HAVE_SYS_PARAM_H # define HAVE_SYS_PARAM_H 1 # endif # ifdef _SC_PAGESIZE # define getpagesize() sysconf(_SC_PAGESIZE) # else /* no _SC_PAGESIZE */ # ifdef HAVE_SYS_PARAM_H # include # ifdef EXEC_PAGESIZE # define getpagesize() EXEC_PAGESIZE # else /* no EXEC_PAGESIZE */ # ifdef NBPG # define getpagesize() NBPG * CLSIZE # ifndef CLSIZE # define CLSIZE 1 # endif /* no CLSIZE */ # else /* no NBPG */ # ifdef NBPC # define getpagesize() NBPC # else /* no NBPC */ # ifdef PAGESIZE # define getpagesize() PAGESIZE # endif /* PAGESIZE */ # endif /* no NBPC */ # endif /* no NBPG */ # endif /* no EXEC_PAGESIZE */ # else /* no HAVE_SYS_PARAM_H */ # define getpagesize() 8192 /* punt totally */ # endif /* no HAVE_SYS_PARAM_H */ # endif /* no _SC_PAGESIZE */ #endif /* no HAVE_GETPAGESIZE */ #ifdef __cplusplus extern "C" { void *malloc(unsigned); } #else char *malloc(); #endif int main() { char *data, *data2, *data3; int i, pagesize; int fd; pagesize = getpagesize(); /* * First, make a file with some known garbage in it. */ data = malloc(pagesize); if (!data) exit(1); for (i = 0; i < pagesize; ++i) *(data + i) = rand(); umask(0); fd = creat("conftestmmap", 0600); if (fd < 0) exit(1); if (write(fd, data, pagesize) != pagesize) exit(1); close(fd); /* * Next, try to mmap the file at a fixed address which * already has something else allocated at it. If we can, * also make sure that we see the same garbage. */ fd = open("conftestmmap", O_RDWR); if (fd < 0) exit(1); data2 = malloc(2 * pagesize); if (!data2) exit(1); data2 += (pagesize - ((int) data2 & (pagesize - 1))) & (pagesize - 1); if (data2 != mmap(data2, pagesize, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_FIXED, fd, 0L)) exit(1); for (i = 0; i < pagesize; ++i) if (*(data + i) != *(data2 + i)) exit(1); /* * Finally, make sure that changes to the mapped area * do not percolate back to the file as seen by read(). * (This is a bug on some variants of i386 svr4.0.) */ for (i = 0; i < pagesize; ++i) *(data2 + i) = *(data2 + i) + 1; data3 = malloc(pagesize); if (!data3) exit(1); if (read(fd, data3, pagesize) != pagesize) exit(1); for (i = 0; i < pagesize; ++i) if (*(data + i) != *(data3 + i)) exit(1); close(fd); unlink("conftestmmap"); exit(0); } EOF -if { (eval echo configure:6480: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_mmap_fixed_mapped=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* ac_cv_func_mmap_fixed_mapped=no fi rm -fr conftest* fi fi echo "$ac_t""$ac_cv_func_mmap_fixed_mapped" 1>&6 if test $ac_cv_func_mmap_fixed_mapped = yes; then cat >> confdefs.h <<\EOF #define HAVE_MMAP 1 EOF fi # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works # for constant arguments. Useless! echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 -echo "configure:6505: checking for working alloca.h" >&5 +echo "configure:6936: checking for working alloca.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - cat > conftest.$ac_ext < conftest.$ac_ext < int main() { char *p = alloca(2 * sizeof(int)); ; return 0; } EOF -if { (eval echo configure:6517: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6948: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_header_alloca_h=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_header_alloca_h=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_header_alloca_h" 1>&6 if test $ac_cv_header_alloca_h = yes; then cat >> confdefs.h <<\EOF #define HAVE_ALLOCA_H 1 EOF -fi + fi echo $ac_n "checking for alloca""... $ac_c" 1>&6 -echo "configure:6538: checking for alloca" >&5 +echo "configure:6969: checking for alloca" >&5 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < +# ifdef _MSC_VER +# include +# define alloca _alloca # else -# ifdef _AIX - #pragma alloca +# if HAVE_ALLOCA_H +# include # else -# ifndef alloca /* predefined by HP cc +Olibcalls */ +# ifdef _AIX + #pragma alloca +# else +# ifndef alloca /* predefined by HP cc +Olibcalls */ char *alloca (); -# endif +# endif +#endif # endif # endif #endif int main() { char *p = (char *) alloca(1); ; return 0; } EOF -if { (eval echo configure:6566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7002: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_func_alloca_works=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_func_alloca_works=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_func_alloca_works" 1>&6 if test $ac_cv_func_alloca_works = yes; then cat >> confdefs.h <<\EOF #define HAVE_ALLOCA 1 EOF fi if test $ac_cv_func_alloca_works = no; then # The SVR3 libPW and SVR4 libucb both contain incompatible functions # that cause trouble. Some versions do not even contain alloca or # contain a buggy version. If you still want to use their alloca, # use ar to extract alloca.o from them instead of compiling alloca.c. - ALLOCA=alloca.o + ALLOCA=alloca.${ac_objext} cat >> confdefs.h <<\EOF #define C_ALLOCA 1 EOF echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 -echo "configure:6598: checking whether alloca needs Cray hooks" >&5 +echo "configure:7034: checking whether alloca needs Cray hooks" >&5 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - cat > conftest.$ac_ext < conftest.$ac_ext <&5 | egrep "webecray" >/dev/null 2>&1; then rm -rf conftest* ac_cv_os_cray=yes else rm -rf conftest* ac_cv_os_cray=no fi rm -f conftest* -fi + fi echo "$ac_t""$ac_cv_os_cray" 1>&6 if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6628: checking for $ac_func" >&5 +echo "configure:7064: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - cat > conftest.$ac_ext < conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:6656: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7092: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <&6 fi done fi echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 -echo "configure:6683: checking stack direction for C alloca" >&5 +echo "configure:7119: checking stack direction for C alloca" >&5 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then ac_cv_c_stack_direction=0 else - cat > conftest.$ac_ext < conftest.$ac_ext < addr) ? 1 : -1; } main () { exit (find_stack_direction() < 0); } EOF -if { (eval echo configure:6710: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:7146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_stack_direction=1 else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* ac_cv_c_stack_direction=-1 fi rm -fr conftest* fi fi echo "$ac_t""$ac_cv_c_stack_direction" 1>&6 -cat >> confdefs.h <> confdefs.h <&6 +echo "configure:7172: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7200: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + if test "$ac_cv_func_getlogin" = yes; then echo $ac_n "checking if getlogin is posix""... $ac_c" 1>&6 -echo "configure:6738: checking if getlogin is posix" >&5 +echo "configure:7226: checking if getlogin is posix" >&5 if eval "test \"`echo '$''{'ac_cv_func_getlogin_posix'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then ac_cv_func_getlogin_posix=no else ac_cv_func_getlogin_posix=yes fi fi echo "$ac_t""$ac_cv_func_getlogin_posix" 1>&6 if test "$ac_cv_func_getlogin_posix" = yes; then cat >> confdefs.h <<\EOF #define POSIX_GETLOGIN 1 EOF fi fi + + echo $ac_n "checking for hstrerror""... $ac_c" 1>&6 -echo "configure:6764: checking for hstrerror" >&5 +echo "configure:7254: checking for hstrerror" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_hstrerror'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" resolv; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS=" $ac_lib $ac_save_LIBS" cat > conftest.$ac_ext < #endif int main() { hstrerror(17) ; return 0; } EOF -if { (eval echo configure:6786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_hstrerror" -# autoheader tricks *sigh* : << END @@@funcs="$funcs hstrerror"@@@ -@@@libs="$libs resolv"@@@ +@@@libs="$libs "" resolv"@@@ END -eval "ac_tr_func=HAVE_`echo hstrerror | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# hstrerror +eval "ac_tr_func=HAVE_`echo hstrerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_hstrerror=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_hstrerror=yes" eval "LIB_hstrerror=" cat >> confdefs.h <&6 ;; no) eval "ac_cv_func_hstrerror=no" eval "LIB_hstrerror=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_hstrerror=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac if test -n "$LIB_hstrerror"; then LIBS="$LIB_hstrerror $LIBS" fi if eval "test \"$ac_cv_func_hstrerror\" != yes"; then LIBOBJS="$LIBOBJS hstrerror.o" fi +if test "$ac_cv_func_hstrerror" = yes; then -for ac_func in chown daemon err errx fchown getcwd getdtablesize getopt +if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then +echo $ac_n "checking if hstrerror needs a prototype""... $ac_c" 1>&6 +echo "configure:7349: checking if hstrerror needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_hstrerror_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif +int main() { +struct foo { int foo; } xx; +extern int hstrerror (struct foo*); +hstrerror(&xx); + +; return 0; } +EOF +if { (eval echo configure:7367: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_hstrerror_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_hstrerror_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_hstrerror_noproto" 1>&6 + +if test "$ac_cv_func_hstrerror_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_HSTRERROR_PROTO 1 +EOF + +fi + +fi + +fi + +for ac_func in chown copyhostent daemon err errx fchown flock fnmatch freehostent do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6857: checking for $ac_func" >&5 +echo "configure:7395: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:6885: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7423: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` + cat >> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +: << END +@@@funcs="$funcs chown copyhostent daemon err errx fchown flock fnmatch freehostent"@@@ +END +done + +for ac_func in getcwd getdtablesize gethostname getipnodebyaddr getipnodebyname +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7456: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7484: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 - -ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` -cat >> confdefs.h <> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +: << END +@@@funcs="$funcs getcwd getdtablesize gethostname getipnodebyaddr getipnodebyname"@@@ +END +done + +for ac_func in geteuid getgid getegid +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7517: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` + cat >> confdefs.h <&6 LIBOBJS="$LIBOBJS ${ac_func}.o" fi -# autoheader tricks *sigh* : << END -@@@funcs="$funcs chown daemon err errx fchown getcwd getdtablesize getopt"@@@ +@@@funcs="$funcs geteuid getgid getegid"@@@ END done -for ac_func in getusershell inet_aton initgroups lstat memmove mkstemp +for ac_func in getopt getusershell do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6919: checking for $ac_func" >&5 +echo "configure:7578: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:6947: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7606: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 -ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` -cat >> confdefs.h <> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi +: << END +@@@funcs="$funcs getopt getusershell"@@@ +END +done + +for ac_func in inet_aton inet_ntop inet_pton initgroups innetgr iruserok lstat +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7639: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7667: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` + cat >> confdefs.h <&6 LIBOBJS="$LIBOBJS ${ac_func}.o" fi -# autoheader tricks *sigh* : << END -@@@funcs="$funcs getusershell inet_aton initgroups lstat memmove mkstemp"@@@ +@@@funcs="$funcs inet_aton inet_ntop inet_pton initgroups innetgr iruserok lstat"@@@ END done -for ac_func in putenv rcmd setegid setenv seteuid strcasecmp strdup +for ac_func in memmove do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6981: checking for $ac_func" >&5 +echo "configure:7700: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:7009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 -ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` -cat >> confdefs.h <> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi +: << END +@@@funcs="$funcs memmove"@@@ +END +done + +for ac_func in mkstemp putenv rcmd readv recvmsg sendmsg setegid setenv seteuid +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7761: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` + cat >> confdefs.h <&6 LIBOBJS="$LIBOBJS ${ac_func}.o" fi -# autoheader tricks *sigh* : << END -@@@funcs="$funcs putenv rcmd setegid setenv seteuid strcasecmp strdup"@@@ +@@@funcs="$funcs mkstemp putenv rcmd readv recvmsg sendmsg setegid setenv seteuid"@@@ END done -for ac_func in strerror strftime strlwr strnlen strtok_r strupr unsetenv +for ac_func in strcasecmp strncasecmp strdup strerror strftime do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7043: checking for $ac_func" >&5 +echo "configure:7822: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:7071: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7850: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 -ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` -cat >> confdefs.h <> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi +: << END +@@@funcs="$funcs strcasecmp strncasecmp strdup strerror strftime"@@@ +END +done + +for ac_func in strlcat strlcpy strlwr +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7883: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` + cat >> confdefs.h <&6 LIBOBJS="$LIBOBJS ${ac_func}.o" fi -# autoheader tricks *sigh* : << END -@@@funcs="$funcs strerror strftime strlwr strnlen strtok_r strupr unsetenv"@@@ +@@@funcs="$funcs strlcat strlcpy strlwr"@@@ END done -for ac_func in verr verrx vwarn vwarnx warn warnx +for ac_func in strndup strnlen strptime strsep strtok_r strupr do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7105: checking for $ac_func" >&5 +echo "configure:7944: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF -if { (eval echo configure:7133: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 -ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` -cat >> confdefs.h <> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi +: << END +@@@funcs="$funcs strndup strnlen strptime strsep strtok_r strupr"@@@ +END +done + +for ac_func in swab unsetenv verr verrx vsyslog +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:8005: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8033: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` + cat >> confdefs.h <&6 LIBOBJS="$LIBOBJS ${ac_func}.o" fi -# autoheader tricks *sigh* : << END -@@@funcs="$funcs verr verrx vwarn vwarnx warn warnx"@@@ +@@@funcs="$funcs swab unsetenv verr verrx vsyslog"@@@ END done +for ac_func in vwarn vwarnx warn warnx writev +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:8066: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); +int main() { +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8094: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` + cat >> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +: << END +@@@funcs="$funcs vwarn vwarnx warn warnx writev"@@@ +END +done + + +if test "$ac_cv_func_gethostname" = "yes"; then + +if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then +echo $ac_n "checking if gethostname needs a prototype""... $ac_c" 1>&6 +echo "configure:8129: checking if gethostname needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_gethostname_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +int main() { +struct foo { int foo; } xx; +extern int gethostname (struct foo*); +gethostname(&xx); + +; return 0; } +EOF +if { (eval echo configure:8145: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_gethostname_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_gethostname_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_gethostname_noproto" 1>&6 + +if test "$ac_cv_func_gethostname_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_GETHOSTNAME_PROTO 1 +EOF + +fi + +fi + +fi + +if test "$ac_cv_func_mkstemp" = "yes"; then + +if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then +echo $ac_n "checking if mkstemp needs a prototype""... $ac_c" 1>&6 +echo "configure:8174: checking if mkstemp needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_mkstemp_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +int main() { +struct foo { int foo; } xx; +extern int mkstemp (struct foo*); +mkstemp(&xx); + +; return 0; } +EOF +if { (eval echo configure:8190: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_mkstemp_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_mkstemp_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_mkstemp_noproto" 1>&6 + +if test "$ac_cv_func_mkstemp_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_MKSTEMP_PROTO 1 +EOF + +fi + +fi + +fi + +if test "$ac_cv_func_inet_aton" = "yes"; then + +if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then +echo $ac_n "checking if inet_aton needs a prototype""... $ac_c" 1>&6 +echo "configure:8219: checking if inet_aton needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_inet_aton_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +int main() { +struct foo { int foo; } xx; +extern int inet_aton (struct foo*); +inet_aton(&xx); + +; return 0; } +EOF +if { (eval echo configure:8246: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_inet_aton_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_inet_aton_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_inet_aton_noproto" 1>&6 + +if test "$ac_cv_func_inet_aton_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_INET_ATON_PROTO 1 +EOF + +fi + +fi + +fi + +echo $ac_n "checking if realloc is broken""... $ac_c" 1>&6 +echo "configure:8272: checking if realloc is broken" >&5 +if eval "test \"`echo '$''{'ac_cv_func_realloc_broken'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +ac_cv_func_realloc_broken=no + if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext < +#include + +int main() +{ + return realloc(NULL, 17) == NULL; +} + +EOF +if { (eval echo configure:8294: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_realloc_broken=yes +fi +rm -fr conftest* +fi + + +fi + +echo "$ac_t""$ac_cv_func_realloc_broken" 1>&6 +if test "$ac_cv_func_realloc_broken" = yes ; then + cat >> confdefs.h <<\EOF +#define BROKEN_REALLOC 1 +EOF + +fi + + if test "$ac_cv_func_getcwd" = yes; then echo $ac_n "checking if getcwd is broken""... $ac_c" 1>&6 -echo "configure:7168: checking if getcwd is broken" >&5 +echo "configure:8320: checking if getcwd is broken" >&5 if eval "test \"`echo '$''{'ac_cv_func_getcwd_broken'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_func_getcwd_broken=no if test "$cross_compiling" = yes; then : else - cat > conftest.$ac_ext < conftest.$ac_ext < char *getcwd(char*, int); void *popen(char *cmd, char *mode) { errno = ENOTTY; return 0; } int main() { char *ret; ret = getcwd(0, 1024); if(ret == 0 && errno == ENOTTY) return 0; return 1; } EOF -if { (eval echo configure:7201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:8353: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_getcwd_broken=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* : fi rm -fr conftest* fi fi if test "$ac_cv_func_getcwd_broken" = yes; then cat >> confdefs.h <<\EOF #define BROKEN_GETCWD 1 EOF LIBOBJS="$LIBOBJS getcwd.o" echo "$ac_t""$ac_cv_func_getcwd_broken" 1>&6 else echo "$ac_t""seems ok" 1>&6 fi fi echo $ac_n "checking which authentication modules should be built""... $ac_c" 1>&6 -echo "configure:7230: checking which authentication modules should be built" >&5 +echo "configure:8382: checking which authentication modules should be built" >&5 LIB_AUTH_SUBDIRS= if test "$ac_cv_header_siad_h" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" fi -if test "$ac_cv_header_security_pam_modules_h" = yes; then +if test "$ac_cv_header_security_pam_modules_h" = yes -a "$enable_shared" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" fi case "${host}" in *-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; esac echo "$ac_t""$LIB_AUTH_SUBDIRS" 1>&6 echo $ac_n "checking for tunnel devices""... $ac_c" 1>&6 -echo "configure:7251: checking for tunnel devices" >&5 - +echo "configure:8403: checking for tunnel devices" >&5 + APPL_KIP_DIR= if test "$ac_cv_header_net_if_tun_h" = "yes"; then APPL_KIP_DIR=kip -fi + fi echo "$ac_t""$ac_cv_header_net_if_tun_h" 1>&6 +echo $ac_n "checking if gethostbyname is compatible with system prototype""... $ac_c" 1>&6 +echo "configure:8417: checking if gethostbyname is compatible with system prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_gethostbyname_proto_compat'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +int main() { +struct hostent *gethostbyname(const char *); +; return 0; } +EOF +if { (eval echo configure:8445: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_gethostbyname_proto_compat=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_gethostbyname_proto_compat=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_gethostbyname_proto_compat" 1>&6 + +if test "$ac_cv_func_gethostbyname_proto_compat" = yes; then + cat >> confdefs.h <<\EOF +#define GETHOSTBYNAME_PROTO_COMPATIBLE 1 +EOF + +fi + + + + +echo $ac_n "checking if gethostbyaddr is compatible with system prototype""... $ac_c" 1>&6 +echo "configure:8470: checking if gethostbyaddr is compatible with system prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_gethostbyaddr_proto_compat'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +int main() { +struct hostent *gethostbyaddr(const void *, size_t, int); +; return 0; } +EOF +if { (eval echo configure:8498: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_gethostbyaddr_proto_compat=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_gethostbyaddr_proto_compat=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_gethostbyaddr_proto_compat" 1>&6 + +if test "$ac_cv_func_gethostbyaddr_proto_compat" = yes; then + cat >> confdefs.h <<\EOF +#define GETHOSTBYADDR_PROTO_COMPATIBLE 1 +EOF + +fi + + + + +echo $ac_n "checking if getservbyname is compatible with system prototype""... $ac_c" 1>&6 +echo "configure:8523: checking if getservbyname is compatible with system prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getservbyname_proto_compat'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +int main() { +struct servent *getservbyname(const char *, const char *); +; return 0; } +EOF +if { (eval echo configure:8551: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_getservbyname_proto_compat=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_getservbyname_proto_compat=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_getservbyname_proto_compat" 1>&6 + +if test "$ac_cv_func_getservbyname_proto_compat" = yes; then + cat >> confdefs.h <<\EOF +#define GETSERVBYNAME_PROTO_COMPATIBLE 1 +EOF + +fi + + + + +echo $ac_n "checking if openlog is compatible with system prototype""... $ac_c" 1>&6 +echo "configure:8576: checking if openlog is compatible with system prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_openlog_proto_compat'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif + +int main() { +void openlog(const char *, int, int); +; return 0; } +EOF +if { (eval echo configure:8592: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_openlog_proto_compat=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_openlog_proto_compat=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_openlog_proto_compat" 1>&6 + +if test "$ac_cv_func_openlog_proto_compat" = yes; then + cat >> confdefs.h <<\EOF +#define OPENLOG_PROTO_COMPATIBLE 1 +EOF + +fi + + + + +if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then echo $ac_n "checking if crypt needs a prototype""... $ac_c" 1>&6 -echo "configure:7265: checking if crypt needs a prototype" >&5 +echo "configure:8618: checking if crypt needs a prototype" >&5 if eval "test \"`echo '$''{'ac_cv_func_crypt_noproto'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - cat > conftest.$ac_ext < conftest.$ac_ext < #endif #ifdef HAVE_UNISTD_H #include #endif int main() { struct foo { int foo; } xx; extern int crypt (struct foo*); crypt(&xx); ; return 0; } EOF -if { (eval echo configure:7287: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:8640: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_func_crypt_noproto=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_crypt_noproto=no" fi rm -f conftest* fi echo "$ac_t""$ac_cv_func_crypt_noproto" 1>&6 if test "$ac_cv_func_crypt_noproto" = yes; then cat >> confdefs.h <<\EOF #define NEED_CRYPT_PROTO 1 EOF fi -: << END -@@@syms="$syms NEED_CRYPT_PROTO"@@@ -END +fi +if test "$ac_cv_func_fclose+set" != set -o "$ac_cv_func_fclose" = yes; then +echo $ac_n "checking if fclose needs a prototype""... $ac_c" 1>&6 +echo "configure:8667: checking if fclose needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_fclose_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < + +int main() { +struct foo { int foo; } xx; +extern int fclose (struct foo*); +fclose(&xx); + +; return 0; } +EOF +if { (eval echo configure:8684: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_fclose_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_fclose_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_fclose_noproto" 1>&6 + +if test "$ac_cv_func_fclose_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_FCLOSE_PROTO 1 +EOF + +fi + +fi + + + +if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then echo $ac_n "checking if strtok_r needs a prototype""... $ac_c" 1>&6 -echo "configure:7315: checking if strtok_r needs a prototype" >&5 +echo "configure:8711: checking if strtok_r needs a prototype" >&5 if eval "test \"`echo '$''{'ac_cv_func_strtok_r_noproto'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { struct foo { int foo; } xx; extern int strtok_r (struct foo*); strtok_r(&xx); ; return 0; } EOF -if { (eval echo configure:7332: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:8728: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_func_strtok_r_noproto=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_strtok_r_noproto=no" fi rm -f conftest* fi echo "$ac_t""$ac_cv_func_strtok_r_noproto" 1>&6 if test "$ac_cv_func_strtok_r_noproto" = yes; then cat >> confdefs.h <<\EOF #define NEED_STRTOK_R_PROTO 1 EOF + +fi fi -: << END -@@@syms="$syms NEED_STRTOK_R_PROTO"@@@ -END +if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then +echo $ac_n "checking if strsep needs a prototype""... $ac_c" 1>&6 +echo "configure:8755: checking if strsep needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_strsep_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < + +int main() { +struct foo { int foo; } xx; +extern int strsep (struct foo*); +strsep(&xx); + +; return 0; } +EOF +if { (eval echo configure:8772: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_strsep_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_strsep_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_strsep_noproto" 1>&6 + +if test "$ac_cv_func_strsep_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_STRSEP_PROTO 1 +EOF + +fi + +fi + + + +if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then +echo $ac_n "checking if getusershell needs a prototype""... $ac_c" 1>&6 +echo "configure:8799: checking if getusershell needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getusershell_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < + +int main() { +struct foo { int foo; } xx; +extern int getusershell (struct foo*); +getusershell(&xx); + +; return 0; } +EOF +if { (eval echo configure:8816: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_getusershell_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_getusershell_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_getusershell_noproto" 1>&6 + +if test "$ac_cv_func_getusershell_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_GETUSERSHELL_PROTO 1 +EOF + +fi + +fi + + + +if test "$ac_cv_func_utime+set" != set -o "$ac_cv_func_utime" = yes; then +echo $ac_n "checking if utime needs a prototype""... $ac_c" 1>&6 +echo "configure:8843: checking if utime needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_utime_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif + +int main() { +struct foo { int foo; } xx; +extern int utime (struct foo*); +utime(&xx); + +; return 0; } +EOF +if { (eval echo configure:8862: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_utime_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_utime_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_utime_noproto" 1>&6 + +if test "$ac_cv_func_utime_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_UTIME_PROTO 1 +EOF + +fi + +fi + + + echo $ac_n "checking for h_errno""... $ac_c" 1>&6 -echo "configure:7360: checking for h_errno" >&5 +echo "configure:8888: checking for h_errno" >&5 if eval "test \"`echo '$''{'ac_cv_var_h_errno'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:8902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_var_h_errno=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_var_h_errno=no fi rm -f conftest* fi -eval "ac_tr_var=HAVE_H_ERRNO" -: << END -@@@syms="$syms HAVE_H_ERRNO"@@@ -END - - echo "$ac_t""`eval echo \\$ac_cv_var_h_errno`" 1>&6 if test `eval echo \\$ac_cv_var_h_errno` = yes; then cat >> confdefs.h <&6 -echo "configure:7403: checking if h_errno is properly declared" >&5 +echo "configure:8925: checking if h_errno is properly declared" >&5 if eval "test \"`echo '$''{'ac_cv_var_h_errno_declaration'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext < -#endif +# endif #ifdef HAVE_NETDB_H #include #endif extern struct { int foo; } h_errno; int main() { h_errno.foo = 1; ; return 0; } EOF -if { (eval echo configure:7422: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:8944: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_var_h_errno_declaration=no" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_var_h_errno_declaration=yes" fi rm -f conftest* fi -ac_tr_var=HAVE_H_ERRNO_DECLARATION -: << END -@@@syms="$syms HAVE_H_ERRNO_DECLARATION"@@@ -END - - echo "$ac_t""$ac_cv_var_h_errno_declaration" 1>&6 if eval "test \"\$ac_cv_var_h_errno_declaration\" = yes"; then - cat >> confdefs.h <> confdefs.h <<\EOF +#define HAVE_H_ERRNO_DECLARATION 1 EOF fi + fi + echo $ac_n "checking for h_errlist""... $ac_c" 1>&6 -echo "configure:7457: checking for h_errlist" >&5 +echo "configure:8975: checking for h_errlist" >&5 if eval "test \"`echo '$''{'ac_cv_var_h_errlist'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:8989: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_var_h_errlist=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_var_h_errlist=no fi rm -f conftest* fi -eval "ac_tr_var=HAVE_H_ERRLIST" -: << END -@@@syms="$syms HAVE_H_ERRLIST"@@@ -END - - echo "$ac_t""`eval echo \\$ac_cv_var_h_errlist`" 1>&6 if test `eval echo \\$ac_cv_var_h_errlist` = yes; then - cat >> confdefs.h <> confdefs.h <&6 -echo "configure:7500: checking if h_errlist is properly declared" >&5 +echo "configure:9012: checking if h_errlist is properly declared" >&5 if eval "test \"`echo '$''{'ac_cv_var_h_errlist_declaration'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext < #endif extern struct { int foo; } h_errlist; int main() { h_errlist.foo = 1; ; return 0; } EOF -if { (eval echo configure:7516: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9028: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_var_h_errlist_declaration=no" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_var_h_errlist_declaration=yes" fi rm -f conftest* fi -ac_tr_var=HAVE_H_ERRLIST_DECLARATION -: << END -@@@syms="$syms HAVE_H_ERRLIST_DECLARATION"@@@ -END - - echo "$ac_t""$ac_cv_var_h_errlist_declaration" 1>&6 if eval "test \"\$ac_cv_var_h_errlist_declaration\" = yes"; then - cat >> confdefs.h <> confdefs.h <<\EOF +#define HAVE_H_ERRLIST_DECLARATION 1 EOF fi + fi + echo $ac_n "checking for h_nerr""... $ac_c" 1>&6 -echo "configure:7551: checking for h_nerr" >&5 +echo "configure:9059: checking for h_nerr" >&5 if eval "test \"`echo '$''{'ac_cv_var_h_nerr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:9073: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_var_h_nerr=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_var_h_nerr=no fi rm -f conftest* fi -eval "ac_tr_var=HAVE_H_NERR" -: << END -@@@syms="$syms HAVE_H_NERR"@@@ -END - - echo "$ac_t""`eval echo \\$ac_cv_var_h_nerr`" 1>&6 if test `eval echo \\$ac_cv_var_h_nerr` = yes; then cat >> confdefs.h <&6 -echo "configure:7594: checking if h_nerr is properly declared" >&5 +echo "configure:9096: checking if h_nerr is properly declared" >&5 if eval "test \"`echo '$''{'ac_cv_var_h_nerr_declaration'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext < #endif extern struct { int foo; } h_nerr; int main() { h_nerr.foo = 1; ; return 0; } EOF -if { (eval echo configure:7610: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9112: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_var_h_nerr_declaration=no" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_var_h_nerr_declaration=yes" fi rm -f conftest* fi -ac_tr_var=HAVE_H_NERR_DECLARATION -: << END -@@@syms="$syms HAVE_H_NERR_DECLARATION"@@@ -END - - echo "$ac_t""$ac_cv_var_h_nerr_declaration" 1>&6 if eval "test \"\$ac_cv_var_h_nerr_declaration\" = yes"; then - cat >> confdefs.h <> confdefs.h <<\EOF +#define HAVE_H_NERR_DECLARATION 1 EOF fi + fi + echo $ac_n "checking for __progname""... $ac_c" 1>&6 -echo "configure:7645: checking for __progname" >&5 +echo "configure:9143: checking for __progname" >&5 if eval "test \"`echo '$''{'ac_cv_var___progname'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:9157: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_var___progname=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_var___progname=no fi rm -f conftest* fi -eval "ac_tr_var=HAVE___PROGNAME" -: << END -@@@syms="$syms HAVE___PROGNAME"@@@ -END - - echo "$ac_t""`eval echo \\$ac_cv_var___progname`" 1>&6 if test `eval echo \\$ac_cv_var___progname` = yes; then cat >> confdefs.h <&6 -echo "configure:7688: checking if __progname is properly declared" >&5 +echo "configure:9180: checking if __progname is properly declared" >&5 if eval "test \"`echo '$''{'ac_cv_var___progname_declaration'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext < #endif extern struct { int foo; } __progname; int main() { __progname.foo = 1; ; return 0; } EOF -if { (eval echo configure:7704: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9196: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_var___progname_declaration=no" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_var___progname_declaration=yes" fi rm -f conftest* fi + -ac_tr_var=HAVE___PROGNAME_DECLARATION - -: << END -@@@syms="$syms HAVE___PROGNAME_DECLARATION"@@@ -END - - echo "$ac_t""$ac_cv_var___progname_declaration" 1>&6 if eval "test \"\$ac_cv_var___progname_declaration\" = yes"; then - cat >> confdefs.h <> confdefs.h <<\EOF +#define HAVE___PROGNAME_DECLARATION 1 EOF fi + fi + echo $ac_n "checking if optarg is properly declared""... $ac_c" 1>&6 -echo "configure:7739: checking if optarg is properly declared" >&5 +echo "configure:9227: checking if optarg is properly declared" >&5 if eval "test \"`echo '$''{'ac_cv_var_optarg_declaration'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext < +#ifdef HAVE_UNISTD_H +#include +#endif extern struct { int foo; } optarg; int main() { optarg.foo = 1; ; return 0; } EOF -if { (eval echo configure:7753: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9244: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_var_optarg_declaration=no" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_var_optarg_declaration=yes" fi rm -f conftest* fi + -ac_tr_var=HAVE_OPTARG_DECLARATION - -: << END -@@@syms="$syms HAVE_OPTARG_DECLARATION"@@@ -END - - echo "$ac_t""$ac_cv_var_optarg_declaration" 1>&6 if eval "test \"\$ac_cv_var_optarg_declaration\" = yes"; then - cat >> confdefs.h <> confdefs.h <<\EOF +#define HAVE_OPTARG_DECLARATION 1 EOF fi + echo $ac_n "checking if optind is properly declared""... $ac_c" 1>&6 -echo "configure:7785: checking if optind is properly declared" >&5 +echo "configure:9271: checking if optind is properly declared" >&5 if eval "test \"`echo '$''{'ac_cv_var_optind_declaration'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext < +#ifdef HAVE_UNISTD_H +#include +#endif extern struct { int foo; } optind; int main() { optind.foo = 1; ; return 0; } EOF -if { (eval echo configure:7799: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9288: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_var_optind_declaration=no" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_var_optind_declaration=yes" fi rm -f conftest* fi + -ac_tr_var=HAVE_OPTIND_DECLARATION - -: << END -@@@syms="$syms HAVE_OPTIND_DECLARATION"@@@ -END - - echo "$ac_t""$ac_cv_var_optind_declaration" 1>&6 if eval "test \"\$ac_cv_var_optind_declaration\" = yes"; then - cat >> confdefs.h <> confdefs.h <<\EOF +#define HAVE_OPTIND_DECLARATION 1 EOF fi + echo $ac_n "checking if opterr is properly declared""... $ac_c" 1>&6 -echo "configure:7831: checking if opterr is properly declared" >&5 +echo "configure:9315: checking if opterr is properly declared" >&5 if eval "test \"`echo '$''{'ac_cv_var_opterr_declaration'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext < +#ifdef HAVE_UNISTD_H +#include +#endif extern struct { int foo; } opterr; int main() { opterr.foo = 1; ; return 0; } EOF -if { (eval echo configure:7845: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9332: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_var_opterr_declaration=no" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_var_opterr_declaration=yes" fi rm -f conftest* fi + -ac_tr_var=HAVE_OPTERR_DECLARATION - -: << END -@@@syms="$syms HAVE_OPTERR_DECLARATION"@@@ -END - - echo "$ac_t""$ac_cv_var_opterr_declaration" 1>&6 if eval "test \"\$ac_cv_var_opterr_declaration\" = yes"; then - cat >> confdefs.h <> confdefs.h <<\EOF +#define HAVE_OPTERR_DECLARATION 1 EOF fi + echo $ac_n "checking if optopt is properly declared""... $ac_c" 1>&6 -echo "configure:7877: checking if optopt is properly declared" >&5 +echo "configure:9359: checking if optopt is properly declared" >&5 if eval "test \"`echo '$''{'ac_cv_var_optopt_declaration'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -cat > conftest.$ac_ext < conftest.$ac_ext < +#ifdef HAVE_UNISTD_H +#include +#endif extern struct { int foo; } optopt; int main() { optopt.foo = 1; ; return 0; } EOF -if { (eval echo configure:7891: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9376: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_var_optopt_declaration=no" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_var_optopt_declaration=yes" fi rm -f conftest* fi + -ac_tr_var=HAVE_OPTOPT_DECLARATION +echo "$ac_t""$ac_cv_var_optopt_declaration" 1>&6 +if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_OPTOPT_DECLARATION 1 +EOF -: << END -@@@syms="$syms HAVE_OPTOPT_DECLARATION"@@@ -END +fi -echo "$ac_t""$ac_cv_var_optopt_declaration" 1>&6 -if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then - cat >> confdefs.h <&6 +echo "configure:9404: checking if environ is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_environ_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +extern struct { int foo; } environ; +int main() { +environ.foo = 1; +; return 0; } EOF +if { (eval echo configure:9418: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_environ_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_environ_declaration=yes" +fi +rm -f conftest* fi + + +echo "$ac_t""$ac_cv_var_environ_declaration" 1>&6 +if eval "test \"\$ac_cv_var_environ_declaration\" = yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_ENVIRON_DECLARATION 1 +EOF + +fi + + + echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:7923: checking return type of signal handlers" >&5 +echo "configure:9445: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include #ifdef signal #undef signal #endif #ifdef __cplusplus extern "C" void (*signal (int, void (*)(int)))(int); #else void (*signal ()) (); #endif int main() { int i; ; return 0; } EOF -if { (eval echo configure:7945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:9467: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_type_signal=int fi rm -f conftest* fi echo "$ac_t""$ac_cv_type_signal" 1>&6 cat >> confdefs.h <> confdefs.h <<\EOF #define VOID_RETSIGTYPE 1 EOF fi + + + +echo $ac_n "checking for ut_addr in struct utmp""... $ac_c" 1>&6 +echo "configure:9496: checking for ut_addr in struct utmp" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_addr'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < + #include +int main() { +struct utmp x; x.ut_addr; +; return 0; } +EOF +if { (eval echo configure:9510: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_struct_utmp_ut_addr=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_utmp_ut_addr=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_struct_utmp_ut_addr" 1>&6 +if test "$ac_cv_type_struct_utmp_ut_addr" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_UTMP_UT_ADDR 1 +EOF + + +fi + + + + +echo $ac_n "checking for ut_host in struct utmp""... $ac_c" 1>&6 +echo "configure:9536: checking for ut_host in struct utmp" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_host'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include + #include +int main() { +struct utmp x; x.ut_host; +; return 0; } EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "ut_user" >/dev/null 2>&1; then +if { (eval echo configure:9550: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - cat >> confdefs.h <<\EOF -#define HAVE_UT_USER 1 + ac_cv_type_struct_utmp_ut_host=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_utmp_ut_host=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_struct_utmp_ut_host" 1>&6 +if test "$ac_cv_type_struct_utmp_ut_host" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_UTMP_UT_HOST 1 EOF + fi + + + + +echo $ac_n "checking for ut_id in struct utmp""... $ac_c" 1>&6 +echo "configure:9576: checking for ut_id in struct utmp" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_id'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < + #include +int main() { +struct utmp x; x.ut_id; +; return 0; } +EOF +if { (eval echo configure:9590: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_struct_utmp_ut_id=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_utmp_ut_id=no +fi rm -f conftest* +fi +echo "$ac_t""$ac_cv_type_struct_utmp_ut_id" 1>&6 +if test "$ac_cv_type_struct_utmp_ut_id" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_UTMP_UT_ID 1 +EOF + + +fi + + + + +echo $ac_n "checking for ut_pid in struct utmp""... $ac_c" 1>&6 +echo "configure:9616: checking for ut_pid in struct utmp" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_pid'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include + #include +int main() { +struct utmp x; x.ut_pid; +; return 0; } EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "ut_host" >/dev/null 2>&1; then +if { (eval echo configure:9630: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - cat >> confdefs.h <<\EOF -#define HAVE_UT_HOST 1 + ac_cv_type_struct_utmp_ut_pid=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_utmp_ut_pid=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_struct_utmp_ut_pid" 1>&6 +if test "$ac_cv_type_struct_utmp_ut_pid" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_UTMP_UT_PID 1 EOF + fi + + + + +echo $ac_n "checking for ut_type in struct utmp""... $ac_c" 1>&6 +echo "configure:9656: checking for ut_type in struct utmp" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_type'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < + #include +int main() { +struct utmp x; x.ut_type; +; return 0; } +EOF +if { (eval echo configure:9670: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_struct_utmp_ut_type=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_utmp_ut_type=no +fi rm -f conftest* +fi +echo "$ac_t""$ac_cv_type_struct_utmp_ut_type" 1>&6 +if test "$ac_cv_type_struct_utmp_ut_type" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_UTMP_UT_TYPE 1 +EOF + + +fi + + + + +echo $ac_n "checking for ut_user in struct utmp""... $ac_c" 1>&6 +echo "configure:9696: checking for ut_user in struct utmp" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_user'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include + #include +int main() { +struct utmp x; x.ut_user; +; return 0; } EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "ut_addr" >/dev/null 2>&1; then +if { (eval echo configure:9710: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - cat >> confdefs.h <<\EOF -#define HAVE_UT_ADDR 1 + ac_cv_type_struct_utmp_ut_user=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_utmp_ut_user=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_struct_utmp_ut_user" 1>&6 +if test "$ac_cv_type_struct_utmp_ut_user" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_UTMP_UT_USER 1 EOF + fi + + + + +echo $ac_n "checking for ut_exit in struct utmpx""... $ac_c" 1>&6 +echo "configure:9736: checking for ut_exit in struct utmpx" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_utmpx_ut_exit'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < + #include +int main() { +struct utmpx x; x.ut_exit; +; return 0; } +EOF +if { (eval echo configure:9750: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_struct_utmpx_ut_exit=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_utmpx_ut_exit=no +fi rm -f conftest* +fi +echo "$ac_t""$ac_cv_type_struct_utmpx_ut_exit" 1>&6 +if test "$ac_cv_type_struct_utmpx_ut_exit" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_UTMPX_UT_EXIT 1 +EOF + + +fi + + + + +echo $ac_n "checking for ut_syslen in struct utmpx""... $ac_c" 1>&6 +echo "configure:9776: checking for ut_syslen in struct utmpx" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_utmpx_ut_syslen'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include + #include +int main() { +struct utmpx x; x.ut_syslen; +; return 0; } EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "ut_type" >/dev/null 2>&1; then +if { (eval echo configure:9790: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - cat >> confdefs.h <<\EOF -#define HAVE_UT_TYPE 1 + ac_cv_type_struct_utmpx_ut_syslen=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_utmpx_ut_syslen=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_struct_utmpx_ut_syslen" 1>&6 +if test "$ac_cv_type_struct_utmpx_ut_syslen" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_UTMPX_UT_SYSLEN 1 EOF + fi + + + + + + +echo $ac_n "checking for tm_gmtoff in struct tm""... $ac_c" 1>&6 +echo "configure:9818: checking for tm_gmtoff in struct tm" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_tm_tm_gmtoff'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +int main() { +struct tm x; x.tm_gmtoff; +; return 0; } +EOF +if { (eval echo configure:9831: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_struct_tm_tm_gmtoff=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_tm_tm_gmtoff=no +fi rm -f conftest* +fi +echo "$ac_t""$ac_cv_type_struct_tm_tm_gmtoff" 1>&6 +if test "$ac_cv_type_struct_tm_tm_gmtoff" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_TM_TM_GMTOFF 1 +EOF + + +fi + + + + +echo $ac_n "checking for tm_zone in struct tm""... $ac_c" 1>&6 +echo "configure:9857: checking for tm_zone in struct tm" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_tm_tm_zone'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +int main() { +struct tm x; x.tm_zone; +; return 0; } EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "ut_pid" >/dev/null 2>&1; then +if { (eval echo configure:9870: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - cat >> confdefs.h <<\EOF -#define HAVE_UT_PID 1 + ac_cv_type_struct_tm_tm_zone=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_tm_tm_zone=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_struct_tm_tm_zone" 1>&6 +if test "$ac_cv_type_struct_tm_tm_zone" = yes; then + + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_TM_TM_ZONE 1 EOF + fi + + + + + +echo $ac_n "checking for timezone""... $ac_c" 1>&6 +echo "configure:9897: checking for timezone" >&5 +if eval "test \"`echo '$''{'ac_cv_var_timezone'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_var_timezone=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_var_timezone=no +fi rm -f conftest* +fi + + + +echo "$ac_t""`eval echo \\$ac_cv_var_timezone`" 1>&6 +if test `eval echo \\$ac_cv_var_timezone` = yes; then + cat >> confdefs.h <&6 +echo "configure:9934: checking if timezone is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_timezone_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +extern struct { int foo; } timezone; +int main() { +timezone.foo = 1; +; return 0; } EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "ut_id" >/dev/null 2>&1; then +if { (eval echo configure:9948: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - cat >> confdefs.h <<\EOF -#define HAVE_UT_ID 1 + eval "ac_cv_var_timezone_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_timezone_declaration=yes" +fi +rm -f conftest* + +fi + + + + +echo "$ac_t""$ac_cv_var_timezone_declaration" 1>&6 +if eval "test \"\$ac_cv_var_timezone_declaration\" = yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_TIMEZONE_DECLARATION 1 EOF fi + + +fi + + + + +cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'` +echo $ac_n "checking for sa_family_t""... $ac_c" 1>&6 +echo "configure:9980: checking for sa_family_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_$cv'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else +cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +#include +int main() { +sa_family_t foo; +; return 0; } +EOF +if { (eval echo configure:9997: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_type_$cv=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_type_$cv=no" +fi rm -f conftest* +fi +echo "$ac_t""`eval echo \\$ac_cv_type_$cv`" 1>&6 +if test `eval echo \\$ac_cv_type_$cv` = yes; then + ac_tr_hdr=HAVE_`echo sa_family_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` +: << END +@@@funcs="$funcs sa_family_t"@@@ +END + + cat >> confdefs.h <&6 +echo "configure:10026: checking for struct sockaddr_storage" >&5 +if eval "test \"`echo '$''{'ac_cv_type_$cv'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +#include +int main() { +struct sockaddr_storage foo; +; return 0; } +EOF +if { (eval echo configure:10043: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_type_$cv=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_type_$cv=no" +fi +rm -f conftest* +fi +echo "$ac_t""`eval echo \\$ac_cv_type_$cv`" 1>&6 +if test `eval echo \\$ac_cv_type_$cv` = yes; then + ac_tr_hdr=HAVE_`echo struct sockaddr_storage | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` + +: << END +@@@funcs="$funcs struct_sockaddr_storage"@@@ +END + + cat >> confdefs.h <&6 +echo "configure:10071: checking for struct spwd" >&5 +if eval "test \"`echo '$''{'ac_cv_struct_spwd'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#ifdef HAVE_SHADOW_H +#include +#endif +int main() { +struct spwd foo; +; return 0; } EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "ut_syslen" >/dev/null 2>&1; then +if { (eval echo configure:10087: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* + ac_cv_struct_spwd=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_struct_spwd=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_struct_spwd" 1>&6 + +if test "$ac_cv_struct_spwd" = "yes"; then cat >> confdefs.h <<\EOF -#define HAVE_UT_SYSLEN 1 +#define HAVE_STRUCT_SPWD 1 EOF fi -rm -f conftest* echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6 -echo "configure:8077: checking for st_blksize in struct stat" >&5 +echo "configure:10111: checking for st_blksize in struct stat" >&5 if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include int main() { struct stat s; s.st_blksize; ; return 0; } EOF -if { (eval echo configure:8090: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10124: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_struct_st_blksize=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_struct_st_blksize=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_struct_st_blksize" 1>&6 if test $ac_cv_struct_st_blksize = yes; then cat >> confdefs.h <<\EOF #define HAVE_ST_BLKSIZE 1 EOF fi echo $ac_n "checking for struct winsize""... $ac_c" 1>&6 -echo "configure:8114: checking for struct winsize" >&5 +echo "configure:10148: checking for struct winsize" >&5 if eval "test \"`echo '$''{'ac_cv_struct_winsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_struct_winsize=no for i in sys/termios.h sys/ioctl.h; do cat > conftest.$ac_ext < EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "struct[ ]*winsize" >/dev/null 2>&1; then rm -rf conftest* ac_cv_struct_winsize=yes; break fi rm -f conftest* done fi if test "$ac_cv_struct_winsize" = "yes"; then cat >> confdefs.h <<\EOF #define HAVE_STRUCT_WINSIZE 1 EOF + fi echo "$ac_t""$ac_cv_struct_winsize" 1>&6 cat > conftest.$ac_ext < EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "ws_xpixel" >/dev/null 2>&1; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_WS_XPIXEL 1 EOF fi rm -f conftest* cat > conftest.$ac_ext < EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "ws_ypixel" >/dev/null 2>&1; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_WS_YPIXEL 1 EOF fi rm -f conftest* echo $ac_n "checking for pid_t""... $ac_c" 1>&6 -echo "configure:8176: checking for pid_t" >&5 +echo "configure:10211: checking for pid_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS #include #include #endif EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + egrep "(^|[^a-zA-Z_0-9])pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then rm -rf conftest* ac_cv_type_pid_t=yes else rm -rf conftest* ac_cv_type_pid_t=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_type_pid_t" 1>&6 if test $ac_cv_type_pid_t = no; then cat >> confdefs.h <<\EOF #define pid_t int EOF fi echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:8209: checking for uid_t in sys/types.h" >&5 +echo "configure:10244: checking for uid_t in sys/types.h" >&5 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "uid_t" >/dev/null 2>&1; then rm -rf conftest* ac_cv_type_uid_t=yes else rm -rf conftest* ac_cv_type_uid_t=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_type_uid_t" 1>&6 if test $ac_cv_type_uid_t = no; then cat >> confdefs.h <<\EOF #define uid_t int EOF cat >> confdefs.h <<\EOF #define gid_t int EOF fi echo $ac_n "checking for off_t""... $ac_c" 1>&6 -echo "configure:8243: checking for off_t" >&5 +echo "configure:10278: checking for off_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS #include #include #endif EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then rm -rf conftest* ac_cv_type_off_t=yes else rm -rf conftest* ac_cv_type_off_t=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_type_off_t" 1>&6 if test $ac_cv_type_off_t = no; then cat >> confdefs.h <<\EOF #define off_t long EOF fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:8276: checking for size_t" >&5 +echo "configure:10311: checking for size_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS #include #include #endif EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then rm -rf conftest* ac_cv_type_size_t=yes else rm -rf conftest* ac_cv_type_size_t=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_type_size_t" 1>&6 if test $ac_cv_type_size_t = no; then cat >> confdefs.h <<\EOF #define size_t unsigned EOF fi +echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 +echo "configure:10345: checking for ssize_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif -echo $ac_n "checking for sa_len in struct sockaddr""... $ac_c" 1>&6 -echo "configure:8311: checking for sa_len in struct sockaddr" >&5 -if eval "test \"`echo '$''{'krb_cv_struct_sockaddr_sa_len'+set}'`\" = set"; then +#ifdef HAVE_UNISTD_H +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ssize_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_ssize_t=yes +else + rm -rf conftest* + ac_cv_type_ssize_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_ssize_t" 1>&6 +if test $ac_cv_type_ssize_t = no; then + cat >> confdefs.h <<\EOF +#define ssize_t int +EOF + +fi + + + +echo $ac_n "checking for broken sys/socket.h""... $ac_c" 1>&6 +echo "configure:10384: checking for broken sys/socket.h" >&5 +if eval "test \"`echo '$''{'krb_cv_header_sys_socket_h_broken'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include +#include int main() { -struct sockaddr sa; -int foo = sa.sa_len; + ; return 0; } EOF -if { (eval echo configure:8326: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10399: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - krb_cv_struct_sockaddr_sa_len=yes + krb_cv_header_sys_socket_h_broken=no else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - krb_cv_struct_sockaddr_sa_len=no + krb_cv_header_sys_socket_h_broken=yes fi rm -f conftest* +fi +echo "$ac_t""$krb_cv_header_sys_socket_h_broken" 1>&6 + + + +echo $ac_n "checking for broken netdb.h""... $ac_c" 1>&6 +echo "configure:10416: checking for broken netdb.h" >&5 +if eval "test \"`echo '$''{'krb_cv_header_netdb_h_broken'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +#include +int main() { + +; return 0; } +EOF +if { (eval echo configure:10431: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + krb_cv_header_netdb_h_broken=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + krb_cv_header_netdb_h_broken=yes fi +rm -f conftest* +fi -echo "$ac_t""$krb_cv_struct_sockaddr_sa_len" 1>&6 -if test "$krb_cv_struct_sockaddr_sa_len" = yes; then +echo "$ac_t""$krb_cv_header_netdb_h_broken" 1>&6 + +if test "$krb_cv_header_netdb_h_broken" = "yes"; then + EXTRA_HEADERS="$EXTRA_HEADERS netdb.h" +fi + + + + +echo $ac_n "checking for sa_len in struct sockaddr""... $ac_c" 1>&6 +echo "configure:10453: checking for sa_len in struct sockaddr" >&5 +if eval "test \"`echo '$''{'ac_cv_type_struct_sockaddr_sa_len'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct sockaddr x; x.sa_len; +; return 0; } +EOF +if { (eval echo configure:10467: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_struct_sockaddr_sa_len=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_struct_sockaddr_sa_len=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_struct_sockaddr_sa_len" 1>&6 +if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then + cat >> confdefs.h <<\EOF -#define SOCKADDR_HAS_SA_LEN 1 +#define HAVE_STRUCT_SOCKADDR_SA_LEN 1 EOF + fi + + if test "$ac_cv_header_siad_h" = yes; then -echo $ac_n "checking for ouid in struct siaentity""... $ac_c" 1>&6 -echo "configure:8350: checking for ouid in struct siaentity" >&5 -if eval "test \"`echo '$''{'krb_cv_struct_siaentity_ouid'+set}'`\" = set"; then + + +echo $ac_n "checking for ouid in SIAENTITY""... $ac_c" 1>&6 +echo "configure:10496: checking for ouid in SIAENTITY" >&5 +if eval "test \"`echo '$''{'ac_cv_type_siaentity_ouid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < - int main() { -SIAENTITY e; -int foo = e.ouid; +SIAENTITY x; x.ouid; ; return 0; } EOF -if { (eval echo configure:8365: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:10509: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* - krb_cv_struct_siaentity_ouid=yes + ac_cv_type_siaentity_ouid=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* - krb_cv_struct_siaentity_ouid=no + ac_cv_type_siaentity_ouid=no fi rm -f conftest* - fi -echo "$ac_t""$krb_cv_struct_siaentity_ouid" 1>&6 -if test "$krb_cv_struct_siaentity_ouid" = yes; then +echo "$ac_t""$ac_cv_type_siaentity_ouid" 1>&6 +if test "$ac_cv_type_siaentity_ouid" = yes; then + cat >> confdefs.h <<\EOF -#define SIAENTITY_HAS_OUID 1 +#define HAVE_SIAENTITY_OUID 1 EOF + fi + + fi -echo $ac_n "checking for working getmsg""... $ac_c" 1>&6 -echo "configure:8389: checking for working getmsg" >&5 -if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then +for ac_func in getmsg +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:10538: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - if test "$cross_compiling" = yes; then - ac_cv_func_getmsg=no -else cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); -#include +int main() { -int main() -{ - getmsg(open("/dev/null", 0), NULL, NULL, NULL); - return 0; -} +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif +; return 0; } EOF -if { (eval echo configure:8409: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then - ac_cv_func_getmsg=yes +if { (eval echo configure:10566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -fr conftest* - ac_cv_func_getmsg=no + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" fi -rm -fr conftest* +rm -f conftest* fi -fi - -echo "$ac_t""$ac_cv_func_getmsg" 1>&6 -test "$ac_cv_func_getmsg" = "yes" && -cat >> confdefs.h <<\EOF -#define HAVE_GETMSG 1 +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done -save_LIBS="$LIBS" -LIBS="$LIB_DBM $LIBS" -echo $ac_n "checking for berkeley db""... $ac_c" 1>&6 -echo "configure:8434: checking for berkeley db" >&5 -if eval "test \"`echo '$''{'krb_cv_lib_berkeleydb'+set}'`\" = set"; then +if test "$ac_cf_func_getmsg" = "yes"; then + +echo $ac_n "checking for working getmsg""... $ac_c" 1>&6 +echo "configure:10594: checking for working getmsg" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then - krb_cv_lib_berkeleydb=no + ac_cv_func_getmsg=no else cat > conftest.$ac_ext < -#include -#include +#include + int main() { - DBM *d; - - d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); - if(d == NULL) - return 1; - dbm_close(d); - return access("conftest.db", F_OK) != 0; + getmsg(open("/dev/null", 0), NULL, NULL, NULL); + return 0; } + EOF -if { (eval echo configure:8459: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:10614: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then - krb_cv_lib_berkeleydb=yes + ac_cv_func_getmsg=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* - krb_cv_lib_berkeleydb=no + ac_cv_func_getmsg=no fi rm -fr conftest* fi fi -echo "$ac_t""$krb_cv_lib_berkeleydb" 1>&6 -test "$krb_cv_lib_berkeleydb" = "yes" && +echo "$ac_t""$ac_cv_func_getmsg" 1>&6 +test "$ac_cv_func_getmsg" = "yes" && cat >> confdefs.h <<\EOF -#define HAVE_NEW_DB 1 +#define HAVE_GETMSG 1 EOF -LIBS="$save_LIBS" +fi + + + echo $ac_n "checking for el_init""... $ac_c" 1>&6 -echo "configure:8485: checking for el_init" >&5 +echo "configure:10643: checking for el_init" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_el_init'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_el_init\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in "" edit; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS=" $ac_lib $LIB_tgetent $ac_save_LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:10665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_el_init" -# autoheader tricks *sigh* : << END @@@funcs="$funcs el_init"@@@ -@@@libs="$libs edit"@@@ +@@@libs="$libs "" edit"@@@ END -eval "ac_tr_func=HAVE_`echo el_init | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# el_init +eval "ac_tr_func=HAVE_`echo el_init | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_el_init=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_el_init=yes" eval "LIB_el_init=" cat >> confdefs.h <&6 ;; no) eval "ac_cv_func_el_init=no" eval "LIB_el_init=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_el_init=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac +if test "$ac_cv_func_el_init" = yes ; then + echo $ac_n "checking for four argument el_init""... $ac_c" 1>&6 +echo "configure:10726: checking for four argument el_init" >&5 +if eval "test \"`echo '$''{'ac_cv_func_el_init_four'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < + #include +int main() { +el_init("", NULL, NULL, NULL); +; return 0; } +EOF +if { (eval echo configure:10740: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_func_el_init_four=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_func_el_init_four=no +fi +rm -f conftest* +fi +echo "$ac_t""$ac_cv_func_el_init_four" 1>&6 + if test "$ac_cv_func_el_init_four" = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_FOUR_VALUED_EL_INIT 1 +EOF + fi +fi + + +save_LIBS="$LIBS" +LIBS="$LIB_tgetent $LIBS" + + + echo $ac_n "checking for readline""... $ac_c" 1>&6 -echo "configure:8567: checking for readline" >&5 +echo "configure:10768: checking for readline" >&5 if eval "test \"`echo '$''{'ac_cv_funclib_readline'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if eval "test \"\$ac_cv_func_readline\" != yes" ; then ac_save_LIBS="$LIBS" - for ac_lib in "" readline; do + for ac_lib in "" edit readline; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" - LIBS="$ac_lib $ac_save_LIBS" + else + ac_lib="" fi + LIBS=" $ac_lib $ac_save_LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:10790: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "if test -n \"$ac_lib\";then ac_cv_funclib_readline=$ac_lib; else ac_cv_funclib_readline=yes; fi";break else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest* done eval "ac_cv_funclib_readline=\${ac_cv_funclib_readline-no}" LIBS="$ac_save_LIBS" fi fi eval "ac_res=\$ac_cv_funclib_readline" -# autoheader tricks *sigh* : << END @@@funcs="$funcs readline"@@@ -@@@libs="$libs readline"@@@ +@@@libs="$libs "" edit readline"@@@ END -eval "ac_tr_func=HAVE_`echo readline | tr '[a-z]' '[A-Z]'`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +# readline +eval "ac_tr_func=HAVE_`echo readline | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" eval "LIB_readline=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_readline=yes" eval "LIB_readline=" cat >> confdefs.h <&6 ;; no) eval "ac_cv_func_readline=no" eval "LIB_readline=" echo "$ac_t""no" 1>&6 ;; *) eval "ac_cv_func_readline=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" cat >> confdefs.h <> confdefs.h <&6 ;; esac - -if test "$with_readline"; then - cat >> confdefs.h <<\EOF -#define HAVE_READLINE 1 -EOF - - editline_OBJS= - LIB_readline="$READLINELIB "'$(LIB_tgetent)' - INCLUDE_readline="$READLINEINCLUDE" -elif test "$ac_cv_func_el_init" = yes; then - cat >> confdefs.h <<\EOF -#define HAVE_READLINE 1 -EOF - - - editline_OBJS=edit_compat.o - LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)' - - INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +LIBS="$save_LIBS" +el_yes="# " +if test "$with_readline" -a "$with_readline" != "no"; then + : elif test "$ac_cv_func_readline" = yes; then - cat >> confdefs.h <<\EOF -#define HAVE_READLINE 1 -EOF - - editline_OBJS= - LIB_readline='-lreadline $(LIB_tgetent)' INCLUDE_readline= +elif test "$ac_cv_func_el_init" = yes; then + el_yes= + LIB_readline="-L\$(top_builddir)/lib/editline -lel_compat $LIB_el_init" + INCLUDE_readline='-I$(top_srcdir)/lib/editline' else + LIB_readline='-L$(top_builddir)/lib/editline -leditline' + INCLUDE_readline='-I$(top_srcdir)/lib/editline' +fi +LIB_readline="$LIB_readline \$(LIB_tgetent)" cat >> confdefs.h <<\EOF #define HAVE_READLINE 1 EOF - editline_OBJS="editline.o complete.o sysunix.o" - LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)' - INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' -fi - cat >> confdefs.h <<\EOF #define AUTHENTICATION 1 EOF cat >> confdefs.h <<\EOF #define KRB4 1 EOF cat >> confdefs.h <<\EOF #define ENCRYPTION 1 EOF cat >> confdefs.h <<\EOF #define DES_ENCRYPTION 1 EOF cat >> confdefs.h <<\EOF #define DIAGNOSTICS 1 EOF cat >> confdefs.h <<\EOF #define OLD_ENVIRON 1 EOF # Simple test for streamspty, based on the existance of getmsg(), alas # this breaks on SunOS4 which have streams but BSD-like ptys # # And also something wierd has happend with dec-osf1, fallback to bsd-ptys echo $ac_n "checking for streamspty""... $ac_c" 1>&6 -echo "configure:8712: checking for streamspty" >&5 +echo "configure:10897: checking for streamspty" >&5 case "`uname -sr`" in SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*) krb_cv_sys_streamspty=no ;; AIX*) os_rel=`uname -v`.`uname -r` if expr "$os_rel" : "3*" >/dev/null 2>&1; then krb_cv_sys_streamspty=no else krb_cv_sys_streamspty="$ac_cv_func_getmsg" fi ;; *) krb_cv_sys_streamspty="$ac_cv_func_getmsg" ;; esac if test "$krb_cv_sys_streamspty" = yes; then cat >> confdefs.h <<\EOF #define STREAMSPTY 1 EOF fi echo "$ac_t""$krb_cv_sys_streamspty" 1>&6 echo $ac_n "checking if /bin/ls takes -A""... $ac_c" 1>&6 -echo "configure:8738: checking if /bin/ls takes -A" >&5 +echo "configure:10923: checking if /bin/ls takes -A" >&5 if /bin/ls -A > /dev/null 2>&1 ;then cat >> confdefs.h <<\EOF #define HAVE_LS_A 1 EOF krb_ls_a=yes else krb_ls_a=no fi echo "$ac_t""$krb_ls_a" 1>&6 echo $ac_n "checking for suffix of preformatted manual pages""... $ac_c" 1>&6 -echo "configure:8751: checking for suffix of preformatted manual pages" >&5 +echo "configure:10936: checking for suffix of preformatted manual pages" >&5 if eval "test \"`echo '$''{'krb_cv_sys_cat_suffix'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if grep _version /etc/man.conf > /dev/null 2>&1; then krb_cv_sys_cat_suffix=0 else krb_cv_sys_cat_suffix=number fi fi echo "$ac_t""$krb_cv_sys_cat_suffix" 1>&6 if test "$krb_cv_sys_cat_suffix" = number; then CATSUFFIX='$$s' else CATSUFFIX=0 fi -KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs' -if test "$krb_cv_sys_aix" = yes; then - KRB_KAFS_LIB="$KRB_KAFS_LIB -lld" -fi +KRB_KAFS_LIB="-L\$(top_builddir)/lib/kafs -lkafs $AIX_EXTRA_KAFS" test "x$prefix" = xNONE && prefix=$ac_default_prefix test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' for i in bin lib libexec sbin; do i=${i}dir foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'` x="\$${i}" eval y="$x" while test "x$y" != "x$x"; do x="$y" eval y="$x" done cat >> confdefs.h < confcache <<\EOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs. It is not useful on other systems. # If it contains results you don't want to keep, you may remove or edit it. # # By default, configure uses ./config.cache as the cache file, # creating it if it does not exist already. You can give configure # the --cache-file=FILE option to use a different cache file; that is # what configure does when it calls configure scripts in # subdirectories, so they share the cache. # Giving --cache-file=/dev/null disables caching, for debugging configure. # config.status only pays attention to the cache file if you give it the # --recheck option to rerun configure. # EOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, don't put newlines in cache variables' values. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. (set) 2>&1 | - case `(ac_space=' '; set) 2>&1 | grep '^ac_space'` in + case `(ac_space=' '; set | grep ac_space) 2>&1` in *ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote substitution # turns \\\\ into \\, and sed turns \\ into \). sed -n \ -e "s/'/'\\\\''/g" \ -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" ;; *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' ;; esac >> confcache if cmp -s $cache_file confcache; then : else if test -w $cache_file; then echo "updating cache $cache_file" cat confcache > $cache_file else echo "not updating unwritable cache $cache_file" fi fi rm -f confcache trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # Any assignment to VPATH causes Sun make to only execute # the first set of double-colon rules, so remove it if not needed. # If there is a colon in the path, we need to keep it. if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' fi trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 DEFS=-DHAVE_CONFIG_H # Without the "./", some shells look in PATH for config.status. : ${CONFIG_STATUS=./config.status} echo creating $CONFIG_STATUS rm -f $CONFIG_STATUS cat > $CONFIG_STATUS </dev/null | sed 1q`: # # $0 $ac_configure_args # # Compiler output produced by configure, useful for debugging # configure, is in ./config.log if it exists. ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" for ac_option do case "\$ac_option" in -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; -version | --version | --versio | --versi | --vers | --ver | --ve | --v) - echo "$CONFIG_STATUS generated by autoconf version 2.12" + echo "$CONFIG_STATUS generated by autoconf version 2.13" exit 0 ;; -help | --help | --hel | --he | --h) echo "\$ac_cs_usage"; exit 0 ;; *) echo "\$ac_cs_usage"; exit 1 ;; esac done ac_given_srcdir=$srcdir ac_given_INSTALL="$INSTALL" trap 'rm -fr `echo "\ Makefile \ include/Makefile \ include/sys/Makefile \ \ -util/Makefile \ -util/et/Makefile \ - \ man/Makefile \ \ lib/Makefile \ +lib/com_err/Makefile \ lib/des/Makefile \ lib/krb/Makefile \ lib/kdb/Makefile \ lib/kadm/Makefile \ lib/acl/Makefile \ lib/kafs/Makefile \ lib/roken/Makefile \ lib/otp/Makefile \ lib/sl/Makefile \ lib/editline/Makefile \ +lib/rxkad/Makefile \ lib/auth/Makefile \ lib/auth/pam/Makefile \ lib/auth/sia/Makefile \ lib/auth/afskauthlib/Makefile \ \ kuser/Makefile \ server/Makefile \ slave/Makefile \ admin/Makefile \ kadmin/Makefile \ \ appl/Makefile \ \ appl/afsutil/Makefile \ appl/ftp/Makefile \ appl/ftp/common/Makefile \ appl/ftp/ftp/Makefile \ appl/ftp/ftpd/Makefile \ appl/telnet/Makefile \ appl/telnet/libtelnet/Makefile \ appl/telnet/telnet/Makefile \ appl/telnet/telnetd/Makefile \ appl/bsd/Makefile \ appl/kauth/Makefile \ -appl/kpopper/Makefile \ +appl/popper/Makefile \ appl/movemail/Makefile \ +appl/push/Makefile \ appl/sample/Makefile \ appl/xnlock/Makefile \ appl/kx/Makefile \ appl/kip/Makefile \ appl/otp/Makefile \ doc/Makefile \ +etc/inetd.conf.changes \ include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 EOF cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF $ac_vpsub $extrasub +s%@SHELL@%$SHELL%g s%@CFLAGS@%$CFLAGS%g s%@CPPFLAGS@%$CPPFLAGS%g s%@CXXFLAGS@%$CXXFLAGS%g +s%@FFLAGS@%$FFLAGS%g s%@DEFS@%$DEFS%g s%@LDFLAGS@%$LDFLAGS%g s%@LIBS@%$LIBS%g s%@exec_prefix@%$exec_prefix%g s%@prefix@%$prefix%g s%@program_transform_name@%$program_transform_name%g s%@bindir@%$bindir%g s%@sbindir@%$sbindir%g s%@libexecdir@%$libexecdir%g s%@datadir@%$datadir%g s%@sysconfdir@%$sysconfdir%g s%@sharedstatedir@%$sharedstatedir%g s%@localstatedir@%$localstatedir%g s%@libdir@%$libdir%g s%@includedir@%$includedir%g s%@oldincludedir@%$oldincludedir%g s%@infodir@%$infodir%g s%@mandir@%$mandir%g s%@PACKAGE@%$PACKAGE%g s%@VERSION@%$VERSION%g s%@host@%$host%g s%@host_alias@%$host_alias%g s%@host_cpu@%$host_cpu%g s%@host_vendor@%$host_vendor%g s%@host_os@%$host_os%g +s%@CANONICAL_HOST@%$CANONICAL_HOST%g s%@SET_MAKE@%$SET_MAKE%g s%@LN_S@%$LN_S%g s%@CC@%$CC%g s%@CPP@%$CPP%g s%@YACC@%$YACC%g s%@LEX@%$LEX%g s%@LEXLIB@%$LEXLIB%g s%@RANLIB@%$RANLIB%g s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g +s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g s%@INSTALL_DATA@%$INSTALL_DATA%g +s%@AWK@%$AWK%g s%@MAKEINFO@%$MAKEINFO%g -s%@SOCKSINCLUDE@%$SOCKSINCLUDE%g -s%@SOCKSLIB@%$SOCKSLIB%g +s%@WFLAGS@%$WFLAGS%g +s%@WFLAGS_NOUNUSED@%$WFLAGS_NOUNUSED%g +s%@WFLAGS_NOIMPLICITINT@%$WFLAGS_NOIMPLICITINT%g +s%@INCLUDE_socks@%$INCLUDE_socks%g +s%@LIB_socks@%$LIB_socks%g s%@CRACKLIB@%$CRACKLIB%g -s%@READLINEINCLUDE@%$READLINEINCLUDE%g -s%@READLINELIB@%$READLINELIB%g +s%@LIB_otp@%$LIB_otp%g +s%@OTP_dir@%$OTP_dir%g +s%@LIB_security@%$LIB_security%g +s%@AFSWS@%$AFSWS%g +s%@LIB_SUBDIRS@%$LIB_SUBDIRS%g +s%@disable_cat_manpages@%$disable_cat_manpages%g +s%@INCLUDE_readline@%$INCLUDE_readline%g +s%@LIB_readline@%$LIB_readline%g +s%@INCLUDE_hesiod@%$INCLUDE_hesiod%g +s%@LIB_hesiod@%$LIB_hesiod%g +s%@LINK@%$LINK%g +s%@lib_deps_yes@%$lib_deps_yes%g +s%@lib_deps_no@%$lib_deps_no%g s%@REAL_PICFLAGS@%$REAL_PICFLAGS%g s%@REAL_SHLIBEXT@%$REAL_SHLIBEXT%g s%@REAL_LD_FLAGS@%$REAL_LD_FLAGS%g s%@PICFLAGS@%$PICFLAGS%g s%@SHLIBEXT@%$SHLIBEXT%g s%@LDSHARED@%$LDSHARED%g s%@LD_FLAGS@%$LD_FLAGS%g s%@LIBEXT@%$LIBEXT%g s%@LIBPREFIX@%$LIBPREFIX%g s%@EXECSUFFIX@%$EXECSUFFIX%g +s%@build_symlink_command@%$build_symlink_command%g +s%@install_symlink_command@%$install_symlink_command%g +s%@install_symlink_command2@%$install_symlink_command2%g +s%@LIB_dlopen@%$LIB_dlopen%g s%@AFS_EXTRA_OBJS@%$AFS_EXTRA_OBJS%g s%@AFS_EXTRA_LIBS@%$AFS_EXTRA_LIBS%g -s%@ac_cv_header_sys_cdefs_h@%$ac_cv_header_sys_cdefs_h%g -s%@ac_cv_header_err_h@%$ac_cv_header_err_h%g +s%@AFS_EXTRA_LD@%$AFS_EXTRA_LD%g +s%@AFS_EXTRA_DEFS@%$AFS_EXTRA_DEFS%g +s%@AIX_EXTRA_KAFS@%$AIX_EXTRA_KAFS%g +s%@EXTRA_HEADERS@%$EXTRA_HEADERS%g +s%@EXTRA_LOCL_HEADERS@%$EXTRA_LOCL_HEADERS%g +s%@LIB_crypt@%$LIB_crypt%g s%@LIB_socket@%$LIB_socket%g s%@LIB_gethostbyname@%$LIB_gethostbyname%g s%@LIB_odm_initialize@%$LIB_odm_initialize%g s%@LIB_getattr@%$LIB_getattr%g s%@LIB_setpcred@%$LIB_setpcred%g s%@LIB_logwtmp@%$LIB_logwtmp%g s%@LIB_logout@%$LIB_logout%g s%@LIB_tgetent@%$LIB_tgetent%g s%@X_CFLAGS@%$X_CFLAGS%g s%@X_PRE_LIBS@%$X_PRE_LIBS%g s%@X_LIBS@%$X_LIBS%g s%@X_EXTRA_LIBS@%$X_EXTRA_LIBS%g s%@MAKE_X_PROGS_BIN@%$MAKE_X_PROGS_BIN%g s%@MAKE_X_PROGS_LIBEXEC@%$MAKE_X_PROGS_LIBEXEC%g +s%@LIB_XauWriteAuth@%$LIB_XauWriteAuth%g s%@LIB_XauReadAuth@%$LIB_XauReadAuth%g -s%@XauWriteAuth_c@%$XauWriteAuth_c%g -s%@XauWriteAuth_o@%$XauWriteAuth_o%g -s%@LIB_dbopen@%$LIB_dbopen%g -s%@LIB_dbm_firstkey@%$LIB_dbm_firstkey%g +s%@LIB_XauFileName@%$LIB_XauFileName%g +s%@NEED_WRITEAUTH_TRUE@%$NEED_WRITEAUTH_TRUE%g +s%@NEED_WRITEAUTH_FALSE@%$NEED_WRITEAUTH_FALSE%g s%@LIB_DBM@%$LIB_DBM%g +s%@DBLIB@%$DBLIB%g s%@LIB_syslog@%$LIB_syslog%g s%@LIB_getpwnam_r@%$LIB_getpwnam_r%g s%@LIB_getsockopt@%$LIB_getsockopt%g s%@LIB_setsockopt@%$LIB_setsockopt%g s%@LIB_res_search@%$LIB_res_search%g s%@LIB_dn_expand@%$LIB_dn_expand%g s%@ALLOCA@%$ALLOCA%g s%@LIB_hstrerror@%$LIB_hstrerror%g s%@LIBOBJS@%$LIBOBJS%g s%@LIB_AUTH_SUBDIRS@%$LIB_AUTH_SUBDIRS%g s%@APPL_KIP_DIR@%$APPL_KIP_DIR%g +s%@krb_cv_header_sys_socket_h_broken@%$krb_cv_header_sys_socket_h_broken%g +s%@krb_cv_header_netdb_h_broken@%$krb_cv_header_netdb_h_broken%g s%@LIB_el_init@%$LIB_el_init%g -s%@LIB_readline@%$LIB_readline%g -s%@INCLUDE_readline@%$INCLUDE_readline%g -s%@editline_OBJS@%$editline_OBJS%g +s%@el_yes@%$el_yes%g s%@CATSUFFIX@%$CATSUFFIX%g s%@KRB_KAFS_LIB@%$KRB_KAFS_LIB%g CEOF EOF cat >> $CONFIG_STATUS <<\EOF # Split the substitutions into bite-sized pieces for seds with # small command number limits, like on Digital OSF/1 and HP-UX. ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. ac_file=1 # Number of current file. ac_beg=1 # First line for current file. ac_end=$ac_max_sed_cmds # Line after last line for current file. ac_more_lines=: ac_sed_cmds="" while $ac_more_lines; do if test $ac_beg -gt 1; then sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file else sed "${ac_end}q" conftest.subs > conftest.s$ac_file fi if test ! -s conftest.s$ac_file; then ac_more_lines=false rm -f conftest.s$ac_file else if test -z "$ac_sed_cmds"; then ac_sed_cmds="sed -f conftest.s$ac_file" else ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" fi ac_file=`expr $ac_file + 1` ac_beg=$ac_end ac_end=`expr $ac_end + $ac_max_sed_cmds` fi done if test -z "$ac_sed_cmds"; then ac_sed_cmds=cat fi EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". case "$ac_file" in *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; *) ac_file_in="${ac_file}.in" ;; esac # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. # Remove last slash and all that follows it. Not all systems have dirname. ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then # The file is in a subdirectory. test ! -d "$ac_dir" && mkdir "$ac_dir" ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" # A "../" for each directory in $ac_dir_suffix. ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` else ac_dir_suffix= ac_dots= fi case "$ac_given_srcdir" in .) srcdir=. if test -z "$ac_dots"; then top_srcdir=. else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; *) # Relative path. srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" top_srcdir="$ac_dots$ac_given_srcdir" ;; esac case "$ac_given_INSTALL" in [/$]*) INSTALL="$ac_given_INSTALL" ;; *) INSTALL="$ac_dots$ac_given_INSTALL" ;; esac echo creating "$ac_file" rm -f "$ac_file" configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." case "$ac_file" in *Makefile*) ac_comsub="1i\\ # $configure_input" ;; *) ac_comsub= ;; esac ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` sed -e "$ac_comsub s%@configure_input@%$configure_input%g s%@srcdir@%$srcdir%g s%@top_srcdir@%$top_srcdir%g s%@INSTALL@%$INSTALL%g " $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file fi; done rm -f conftest.s* # These sed commands are passed to sed as "A NAME B NAME C VALUE D", where # NAME is the cpp macro being defined and VALUE is the value it is being given. # # ac_d sets the value in "#define NAME VALUE" lines. ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)' ac_dB='\([ ][ ]*\)[^ ]*%\1#\2' ac_dC='\3' ac_dD='%g' # ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE". ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' ac_uB='\([ ]\)%\1#\2define\3' ac_uC=' ' ac_uD='\4%g' # ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE". ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' ac_eB='$%\1#\2define\3' ac_eC=' ' ac_eD='%g' if test "${CONFIG_HEADERS+set}" != set; then EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF fi for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". case "$ac_file" in *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; *) ac_file_in="${ac_file}.in" ;; esac echo creating $ac_file rm -f conftest.frag conftest.in conftest.out ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` cat $ac_file_inputs > conftest.in EOF # Transform confdefs.h into a sed script conftest.vals that substitutes # the proper values into config.h.in to produce config.h. And first: # Protect against being on the right side of a sed subst in config.status. # Protect against being in an unquoted here document in config.status. rm -f conftest.vals cat > conftest.hdr <<\EOF s/[\\&%]/\\&/g s%[\\$`]%\\&%g s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp s%ac_d%ac_u%gp s%ac_u%ac_e%gp EOF sed -n -f conftest.hdr confdefs.h > conftest.vals rm -f conftest.hdr # This sed command replaces #undef with comments. This is necessary, for # example, in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. cat >> conftest.vals <<\EOF s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */% EOF # Break up conftest.vals because some shells have a limit on # the size of here documents, and old seds have small limits too. rm -f conftest.tail while : do ac_lines=`grep -c . conftest.vals` # grep -c gives empty output for an empty file on some AIX systems. if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi # Write a limited-size here document to conftest.frag. echo ' cat > conftest.frag <> $CONFIG_STATUS sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS echo 'CEOF sed -f conftest.frag conftest.in > conftest.out rm -f conftest.in mv conftest.out conftest.in ' >> $CONFIG_STATUS sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail rm -f conftest.vals mv conftest.tail conftest.vals done rm -f conftest.vals cat >> $CONFIG_STATUS <<\EOF rm -f conftest.frag conftest.h echo "/* $ac_file. Generated automatically by configure. */" > conftest.h cat conftest.in >> conftest.h rm -f conftest.in if cmp -s $ac_file conftest.h 2>/dev/null; then echo "$ac_file is unchanged" rm -f conftest.h else # Remove last slash and all that follows it. Not all systems have dirname. ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then # The file is in a subdirectory. test ! -d "$ac_dir" && mkdir "$ac_dir" fi rm -f $ac_file mv conftest.h $ac_file fi fi; done EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF exit 0 EOF chmod +x $CONFIG_STATUS rm -fr confdefs* $ac_clean_files test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 -KRB4VERSION="$PACKAGE-$VERSION" -cat > include/newversion.h.in < include/newversion.h.in </dev/null | sed 1q` Date=`date` mv -f include/newversion.h.in include/version.h.in sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h fi + Index: stable/3/crypto/kerberosIV/configure.in =================================================================== --- stable/3/crypto/kerberosIV/configure.in (revision 62577) +++ stable/3/crypto/kerberosIV/configure.in (revision 62578) @@ -1,970 +1,1285 @@ dnl dnl *** PLEASE NOTE *** dnl *** PLEASE NOTE *** dnl *** PLEASE NOTE *** dnl dnl Update $VERSION before making a new release dnl dnl Process this file with autoconf to produce a configure script. dnl -AC_REVISION($Revision: 1.285 $) +AC_REVISION($Revision: 1.432.2.2 $) AC_INIT(lib/krb/getrealm.c) AC_CONFIG_HEADER(include/config.h) dnl dnl definitions dnl PACKAGE=krb4 AC_SUBST(PACKAGE)dnl -VERSION=0.9.6 +VERSION=1.0 AC_SUBST(VERSION)dnl +AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])dnl +AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])dnl + # This may be overridden using --prefix=/usr to configure AC_PREFIX_DEFAULT(/usr/athena) AC_CANONICAL_HOST +CANONICAL_HOST=$host +AC_SUBST(CANONICAL_HOST) + +dnl OS specific defines + +sunos=no +case "$host" in +*-*-sunos4*) + sunos=40 + ;; +*-*-solaris2.7) + sunos=57 + ;; +*-*-solaris2*) + sunos=50 + ;; +esac +if test "$sunos" != no; then + AC_DEFINE_UNQUOTED(SunOS, $sunos, + [Define to what version of SunOS you are running.]) +fi + AC_PROG_MAKE_SET AC_ARG_PROGRAM # We want these before the checks, so the checks can modify their values. test -z "$LDFLAGS" && LDFLAGS=-g dnl dnl check for programs dnl AC_KRB_PROG_LN_S AC_PROG_CC AC_PROG_CPP AC_ISC_POSIX AC_KRB_PROG_YACC AC_PROG_LEX AC_PROG_RANLIB AC_PROG_INSTALL +AC_PROG_AWK AC_CHECK_PROG(MAKEINFO, makeinfo, makeinfo, :) +dnl Use make Wall or make WFLAGS=".." +WFLAGS="" +WFLAGS_NOUNUSED="" +WFLAGS_NOIMPLICITINT="" +AC_SUBST(WFLAGS) dnl +AC_SUBST(WFLAGS_NOUNUSED) dnl +AC_SUBST(WFLAGS_NOIMPLICITINT) dnl + dnl dnl check for build options dnl -AC_TEST_PACKAGE(socks,socks.h,libsocks5.a,-lsocks5) -CFLAGS="$SOCKSINCLUDE $CFLAGS" -LIBS="$SOCKSLIB $LIBS" +AC_TEST_PACKAGE_NEW(socks,[#include ],-lsocks5) +CFLAGS="$INCLUDE_socks $CFLAGS" +LIBS="$LIB_socks $LIBS" -dnl Check if we want to use shared libraries -AC_ARG_WITH(shared, -[ --with-shared create shared libraries for Kerberos]) +AC_ARG_ENABLE(legacy-kdestroy, +[ --enable-legacy-kdestroy kdestroy doesn't destroy tokens by default],[ +if test "$enableval" = "yes"; then + AC_DEFINE(LEGACY_KDESTROY,1, [Define to enable old kdestroy behavior.]) +fi +]) +AC_ARG_ENABLE(match-subdomains, +[ --enable-match-subdomains match realm in subdomains], +[if test "$enableval" = "yes"; then + AC_DEFINE(MATCH_SUBDOMAINS,1, [Define if you want to match subdomains.]) +fi +]) + +AC_ARG_WITH(ld-flags, +[ --with-ld-flags=flags what flags use when linking]) + AC_ARG_WITH(cracklib, [ --with-cracklib=dir use the cracklib.a in dir], ) AC_ARG_WITH(dictpath, [ --with-dictpath=path use this dictionary with cracklib] ) (test -z "$with_cracklib" && test -n "$with_dictpath") || (test -n "$with_cracklib" && test -z "$with_dictpath") && AC_MSG_ERROR(--with-cracklib requires --with-dictpath and vice versa) test -n "$with_cracklib" && CRACKLIB="-L$with_cracklib -lcrack" && AC_MSG_RESULT(Using cracklib in $with_cracklib) AC_SUBST(CRACKLIB)dnl test -n "$with_dictpath" && AC_MSG_RESULT(Using dictpath=$with_dictpath) && -AC_DEFINE_UNQUOTED(DICTPATH,"$with_dictpath") +AC_DEFINE_UNQUOTED(DICTPATH,"$with_dictpath", [Define this to be the directory where the + dictionary for cracklib resides.]) AC_ARG_WITH(mailspool, [ --with-mailspool=dir this is the mail spool directory] ) test -n "$with_mailspool" && -AC_DEFINE_UNQUOTED(KRB4_MAILDIR, "$with_mailspool") +AC_DEFINE_UNQUOTED(KRB4_MAILDIR, "$with_mailspool", [Define this to the path of the mail spool directory.]) +AC_ARG_WITH(db-dir, +[ --with-db-dir=dir this is the database directory (default /var/kerberos)]) + +test -n "$with_db_dir" && +AC_DEFINE_UNQUOTED(DB_DIR, "$with_db_dir", [Define this to the kerberos database directory.]) + AC_ARG_ENABLE(random-mkey, [ --enable-random-mkey use new code for master keys],[ if test "$enableval" = "yes"; then - AC_DEFINE(RANDOM_MKEY,1) + AC_DEFINE(RANDOM_MKEY,1, [Define to enable new master key code.]) fi ]) AC_ARG_WITH(mkey, [ --with-mkey=file where to put the master key],[ if test -n "$withval"; then - AC_DEFINE_UNQUOTED(MKEYFILE,"$withval") + AC_DEFINE_UNQUOTED(MKEYFILE,"$withval", [Define this to the location of the master key.]) fi ]) +otp=yes +AC_ARG_ENABLE(otp, +[ --disable-otp if you don't want OTP support], +[ +if test "$enableval" = "no"; then + otp=no +fi +]) + +if test "$otp" = "yes"; then + AC_DEFINE(OTP) + LIB_otp='-L$(top_builddir)/lib/otp -lotp' + OTP_dir=otp + LIB_SUBDIRS="$LIB_SUBDIRS otp" +fi +AC_SUBST(LIB_otp) +AC_SUBST(OTP_dir) + +AC_CHECK_OSFC2 + +mmap=yes +AC_ARG_ENABLE(mmap, +[ --disable-mmap disable use of mmap], +[ +if test "$enableval" = "no"; then + mmap=no +fi +]) +if test "$mmap" = "no"; then + AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.]) +fi + +aix_dynamic_afs=yes +AC_ARG_ENABLE(dynamic-afs, +[ --disable-dynamic-afs don't use loaded AFS library with AIX],[ +if test "$enableval" = "no"; then + aix_dynamic_afs=no +fi +]) + berkeley_db=db AC_ARG_WITH(berkeley-db, [ --without-berkeley-db if you don't want berkeley db],[ if test "$withval" = no; then berkeley_db="" fi ]) afs_support=yes AC_ARG_WITH(afs-support, [ --without-afs-support if you don't want support for afs],[ if test "$withval" = no; then - AC_DEFINE(NO_AFS) + AC_DEFINE(NO_AFS, 1, [Define if you don't wan't support for AFS.]) afs_support=no fi ]) des_quad=guess AC_ARG_WITH(des-quad-checksum, [ --with-des-quad-checksum=kind default checksum to use (new, old, or guess)],[ des_quad="$withval" ]) if test "$des_quad" = "new"; then - AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_NEW) + ac_x=DES_QUAD_NEW elif test "$des_quad" = "old"; then - AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_OLD) + ac_x=DES_QUAD_OLD else - AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_GUESS) + ac_x=DES_QUAD_GUESS fi +AC_DEFINE_UNQUOTED(DES_QUAD_DEFAULT,$ac_x, + [Set this to the type of des-quad-cheksum to use.]) -AC_TEST_PACKAGE(readline,readline.h,libreadline.a,-lreadline) +AC_ARG_WITH(afsws, +[ --with-afsws=dir use AFS includes and libraries from dir=/usr/afsws], +AFSWS=$withval, +AFSWS=/usr/afsws +) +test "$AFSWS" = "yes" && AFSWS=/usr/afsws +AC_SUBST(AFSWS) -dnl -dnl Shared library stuff has to be different everywhere -dnl +AC_ARG_ENABLE(rxkad, +[ --enable-rxkad build rxkad library],,[ +test -f $AFSWS/include/rx/rx.h && enable_rxkad=yes +]) -AC_SUBST(CFLAGS)dnl -AC_SUBST(LDFLAGS)dnl - -case ${with_shared} in - yes ) with_shared=yes;; - no ) with_shared=no;; - * ) with_shared=no;; -esac - -# NOTE: Building shared libraries may not work if you do not use gcc! -# -# OS $SHLIBEXT -# HP-UX sl -# Linux so -# NetBSD so -# FreeBSD so -# OSF so -# SunOS5 so -# SunOS4 so.0.5 -# Irix so -# -# LIBEXT is the extension we should build (.a or $SHLIBEXT) -REAL_PICFLAGS="-fpic" -LDSHARED='$(CC) $(PICFLAGS) -shared' -LIBPREFIX=lib -REAL_SHLIBEXT=so -changequote({,})dnl -SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'` -changequote([,])dnl -case "${host}" in -*-*-hpux*) - REAL_SHLIBEXT=sl - REAL_LD_FLAGS='-Wl,+b$(libdir)' - if test -z "$GCC"; then - LDSHARED="ld -b" - REAL_PICFLAGS="+z" +if test "$afs_support" = yes -a "$enable_rxkad" = yes; then + LIB_SUBDIRS="$LIB_SUBDIRS rxkad" fi - ;; -*-*-linux*) - REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' - ;; -*-*-*bsd*) - REAL_SHLIBEXT=so.$SHLIB_VERSION - LDSHARED='ld -Bshareable' - REAL_LD_FLAGS='-Wl,-R$(libdir)' - ;; -*-*-osf*) - REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' - REAL_PICFLAGS= - LDSHARED='ld -shared -expect_unresolved \*' - ;; -*-*-solaris2*) - REAL_LD_FLAGS='-Wl,-R$(libdir)' - if test -z "$GCC"; then - LDSHARED='$(CC) -G' - REAL_PICFLAGS="-Kpic" - fi - ;; -*-*-sunos*) - REAL_SHLIBEXT=so.$SHLIB_VERSION - REAL_LD_FLAGS='-Wl,-L$(libdir)' - ;; -*-*-irix*) - REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' - REAL_PICFLAGS= - ;; -*-*-os2_emx*) - LD_FLAGS='-Zexe' - LIBPREFIX= - EXECSUFFIX='.exe' - RANLIB=EMXOMF - REAL_SHLIBEXT=nobuild - ;; -*-*-cygwin32*) - EXECSUFFIX='.exe' - REAL_SHLIBEXT=nobuild - ;; -*) REAL_SHLIBEXT=nobuild - REAL_PICFLAGS= - ;; -esac +AC_SUBST(LIB_SUBDIRS) -if test "${with_shared}" != "yes" ; then - PICFLAGS="" - SHLIBEXT="nobuild" - LIBEXT="a" -else - PICFLAGS="$REAL_PICFLAGS" - SHLIBEXT="$REAL_SHLIBEXT" - LIBEXT="$SHLIBEXT" - LD_FLAGS="$REAL_LD_FLAGS" +AC_ARG_ENABLE(cat-manpages, +[ --disable-cat-manpages don't install any preformatted manpages], +[ +if test "$enableval" = "no"; then + disable_cat_manpages=yes fi +]) -AC_SUBST(REAL_PICFLAGS) dnl -AC_SUBST(REAL_SHLIBEXT) dnl -AC_SUBST(REAL_LD_FLAGS) dnl +AC_SUBST(disable_cat_manpages)dnl -AC_SUBST(PICFLAGS) dnl -AC_SUBST(SHLIBEXT) dnl -AC_SUBST(LDSHARED) dnl -AC_SUBST(LD_FLAGS) dnl -AC_SUBST(LIBEXT) dnl -AC_SUBST(LIBPREFIX) dnl -AC_SUBST(EXECSUFFIX) dnl +AC_TEST_PACKAGE_NEW(readline,[ +#include +#include +],-lreadline) -dnl -dnl Check if we need to use weak-stuff -dnl +AC_MIPS_ABI -AC_HAVE_PRAGMA_WEAK +AC_TEST_PACKAGE_NEW(hesiod,[#include ],-lhesiod) +AC_SHARED_LIBS + dnl dnl Check for endian-ness, this breaks cross compilation dnl AC_C_BIGENDIAN dnl dnl Check for constness dnl AC_C_CONST dnl +dnl Check for inline keyword +dnl +AC_C_INLINE + +dnl +dnl Check for __attribute__ +dnl +AC_C___ATTRIBUTE__ + +dnl dnl Check for strange operating systems that you need to handle differently dnl AC_KRB_SYS_NEXTSTEP AC_KRB_SYS_AIX if test "$krb_cv_sys_aix" = yes ;then - AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o' - AC_SUBST(AFS_EXTRA_OBJS) + if test "$aix_dynamic_afs" = yes; then + AFS_EXTRA_OBJS= AFS_EXTRA_LIBS=afslib.so - AC_SUBST(AFS_EXTRA_LIBS) + # this works differently in AIX <=3 and 4 + if test `uname -v` = 4 ; then + AFS_EXTRA_LD="-bnoentry" + else + AFS_EXTRA_LD="-e _nostart" + fi + AFS_EXTRA_DEFS= + AC_FIND_FUNC_NO_LIBS(dlopen, dl) + if test "$ac_cv_funclib_dlopen" = yes; then + AIX_EXTRA_KAFS= + elif test "$ac_cv_funclib_dlopen" != no; then + AIX_EXTRA_KAFS="$ac_cv_funclib_dlopen" + else + AFS_EXTRA_OBJS="$AFS_EXTRA_OBJS dlfcn.o" + AIX_EXTRA_KAFS=-lld fi + else + AFS_EXTRA_OBJS='$(srcdir)/afsl.exp afslib.o' + AFS_EXTRA_LIBS= + AFS_EXTRA_DEFS='-DSTATIC_AFS_SYSCALLS' + AIX_EXTRA_KAFS= + fi + AC_SUBST(AFS_EXTRA_OBJS)dnl + AC_SUBST(AFS_EXTRA_LIBS)dnl + AC_SUBST(AFS_EXTRA_LD)dnl + AC_SUBST(AFS_EXTRA_DEFS)dnl + AC_SUBST(AIX_EXTRA_KAFS)dnl +fi # # AIX needs /lib/pse.exp for getmsg, but alas that file is broken in # AIX414 # +case "${host}" in +*-*-aix4.1*) if test -f /lib/pse.exp ;then - LIBS="$LIBS -Wl,-bI:/lib/pse.exp" + LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp" fi +;; +esac dnl dnl Various checks for headers and their contents dnl AC_HEADER_STDC -AC_CHECK_HEADERS(arpa/ftp.h arpa/inet.h arpa/nameser.h) -AC_CHECK_HEADERS(arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h) -AC_CHECK_HEADERS(crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h) -AC_CHECK_HEADERS(lastlog.h login.h maillock.h ndbm.h net/if.h) -AC_CHECK_HEADERS(net/if_tun.h net/if_var.h netdb.h netinet/in.h) -AC_CHECK_HEADERS(netinet/in6_machtypes.h netinet/in_systm.h) -AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h) -AC_CHECK_HEADERS(resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h) -AC_CHECK_HEADERS(shadow.h siad.h signal.h stropts.h sys/bitypes.h) -AC_CHECK_HEADERS(sys/category.h sys/cdefs.h sys/file.h sys/filio.h) -AC_CHECK_HEADERS(sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h) -AC_CHECK_HEADERS(sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h) -AC_CHECK_HEADERS(sys/resource.h sys/select.h sys/socket.h) -AC_CHECK_HEADERS(sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h) -AC_CHECK_HEADERS(sys/stropts.h sys/strtty.h sys/syscall.h) -AC_CHECK_HEADERS(sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h) -AC_CHECK_HEADERS(sys/times.h sys/tty.h sys/types.h sys/uio.h) -AC_CHECK_HEADERS(sys/un.h sys/utsname.h sys/wait.h syslog.h) -AC_CHECK_HEADERS(termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h) -AC_CHECK_HEADERS(unistd.h userpw.h usersec.h util.h utime.h utmp.h) -AC_CHECK_HEADERS(utmpx.h wait.h winsock.h) +AC_CHECK_HEADERS([arpa/ftp.h \ + arpa/inet.h \ + arpa/nameser.h \ + arpa/telnet.h \ + bsd/bsd.h \ + bsdsetjmp.h \ + capability.h \ + crypt.h \ + curses.h \ + db.h \ + dbm.h \ + dirent.h \ + err.h \ + errno.h \ + fcntl.h \ + fnmatch.h \ + grp.h \ + inttypes.h \ + io.h \ + lastlog.h \ + libutil.h \ + limits.h \ + login.h \ + maillock.h \ + ndbm.h \ + net/if.h \ + net/if_tun.h \ + net/if_var.h \ + netdb.h \ + netinet/in.h \ + netinet/in6_machtypes.h \ + netinet/in_systm.h \ + paths.h \ + pty.h \ + pwd.h \ + resolv.h \ + rpcsvc/dbm.h \ + rpcsvc/ypclnt.h \ + sac.h \ + security/pam_modules.h \ + shadow.h \ + siad.h \ + signal.h \ + stropts.h \ + sys/bitypes.h \ + sys/category.h \ + sys/file.h \ + sys/filio.h \ + sys/ioccom.h \ + sys/ioctl.h \ + sys/locking.h \ + sys/mman.h \ + sys/param.h \ + sys/proc.h \ + sys/pty.h \ + sys/ptyio.h \ + sys/ptyvar.h \ + sys/resource.h \ + sys/select.h \ + sys/socket.h \ + sys/sockio.h \ + sys/stat.h \ + sys/str_tty.h \ + sys/stream.h \ + sys/stropts.h \ + sys/strtty.h \ + sys/syscall.h \ + sys/sysctl.h \ + sys/termio.h \ + sys/time.h \ + sys/timeb.h \ + sys/times.h \ + sys/tty.h \ + sys/types.h \ + sys/uio.h \ + sys/un.h \ + sys/utsname.h \ + sys/wait.h \ + syslog.h \ + term.h \ + termcap.h \ + termio.h \ + termios.h \ + tmpdir.h \ + ttyent.h \ + udb.h \ + ulimit.h \ + unistd.h \ + userpw.h \ + usersec.h \ + util.h \ + utime.h \ + utmp.h \ + utmpx.h \ + wait.h]) AC_HEADER_TIME AC_DECL_SYS_SIGLIST -AC_SUBST(ac_cv_header_sys_cdefs_h)dnl -AC_SUBST(ac_cv_header_err_h)dnl +CHECK_NETINET_IP_AND_TCP + +EXTRA_LOCL_HEADERS= +EXTRA_HEADERS= +if test "$ac_cv_header_err_h" != yes; then + EXTRA_HEADERS="$EXTRA_HEADERS err.h" +fi +if test "$ac_cv_header_fnmatch_h" != yes; then + EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS fnmatch.h" +fi +AC_SUBST(EXTRA_HEADERS) +AC_SUBST(EXTRA_LOCL_HEADERS) + AC_GROK_TYPES(int8_t int16_t int32_t int64_t) AC_GROK_TYPES(u_int8_t u_int16_t u_int32_t u_int64_t) +AC_MSG_CHECKING(for strange sys/bitypes.h) +AC_CACHE_VAL(krb_cv_int8_t_ifdef, [ +AC_TRY_COMPILE([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif +], +int8_t x; +, +krb_cv_int8_t_ifdef=no, +krb_cv_int8_t_ifdef=yes)]) +AC_MSG_RESULT($krb_cv_int8_t_ifdef) +if test "$krb_cv_int8_t_ifdef" = "yes"; then + AC_DEFINE(HAVE_STRANGE_INT8_T, 1, [Huh?])dnl +fi + dnl dnl Various checks for libraries and their contents dnl +AC_FIND_FUNC_NO_LIBS(crypt, crypt)dnl + dnl dnl System V is have misplaced the socket routines, should really be in libc dnl AC_FIND_FUNC(socket, socket, [#ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif], [0,0,0]) AC_FIND_FUNC(gethostbyname, nsl, [#ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif], "foo") dnl dnl Horror AIX needs -lodm -lcfg to link login dnl AC_FIND_FUNC(odm_initialize, odm) AC_FIND_FUNC(getattr, cfg) AC_FIND_FUNC(setpcred, s) AC_FIND_FUNC(logwtmp, util) AC_FIND_FUNC(logout, util) -AC_FIND_FUNC_NO_LIBS(tgetent, termcap) +AC_FIND_FUNC_NO_LIBS(tgetent, termcap ncurses curses) dnl dnl See if there is any X11 present dnl -AC_PATH_XTRA +KRB_CHECK_X if test "$no_x" = "yes" ; then MAKE_X_PROGS_BIN="" MAKE_X_PROGS_LIBEXEC="" else MAKE_X_PROGS_BIN='$(X_PROGS_BIN)' MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)' fi AC_SUBST(MAKE_X_PROGS_BIN)dnl AC_SUBST(MAKE_X_PROGS_LIBEXEC)dnl -save_CFLAGS="$CFLAGS" -CFLAGS="$X_CFLAGS $CFLAGS" -save_LIBS="$LIBS" -dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS" -LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS" -save_LDFLAGS="$LDFLAGS" -LDFLAGS="$LDFLAGS $X_LIBS" +AC_CHECK_XAU -AC_FIND_FUNC_NO_LIBS(XauReadAuth, Xau X11) -ac_xxx="$LIBS" -LIBS="$LIB_XauReadAuth $LIBS" -AC_CHECK_FUNCS(XauWriteAuth) -if test "$ac_cv_func_XauWriteAuth" != "yes"; then - XauWriteAuth_c=writeauth.c - XauWriteAuth_o=writeauth.o -fi -AC_SUBST(XauWriteAuth_c)dnl -AC_SUBST(XauWriteAuth_o)dnl -LIBS="$ac_xxx" - -CFLAGS=$save_CFLAGS -LIBS=$save_LIBS -LDFLAGS=$save_LDFLAGS - dnl dnl Look for berkeley db, gdbm, and ndbm in that order. dnl -save_LIBS="$LIBS" -AC_FIND_FUNC_NO_LIBS(dbopen, $berkeley_db) -LIBS="$LIB_dbopen $LIBS" -AC_FIND_FUNC_NO_LIBS(dbm_firstkey, $berkeley_db gdbm ndbm) -if test -n "$LIB_dbopen"; then - LIB_DBM="$LIB_dbopen" -else - LIB_DBM="$LIB_dbm_firstkey" -fi -AC_SUBST(LIB_DBM)dnl -LIBS="$save_LIBS" +KRB_FIND_DB("" $berkeley_db gdbm ndbm) AC_FIND_FUNC(syslog, syslog) -AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working, -ac_cv_func_snprintf_working=yes -AC_TRY_RUN([ -#include -#include -int main() -{ -changequote(`,')dnl - char foo[3]; -changequote([,])dnl - snprintf(foo, 2, "12"); - return strcmp(foo, "1"); -}],:,ac_cv_func_snprintf_working=no,:)) -: << END -@@@funcs="$funcs snprintf"@@@ -END -if test "$ac_cv_func_snprintf_working" = yes; then - foo=HAVE_SNPRINTF - AC_DEFINE_UNQUOTED($foo) +AC_BROKEN_SNPRINTF +AC_BROKEN_GLOB + +if test "$ac_cv_func_glob_working" != yes; then + EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS glob.h" + LIBOBJS="$LIBOBJS glob.o" fi -AC_CHECK_FUNCS(asnprintf asprintf vasprintf vasnprintf vsnprintf) +AC_CHECK_FUNCS([ \ + _getpty \ + _scrsize \ + _setsid \ + _stricmp \ + asnprintf \ + asprintf \ + atexit \ + cgetent \ + chroot \ + fattach \ + fchmod \ + fcntl \ + forkpty \ + frevoke \ + getpriority \ + getrlimit \ + getservbyname \ + getspnam \ + gettimeofday \ + gettosbyname \ + getuid \ + grantpt \ + mktime \ + on_exit \ + parsetos \ + ptsname \ + rand \ + random \ + revoke \ + setitimer \ + setpgid \ + setpriority \ + setproctitle \ + setregid \ + setresgid \ + setresuid \ + setreuid \ + setsid \ + setutent \ + sigaction \ + sysconf \ + sysctl \ + ttyname \ + ttyslot \ + ulimit \ + uname \ + unlockpt \ + vasnprintf \ + vasprintf \ + vhangup \ + vsnprintf \ + yp_get_default_domain \ + ]) +KRB_CAPABILITIES -AC_CHECK_FUNCS(_getpty _scrsize _setsid _stricmp fchmod fcntl flock) -AC_CHECK_FUNCS(forkpty frevoke gethostname getlogin getpriority getservbyname) -AC_CHECK_FUNCS(getspnam getspuid gettimeofday getuid grantpt) -AC_CHECK_FUNCS(innetgr iruserok mktime ptsname rand random) -AC_CHECK_FUNCS(revoke setitimer setlogin setpgid setpriority) -AC_CHECK_FUNCS(setproctitle setregid setresgid setresuid setreuid setsid) -AC_CHECK_FUNCS(setutent swab ttyname ttyslot ulimit uname) -AC_CHECK_FUNCS(unlockpt vhangup yp_get_default_domain) -AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r) -if test "$ac_cv_func_getpwnam_r" = yes; then - AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix, - ac_libs="$LIBS" - LIBS="$LIBS $LIB_getpwnam_r" - AC_TRY_RUN([ -#include -int main() -{ - struct passwd pw, *pwd; - return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; -} -],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:) -LIBS="$ac_libs") -if test "$ac_cv_func_getpwnam_r_posix" = yes; then - AC_DEFINE(POSIX_GETPWNAM_R) -fi -fi +AC_CHECK_GETPWNAM_R_POSIX AC_FIND_FUNC_NO_LIBS(getsockopt, , [#ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif], [0,0,0,0,0]) AC_FIND_FUNC_NO_LIBS(setsockopt, , [#ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif], [0,0,0,0,0]) dnl Cray stuff AC_CHECK_FUNCS(getudbnam setlim) AC_FIND_FUNC(res_search, resolv, [ #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_ARPA_NAMESER_H #include #endif #ifdef HAVE_RESOLV_H #include #endif ], [0,0,0,0,0]) AC_FIND_FUNC(dn_expand, resolv, [ #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_ARPA_NAMESER_H #include #endif #ifdef HAVE_RESOLV_H #include #endif ], [0,0,0,0,0]) +AC_SUBST(LIB_res_search)dnl +AC_SUBST(LIB_dn_expand)dnl AC_FUNC_MMAP AC_FUNC_ALLOCA -# -# Test for POSIX (broken) getlogin -# +AC_FUNC_GETLOGIN -if test "$ac_cv_func_getlogin" = yes; then -AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [ -if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then - ac_cv_func_getlogin_posix=no -else - ac_cv_func_getlogin_posix=yes -fi -]) -if test "$ac_cv_func_getlogin_posix" = yes; then - AC_DEFINE(POSIX_GETLOGIN, 1) -fi -fi - AC_FIND_IF_NOT_BROKEN(hstrerror, resolv, [#ifdef HAVE_NETDB_H #include #endif], 17) +if test "$ac_cv_func_hstrerror" = yes; then +AC_NEED_PROTO([ +#ifdef HAVE_NETDB_H +#include +#endif], +hstrerror) +fi -AC_BROKEN(chown daemon err errx fchown getcwd getdtablesize getopt) -AC_BROKEN(getusershell inet_aton initgroups lstat memmove mkstemp) -AC_BROKEN(putenv rcmd setegid setenv seteuid strcasecmp strdup) -AC_BROKEN(strerror strftime strlwr strnlen strtok_r strupr unsetenv) -AC_BROKEN(verr verrx vwarn vwarnx warn warnx) +AC_BROKEN(chown copyhostent daemon err errx fchown flock fnmatch freehostent) +AC_BROKEN(getcwd getdtablesize gethostname getipnodebyaddr getipnodebyname) +AC_BROKEN(geteuid getgid getegid) +AC_BROKEN(getopt getusershell) +AC_BROKEN(inet_aton inet_ntop inet_pton initgroups innetgr iruserok lstat) +AC_BROKEN(memmove) +AC_BROKEN(mkstemp putenv rcmd readv recvmsg sendmsg setegid setenv seteuid) +AC_BROKEN(strcasecmp strncasecmp strdup strerror strftime) +AC_BROKEN(strlcat strlcpy strlwr) +AC_BROKEN(strndup strnlen strptime strsep strtok_r strupr) +AC_BROKEN(swab unsetenv verr verrx vsyslog) +AC_BROKEN(vwarn vwarnx warn warnx writev) +if test "$ac_cv_func_gethostname" = "yes"; then +AC_NEED_PROTO([ +#include ], +gethostname) +fi + +if test "$ac_cv_func_mkstemp" = "yes"; then +AC_NEED_PROTO([ +#include ], +mkstemp) +fi + +if test "$ac_cv_func_inet_aton" = "yes"; then +AC_NEED_PROTO([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif], +inet_aton) +fi + +AC_CACHE_CHECK(if realloc is broken, ac_cv_func_realloc_broken, [ +ac_cv_func_realloc_broken=no +AC_TRY_RUN([ +#include +#include + +int main() +{ + return realloc(NULL, 17) == NULL; +} +],:, ac_cv_func_realloc_broken=yes, :) +]) +if test "$ac_cv_func_realloc_broken" = yes ; then + AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL, X) doesn't work.]) +fi + AC_KRB_FUNC_GETCWD_BROKEN dnl dnl Figure what authentication modules should be built dnl AC_MSG_CHECKING(which authentication modules should be built) LIB_AUTH_SUBDIRS= if test "$ac_cv_header_siad_h" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" fi -if test "$ac_cv_header_security_pam_modules_h" = yes; then +if test "$ac_cv_header_security_pam_modules_h" = yes -a "$enable_shared" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" fi case "${host}" in changequote(,)dnl *-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; changequote([,])dnl esac AC_MSG_RESULT($LIB_AUTH_SUBDIRS) AC_SUBST(LIB_AUTH_SUBDIRS)dnl dnl dnl Figure out if we have tunnels dnl AC_MSG_CHECKING(for tunnel devices) APPL_KIP_DIR= if test "$ac_cv_header_net_if_tun_h" = "yes"; then APPL_KIP_DIR=kip fi AC_MSG_RESULT($ac_cv_header_net_if_tun_h) AC_SUBST(APPL_KIP_DIR)dnl dnl dnl Checks for prototypes and declarations dnl +AC_PROTO_COMPAT([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +], +gethostbyname, struct hostent *gethostbyname(const char *)) + +AC_PROTO_COMPAT([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +], +gethostbyaddr, struct hostent *gethostbyaddr(const void *, size_t, int)) + +AC_PROTO_COMPAT([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +], +getservbyname, struct servent *getservbyname(const char *, const char *)) + +AC_PROTO_COMPAT([ +#ifdef HAVE_SYSLOG_H +#include +#endif +], +openlog, void openlog(const char *, int, int)) + AC_NEED_PROTO([ #ifdef HAVE_CRYPT_H #include #endif #ifdef HAVE_UNISTD_H #include #endif ], crypt) AC_NEED_PROTO([ +#include +], +fclose) + +AC_NEED_PROTO([ #include ], strtok_r) +AC_NEED_PROTO([ +#include +], +strsep) + +AC_NEED_PROTO([ +#include +], +getusershell) + +AC_NEED_PROTO([ +#ifdef HAVE_UTIME_H +#include +#endif +], +utime) + AC_CHECK_VAR([#ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_NETDB_H #include #endif], h_errno) AC_CHECK_VAR([#ifdef HAVE_NETDB_H #include #endif], h_errlist) AC_CHECK_VAR([#ifdef HAVE_NETDB_H #include #endif], h_nerr) AC_CHECK_VAR([#ifdef HAVE_ERR_H #include #endif],[__progname]) -AC_CHECK_DECLARATION([#include ], optarg) -AC_CHECK_DECLARATION([#include ], optind) -AC_CHECK_DECLARATION([#include ], opterr) -AC_CHECK_DECLARATION([#include ], optopt) +AC_CHECK_DECLARATION([#include +#ifdef HAVE_UNISTD_H +#include +#endif], optarg) +AC_CHECK_DECLARATION([#include +#ifdef HAVE_UNISTD_H +#include +#endif], optind) +AC_CHECK_DECLARATION([#include +#ifdef HAVE_UNISTD_H +#include +#endif], opterr) +AC_CHECK_DECLARATION([#include +#ifdef HAVE_UNISTD_H +#include +#endif], optopt) +AC_CHECK_DECLARATION([#include ], environ) + dnl dnl According to ANSI you are explicitly allowed to cast to void, dnl but the standard fails to say what should happen. Some compilers dnl think this is illegal: dnl dnl void foo(void) dnl { dnl return (void)0; dnl } dnl dnl Thus explicitly test for void dnl AC_TYPE_SIGNAL if test "$ac_cv_type_signal" = "void" ; then - AC_DEFINE(VOID_RETSIGTYPE, 1) + AC_DEFINE(VOID_RETSIGTYPE, 1, [Define if RETSIGTYPE == void.]) fi dnl dnl Check for fields in struct utmp dnl -AC_EGREP_HEADER(ut_user, utmp.h, AC_DEFINE(HAVE_UT_USER)) -AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UT_HOST)) -AC_EGREP_HEADER(ut_addr, utmp.h, AC_DEFINE(HAVE_UT_ADDR)) -AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UT_TYPE)) -AC_EGREP_HEADER(ut_pid, utmp.h, AC_DEFINE(HAVE_UT_PID)) -AC_EGREP_HEADER(ut_id, utmp.h, AC_DEFINE(HAVE_UT_ID)) -AC_EGREP_HEADER(ut_syslen, utmpx.h, AC_DEFINE(HAVE_UT_SYSLEN)) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_addr, +[#include + #include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_host, +[#include + #include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_id, +[#include + #include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_pid, +[#include + #include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_type, +[#include + #include ]) +AC_HAVE_STRUCT_FIELD(struct utmp, ut_user, +[#include + #include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_exit, +[#include + #include ]) +AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen, +[#include + #include ]) + +dnl +dnl Check for fields in struct tm +dnl + +AC_HAVE_STRUCT_FIELD(struct tm, tm_gmtoff, [#include ]) +AC_HAVE_STRUCT_FIELD(struct tm, tm_zone, [#include ]) + +dnl +dnl or do we have a variable `timezone' ? +dnl + +AC_CHECK_VAR( +[#include ], +timezone) + +AC_HAVE_TYPE([sa_family_t],[#include ]) + +AC_HAVE_TYPE([struct sockaddr_storage], [#include ]) + +AC_KRB_STRUCT_SPWD + AC_STRUCT_ST_BLKSIZE dnl dnl Check for struct winsize dnl AC_KRB_STRUCT_WINSIZE dnl dnl Check for some common types dnl AC_TYPE_PID_T AC_TYPE_UID_T AC_TYPE_OFF_T AC_TYPE_SIZE_T +AC_CHECK_TYPE_EXTRA(ssize_t, int, [ +#ifdef HAVE_UNISTD_H +#include +#endif]) + dnl -dnl Check for sa_len in sys/socket.h +dnl Check for broken ultrix sys/socket.h dnl -AC_MSG_CHECKING(for sa_len in struct sockaddr) -AC_CACHE_VAL(krb_cv_struct_sockaddr_sa_len, [ +AC_MSG_CHECKING(for broken sys/socket.h) +AC_CACHE_VAL(krb_cv_header_sys_socket_h_broken, [ AC_TRY_COMPILE( [#include -#include ], -[struct sockaddr sa; -int foo = sa.sa_len;], -krb_cv_struct_sockaddr_sa_len=yes, -krb_cv_struct_sockaddr_sa_len=no) -]) -AC_MSG_RESULT($krb_cv_struct_sockaddr_sa_len) -if test "$krb_cv_struct_sockaddr_sa_len" = yes; then - AC_DEFINE(SOCKADDR_HAS_SA_LEN) +#include +#include ],[], +krb_cv_header_sys_socket_h_broken=no, +krb_cv_header_sys_socket_h_broken=yes)]) +AC_MSG_RESULT($krb_cv_header_sys_socket_h_broken) +AC_SUBST(krb_cv_header_sys_socket_h_broken) + +dnl +dnl Check for broken ultrix netdb.h +dnl + +AC_MSG_CHECKING(for broken netdb.h) +AC_CACHE_VAL(krb_cv_header_netdb_h_broken, [ +AC_TRY_COMPILE( +[#include +#include +#include ],[], +krb_cv_header_netdb_h_broken=no, +krb_cv_header_netdb_h_broken=yes)]) +AC_MSG_RESULT($krb_cv_header_netdb_h_broken) +AC_SUBST(krb_cv_header_netdb_h_broken) +if test "$krb_cv_header_netdb_h_broken" = "yes"; then + EXTRA_HEADERS="$EXTRA_HEADERS netdb.h" fi dnl +dnl Check for sa_len in sys/socket.h +dnl + +AC_HAVE_STRUCT_FIELD(struct sockaddr, sa_len, [#include +#include ]) + +dnl dnl Check for ouid in sys/siad.h dnl if test "$ac_cv_header_siad_h" = yes; then -AC_MSG_CHECKING(for ouid in struct siaentity) -AC_CACHE_VAL(krb_cv_struct_siaentity_ouid, [ -AC_TRY_COMPILE( -[#include -], -[SIAENTITY e; -int foo = e.ouid;], -krb_cv_struct_siaentity_ouid=yes, -krb_cv_struct_siaentity_ouid=no) -]) -AC_MSG_RESULT($krb_cv_struct_siaentity_ouid) -if test "$krb_cv_struct_siaentity_ouid" = yes; then - AC_DEFINE(SIAENTITY_HAS_OUID) +AC_HAVE_STRUCT_FIELD(SIAENTITY, ouid, [#include ]) fi -fi dnl dnl you can link with getmsg on AIX 3.2 but you cannot run the program dnl +AC_CHECK_FUNCS(getmsg) + +if test "$ac_cf_func_getmsg" = "yes"; then + AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg, AC_TRY_RUN( [ #include int main() { getmsg(open("/dev/null", 0), NULL, NULL, NULL); return 0; } ], ac_cv_func_getmsg=yes, ac_cv_func_getmsg=no, ac_cv_func_getmsg=no)) test "$ac_cv_func_getmsg" = "yes" && -AC_DEFINE(HAVE_GETMSG) +AC_DEFINE(HAVE_GETMSG, 1, [Define if you have a working getmsg.]) -dnl -dnl Test if we are using berkeley db -dnl +fi -save_LIBS="$LIBS" -LIBS="$LIB_DBM $LIBS" -AC_CACHE_CHECK(for berkeley db, krb_cv_lib_berkeleydb, -AC_TRY_RUN( -[ -#include -#include -#include -int main() -{ - DBM *d; - - d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); - if(d == NULL) - return 1; - dbm_close(d); - return access("conftest.db", F_OK) != 0; -}], krb_cv_lib_berkeleydb=yes, krb_cv_lib_berkeleydb=no, -krb_cv_lib_berkeleydb=no)) -test "$krb_cv_lib_berkeleydb" = "yes" && -AC_DEFINE(HAVE_NEW_DB) -LIBS="$save_LIBS" - dnl dnl Tests for editline dnl -AC_FIND_FUNC_NO_LIBS(el_init, edit) -AC_FIND_FUNC_NO_LIBS(readline, readline) +dnl el_init -if test "$with_readline"; then - AC_DEFINE(HAVE_READLINE, 1) - editline_OBJS= - LIB_readline="$READLINELIB "'$(LIB_tgetent)' - INCLUDE_readline="$READLINEINCLUDE" -elif test "$ac_cv_func_el_init" = yes; then - AC_DEFINE(HAVE_READLINE, 1) +AC_FIND_FUNC_NO_LIBS(el_init, edit, [], [], [$LIB_tgetent]) +if test "$ac_cv_func_el_init" = yes ; then + AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[ + AC_TRY_COMPILE([#include + #include ], + [el_init("", NULL, NULL, NULL);], + ac_cv_func_el_init_four=yes, + ac_cv_func_el_init_four=no)]) + if test "$ac_cv_func_el_init_four" = yes; then + AC_DEFINE(HAVE_FOUR_VALUED_EL_INIT, 1, [Define if el_init takes four arguments.]) + fi +fi - editline_OBJS=edit_compat.o - LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)' +dnl readline - INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +save_LIBS="$LIBS" +LIBS="$LIB_tgetent $LIBS" +AC_FIND_FUNC_NO_LIBS(readline, edit readline) +LIBS="$save_LIBS" +el_yes="# " +if test "$with_readline" -a "$with_readline" != "no"; then + : elif test "$ac_cv_func_readline" = yes; then - AC_DEFINE(HAVE_READLINE, 1) - editline_OBJS= - LIB_readline='-lreadline $(LIB_tgetent)' INCLUDE_readline= +elif test "$ac_cv_func_el_init" = yes; then + el_yes= + LIB_readline="-L\$(top_builddir)/lib/editline -lel_compat $LIB_el_init" + INCLUDE_readline='-I$(top_srcdir)/lib/editline' else - AC_DEFINE(HAVE_READLINE, 1) - editline_OBJS="editline.o complete.o sysunix.o" - LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)' - INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' + LIB_readline='-L$(top_builddir)/lib/editline -leditline' + INCLUDE_readline='-I$(top_srcdir)/lib/editline' fi +LIB_readline="$LIB_readline \$(LIB_tgetent)" +AC_DEFINE(HAVE_READLINE, 1, [Define if you have a readline function.])dnl XXX AC_SUBST(LIB_readline) AC_SUBST(INCLUDE_readline) -AC_SUBST(editline_OBJS) +AC_SUBST(el_yes) dnl telnet muck -------------------------------------------------- AC_DEFINE(AUTHENTICATION)dnl AC_DEFINE(KRB4)dnl AC_DEFINE(ENCRYPTION)dnl AC_DEFINE(DES_ENCRYPTION)dnl AC_DEFINE(DIAGNOSTICS)dnl AC_DEFINE(OLD_ENVIRON)dnl # Simple test for streamspty, based on the existance of getmsg(), alas # this breaks on SunOS4 which have streams but BSD-like ptys # # And also something wierd has happend with dec-osf1, fallback to bsd-ptys AC_MSG_CHECKING(for streamspty) case "`uname -sr`" in SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*) krb_cv_sys_streamspty=no ;; AIX*) os_rel=`uname -v`.`uname -r` if expr "$os_rel" : "3*" >/dev/null 2>&1; then krb_cv_sys_streamspty=no else krb_cv_sys_streamspty="$ac_cv_func_getmsg" fi ;; *) krb_cv_sys_streamspty="$ac_cv_func_getmsg" ;; esac if test "$krb_cv_sys_streamspty" = yes; then - AC_DEFINE(STREAMSPTY) + AC_DEFINE(STREAMSPTY, 1, [Define if you have working stream ptys.]) fi dnl AC_SUBST(STREAMSPTY) AC_MSG_RESULT($krb_cv_sys_streamspty) AC_MSG_CHECKING([if /bin/ls takes -A]) if /bin/ls -A > /dev/null 2>&1 ;then - AC_DEFINE(HAVE_LS_A) + AC_DEFINE(HAVE_LS_A, 1, [Define if /bin/ls has a \`-A' flag.]) krb_ls_a=yes else krb_ls_a=no fi AC_MSG_RESULT($krb_ls_a) dnl ------------------------------------------------------------ AC_CACHE_CHECK(for suffix of preformatted manual pages, krb_cv_sys_cat_suffix, if grep _version /etc/man.conf > /dev/null 2>&1; then krb_cv_sys_cat_suffix=0 else krb_cv_sys_cat_suffix=number fi) if test "$krb_cv_sys_cat_suffix" = number; then CATSUFFIX='$$s' else CATSUFFIX=0 fi AC_SUBST(CATSUFFIX) dnl ------------------------------------------------------------ -KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs' -if test "$krb_cv_sys_aix" = yes; then - KRB_KAFS_LIB="$KRB_KAFS_LIB -lld" -fi +KRB_KAFS_LIB="-L\$(top_builddir)/lib/kafs -lkafs $AIX_EXTRA_KAFS" AC_SUBST(KRB_KAFS_LIB)dnl dnl ------------------------------------------------------------ dnl This is done by AC_OUTPUT but we need the result here. test "x$prefix" = xNONE && prefix=$ac_default_prefix test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' for i in bin lib libexec sbin; do i=${i}dir foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'` x="\$${i}" eval y="$x" while test "x$y" != "x$x"; do x="$y" eval y="$x" done AC_DEFINE_UNQUOTED($foo,"$x") done dnl dnl We are all set to emit the Makefiles and config.h dnl AC_OUTPUT( \ Makefile \ include/Makefile \ include/sys/Makefile \ \ -util/Makefile \ -util/et/Makefile \ - \ man/Makefile \ \ lib/Makefile \ +lib/com_err/Makefile \ lib/des/Makefile \ lib/krb/Makefile \ lib/kdb/Makefile \ lib/kadm/Makefile \ lib/acl/Makefile \ lib/kafs/Makefile \ lib/roken/Makefile \ lib/otp/Makefile \ lib/sl/Makefile \ lib/editline/Makefile \ +lib/rxkad/Makefile \ lib/auth/Makefile \ lib/auth/pam/Makefile \ lib/auth/sia/Makefile \ lib/auth/afskauthlib/Makefile \ \ kuser/Makefile \ server/Makefile \ slave/Makefile \ admin/Makefile \ kadmin/Makefile \ \ appl/Makefile \ \ appl/afsutil/Makefile \ appl/ftp/Makefile \ appl/ftp/common/Makefile \ appl/ftp/ftp/Makefile \ appl/ftp/ftpd/Makefile \ appl/telnet/Makefile \ appl/telnet/libtelnet/Makefile \ appl/telnet/telnet/Makefile \ appl/telnet/telnetd/Makefile \ appl/bsd/Makefile \ appl/kauth/Makefile \ -appl/kpopper/Makefile \ +appl/popper/Makefile \ appl/movemail/Makefile \ +appl/push/Makefile \ appl/sample/Makefile \ appl/xnlock/Makefile \ appl/kx/Makefile \ appl/kip/Makefile \ appl/otp/Makefile \ doc/Makefile \ +etc/inetd.conf.changes \ ) dnl end of AC_OUTPUT -dnl -dnl This is the release version name-number[beta] -dnl Update before making a new release -dnl -KRB4VERSION="$PACKAGE-$VERSION" - -cat > include/newversion.h.in </dev/null | sed 1q` - Date=`date` - mv -f include/newversion.h.in include/version.h.in - sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h -fi +AC_KRB_VERSION Index: stable/3/crypto/kerberosIV/doc/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/doc/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/doc/Makefile.in (revision 62578) @@ -1,65 +1,78 @@ -# $Id: Makefile.in,v 1.10 1997/05/06 03:05:55 joda Exp $ +# $Id: Makefile.in,v 1.19 1999/09/28 12:35:11 assar Exp $ SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ INSTALL = @INSTALL@ -INSTALL_DATA = $(INSTALL) +INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs MAKEINFO = @MAKEINFO@ TEXI2DVI = texi2dvi TEXI2HTML = texi2html prefix = @prefix@ infodir = @infodir@ +TEXI_SOURCES = ack.texi \ + index.texi \ + install.texi \ + intro.texi \ + kth-krb.texi \ + otp.texi \ + problems.texi \ + setup.texi \ + whatis.texi + all: info install: all installdirs if test -f kth-krb.info; then \ - $(INSTALL_DATA) kth-krb.info $(infodir)/kth-krb.info; \ + $(INSTALL_DATA) kth-krb.info $(DESTDIR)$(infodir)/kth-krb.info; \ else \ - $(INSTALL_DATA) $(srcdir)/kth-krb.info $(infodir)/kth-krb.info; \ + $(INSTALL_DATA) $(srcdir)/kth-krb.info $(DESTDIR)$(infodir)/kth-krb.info; \ fi - if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then \ - install-info --dir-file=$(infodir)/dir $(infodir)/kth-krb.info; \ + if test -f $(DESTDIR)$(infodir)/dir ; then :; else \ + $(INSTALL_DATA) $(srcdir)/dir $(DESTDIR)$(infodir)/dir; \ + fi + -if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then \ + install-info --dir-file=$(DESTDIR)$(infodir)/dir $(DESTDIR)$(infodir)/kth-krb.info; \ else \ true; \ fi uninstall: - rm -f $(infodir)/kth-krb.info + rm -f $(DESTDIR)$(infodir)/kth-krb.info installdirs: - $(MKINSTALLDIRS) $(infodir) + $(MKINSTALLDIRS) $(DESTDIR)$(infodir) info: kth-krb.info -kth-krb.info: kth-krb.texi - $(MAKEINFO) -I$(srcdir) -o $@ $(srcdir)/kth-krb.texi +kth-krb.info: $(TEXI_SOURCES) + $(MAKEINFO) --no-split -I$(srcdir) -o $@ $(srcdir)/kth-krb.texi dvi: kth-krb.dvi -kth-krb.dvi: kth-krb.texi +kth-krb.dvi: $(TEXI_SOURCES) $(TEXI2DVI) $(srcdir)/kth-krb.texi html: kth-krb.html -kth-krb.html: kth-krb.texi +kth-krb.html: $(TEXI_SOURCES) $(TEXI2HTML) $(srcdir)/kth-krb.texi clean: rm -f *.aux *.cp *.cps *.dvi *.fn *.ky *.log *.pg *.toc *.tp *.vr distclean: clean mostlyclean: clean maintainer-clean: clean - rm -f kth-krb.info + rm -f *.info* check: -.PHONY: install all installdirs uninstall info dvi html clean check distclean mostlyclean maintainer-clean +.PHONY: all install uninstall installdirs info dvi html clean distclean mostlyclean maintainer-clean check Index: stable/3/crypto/kerberosIV/doc/ack.texi =================================================================== --- stable/3/crypto/kerberosIV/doc/ack.texi (revision 62577) +++ stable/3/crypto/kerberosIV/doc/ack.texi (revision 62578) @@ -1,80 +1,106 @@ @node Acknowledgments, Index, Resolving frequent problems, Top @comment node-name, next, previous, up @appendix Acknowledgments People from the MIT Athena project wrote the original code that this is based on. @w{Kerberos 4} @w{patch-level 9} was stripped of both the encryption functions and the calls to them. This was exported from the US as the ``Bones'' release. Eric Young put back the calls and hooked in his libdes, thereby creating the ``eBones'' release. @cindex Bones @cindex eBones The ``rcmd'' programs where initially developed at the University of California at Berkeley and then hacked on by the FreeBSD and NetBSD projects. Berkeley also wrote @code{ftp}, @code{ftpd}, @code{telnet}, and @code{telnetd}. The authentication and encryption code of @code{telnet} and @code{telnetd} was added by David Borman (then of Cray Research, Inc). The encryption code was removed when this was exported and then added back by Juha Eskelinen, @code{}. The @code{popper} was also a Berkeley program initially. The @code{login} has the same origins but has received code written by Wietse Venema at Eindhoven University of Technology, The Netherlands. @code{movemail} was (at least partially) written by Jonathan Kamens, @code{}, and is Copyright @copyright{} 1986, 1991, 1992, 1993, 1994 Free Software Foundation, Inc. @code{xnlock} was originally written by Dan Heller in 1985 for sunview. The X version was written by him in 1990. Some of the functions in @file{libroken} also come from Berkeley by the way of NetBSD/FreeBSD. The code to handle the dynamic loading of the AFS module for AIX is copyright @copyright{} 1992 HELIOS Software GmbH 30159 Hannover, Germany. @code{editline} was written by Simmule Turner and Rich Salz. Bugfixes and code has been contributed by: @table @asis @item Derrick J Brashear @code{} @item Anders Gertz @code{} @item Dejan Ilic @code{} @item Kent Engström @code{} @item Simon Josefsson @code{} @item Robert Malmgren @code{} @item Fredrik Ljungberg -@code{} +@code{} +@item Joakim Fallsjö +@code{jfa@@pobox.se} @item Lars Malinowsky @code{} @item Fabien Coelho @code{} +@item Chris Chiappa +@code{} +@item Gregory S. Stark +@code{} +@item Love Hörnquist-Åstrand +@code{} +@item Daniel Staaf +@code{} +@item Magnus Ahltorp +@code{} +@item Robert Burgess +@code{} +@item Lars Arvestad +@code{} +@item Jörgen Wahlsten +@code{} +@item Daniel Staaf +@code{} +@item R Lindsay Todd +@code{} +@item Åke Sandgren +@code{} +@item Thomas Nyström +@code{} @item and we hope that those not mentioned here will forgive us. @end table Ian Marsh @code{} removed the worst abuses of the English language from this text. Ilja Hallberg @code{} is still promising to help us finish the documentation. This work was supported in part by SUNET and the Centre for Parallel Computers at KTH. The port to Windows 95/NT was supported by the Computer Council at KTH and done by Jörgen Karlsson @code{}. All the bugs were introduced by ourselves. Index: stable/3/crypto/kerberosIV/doc/install.texi =================================================================== --- stable/3/crypto/kerberosIV/doc/install.texi (revision 62577) +++ stable/3/crypto/kerberosIV/doc/install.texi (revision 62578) @@ -1,368 +1,496 @@ @node Installing programs, How to set up a realm, What is Kerberos?, Top @chapter Installing programs You have a choise to either build the distribution from source code or to install binaries, if they are available for your machine. @c XXX We recommend building from sources, but using pre-compiled binaries might be easier. If there are no binaries available for your machine or you want to do some specific configuration, you will have to compile from source. @menu * Installing from source:: * Installing a binary distribution:: * Finishing the installation:: +* .klogin:: * Authentication modules:: @end menu @node Installing from source, Installing a binary distribution, Installing programs, Installing programs @comment node-name, next, previous, up @section Installing from source To build this software un-tar the distribution and run the @code{configure} script. To compile successfully, you will need an ANSI C compiler, such as @code{gcc}. Other compilers might also work, but setting the ``ANSI compliance'' too high, might break in parts of the code, not to mention the standard include files. To build in a separate build tree, run @code{configure} in the directory where the tree should reside. You will need a Make that understands VPATH correctly. GNU Make works fine. After building everything (which will take anywhere from a few minutes to a long time), you can install everything in @file{/usr/athena} with @kbd{make install} (running as root). It is possible to install in some other place, but it isn't recommended. To do this you will have to run @code{configure} with @samp{--prefix=/my/path}. If you need to change the default behavior, configure understands the following options: @table @asis -@item @kbd{--with-shared} +@item @kbd{--enable-shared} Create shared versions of the Kerberos libraries. Not really recommended and might not work on all systems. +@item @kbd{--with-ld-flags=}@var{flags} +This allows you to specify which extra flags to pass to @code{ld}. Since +this @emph{overrides} any choices made by configure, you should only use +this if you know what you are doing. + @item @kbd{--with-cracklib=}@var{dir} Use cracklib for password quality control in @pindex kadmind @code{kadmind}. This option requires @cindex cracklib cracklib with the patch from -@code{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}. +@url{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}. @item @kbd{--with-dictpath=}@var{dictpath} This is the dictionary that cracklib should use. @item @kbd{--with-socks=}@var{dir} @cindex firewall @cindex socks If you have to traverse a firewall and it uses the SocksV5 protocol (@cite{RFC 1928}), you can build with socks-support. Point @var{dir} to the directory where you have socks5 installed. For more information -about socks see @kbd{http://www.socks.nec.com/}. +about socks see @url{http://www.socks.nec.com/}. @item @kbd{--with-readline=}@var{dir} @cindex readline To enable history/line editing in @code{ftp} and @code{kadmin}, any present version of readline will be used. If you have readline -installed but in a place where configure does not managed to find it, +installed but in a place where configure does not manage to find it, you can use this option. The code also looks for @code{libedit}. If there is no library at all, the bundled version of @code{editline} will be used. @item @kbd{--with-mailspool=}@var{dir} The configuration process tries to determine where your machine stores its incoming mail. This is typically @file{/usr/spool/mail} or @file{/var/mail}. If it does not work or you store your mail in some unusual directory, this option can be used to specify where the mail spool directory is located. This directory is only accessed by @pindex popper @code{popper}, and the mail check in @pindex login @code{login}. +@item @kbd{--with-hesiod=}@var{dir} +@cindex Hesiod +Enable the Hesiod support in +@pindex push +@code{push}. With this option, it will try +to use the hesiod library to locate the mail post-office for the user. + @c @item @kbd{--enable-random-mkey} @c Do not use this option unless you think you know what you are doing. @item @kbd{--with-mkey=}@var{file} Put the master key here, the default is @file{/.k}. +@item @kbd{--with-db-dir=}@var{dir} +Where the kerberos database should be stored. The default is +@file{/var/kerberos}. + @item @kbd{--without-berkeley-db} If you have @cindex Berkeley DB Berkeley DB installed, it is preferred over @c XXX dbm. If you already are running Kerberos this option might be useful, since there currently isn't an easy way to convert a dbm database to a db one (you have to dump the old database and then load it with the new binaries). + +@item @kbd{--without-afs-support} +Do not include AFS support. + +@item @kbd{--with-afsws=}@var{dir} +Where your AFS client installation resides. The default is +@file{/usr/afsws}. + +@item @kbd{--enable-rxkad} +Build the rxkad library. Normally automatically included if there is AFS. + +@item @kbd{--disable-dynamic-afs} +The AFS support in AIX consists of a shared library that is loaded at +runtime. This option disables this, and links with static system +calls. Doing this will make the built binaries crash on a machine that +doesn't have AFS in the kernel (for instance if the AFS module fails to +load at boot). + +@item @kbd{--with-mips-api=}@var{api} +This option enables creation of different types of binaries on Irix. +The allowed values are @kbd{32}, @kbd{n32}, and @kbd{64}. + +@item @kbd{--enable-legacy-kdestroy} +This compile-time option creates a @code{kdestroy} that does not destroy +any AFS tokens. + +@item @kbd{--disable-otp} +Do not build the OTP (@pxref{One-Time Passwords}) library and programs, +and do not include OTP support in the application programs. + +@item @kbd{--enable-match-subdomains} +Normally, the host @samp{host.domain} will be considered to be part of +the realm @samp{DOMAIN}. With this option will also enable hosts of the +form @samp{host.sub.domain}, @samp{host.sub1.sub2.domain}, and so on to +be considered part of the realm @samp{DOMAIN}. + +@item @kbd{--enable-osfc2} +Enable the use of enhanced C2 security on OSF/1. @xref{Digital SIA}. + +@item @kbd{--disable-mmap} +Do not use the mmap system call. Normally, configure detects if there +is a working mmap and it is only used if there is one. Only try this +option if it fails to work anyhow. + +@item @kbd{--disable-cat-manpages} +Do not install preformatted man pages. + +@c --with-des-quad-checksum + @end table @node Installing a binary distribution, Finishing the installation, Installing from source, Installing programs @comment node-name, next, previous, up @section Installing a binary distribution The binary distribution is supposed to be installed in @file{/usr/athena}, installing in some other place may work but is not recommended. A symlink from @file{/usr/athena} to the install directory should be fine. -@node Finishing the installation, Authentication modules, Installing a binary distribution, Installing programs +@node Finishing the installation, .klogin, Installing a binary distribution, Installing programs @section Finishing the installation @pindex su The only program that needs to be installed setuid to root is @code{su}. If @pindex rlogin @pindex rsh @code{rlogin} and @code{rsh} are setuid to root they will fall back to non-kerberised protocols if the kerberised ones fail for some reason. The old protocols use reserved ports as security, and therefore the programs have to be setuid to root. If you don't need this functionality consider turning off the setuid bit. @pindex login @code{login} does not have to be setuid, as it is always run by root (users should use @code{su} rather than @code{login}). It will print a helpful message when not setuid to root and run by a user. The programs intended to be run by users are located in @file{/usr/athena/bin}. Inform your users to include @file{/usr/athena/bin} in their paths, or copy or symlink the binaries to some good place. The programs that you will want to use are: @code{kauth}/@code{kinit}, @pindex kauth @pindex kinit @code{klist}, @code{kdestroy}, @code{kpasswd}, @code{ftp}, @pindex klist @pindex kdestroy @pindex kpasswd @pindex ftp @code{telnet}, @code{rcp}, @code{rsh}, @code{rlogin}, @code{su}, @pindex telnet @pindex rcp @pindex rsh @pindex rlogin @pindex su @pindex xnlock @pindex afslog @pindex pagsh @pindex rxtelnet @pindex tenletxr @pindex rxterm @code{rxtelnet}, @code{tenletxr}, @code{rxterm}, and @code{xnlock}. If you are using AFS, @code{afslog} and @code{pagsh} might also be useful. Administrators will want to use @code{kadmin} and @code{ksrvutil}, which are located in @file{/usr/athena/sbin}. @pindex kadmin @pindex ksrvutil @code{telnetd} and @code{rlogind} assume that @code{login} is located in @file{/usr/athena/bin} (or whatever path you used as @samp{--prefix}). If for some reason you want to move @code{login}, you will have to specify the new location with the @samp{-L} switch when configuring @pindex telnetd telnetd and @pindex rlogind rlogind in @file{inetd.conf}. It should be possible to replace the system's default @code{login} with the kerberised @code{login}. However some systems assume that login performs some serious amount of magic that our login might not do (although we've tried to do our best). So before replacing it on every machine, try and see what happens. Another thing to try is to use one of the -authentication modules (@xref{Authentication modules}) supplied. +authentication modules (@pxref{Authentication modules}) supplied. The @code{login} program that we use was in an earlier life the standard login program from NetBSD. In order to use it with a lot of weird systems, it has been ``enhanced'' with features from many other logins (Solaris, SunOS, IRIX, AIX, and others). Some of these features are actually useful and you might want to use them even on other systems. @table @file @item /etc/fbtab @pindex fbtab @itemx /etc/logindevperm @pindex logindevperm Allows you to chown some devices when a user logs in on a certain terminal. Commonly used to change the ownership of @file{/dev/mouse}, @file{/dev/kbd}, and other devices when someone logs in on @file{/dev/console}. @file{/etc/fbtab} is the SunOS file name and it is tried first. If there is no such file then the Solaris file name @file{/etc/logindevperm} is tried. @item /etc/environment @pindex environment This file specifies what environment variables should be set when a user logs in. (AIX-style) @item /etc/default/login @pindex default/login Almost the same as @file{/etc/environment}, but the System V style. @item /etc/login.access @pindex login.access Can be used to control who is allowed to login from where and on what ttys. (From Wietse Venema) @end table @menu +* .klogin:: * Authentication modules:: @end menu -@node Authentication modules, , Finishing the installation, Installing programs +@node .klogin, Authentication modules, Finishing the installation, Installing programs @comment node-name, next, previous, up + +Each user can have an authorization file @file{~@var{user}/.klogin} +@pindex .klogin +that +determines what principals can login as that user. It is similar to the +@file{~user/.rhosts} except that it does not use IP and privileged-port +based authentication. If this file does not exist, the user herself +@samp{user@@LOCALREALM} will be allowed to login. Supplementary local +realms (@pxref{Install the configuration files}) also apply here. If the +file exists, it should contain the additional principals that are to +be allowed to login as the local user @var{user}. + +This file is consulted by most of the daemons (@code{rlogind}, +@code{rshd}, @code{ftpd}, @code{telnetd}, @code{popper}, @code{kauthd}, and +@code{kxd}) +@pindex rlogind +@pindex rshd +@pindex ftpd +@pindex telnetd +@pindex popper +@pindex kauthd +@pindex kxd +to determine if the +principal requesting a service is allowed to receive it. It is also +used by +@pindex su +@code{su}, which is a good way of keeping an access control list (ACL) +on who is allowed to become root. Assuming that @file{~root/.klogin} +contains: + +@example +nisse.root@@FOO.SE +lisa.root@@FOO.SE +@end example + +both nisse and lisa will be able to su to root by entering the password +of their root instance. If that fails or if the user is not listed in +@file{~root/.klogin}, @code{su} falls back to the normal policy of who +is permitted to su. Also note that that nisse and lisa can login +with e.g. @code{telnet} as root provided that they have tickets for +their root instance. + +@node Authentication modules, , .klogin, Installing programs +@comment node-name, next, previous, up @section Authentication modules The problem of having different authentication mechanisms has been recognised by several vendors, and several solutions has appeared. In most cases these solutions involve some kind of shared modules that are loaded at run-time. Modules for some of these systems can be found in -@file{lib/auth}. Presently there are modules for Digital's SIA, Linux' -PAM (might also work on Solaris, when PAM gets supported), and IRIX' -@code{login} and @code{xdm} (in @file{lib/auth/afskauthlib}). +@file{lib/auth}. Presently there are modules for Digital's SIA, +Solaris' and Linux' PAM, and IRIX' @code{login} and @code{xdm} (in +@file{lib/auth/afskauthlib}). @menu * Digital SIA:: * IRIX:: * PAM:: @end menu @node Digital SIA, IRIX, Authentication modules, Authentication modules @subsection Digital SIA To install the SIA module you will have to do the following: @itemize @bullet @item Make sure @file{libsia_krb4.so} is available in @file{/usr/athena/lib}. If @file{/usr/athena} is not on local disk, you might want to put it in @file{/usr/shlib} or someplace else. If you do, you'll have to edit @file{krb4_matrix.conf} to reflect the new location (you will also have to do this if you installed in some other directory -than @file{/usr/athena}). +than @file{/usr/athena}). If you built with shared libraries, you will +have to copy the shared @file{libkrb.so}, @file{libdes.so}, +@file{libkadm.so}, and @file{libkafs.so} to a place where the loader can +find them (such as @file{/usr/shlib}). @item Copy (your possibly edited) @file{krb4_matrix.conf} to @file{/etc/sia}. @item Apply @file{security.patch} to @file{/sbin/init.d/security}. @item Turn on KRB4 security by issuing @kbd{rcmgr set SECURITY KRB4} and @kbd{rcmgr set KRB4_MATRIX_CONF krb4_matrix.conf}. @item Digital thinks you should reboot your machine, but that really shouldn't be necessary. It's usually sufficient just to run -@kbd{/sbin/init.d/security start}. +@kbd{/sbin/init.d/security start} (and restart any applications that use +SIA, like @code{xdm}.) @end itemize Users with local passwords (like @samp{root}) should be able to login safely. When using Digital's xdm the @samp{KRBTKFILE} environment variable isn't passed along as it should (since xdm zaps the environment). Instead you have to set @samp{KRBTKFILE} to the correct value in @file{/usr/lib/X11/xdm/Xsession}. Add a line similar to @example KRBTKFILE=/tmp/tkt`id -u`_`ps -o ppid= -p $$`; export KRBTKFILE @end example +If you use CDE, @code{dtlogin} allows you to specify which additional +environment variables it should export. To add @samp{KRBTKFILE} to this +list, edit @file{/usr/dt/config/Xconfig}, and look for the definition of +@samp{exportList}. You want to add something like: +@example +Dtlogin.exportList: KRBTKFILE +@end example -There is currently no support for changing passwords. Use @file{kpasswd} -instead. - @subsubheading Notes to users with Enhanced security Digital's @samp{ENHANCED} (C2) security, and Kerberos solves two different problems. C2 deals with local security, adds better control of who can do what, auditing, and similar things. Kerberos deals with network security. To make C2 security work with Kerberos you will have to do the following. @itemize @bullet @item Replace all occurencies of @file{krb4_matrix.conf} with @file{krb4+c2_matrix.conf} in the directions above. @item You must enable ``vouching'' in the @samp{default} database. This will make the OSFC2 module trust other SIA modules, so you can login without giving your C2 password. To do this use @samp{edauth} to edit the default entry @kbd{/usr/tcb/bin/edauth -dd default}, and add a @samp{d_accept_alternate_vouching} capability, if not already present. @item For each user that does @emph{not} have a local C2 password, you should set the password expiration field to zero. You can do this for each -user, or in the @samp{default} table. To to this use @samp{edauth} to +user, or in the @samp{default} table. To do this use @samp{edauth} to set (or change) the @samp{u_exp} capability to @samp{u_exp#0}. @item -You should make sure that you use Digital's login rather than the one -distributed by us. The easiest way to do this is to replace -@file{/usr/athena/bin/login} with @file{/bin/login}. +You also need to be aware that the shipped @file{login}, @file{rcp}, and +@file{rshd}, doesn't do any particular C2 magic (such as checking to +various forms of disabled accounts), so if you rely on those features, +you shouldn't use those programs. If you configure with +@samp{--enable-osfc2}, these programs will, however, set the login +UID. Still: use at your own risk. @end itemize At present @samp{su} does not accept the vouching flag, so it will not work as expected. Also, kerberised ftp will not work with C2 passwords. You can solve this by using both Digital's ftpd and our on different ports. @strong{Remember}, if you do these changes you will get a system that most certainly does @emph{not} fulfill the requirements of a C2 system. If C2 is what you want, for instance if someone else is forcing you to use it, you're out of luck. If you use enhanced security because you want a system that is more secure than it would otherwise be, you probably got an even more secure system. Passwords will not be sent in the clear, for instance. @node IRIX, PAM, Digital SIA, Authentication modules @subsection IRIX The IRIX support is a module that is compatible with Transarc's @file{afskauthlib.so}. It should work with all programs that use this library, this should include @file{login} and @file{xdm}. The interface is not very documented but it seems that you have to copy @file{libkafs.so}, @file{libkrb.so}, and @file{libdes.so} to @file{/usr/lib}, or build your @file{afskauthlib.so} statically. The @file{afskauthlib.so} itself is able to reside in @file{/usr/vice/etc}, @file{/usr/afsws/lib}, or the current directory (wherever that is). +IRIX 6.4 and newer seems to have all programs (including @file{xdm} and +@file{login}) in the N32 object format, whereas in older versions they +were O32. For it to work, the @file{afskauthlib.so} library has to be in +the same object format as the program that tries to load it. This might +require that you have to configure and build for O32 in addition to the +default N32. + Appart from this it should ``just work'', there are no configuration files. @node PAM, , IRIX, Authentication modules @subsection PAM The PAM module was written more out of curiosity that anything else. It -has not been updated for quite a while, since none of us are using -Linux, and Solaris does not support PAM yet. We've had positive reports -from at least one person using the module, though. +has not been updated for quite a while, but it seems to mostly work on +both Linux and Solaris. To use this module you should: @itemize @bullet @item Make sure @file{pam_krb4.so} is available in @file{/usr/athena/lib}. You might actually want it on local disk, so @file{/lib/security} might be a better place if @file{/usr/athena} is not local. @item Look at @file{pam.conf.add} for examples of what to add to @file{/etc/pam.conf}. @end itemize There is currently no support for changing kerberos passwords. Use kpasswd instead. See also Derrick J Brashear's @code{} Kerberos PAM -module at @kbd{ftp://ftp.dementia.org/pub/pam}. It has a lot more +module at @* @url{ftp://ftp.dementia.org/pub/pam}. It has a lot more features, and it is also more in line with other PAM modules. Index: stable/3/crypto/kerberosIV/doc/intro.texi =================================================================== --- stable/3/crypto/kerberosIV/doc/intro.texi (revision 62577) +++ stable/3/crypto/kerberosIV/doc/intro.texi (revision 62578) @@ -1,69 +1,41 @@ @node Introduction, What is Kerberos?, Top, Top @comment node-name, next, previous, up @chapter Introduction This is an attempt at documenting the Kerberos 4 distribution from Kungliga Tekniska Högskolan (the Royal Institute of Technology in Stockholm, Sweden). This distribution is based on eBones, but has been improved in many ways. It is more portable, and several new features -have been added. It currently runs on the following systems: +have been added. It should run on any reasonably modern unix-like +system. -@itemize @bullet -@item -AIX 4.1, 4.2 -@item -BSD/OS 2.0, 2.1 -@item -Digital UNIX 3.2, 4.0 -@item -HP-UX 9, 10 -@item -IRIX 4.0, 5.2, 5.3, 6.1, 6.2, 6.3, 6.4 -@item -Linux 1.3, 2.0 -@item -NetBSD 1.2 -@item -FreeBSD 2.2 -@item -SunOS 4.1 -@item -SunOS 5.4/5.5 (aka Solaris 2.4/2.5) -@item -Ultrix 4.4 -@item -Cray UNICOS 9. -@item -Fujitsu UXP/V 4.1. -@end itemize +In addition, some part compile and work on: -Some part compile and work on: - @itemize @bullet @item OS/2 with EMX @item Windows 95/NT with gnu-win32 (with the proper amount of magic the libraries should compile with Microsoft C as well) @end itemize It should work on anything that is almost POSIX, has an ANSI C compiler, a dbm library (for the server side), and BSD Sockets. -A web-page is available at @kbd{http://www.pdc.kth.se/kth-krb/}. +A web-page is available at @url{http://www.pdc.kth.se/kth-krb/}. @heading Bug reports If you cannot build the programs or they do not behave as you think they should, please send us a bug report. The bug report should be sent to -@code{}. Please include information on what +@code{}. Please include information on what machine and operating system (including version) you are running, what you are trying to do, what happens, what you think should have happened, an example for us to repeat, the output you get when trying the example, and a patch for the problem if you have one. Please make any patches with @code{diff -u} or @code{diff -c}. The more detailed the bug report is, the easier it will be for us to reproduce, understand, and fix it. Suggestions, comments and other non bug reports are welcome. Send them -to @code{}. +to @code{}. Index: stable/3/crypto/kerberosIV/doc/kth-krb.texi =================================================================== --- stable/3/crypto/kerberosIV/doc/kth-krb.texi (revision 62577) +++ stable/3/crypto/kerberosIV/doc/kth-krb.texi (revision 62578) @@ -1,300 +1,302 @@ \input texinfo @c -*- texinfo -*- @c %**start of header -@c $Id: kth-krb.texi,v 1.71 1997/05/25 21:31:00 assar Exp $ +@c $Id: kth-krb.texi,v 1.80 1999/12/02 16:58:35 joda Exp $ @setfilename kth-krb.info @settitle KTH-KRB @iftex @afourpaper @end iftex @c some sensible characters, please? @tex \input latin1.tex @end tex @setchapternewpage on @syncodeindex pg cp @c %**end of header +@ifinfo @dircategory Kerberos @direntry * Kth-krb: (kth-krb). The Kerberos IV distribution from KTH @end direntry +@end ifinfo @c title page @titlepage @title KTH-KRB @subtitle Kerberos 4 from KTH -@subtitle Edition -1.0, for version 0.9.5 -@subtitle 1997 +@subtitle For release 0.10. +@subtitle 1999 @author Johan Danielsson @author Assar Westerlund -@author last updated $Date: 1997/05/25 21:31:00 $ +@author last updated $Date: 1999/12/02 16:58:35 $ @def@copynext{@vskip 20pt plus 1fil@penalty-1000} @def@copyrightstart{} @def@copyrightend{} @page @copyrightstart -Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan +Copyright (c) 1995-1999 Kungliga Tekniska Högskolan (Royal Institute of Technology, Stockholm, Sweden). All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by the Kungliga Tekniska - Högskolan and its contributors. - -4. Neither the name of the Institute nor the names of its contributors +3. Neither the name of the Institute nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. @copynext Copyright (C) 1995 Eric Young (eay@@mincom.oz.au) All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Eric Young (eay@@mincom.oz.au) THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. @copynext Copyright (c) 1983, 1990 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. @copynext Copyright (C) 1990 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. @copynext Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the names of M.I.T. and the M.I.T. S.I.P.B. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. and the M.I.T. S.I.P.B. make no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. @copynext Copyright 1992 Simmule Turner and Rich Salz. All rights reserved. This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California. Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it freely, subject to the following restrictions: 1. The authors are not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it. 2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read sources, credits must appear in the documentation. 3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few users ever read sources, credits must appear in the documentation. 4. This notice may not be removed or altered. @copyrightend @end titlepage @c Less filling! Tastes great! @iftex @parindent=0pt @global@parskip 6pt plus 1pt @global@chapheadingskip = 15pt plus 4pt minus 2pt @global@secheadingskip = 12pt plus 3pt minus 2pt @global@subsecheadingskip = 9pt plus 2pt minus 2pt @end iftex @ifinfo @paragraphindent 0 @end ifinfo @ifinfo @node Top, Introduction, (dir), (dir) @top KTH-krb @end ifinfo @menu * Introduction:: * What is Kerberos?:: * Installing programs:: * How to set up a realm:: * One-Time Passwords:: * Resolving frequent problems:: * Acknowledgments:: * Index:: +@detailmenu --- The Detailed Node Listing --- Installing programs * Installing from source:: * Installing a binary distribution:: * Finishing the installation:: * Authentication modules:: Finishing the installation * Authentication modules:: Authentication modules * Digital SIA:: * IRIX:: * PAM:: How to set up a realm * How to set up the kerberos server:: * Install the client programs:: * Install the kerberised services:: * Install a slave kerberos server:: * Cross-realm functionality :: How to set up the kerberos server * Choose a realm name:: * Choose a kerberos server:: * Install the configuration files:: * Install the /etc/services:: * Install the kerberos server:: * Set up the server:: * Add a few important principals:: * Start the server:: * Try to get tickets:: * Create initial ACL for the admin server:: * Start the admin server:: * Add users to the database:: * Automate the startup of the servers:: One-Time Passwords * What are one time passwords?:: * When to use one time passwords?:: * Configuring OTPs:: Resolving frequent problems * Problems compiling Kerberos:: +* Problems with firewalls:: * Common error messages:: +* Is Kerberos year 2000 safe?:: + +@end detailmenu @end menu @include intro.texi @include whatis.texi @include install.texi @include setup.texi @include otp.texi @include problems.texi @include ack.texi @include index.texi @c @shortcontents @contents @bye Index: stable/3/crypto/kerberosIV/doc/problems.texi =================================================================== --- stable/3/crypto/kerberosIV/doc/problems.texi (revision 62577) +++ stable/3/crypto/kerberosIV/doc/problems.texi (revision 62578) @@ -1,156 +1,342 @@ @node Resolving frequent problems, Acknowledgments, One-Time Passwords, Top @chapter Resolving frequent problems @menu * Problems compiling Kerberos:: +* Problems with firewalls:: * Common error messages:: +* Is Kerberos year 2000 safe?:: @end menu -@node Problems compiling Kerberos, Common error messages, Resolving frequent problems, Resolving frequent problems +@node Problems compiling Kerberos, Problems with firewalls, Resolving frequent problems, Resolving frequent problems @section Problems compiling Kerberos -Many compilers require a switch to become ANSI compliant. Since kth-krb +Many compilers require a switch to become ANSI compliant. Since krb4 is written in ANSI C it is necessary to specify the name of the compiler to be used and the required switch to make it ANSI compliant. This is most easily done when running configure using the @kbd{env} command. For instance to build under HP-UX using the native compiler do: @cartouche @example datan$ env CC="cc -Ae" ./configure @end example @end cartouche +@cindex GCC In general @kbd{gcc} works. The following combinations have also been verified to successfully compile the distribution: @table @asis @item @samp{HP-UX} @kbd{cc -Ae} @item @samp{Digital UNIX} @kbd{cc -std1} @item @samp{AIX} @kbd{xlc} @item @samp{Solaris 2.x} @kbd{cc} (unbundled one) @item @samp{IRIX} @kbd{cc} @end table @subheading Linux problems +The libc functions gethostby*() under RedHat4.2 can sometimes cause +core dumps. If you experience these problems make sure that the file +@file{/etc/nsswitch.conf} contains a hosts entry no more complex than +the line + +@cartouche +hosts: files dns +@end cartouche + Some systems have lost @file{/usr/include/ndbm.h} which is necessary to -build kth-krb correctly. There is a @file{ndbm.h.Linux} right next to +build krb4 correctly. There is a @file{ndbm.h.Linux} right next to the source distribution. +@cindex Linux There has been reports of non-working @file{libdb} on some Linux distributions. If that happens, use the @kbd{--without-berkeley-db} when configuring. +@subheading SunOS 5 (aka Solaris 2) problems + +@cindex SunOS 5 + +When building shared libraries and using some combinations of GNU gcc/ld +you better set the environment variable RUN_PATH to /usr/athena/lib +(your target libdir). If you don't, then you will have to set +LD_LIBRARY_PATH during runtime and the PAM module will not work. + @subheading HP-UX problems +@cindex HP-UX The shared library @file{/usr/lib/libndbm.sl} doesn't exist on all systems. To make problems even worse, there is never an archive version for static linking either. Therefore, when building ``truly portable'' binaries first install GNU gdbm or Berkeley DB, and make sure that you are linking against that library. @subheading Cray problems @kbd{rlogind} won't work on Crays until @code{forkpty()} has been ported, in the mean time use @kbd{telnetd}. +@subheading IRIX problems + +@cindex IRIX + +IRIX has three different ABI:s (Application Binary Interface), there's +an old 32 bit interface (known as O32, or just 32), a new 32 bit +interface (N32), and a 64 bit interface (64). O32 and N32 are both 32 +bits, but they have different calling conventions, and alignment +constraints, and similar. The N32 format is the default format from IRIX +6.4. + +You select ABI at compile time, and you can do this with the +@samp{--with-mips-abi} configure option. The valid arguments are +@samp{o32}, @samp{n32}, and @samp{64}, N32 is the default. Libraries for +the three different ABI:s are normally installed installed in different +directories (@samp{lib}, @samp{lib32}, and @samp{lib64}). If you want +more than one set of libraries you have to reconfigure and recompile for +each ABI, but you should probably install only N32 binaries. + +@cindex GCC +GCC had had some known problems with the different ABI:s. Old GCC could +only handle O32, newer GCC can handle N32, and 64, but not O32, but in +some versions of GCC the structure alignment was broken in N32. + +This confusion with different ABI:s can cause some trouble. For +instance, the @file{afskauthlib.so} library has to use the same ABI as +@file{xdm}, and @file{login}. The easiest way to check what ABI to use +is to run @samp{file} on @file{/usr/bin/X11/xdm}. + +@cindex AFS +Another problem that you might encounter if you run AFS is that Transarc +apparently doesn't support the 64-bit ABI, and because of this you can't +get tokens with a 64 bit application. If you really need to do this, +there is a kernel module that provides this functionality at +@url{ftp://ftp.pdc.kth.se/home/joda/irix-afs64.tar.gz}. + @subheading AIX problems -@kbd{gcc} version 2.7.2.1 has a bug which makes it miscompile +@cindex GCC +@kbd{gcc} version 2.7.2.* has a bug which makes it miscompile @file{appl/telnet/telnetd/sys_term.c} (and possibily @file{appl/bsd/forkpty.c}), if used with too much optimization. +Some versions of the @kbd{xlc} preprocessor doesn't recognise the +(undocumented) @samp{-qnolm} option. If this option is passed to the +preprocessor (like via the configuration file @file{/etc/ibmcxx.cfg}, +configure will fail. + +The solution is to remove this option from the configuration file, +either globally, or for just the preprocessor: + +@example +$ cp /etc/ibmcxx.cfg /tmp +$ed /tmp/ibmcxx.cfg +8328 +/nolm + options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm +s/,-qnolm//p + options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000 +w +8321 +q +$ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure +@end example + +There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the +kernel to panic in some cases. There is a hack for this in @kbd{login}, +but other programs could be affected also. This seems to be fixed in +version 5.55. + @subheading C2 problems @cindex C2 The programs that checks passwords works with @file{passwd}, OTP, and Kerberos paswords. This is problem if you use C2 security (or use some other password database), that normally keeps passwords in some obscure place. If you want to use Kerberos with C2 security you will have to think about what kind of changes are necessary. See also the discussion about Digital's SIA and C2 security, see @ref{Digital SIA}. -@node Common error messages, , Problems compiling Kerberos, Resolving frequent problems +@node Problems with firewalls, Common error messages, Problems compiling Kerberos, Resolving frequent problems +@section Problems with firewalls + +@cindex firewall +A firewall is a network device that filters out certain types of packets +going from one side of the firewall to the other. A firewall is supposed +to solve the same kinds of problems as Kerberos (basically hindering +unauthorised network use). The difference is that Kerberos tries to +authenticate users, while firewall splits the network in a `secure' +inside, and an `insecure' outside. + +Firewall people usually think that UDP is insecure, partly because many +`insecure' protocols use UDP. Since Kerberos by default uses UDP to send +and recieve packets, Kerberos and firewalls doesn't work very well +together. + +The symptoms of trying to use Kerberos behind a firewall is that you +can't get any tickets (@code{kinit} exits with the infamous @samp{Can't +send request} error message). + +There are a few ways to solve these problems: + +@itemize @bullet +@item +Convince your firewall administrator to open UDP port 750 or 88 for +incoming packets. This usually turns out to be difficult. +@item +Convince your firewall administrator to open TCP port 750 or 88 for +outgoing connections. This can be a lot easier, and might already be +enabled. +@item +Use TCP connections over some non-standard port. This requires that you +have to convince the administrator of the kerberos server to allow +connections on this port. +@item +@cindex HTTP +Use HTTP to get tickets. Since web-stuff has become almost infinitely +popular, many firewalls either has the HTTP port open, or has a HTTP +proxy. +@end itemize + +The last two methods might be considered to be offensive (since you are +not sending the `right' type of data in each port). You probably do best +in discussuing this with firewall administrator. + +For information on how to use other protocols when communication with +KDC, see @ref{Install the configuration files}. + +It is often the case that the firewall hides addresses on the `inside', +so it looks like all packets are coming from the firewall. Since address +of the client host is encoded in the ticket, this can cause trouble. If +you get errors like @samp{Incorrect network address}, when trying to use +the ticket, the problem is usually becuase the server you are trying to +talk to sees a different address than the KDC did. If you experience +this kind of trouble, the easiest way to solve them is probably to try +some other mechanism to fetch tickets. You might also be able to +convince the administrator of the server that the two different +addresses should be added to the @file{/etc/krb.equiv} file. + +@node Common error messages, Is Kerberos year 2000 safe?, Problems with firewalls, Resolving frequent problems @section Common error messages These are some of the more obscure error messages you might encounter: @table @asis @item @samp{Time is out of bounds} The time on your machine differs from the time on either the kerberos server or the machine you are trying to login to. If it isn't obvious that this is the case, remember that all times are compared in UTC. On unix systems you usually can find out what the local time is by doing @code{telnet machine daytime}. This time (again, usually is the keyword) is with correction for time-zone and daylight savings. If you have problem keeping your clocks synchronized, consider using a time keeping system such as NTP (see also the discussion in @ref{Install the client programs}). @item @samp{Ticket issue date too far in the future} The time on the kerberos server is more than five minutes ahead of the time on the server. @item @samp{Can't decode authenticator} This means that there is a mismatch between the service key in the kerberos server and the service key file on the specific machine. Either: @itemize @bullet @item the server couldn't find a service key matching the request @item the service key (or version number) does not match the key the packet was encrypted with @end itemize @item @samp{Incorrect network address} The address in the ticket does not match the address you sent the request from. This happens on systems with more than one network address, either physically or logically. You can list addresses which should be considered equal in @file{/etc/krb.equiv} on your servers. A note to programmers: a server should not pass @samp{*} as the instance to @samp{krb_rd_req}. It should try to figure out on which interface the request was received, for instance by using @samp{k_getsockinst}. If you change addresses on your computer you invalidate any tickets you might have. The easiest way to fix this is to get new tickets with the new address. @item @samp{Message integrity error} The packet is broken in some way: @itemize @bullet @item the lengths does not match the size of the packet, or @item the checksum does not match the contents of the packet @end itemize @item @samp{Can't send request} There is some problem contacting the kerberos server. Either the server is down, or it is using the wrong port (compare the entries for @samp{kerberos-iv} in @file{/etc/services}). The client might also have failed to guess what kerberos server to talk to (check @file{/etc/krb.conf} and @file{/etc/krb.realms}). +One reason you can't contact the kerberos server might be because you're +behind a firewall that doesn't allow kerberos packets to pass. For +possible solutions to this see the firewall section above. + +@item @samp{kerberos: socket: Unable to open socket...} + +The kerberos server has to open four sockets for each interface. If you +have a machine with lots of virtual interfaces, you run the risk of +running out of file descriptors. If that happens you will get this +error message. + +@item @samp{ftp: User foo access denied} + +This usually happens because the user's shell is not listed in +@file{/etc/shells}. Note that @kbd{ftpd} checks this file even on +systems where the system version does not and there is no +@file{/etc/shells}. + @item @samp{Generic kerberos error} This is a generic catch-all error message. @end table +@node Is Kerberos year 2000 safe?, , Common error messages, Resolving frequent problems +@section Is Kerberos year 2000 safe? + +@cindex Year 2000 + +Yes. + +A somewhat longer answer is that we can't think of anything that can +break. The protocol itself doesn't use time stamps in textual form, the +two-digit year problems in the original MIT code has been fixed (this +was a problem mostly with log files). The FTP client had a bug in the +command `newer' (which fetches a file if it's newer than what you +already got). + +Another thing to look out for, but that isn't a Y2K problem per se, is +the expiration date of old principals. The MIT code set the default +expiration date for some new principals to 1999-12-31, so you might want +to check your database for things like this. + +Now, the Y2038 problem is something completely different (but the +authors should have retired by then, presumably growing rowanberrys in +some nice and warm place). Index: stable/3/crypto/kerberosIV/doc/setup.texi =================================================================== --- stable/3/crypto/kerberosIV/doc/setup.texi (revision 62577) +++ stable/3/crypto/kerberosIV/doc/setup.texi (revision 62578) @@ -1,794 +1,905 @@ @node How to set up a realm, One-Time Passwords, Installing programs, Top @chapter How to set up a realm @quotation @flushleft Who willed you? or whose will stands but mine? There's none protector of the realm but I. Break up the gates, I'll be your warrantize. Shall I be flouted thus by dunghill grooms? --- King Henry VI, 6.1 @end flushleft @end quotation @menu * How to set up the kerberos server:: * Install the client programs:: * Install the kerberised services:: * Install a slave kerberos server:: * Cross-realm functionality :: @end menu @node How to set up the kerberos server, Install the client programs, How to set up a realm, How to set up a realm @section How to set up the kerberos server @menu * Choose a realm name:: * Choose a kerberos server:: * Install the configuration files:: * Install the /etc/services:: * Install the kerberos server:: * Set up the server:: * Add a few important principals:: * Start the server:: * Try to get tickets:: * Create initial ACL for the admin server:: * Start the admin server:: * Add users to the database:: * Automate the startup of the servers:: @end menu @node Choose a realm name, Choose a kerberos server, How to set up the kerberos server, How to set up the kerberos server @subsection Choose a realm name A @cindex realm realm is an administrative domain. Kerberos realms are usually written in uppercase and consist of a Internet domain name@footnote{Using lowercase characters in the realm name might break in mysterious ways. This really should have been fixed, but has not.}. Call your realm the same as your Internet domain name if you do not have strong reasons for not doing so. It will make life easier for you and everyone else. @node Choose a kerberos server, Install the configuration files, Choose a realm name, How to set up the kerberos server @subsection Choose a kerberos server You need to choose a machine to run the @pindex kerberos kerberos server program. If the kerberos database residing on this host is compromised, your entire realm will be compromised. Therefore, this machine must be as secure as possible. Preferably it should not run any services other than Kerberos. The secure-minded administrator might only allow logins on the console. This machine has also to be reliable. If it is down, you will not be able to use any kerberised services unless you have also configured a -slave server (@xref{Install a slave kerberos server}). +slave server (@pxref{Install a slave kerberos server}). Running the kerberos server requires very little CPU power and a small amount of disk. An old PC with some hundreds of megabytes of free disk space should do fine. Most of the disk space will be used for various logs. @node Install the configuration files, Install the /etc/services, Choose a kerberos server, How to set up the kerberos server @subsection Install the configuration files There are two important configuration files: @file{/etc/krb.conf} and @file{/etc/krb.realms}. @pindex krb.conf @pindex krb.realms The @file{krb.conf} file determines which machines are servers for different realms. The format of this file is: @example THIS.REALM +SUPP.LOCAL.REALM THIS.REALM kerberos.this.realm admin server THIS.REALM kerberos-1.this.realm +SUPP.LOCAL.REALM kerberos.supp.local.realm admin server ANOTHER.REALM kerberos.another.realm @end example -The first line defines the name of the local realm. Line two defines the -name of the master kerberos server and the database administration -server for this realm. You can define any number of kerberos slave -servers similar to the one defined in line three. The clients will try -to contact the servers in the order they are defined in @file{krb.conf}. +The first line defines the name of the local realm. The next few lines +optionally defines supplementary local realms. +@cindex supplementary local realms +The rest of the file +defines the names of the kerberos servers and the database +administration servers for all known realms. You can define any number +of kerberos slave servers similar to the one defined on line +four. Clients will try to contact servers in listed order. The @samp{admin server} clause at the first entry states that this is the master server @cindex master server (the one to contact when modifying the database, such as changing passwords). There should be only one such entry for each realm. In the original MIT Kerberos 4 (as in most others), the server specification could only take the form of a host-name. To facilitate having kerberos servers in odd places (such as behind a firewall), support has been added for ports other than the default (750), and protocols other than UDP. The formal syntax for an entry is now -@samp{@var{[proto}/@var{]host[}:@var{port]}}. @var{proto} is either -@samp{udp} or @samp{tcp}, and @var{port} is the port to talk to. Default -value for @var{proto} is @samp{udp} and for @var{port} whatever -@samp{kerberos-iv} is defined to be in @file{/etc/services} or 750 if -undefined. +@samp{[@var{proto}/]@var{host}[:@var{port}]}. @var{proto} is either +@samp{UDP}, @samp{TCP}, or @samp{HTTP}, and @var{port} is the port to +talk to. Default value for @var{proto} is @samp{UDP} and for @var{port} +whatever @samp{kerberos-iv} is defined to be in @file{/etc/services} or +750 if undefined. If @var{proto} is @samp{HTTP}, the default port is +80. An @samp{http} entry may also be specified in URL format. If the information about a realm is missing from the @file{krb.conf} file, or if the information is wrong, the following methods will be tried in order. @enumerate @item If you have an SRV-record (@cite{RFC 2052}) for your realm it will be used. This record should be of the form @samp{kerberos-iv.@var{protocol}.@var{REALM}}, where @var{proto} is -either @samp{udp} or @samp{tcp}. (Note: the current implementation does -not look at priority or weight when deciding which server to talk to.) +either @samp{UDP}, @samp{TCP}, or @samp{HTTP}. (Note: the current +implementation does not look at priority or weight when deciding which +server to talk to.) @item If there isn't any SRV-record, it tries to find a TXT-record for the same domain. The contents of the record should have the same format as the host specification in @file{krb.conf}. (Note: this is a temporary solution if your name server doesn't support SRV records. The clients should work fine with SRV records, so if your name server supports them, they are very much preferred.) @item -If no valid kerberos server is found, it will try to talk udp to the +If no valid kerberos server is found, it will try to talk UDP to the service @samp{kerberos-iv} with fall-back to port 750 with @samp{kerberos.@var{REALM}} (which is also assumed to be the master server), and then @samp{kerberos-1.@var{REALM}}, @samp{kerberos-2.@var{REALM}}, and so on. @end enumerate +SRV records have been supported in BIND since 4.9.5T2A. An example +would look like the following in the zone file: + +@example +kerberos-iv.udp.foo.se. 1M IN SRV 1 0 750 kerberos-1.foo.se. +kerberos-iv.udp.foo.se. 1M IN SRV 0 0 750 kerberos.foo.se. +@end example + We strongly recommend that you add a CNAME @samp{kerberos.@var{REALM}} pointing to your kerberos master server. The @file{krb.realms} file is used to find out what realm a particular host belongs to. An example of this file could look like: @example this.realm THIS.REALM .this.realm THIS.REALM foo.com SOME.OTHER.REALM www.foo.com A.STRANGE.REALM .foo.com FOO.REALM @end example Entries starting with a dot are taken as the name of a domain. Entries not starting with a dot are taken as a host-name. The first entry matched is used. The entry for @samp{this.realm} is only necessary if there is a host named @samp{this.realm}. If no matching realm is found in @file{krb.realms}, DNS is searched for the correct realm. For example, if we are looking for host @samp{a.b.c}, @samp{krb4-realm.a.b.c} is first tried and then @samp{krb4-realm.b.c} and so on. The entry should be a TXT record containing the name of the realm, such as: @example krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE" @end example If this didn't help the domain name sans the first part in uppercase is tried. The plain vanilla version of Kerberos doesn't have any fancy methods of getting realms and servers so it is generally a good idea to keep @file{krb.conf} and @file{krb.realms} up to date. +In addition to these commonly used files, @file{/etc/krb.extra} +@pindex krb.extra +holds some things that are not normally used. It consists of a number of +@samp{@var{variable} = @var{value}} pairs, blank lines and lines +beginning with a hash (#) are ignored. + +The currently defined variables are: + +@table @samp +@item kdc_timeout +@cindex kdc_timeout +The time in seconds to wait for an answer from the KDC (the default is 4 +seconds). +@item kdc_timesync +@cindex kdc_timesync +This flag enables storing of the time differential to the KDC when +getting an initial ticket. This differential is used later on to compute +the correct time. This can help if your machine doesn't have a working +clock. +@item firewall_address +@cindex firewall_address +The IP address that hosts outside the firewall see when connecting from +within the firewall. If this is specified, the code will try to compute +the value for @samp{reverse_lsb_test}. +@item krb4_proxy +@cindex krb4_proxy +When getting tickets via HTTP, this specifies the proxy to use. The +default is to speak directly to the KDC. +@item krb_default_tkt_root +@cindex krb_default_tkt_root +The default prefix for ticket files. The default is @file{/tmp/tkt}. +Normally the uid or tty is appended to this prefix. +@item krb_default_keyfile +@cindex krb_default_keyfile +The file where the server keys are stored, the default is @file{/etc/srvtab}. +@item nat_in_use +@cindex nat_in_use +If the client is behind a Network Address Translator (NAT). +@cindex Network Address Translator +@cindex NAT +@item reverse_lsb_test +@cindex reverse_lsb_test +Reverses the test used by @code{krb_mk_safe}, @code{krb_rd_safe}, +@code{krb_mk_priv}, and @code{krb_rd_priv} to compute the ordering of +the communicating hosts. This test can cause truble when using +firewalls. +@end table + @node Install the /etc/services, Install the kerberos server, Install the configuration files, How to set up the kerberos server @subsection Updating /etc/services You should append or merge the contents of @file{services.append} to your @file{/etc/services} files or NIS-map. Remove any unused factory installed kerberos port definitions to avoid possible conflicts. @pindex services Most of the programs will fall back to the default ports if the port numbers are not found in @file{/etc/services}, but it is convenient to have them there anyway. @node Install the kerberos server, Set up the server, Install the /etc/services, How to set up the kerberos server @subsection Install the kerberos server You should have already chosen the machine where you want to run the kerberos server and the realm name. The machine should also be as -secure as possible (@xref{Choose a kerberos server}) before installing +secure as possible (@pxref{Choose a kerberos server}) before installing the kerberos server. In this example, we will install a kerberos server for the realm @samp{FOO.SE} on a machine called @samp{hemlig.foo.se}. @node Set up the server, Add a few important principals, Install the kerberos server, How to set up the kerberos server @subsection Setup the server Login as root on the console of the kerberos server. Add -@file{/usr/athena/bin} and @file{/usr/athena/sbin} to your path. Run +@file{/usr/athena/bin} and @file{/usr/athena/sbin} to your path. Create +the directory @file{/var/kerberos} (@kbd{mkdir /var/kerberos}), which is +where the database will be stored. Then, to create the database, run @kbd{kdb_init}: @pindex kdb_init @example @cartouche +hemlig# mkdir /var/kerberos hemlig# kdb_init Realm name [default FOO.SE ]: You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter Kerberos master password: Verifying password Enter Kerberos master password: @end cartouche @end example If you have set up the configuration files correctly, @kbd{kdb_init} should choose the correct realm as the default, otherwise a (good) guess is made. Enter the master password. This password will only be used for encrypting the kerberos database on disk and for generating new random keys. You will not have to remember it, only to type it again when you run @kbd{kstash}. Choose something long and random. Now run @kbd{kstash} using the same password: @pindex kstash @example @cartouche hemlig# kstash Enter Kerberos master password: Current Kerberos master key version is 1. Master key entered. BEWARE! Wrote master key to /.k @end cartouche @end example After entering the same master password it will be saved in the file @file{/.k} and the kerberos server will read it when needed. Write down the master password and put it in a sealed envelope in a safe, you might need it if your disk crashes or should you want to set up a slave server. @code{kdb_init} initializes the database with a few entries: @table @samp @item krbtgt.@var{REALM} The key used for authenticating to the kerberos server. @item changepw.kerberos The key used for authenticating to the administrative server, i.e. when adding users, changing passwords, and so on. @item default This entry is copied to new items when these are added. Enter here the values you want new entries to have, particularly the expiry date. @item K.M This is the master key and it is only used to verify that the master key that is saved un-encrypted in @file{/.k} is correct and corresponds to this database. @end table @code{kstash} only reads the master password and writes it to @file{/.k}. This enables the kerberos server to start without you having to enter the master password. This file (@file{/.k}) is only readable by root and resides on a ``secure'' machine. @node Add a few important principals, Start the server, Set up the server, How to set up the kerberos server @subsection Add a few important principals Now the kerberos database has been created, containing only a few principals. The next step is to add a few more so that you can test that it works properly and so that you can administer your realm without having to use the console on the kerberos server. Use @kbd{kdb_edit} to edit the kerberos database directly on the server. @pindex kdb_edit @code{kdb_edit} is intended as a bootstrapping and fall-back mechanism for editing the database. For normal purposes, use the @code{kadmin} -program (@xref{Add users to the database}). +program (@pxref{Add users to the database}). The following example shows the adding of the principal @samp{nisse.admin} into the kerberos database. This principal is used by @samp{nisse} when administrating the kerberos database. Later on the normal principal for @samp{nisse} will be created. Replace @samp{nisse} and @samp{password} with your own username and password. @example @cartouche hemlig# kdb_edit -n Opening database... Current Kerberos master key version is 1. Master key entered. BEWARE! Previous or default values are in [brackets] , enter return to leave the same, or new value. Principal name: Instance: , Create [y] ? <> Principal: nisse, Instance: admin, kdc_key_ver: 1 New Password: Verifying password New Password: Principal's new key version = 1 Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? <> Max ticket lifetime (*5 minutes) [ 255 ] ? <> Attributes [ 0 ] ? <> Edit O.K. Principal name: <> @end cartouche @end example @code{kdb_edit} will loop until you hit the @kbd{return} key at the ``Principal name'' prompt. Now you have added nisse as an administrator. +@page + @node Start the server, Try to get tickets, Add a few important principals, How to set up the kerberos server @subsection Start the server @pindex kerberos @example @cartouche hemlig# /usr/athena/libexec/kerberos & Kerberos server starting Sleep forever on error Log file is /var/log/kerberos.log Current Kerberos master key version is 1. Master key entered. BEWARE! Current Kerberos master key version is 1 Local realm: FOO.SE @end cartouche @end example @node Try to get tickets, Create initial ACL for the admin server, Start the server, How to set up the kerberos server @subsection Try to get tickets You can now verify that these principals have been added and that the server is working correctly. @pindex kinit @example @cartouche hemlig# kinit eBones International (hemlig.foo.se) Kerberos Initialization Kerberos name: Password: @end cartouche @end example If you do not get any error message from @code{kinit}, then everything is working (otherwise, see @ref{Common error messages}). Use @code{klist} to verify the tickets you acquired with @code{kinit}: @pindex klist @example @cartouche hemlig# klist Ticket file: /tmp/tkt0 Principal: nisse.admin@@FOO.SE Issued Expires Principal May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE @end cartouche @end example @node Create initial ACL for the admin server, Start the admin server, Try to get tickets, How to set up the kerberos server @subsection Create initial ACL for the admin server The admin server, @code{kadmind}, uses a series of files to determine who has @pindex kadmind the right to perform certain operations. The files are: @file{admin_acl.add}, @file{admin_acl.get}, @file{admin_acl.del}, and @file{admin_acl.mod}. Create these with @samp{nisse.admin@@FOO.SE} as the contents. @pindex admin_acl.add @pindex admin_acl.get @pindex admin_acl.del @pindex admin_acl.mod @example @cartouche -hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.add -hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.get -hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.mod -hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.del +hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.add +hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.get +hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.mod +hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.del @end cartouche @end example Later on you may wish to add more users with administration privileges. Make sure that you create both the administration principals and add them to the admin server ACL. @node Start the admin server, Add users to the database, Create initial ACL for the admin server, How to set up the kerberos server @subsection Start the admin server @pindex kadmind @example @cartouche hemlig# /usr/athena/libexec/kadmind & KADM Server KADM0.0A initializing Please do not use 'kill -9' to kill this job, use a regular kill instead Current Kerberos master key version is 1. Master key entered. BEWARE! @end cartouche @end example @node Add users to the database, Automate the startup of the servers, Start the admin server, How to set up the kerberos server @subsection Add users to the database Use the @code{kadmin} client to add users to the database: @pindex kadmin @example @cartouche -hemlig# kadmin -u nisse.admin -m +hemlig# kadmin -p nisse.admin -m Welcome to the Kerberos Administration Program, version 2 Type "help" if you need it. admin: Admin password: Maximum ticket lifetime? (255) [Forever] Attributes? [0x00] Expiration date (enter yyyy-mm-dd) ? [Sat Jan 1 05:59:00 2000] Password for nisse: Verifying password Password for nisse: nisse added to database. @end cartouche @end example Add whatever other users you want to have in the same way. Verify that a user is in the database and check the database entry for that user: @example @cartouche admin: Info in Database for nisse.: Max Life: 255 (Forever) Exp Date: Sat Jan 1 05:59:59 2000 Attribs: 00 key: 0 0 admin: <^D> Cleaning up and exiting. @end cartouche @end example @node Automate the startup of the servers, , Add users to the database, How to set up the kerberos server @subsection Automate the startup of the servers Add the lines that were used to start the kerberos server and the admin server to your startup scripts (@file{/etc/rc} or similar). @pindex rc @node Install the client programs, Install the kerberised services, How to set up the kerberos server, How to set up a realm @section Install the client programs Making a machine a kerberos client only requires a few steps. First you might need to change the configuration files as with the kerberos -server. (@xref{Install the configuration files} and @ref{Install the +server. (@pxref{Install the configuration files} and @pxref{Install the /etc/services}.) Also you need to make the programs in @file{/usr/athena/bin} available. This can be done by adding the @file{/usr/athena/bin} directory to the users' paths, by making symbolic links, or even by copying the programs. You should also verify that the local time on the client is synchronised with the time on the kerberos server by some means. The maximum allowed time difference between the participating servers and a client is 5 minutes. @cindex NTP. One good way to synchronize the time is NTP (Network Time Protocol), see -@code{http://www.eecis.udel.edu/~ntp/}. +@url{http://www.eecis.udel.edu/~ntp/}. If you need to run the client programs on a machine where you do not have root-access, you can hopefully just use the binaries and no configuration will be needed. The heuristics used are mentioned above (see @ref{Install the configuration files}). If this is not the case and you need to have @file{krb.conf} and/or @file{krb.realms}, you can copy them into a directory of your choice and @pindex krb.conf @pindex krb.realms set the environment variable @var{KRBCONFDIR} to point at this @cindex KRBCONFDIR directory. To test the client functionality, run the @code{kinit} program: @example @cartouche foo$ kinit eBones International (foo.foo.se) Kerberos Initialization Kerberos name: Password: foo$ klist Ticket file: /tmp/tkt4711 Principal: nisse@@FOO.SE Issued Expires Principal May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE @end cartouche @end example @node Install the kerberised services, Install a slave kerberos server, Install the client programs, How to set up a realm @section Install the kerberised services These includes @code{rsh}, @code{rlogin}, @code{telnet}, @code{ftp}, @code{rxtelnet}, and so on. @pindex rsh @pindex rlogin @pindex telnet @pindex ftp @pindex rxtelnet First follow the steps mentioned in the prior section to make it a client and verify its operation. Change @file{inetd.conf} next to use the new daemons. Look at the file @pindex inetd.conf @file{etc/inetd.conf.changes} to see the changes that we recommend you perform on @file{inetd.conf}. You should at this point decide what services you want to run on each machine. @subsection rsh, rlogin, and rcp @pindex rsh @pindex rlogin @pindex rcp These exist in kerberised versions and ``old-style'' versions. The different versions use different port numbers, so you can choose none, one, or both. If you do not want to use ``old-style'' r* services, you can let the programs output the text ``Remote host requires Kerberos authentication'' instead of just refusing connections to that port. This is enabled with the @samp{-v} option. The kerberised services exist in encrypted and non-encrypted versions. The encrypted services have an ``e'' prepended to the name and the programs take @samp{-x} as an option indicating encryption. Our recommendation is to only use the kerberised services and give explanation messages for the old ports. @subsection telnet @pindex telnet The telnet service always uses the same port and negotiates as to which authentication method should be used. The @code{telnetd} program has @pindex telnetd an option ``-a user'' that only allows kerberised and authenticated connections. If this is not included, it falls back to using clear text passwords. For obvious reasons, we recommend that you enable this -option. If you want to use one-time passwords (@xref{One-Time +option. If you want to use one-time passwords (@pxref{One-Time Passwords}) you can use the ``-a otp'' option which will allow OTPs or kerberised connections. @subsection ftp @pindex ftp The ftp service works as telnet does, with just one port being used. By default only kerberos authenticated connections are allowed. You can specify additional levels that are thus allowed with these options: @table @asis @item @kbd{-a otp} -Allow one-time passwords (@xref{One-Time Passwords}). +Allow one-time passwords (@pxref{One-Time Passwords}). @item @kbd{-a ftp} Allow anonymous login (as user ``ftp'' or ``anonymous''). @item @kbd{-a safe} The same as @kbd{-a ftp}, for backwards compatibility. @item @kbd{-a plain} Allow clear-text passwords. @item @kbd{-a none} The same as @kbd{-a ftp -a plain}. @item @kbd{-a user} A no-op, also there for backwards compatibility reasons. @end table When running anonymous ftp you should read the man page on @code{ftpd} which explains how to set it up. @subsection pop @pindex popper The Post Office Protocol (POP) is used to retrieve mail from the mail hub. The @code{popper} program implements the standard POP3 protocol and the kerberised KPOP. Use the @samp{-k} option to run the kerberos version of the protocol. This service should only be run on your mail hub. @subsection kx @pindex kx @code{kx} allows you to run X over a kerberos-authenticated and encrypted connection. This program is used by @code{rxtelnet}, @code{tenletxr}, and @code{rxterm}. If you have some strange kind of operating system with X libraries that do not allow you to use unix-sockets, you need to specify the @samp{-t} @pindex kxd option to @code{kxd}. Otherwise it should be sufficient by adding the daemon in @file{inetd.conf}. @subsection kauth @pindex kauth This service allows you to create tickets on a remote host. To enable it just insert the corresponding line in @file{inetd.conf}. @section srvtabs @pindex srvtab In the same way every user needs to have a password registered with the kerberos server, every service needs to have a shared key with the kerberos server. The service keys are stored in a file, usually called @file{/etc/srvtab}. This file should not be readable to anyone but root, in order to keep the key from being divulged. The name of this principal -in the kerberos database is usually the service and the host. The key -for the pop service is called @samp{pop.@var{hostname}}. The one for -rsh/rlogin/telnet is named @samp{rcmd.@var{hostname}}. (rcmd comes from -``remote command''). To create these keys you will use the the -@code{ksrvutil} program. Perform the +in the kerberos database is usually the service name and the hostname. Examples +of such principals are @samp{pop.@var{hostname}} and +@samp{rcmd.@var{hostname}}. (rcmd comes from ``remote command''.) Here +is a list of the most commonly used srvtab types and what programs use them. + +@table @asis +@item rcmd.@var{hostname} +rsh, rcp, rlogin, telnet, kauth, su, kx +@item rcmd.kerberos +kprop +@item pop.@var{hostname} +popper, movemail, push +@item sample.@var{hostname} +sample_server, simple_server +@item changepw.kerberos +kadmin, kpasswd +@item krbtgt.@var{realm} +kerberos (not stored in any srvtab) +@item ftp.@var{hostname} +ftp (also tries with rcmd.@var{hostname}) +@item zephyr.zephyr +Zephyr +@item afs or afs.@var{cellname} +Andrew File System +@end table + +To create these keys you will use the the @code{ksrvutil} program. +Perform the @pindex ksrvutil following: @example @cartouche bar# ksrvutil -p nisse.admin get Name [rcmd]: <> Instance [bar]: <> Realm [FOO.SE]: <> Is this correct? (y,n) [y] <> Add more keys? (y,n) [n] <> Password for nisse.admin@@FOO.SE: Written rcmd.bar rcmd.bar@@FOO.SE Old keyfile in /etc/srvtab.old. @end cartouche @end example @subsection Complete test of the kerberised services Obtain a ticket on one machine (@samp{foo}) and use it to login with a kerberised service to a second machine (@samp{bar}). The test should look like this if successful: @example @cartouche foo$ kinit nisse eBones International (foo.foo.se) Kerberos Initialization for "nisse" Password: foo$ klist Ticket file: /tmp/tkt4711 Principal: nisse@@FOO.SE Issued Expires Principal May 30 13:48:03 May 30 23:48:03 krbtgt.FOO.SE@@FOO.SE foo$ telnet bar Trying 17.17.17.17... Connected to bar.foo.se Escape character is '^]'. [ Trying mutual KERBEROS4 ... ] [ Kerberos V4 accepts you ] [ Kerberos V4 challenge successful ] bar$ @end cartouche @end example You can also try with @code{rsh}, @code{rcp}, @code{rlogin}, @code{rlogin -x}, and some other commands to see that everything is working all right. @node Install a slave kerberos server, Cross-realm functionality , Install the kerberised services, How to set up a realm @section Install a slave kerberos server It is desirable to have at least one backup (slave) server in case the master server fails. It is possible to have any number of such slave servers but more than three usually doesn't buy much more redundancy. -First select a good server machine. @xref{Choose a kerberos -server}. Since the master and slave servers will use copies of the same -database, they need to use the same master key. +First select a good server machine. (@pxref{Choose a kerberos +server}). -On the master, add a @samp{rcmd.kerberos} principal (using -@samp{ksrvutil get}). The +On the master, add a @samp{rcmd.kerberos} (note, it should be literally +``kerberos'') principal (using @samp{ksrvutil get}). The @pindex kprop @code{kprop} program, running on the master, will use this when authenticating to the @pindex kpropd -@code{kpropd} daemons running on the slave servers. +@code{kpropd} daemons running on the slave servers. The @code{kpropd} +on the slave will use its @samp{rcmd.hostname} key for authenticating +the connection from the master. Therefore, the slave needs to have this +key in its srvtab, and it of course also needs to have enough of the +configuration files to act as a server. See @ref{Install the kerberised +services} for information on how to do this. +To summarize, the master should have a key for @samp{rcmd.kerberos} and +the slave one for @samp{rcmd.hostname}. + +The slave will need the same master key as you used at the master. + On your master server, create a file, e.g. @file{/var/kerberos/slaves}, that contains the hostnames of your kerberos slave servers. Start @code{kpropd} with @samp{kpropd -i} on your slave servers. -On your master server, create a dump of the database with @samp{kdb_util -slave_dump /var/kerberos/slave_dump}, and then run @code{kprop}. +On your master server, create a dump of the database and then propagate +it. +@example +foo# kdb_util slave_dump /var/kerberos/slave_dump +foo# kprop +@end example + You should now have copies of the database on your slave servers. You can verify this by issuing @samp{kdb_util dump @var{file}} on your slave servers, and comparing with the original file on the master server. Note that the entries will not be in the same order. This procedure should be automated with a script run regularly by cron, for instance once an hour. +Since the master and slave servers will use copies of the same +database, they need to use the same master key. Add the master key on +the slave with @code{kstash}. (@pxref{Set up the server}) + To start the kerberos server on slaves, you first have to copy the master key from the master server. You can do this either by remembering the master password and issuing @samp{kstash}, or you can just copy the keyfile. Remember that if you copy the file, do so on a safe media, not over the network. Good means include floppy or paper. Paper is better, since it is easier to swallow afterwards. The kerberos server should be started with @samp{-s} on the slave servers. This enables sanity checks, for example checking the time since the last update from the master. All changes to the database are made by @code{kadmind} at the master, and then propagated to the slaves, so you should @strong{not} run @code{kadmind} on the slaves. Finally add the slave servers to @file{/etc/krb.conf}. The clients will ask the servers in the order specified by that file. Consider adding CNAMEs to your slave servers, see @ref{Install the configuration files}. @node Cross-realm functionality , , Install a slave kerberos server, How to set up a realm @section Cross-realm functionality Suppose you are residing in the realm @samp{MY.REALM}, how do you authenticate to a server in @samp{OTHER.REALM}? Having valid tickets in @samp{MY.REALM} allows you to communicate with kerberised services in that realm. However, the computer in the other realm does not have a secret key shared with the kerberos server in your realm. It is possible to add a shared key between two realms that trust each other. When a client program, such as @code{telnet}, finds that the other computer is in a different realm, it will try to get a ticket granting ticket for that other realm, but from the local kerberos server. With that ticket granting ticket, it will then obtain service tickets from the kerberos server in the other realm. To add this functionality you have to add a principal to each realm. The principals should be @samp{krbtgt.OTHER.REALM} in @samp{MY.REALM}, and @samp{krbtgt.MY.REALM} in @samp{OTHER.REALM}. The two different principals should have the same key (and key version number). Remember to transfer this key in a safe manner. This is all that is required. + +@page @example @cartouche blubb$ klist Ticket file: /tmp/tkt3008 Principal: joda@@NADA.KTH.SE Issued Expires Principal Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE blubb$ telnet agat.e.kth.se Trying 130.237.48.12... Connected to agat.e.kth.se. Escape character is '^]'. [ Trying mutual KERBEROS4 ... ] [ Kerberos V4 accepts you ] [ Kerberos V4 challenge successful ] Last login: Sun Jun 2 20:51:50 from emma.pdc.kth.se agat$ exit Connection closed by foreign host. blubb$ klist Ticket file: /tmp/tkt3008 Principal: joda@@NADA.KTH.SE Issued Expires Principal Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE Jun 7 02:26:50 Jun 7 12:26:50 krbtgt.E.KTH.SE@@NADA.KTH.SE Jun 7 02:26:51 Jun 7 12:26:51 rcmd.agat@@E.KTH.SE @end cartouche @end example Index: stable/3/crypto/kerberosIV/doc/whatis.texi =================================================================== --- stable/3/crypto/kerberosIV/doc/whatis.texi (revision 62577) +++ stable/3/crypto/kerberosIV/doc/whatis.texi (revision 62578) @@ -1,137 +1,137 @@ @node What is Kerberos?, Installing programs, Introduction, Top @chapter What is Kerberos? @quotation @flushleft Now this Cerberus had three heads of dogs, the tail of a dragon, and on his back the heads of all sorts of snakes. --- Pseudo-Apollodorus Library 2.5.12 @end flushleft @end quotation Kerberos is a system for authenticating users and services on a network. It is built upon the assumption that the network is ``unsafe''. For example, data sent over the network can be eavesdropped and altered, and addresses can also be faked. Therefore they cannot be used for authentication purposes. @cindex authentication Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called @dfn{principals}). All principals share a secret password (or key) with the kerberos server and this enables principals to verify that the messages from the kerberos server are authentic. Thus trusting the kerberos server, users and services can authenticate each other. @section Basic mechanism @ifinfo @macro sub{arg} <\arg\> @end macro @end ifinfo @tex @def@xsub#1{$_{#1}$} @global@let@sub=@xsub @end tex In Kerberos, principals use @dfn{tickets} to prove that they are who they claim to be. In the following example, @var{A} is the initiator of the authentication exchange, usually a user, and @var{B} is the service that @var{A} wishes to use. To obtain a ticket for a specific service, @var{A} sends a ticket request to the kerberos server. The request basically contains @var{A}'s and @var{B}'s names. The kerberos server checks that both @var{A} and @var{B} are valid principals. Having verified the validity of the principals, it creates a packet containing @var{A}'s and @var{B}'s names, @var{A}'s network address (@var{A@sub{addr}}), the current time (@var{t@sub{issue}}), the lifetime of the ticket (@var{life}), and a secret @dfn{session key} @cindex session key (@var{K@sub{AB}}). This packet is encrypted with @var{B}'s secret key (@var{K@sub{B}}). The actual ticket (@var{T@sub{AB}}) looks like this: (@{@var{A}, @var{B}, @var{A@sub{addr}}, @var{t@sub{issue}}, @var{life}, @var{K@sub{AB}}@}@var{K@sub{B}}). The reply to @var{A} consists of the ticket (@var{T@sub{AB}}), @var{B}'s name, the current time, the lifetime of the ticket, and the session key, all encrypted in @var{A}'s secret key (@{@var{B}, @var{t@sub{issue}}, @var{life}, @var{K@sub{AB}}, @var{T@sub{AB}}@}@var{K@sub{A}}). @var{A} decrypts the reply and retains it for later use. @sp 1 Before sending a message to @var{B}, @var{A} creates an authenticator consisting of @var{A}'s name, @var{A}'s address, the current time, and a ``checksum'' chosen by @var{A}, all encrypted with the secret session key (@{@var{A}, @var{A@sub{addr}}, @var{t@sub{current}}, @var{checksum}@}@var{K@sub{AB}}). This is sent together with the ticket received from the kerberos server to @var{B}. Upon reception, @var{B} decrypts the ticket using @var{B}'s secret key. Since the ticket contains the session key that the authenticator was encrypted with, @var{B} can now also decrypt the authenticator. To verify that @var{A} really is @var{A}, @var{B} now has to compare the contents of the ticket with that of the authenticator. If everything matches, @var{B} now considers @var{A} as properly authenticated. @c (here we should have some more explanations) @section Different attacks @subheading Impersonating A An impostor, @var{C} could steal the authenticator and the ticket as it is transmitted across the network, and use them to impersonate @var{A}. The address in the ticket and the authenticator was added to make it more difficult to perform this attack. To succeed @var{C} will have to either use the same machine as @var{A} or fake the source addresses of the packets. By including the time stamp in the authenticator, @var{C} does not have much time in which to mount the attack. @subheading Impersonating B -@var{C} can hijack @var{B}'s network address, and when @var{A} sends +@var{C} can masquerade @var{B}'s network address, and when @var{A} sends her credentials, @var{C} just pretend to verify them. @var{C} can't be sure that she is talking to @var{A}. @section Defense strategies It would be possible to add a @dfn{replay cache} @cindex replay cache to the server side. The idea is to save the authenticators sent during the last few minutes, so that @var{B} can detect when someone is trying to retransmit an already used message. This is somewhat impractical (mostly regarding efficiency), and is not part of Kerberos 4; MIT Kerberos 5 contains it. To authenticate @var{B}, @var{A} might request that @var{B} sends something back that proves that @var{B} has access to the session key. An example of this is the checksum that @var{A} sent as part of the authenticator. One typical procedure is to add one to the checksum, encrypt it with the session key and send it back to @var{A}. This is called @dfn{mutual authentication}. The session key can also be used to add cryptographic checksums to the messages sent between @var{A} and @var{B} (known as @dfn{message integrity}). Encryption can also be added (@dfn{message confidentiality}). This is probably the best approach in all cases. @cindex integrity @cindex confidentiality @section Further reading The original paper on Kerberos from 1988 is @cite{Kerberos: An Authentication Service for Open Network Systems}, by Jennifer Steiner, Clifford Neuman and Jeffrey I. Schiller. A less technical description can be found in @cite{Designing an Authentication System: a Dialogue in Four Scenes} by Bill Bryant, also from 1988. These and several other documents can be found on our web-page. Index: stable/3/crypto/kerberosIV/etc/krb.conf =================================================================== --- stable/3/crypto/kerberosIV/etc/krb.conf (revision 62577) +++ stable/3/crypto/kerberosIV/etc/krb.conf (revision 62578) @@ -1,56 +1,55 @@ MY.REALM.NAME MY.REALM.NAME kerberos.MY.REALM.NAME admin server SICS.SE kerberos.sics.se admin server NADA.KTH.SE kerberos.nada.kth.se admin server NADA.KTH.SE sysman.nada.kth.se NADA.KTH.SE server.nada.kth.se ADMIN.KTH.SE ulysses.admin.kth.se admin server ADMIN.KTH.SE graziano.admin.kth.se ADMIN.KTH.SE montano.admin.kth.se BION.KTH.SE chaplin.bion.kth.se admin server DSV.SU.SE ssi.dsv.su.se admin server DSV.SU.SE vall.dsv.su.se -E.KTH.SE heimdal.e.kth.se admin server -E.KTH.SE elixir.e.kth.se -E.KTH.SE malt.e.kth.se -IT.KTH.SE gaia.it.kth.se -IT.KTH.SE isolde.it.kth.se -IT.KTH.SE tristan.it.kth.se +E.KTH.SE kerberos.e.kth.se admin server +E.KTH.SE kerberos-1.e.kth.se +E.KTH.SE kerberos-2.e.kth.se +IT.KTH.SE kerberos.it.kth.se +IT.KTH.SE kerberos-1.it.kth.se +IT.KTH.SE kerberos-2.it.kth.se +MECH.KTH.SE kerberos.mech.kth.se admin server KTH.SE kth.se admin server ML.KVA.SE gustava.ml.kva.se admin server PI.SE liszt.adm.pi.se admin server -STACKEN.KTH.SE linnea.stacken.kth.se admin server -STACKEN.KTH.SE marcel.stacken.kth.se -STACKEN.KTH.SE sune.stacken.kth.se -SUNET.SE bar.pilsnet.sunet.se admin server +STACKEN.KTH.SE kerberos.stacken.kth.se admin server +SUNET.SE kerberos.sunet.se admin server CYGNUS.COM kerberos.cygnus.com admin server CYGNUS.COM kerberos-1.cygnus.com CYGNUS.COM dumb.cygnus.com DEVO.CYGNUS.COM dumber.cygnus.com admin server MIRKWOOD.CYGNUS.COM mirkwood.cygnus.com admin server KITHRUP.COM KITHRUP.COM admin server ATHENA.MIT.EDU kerberos.mit.edu admin server ATHENA.MIT.EDU kerberos-1.mit.edu ATHENA.MIT.EDU kerberos-2.mit.edu ATHENA.MIT.EDU kerberos-3.mit.edu LCS.MIT.EDU kerberos.lcs.mit.edu admin server SMS_TEST.MIT.EDU dodo.mit.edu admin server LS.MIT.EDU ls.mit.edu admin server IFS.UMICH.EDU kerberos.ifs.umich.edu CS.WASHINGTON.EDU hawk.cs.washington.edu CS.WASHINGTON.EDU aspen.cs.washington.edu CS.BERKELEY.EDU okeeffe.berkeley.edu SOUP.MIT.EDU soup.mit.edu admin server TELECOM.MIT.EDU bitsy.mit.edu MEDIA.MIT.EDU kerberos.media.mit.edu NEAR.NET kerberos.near.net CATS.UCSC.EDU mehitabel.ucsc.edu admin server CATS.UCSC.EDU ucsch.ucsc.edu WATCH.MIT.EDU kerberos.watch.mit.edu admin server TELEBIT.COM napa.telebit.com. admin server ARMADILLO.COM monad.armadillo.com admin server TOAD.COM toad.com admin server ZEN.ORG zen.org admin server LLOYD.COM harry.lloyd.com admin server EPRI.COM kerberos.epri.com admin server EPRI.COM kerberos-2.epri.com Index: stable/3/crypto/kerberosIV/etc/krb.realms =================================================================== --- stable/3/crypto/kerberosIV/etc/krb.realms (revision 62577) +++ stable/3/crypto/kerberosIV/etc/krb.realms (revision 62578) @@ -1,51 +1,54 @@ .MY.REALM.NAME MY.REALM.NAME sics.se SICS.SE .sics.se SICS.SE nada.kth.se NADA.KTH.SE pdc.kth.se NADA.KTH.SE .hydro.kth.se NADA.KTH.SE -.math.kth.se NADA.KTH.SE -.mech.kth.se NADA.KTH.SE +.mech.kth.se MECH.KTH.SE .nada.kth.se NADA.KTH.SE .pdc.kth.se NADA.KTH.SE .sans.kth.se NADA.KTH.SE .admin.kth.se ADMIN.KTH.SE .e.kth.se E.KTH.SE +.s3.kth.se E.KTH.SE +.radio.kth.se E.KTH.SE +.ttt.kth.se E.KTH.SE .electrum.kth.se IT.KTH.SE +.math.kth.se MATH.KTH.SE .it.kth.se IT.KTH.SE .sth.sunet.se SUNET.SE .pilsnet.sunet.se SUNET.SE .sunet.se SUNET.SE .ml.kva.se ML.KVA.SE pi.se PI.SE .pi.se PI.SE .adm.pi.se PI.SE .stacken.kth.se STACKEN.KTH.SE kth.se KTH.SE .kth.se KTH.SE .bion.kth.se BION.KTH.SE .dsv.su.se DSV.SU.SE .MIT.EDU ATHENA.MIT.EDU .MIT.EDU. ATHENA.MIT.EDU MIT.EDU ATHENA.MIT.EDU DODO.MIT.EDU SMS_TEST.MIT.EDU .UCSC.EDU CATS.UCSC.EDU .UCSC.EDU. CATS.UCSC.EDU CYGNUS.COM CYGNUS.COM .CYGNUS.COM CYGNUS.COM MIRKWOOD.CYGNUS.COM MIRKWOOD.CYGNUS.COM KITHRUP.COM KITHRUP.COM .KITHRUP.COM KITHRUP.COM .berkeley.edu EECS.BERKELEY.EDU .CS.berkeley.edu EECS.BERKELEY.EDU .MIT.EDU ATHENA.MIT.EDU .mit.edu ATHENA.MIT.EDU .BSDI.COM BSDI.COM ARMADILLO.COM ARMADILLO.COM .ARMADILLO.COM ARMADILLO.COM ZEN.ORG ZEN.ORG .ZEN.ORG ZEN.ORG toad.com TOAD.COM .toad.com TOAD.COM lloyd.com LLOYD.COM .lloyd.com LLOYD.COM Index: stable/3/crypto/kerberosIV/etc/services.append =================================================================== --- stable/3/crypto/kerberosIV/etc/services.append (revision 62577) +++ stable/3/crypto/kerberosIV/etc/services.append (revision 62578) @@ -1,22 +1,26 @@ # -# Kerberos +# $Id: services.append,v 1.13 1999/07/06 13:08:02 assar Exp $ # -# $Id: services.append,v 1.11 1996/10/18 15:25:17 bg Exp $ +# Kerberos services # kerberos-sec 88/udp # Kerberos secondary port UDP kerberos-sec 88/tcp # Kerberos secondary port TCP +kpasswd 464/udp # password changing +kpasswd 464/tdp # password changing klogin 543/tcp # Kerberos authenticated rlogin kshell 544/tcp krcmd # and remote shell ekshell 545/tcp # Kerberos encrypted remote shell -kfall ekshell2 2106/tcp # What U of Colorado @ Boulder uses? +kerberos-adm 749/udp # v5 kadmin +kerberos-adm 749/tcp # v5 kadmin kerberos-iv 750/udp kerberos kdc # Kerberos authentication--udp kerberos-iv 750/tcp kerberos kdc # Kerberos authentication--tcp -kerberos_master 751/udp # Kerberos authentication -kerberos_master 751/tcp # Kerberos authentication -krb_prop 754/tcp # Kerberos slave propagation +kerberos_master 751/udp # v4 kadmin +kerberos_master 751/tcp # v4 kadmin +krb_prop 754/tcp hprop # Kerberos slave propagation kpop 1109/tcp # Pop with Kerberos eklogin 2105/tcp # Kerberos encrypted rlogin rkinit 2108/tcp # Kerberos remote kinit kx 2111/tcp # X over kerberos kip 2112/tcp # IP over kerberos kauth 2120/tcp # Remote kauth Index: stable/3/crypto/kerberosIV/include/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/include/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/include/Makefile.in (revision 62578) @@ -1,147 +1,167 @@ -# $Id: Makefile.in,v 1.36 1997/05/20 18:58:39 bg Exp $ +# $Id: Makefile.in,v 1.59.2.1 1999/12/06 17:23:06 assar Exp $ srcdir = @srcdir@ VPATH = @srcdir@ SHELL = /bin/sh CC = @CC@ -DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +LINK = @LINK@ +DEFS = @DEFS@ -DHOST=\"@CANONICAL_HOST@\" +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs LN_S = @LN_S@ EXECSUFFIX = @EXECSUFFIX@ prefix = @prefix@ exec_prefix = @exec_prefix@ includedir = @includedir@ libdir = @libdir@ -HAVE_ERR_H = @ac_cv_header_err_h@ - @SET_MAKE@ .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I. -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + $(CC) -c $(DEFS) -I. -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $< -HEADERS = krb_err.h kadm_err.h acl.h com_err.h des.h kadm.h kafs.h \ - kdc.h klog.h krb.h krb_db.h prot.h otp.h sl.h ktypes.h +HEADERS = \ + acl.h com_err.h com_right.h des.h kadm.h kafs.h kdc.h \ + klog.h krb.h krb-protos.h krb-archaeology.h krb_db.h \ + ktypes.h otp.h prot.h sl.h @EXTRA_HEADERS@ -KTYPES_OBJECTS = ktypes.o +LOCL_HEADERS = \ + base64.h roken-common.h protos.h resolve.h xdbm.h \ + krb_log.h getarg.h parse_time.h @EXTRA_LOCL_HEADERS@ -SOURCES = ktypes.c +CLEAN_FILES = roken.h krb_err.h kadm_err.h -LOCL_HEADERS = roken.h protos.h resolve.h xdbm.h +BITS_OBJECTS = bits.o -MAYBE_HEADERS = err.h +SOURCES = bits.c SUBDIRS = sys all: stamp-headers for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) all); done Wall: $(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" -ALL_INC = com_err.h des.h kadm.h kafs.h kdc.h klog.h krb.h krb_db.h otp.h - -install: - $(MKINSTALLDIRS) $(includedir) +install: all + $(MKINSTALLDIRS) $(DESTDIR)$(includedir) for x in $(HEADERS); \ - do $(INSTALL_DATA) $$x $(includedir)/$$x; done - -if test "$(HAVE_ERR_H)" != yes; then \ - $(INSTALL_DATA) err.h $(includedir)/err.h; \ - fi + do $(INSTALL_DATA) $$x $(DESTDIR)$(includedir)/$$x; done for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) install); done uninstall: for x in $(HEADERS); do \ - rm -f $(includedir)/$$x; \ + rm -f $(DESTDIR)$(includedir)/$$x; \ done - -if test "$(HAVE_ERR_H)" != yes; then \ - rm -f $(includedir)/err.h; \ - fi for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done clean: - rm -f $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS) *.o ktypes stamp-headers + rm -f $(HEADERS) $(LOCL_HEADERS) \ + $(CLEAN_FILES) *.o bits stamp-headers for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) clean); done mostlyclean: clean distclean: $(MAKE) clean + rm -f config.h version.h version.h.in for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done rm -f Makefile config.status *~ realclean: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done -err.h: - if test "$(HAVE_ERR_H)" != yes; then \ - $(LN_S) $(srcdir)/../lib/roken/err.h err.h; \ - fi || true - -krb_err.h: - cd ../lib/krb && $(MAKE) krb_err.h - $(LN_S) ../lib/krb/krb_err.h . -kadm_err.h: - cd ../lib/kadm && $(MAKE) kadm_err.h - $(LN_S) ../lib/kadm/kadm_err.h . acl.h: $(LN_S) $(srcdir)/../lib/acl/acl.h . + com_err.h: - $(LN_S) $(srcdir)/../util/et/com_err.h . + $(LN_S) $(srcdir)/../lib/com_err/com_err.h . +com_right.h: + $(LN_S) $(srcdir)/../lib/com_err/com_right.h . + des.h: $(LN_S) $(srcdir)/../lib/des/des.h . + kadm.h: $(LN_S) $(srcdir)/../lib/kadm/kadm.h . + kafs.h: $(LN_S) $(srcdir)/../lib/kafs/kafs.h . + kdc.h: $(LN_S) $(srcdir)/../lib/kdb/kdc.h . + klog.h: $(LN_S) $(srcdir)/../lib/krb/klog.h . +krb-archaeology.h: + $(LN_S) $(srcdir)/../lib/krb/krb-archaeology.h . +krb-protos.h: + $(LN_S) $(srcdir)/../lib/krb/krb-protos.h . krb.h: $(LN_S) $(srcdir)/../lib/krb/krb.h . -resolve.h: - $(LN_S) $(srcdir)/../lib/krb/resolve.h . -krb_db.h: - $(LN_S) $(srcdir)/../lib/kdb/krb_db.h . prot.h: $(LN_S) $(srcdir)/../lib/krb/prot.h . -protos.h: - $(LN_S) $(srcdir)/protos.H protos.h -roken.h: - $(LN_S) $(srcdir)/../lib/roken/roken.h . -xdbm.h: - $(LN_S) $(srcdir)/../lib/roken/xdbm.h . +krb_db.h: + $(LN_S) $(srcdir)/../lib/kdb/krb_db.h . +krb_log.h: + $(LN_S) $(srcdir)/../lib/krb/krb_log.h . otp.h: $(LN_S) $(srcdir)/../lib/otp/otp.h . +base64.h: + $(LN_S) $(srcdir)/../lib/roken/base64.h . +err.h: + $(LN_S) $(srcdir)/../lib/roken/err.h . +fnmatch.h: + $(LN_S) $(srcdir)/../lib/roken/fnmatch.h . +getarg.h: + $(LN_S) $(srcdir)/../lib/roken/getarg.h . +glob.h: + $(LN_S) $(srcdir)/../lib/roken/glob.h . +parse_time.h: + $(LN_S) $(srcdir)/../lib/roken/parse_time.h . +resolve.h: + $(LN_S) $(srcdir)/../lib/roken/resolve.h . +roken-common.h: + $(LN_S) $(srcdir)/../lib/roken/roken-common.h . +xdbm.h: + $(LN_S) $(srcdir)/../lib/roken/xdbm.h . + sl.h: $(LN_S) $(srcdir)/../lib/sl/sl.h . -ktypes$(EXECSUFFIX): $(KTYPES_OBJECTS) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KTYPES_OBJECTS) +protos.h: + $(LN_S) $(srcdir)/protos.H protos.h -ktypes.o: ktypes.c +netdb.h: + $(LN_S) $(srcdir)/netdb.x netdb.h -ktypes.h: ktypes$(EXECSUFFIX) - ./ktypes$(EXECSUFFIX) > $@ +bits$(EXECSUFFIX): $(BITS_OBJECTS) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(BITS_OBJECTS) +bits.o: bits.c + +ktypes.h: bits$(EXECSUFFIX) + ./bits$(EXECSUFFIX) $@ + stamp-headers: Makefile - $(MAKE) $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS) + $(MAKE) $(HEADERS) $(LOCL_HEADERS) touch stamp-headers + +.PHONY: all Wall install uninstall clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/include/config.h.in =================================================================== --- stable/3/crypto/kerberosIV/include/config.h.in (revision 62577) +++ stable/3/crypto/kerberosIV/include/config.h.in (revision 62578) @@ -1,984 +1,1274 @@ /* include/config.h.in. Generated automatically from configure.in by autoheader. */ /* Define if using alloca.c. */ #undef C_ALLOCA /* Define to empty if the keyword does not work. */ #undef const /* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems. This function is required for alloca.c support on those systems. */ #undef CRAY_STACKSEG_END /* Define to `int' if doesn't define. */ #undef gid_t /* Define if you have alloca, as a function or macro. */ #undef HAVE_ALLOCA /* Define if you have and it should be used (not on Ultrix). */ #undef HAVE_ALLOCA_H /* Define if you have a working `mmap' system call. */ #undef HAVE_MMAP /* Define if your struct stat has st_blksize. */ #undef HAVE_ST_BLKSIZE +/* Define as __inline if that's what the C compiler calls it. */ +#undef inline + /* Define to `long' if doesn't define. */ #undef off_t /* Define to `int' if doesn't define. */ #undef pid_t /* Define if you need to in order for stat and other things to work. */ #undef _POSIX_SOURCE /* Define as the return type of signal handlers (int or void). */ #undef RETSIGTYPE /* Define to `unsigned' if doesn't define. */ #undef size_t /* If using the C implementation of alloca, define if you know the direction of stack growth for your system; otherwise it will be automatically deduced at run-time. STACK_DIRECTION > 0 => grows toward higher addresses STACK_DIRECTION < 0 => grows toward lower addresses STACK_DIRECTION = 0 => direction of growth unknown */ #undef STACK_DIRECTION /* Define if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define if `sys_siglist' is declared by . */ #undef SYS_SIGLIST_DECLARED /* Define if you can safely include both and . */ #undef TIME_WITH_SYS_TIME /* Define to `int' if doesn't define. */ #undef uid_t /* Define if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ #undef WORDS_BIGENDIAN /* Define if the X Window System is missing or not being used. */ #undef X_DISPLAY_MISSING -/* Define this if RETSIGTYPE == void */ -#undef VOID_RETSIGTYPE +/* Define if you have the XauFileName function. */ +#undef HAVE_XAUFILENAME -/* Define this if struct utmp have ut_user */ -#undef HAVE_UT_USER - -/* Define this if struct utmp have ut_host */ -#undef HAVE_UT_HOST - -/* Define this if struct utmp have ut_addr */ -#undef HAVE_UT_ADDR - -/* Define this if struct utmp have ut_type */ -#undef HAVE_UT_TYPE - -/* Define this if struct utmp have ut_pid */ -#undef HAVE_UT_PID - -/* Define this if struct utmp have ut_id */ -#undef HAVE_UT_ID - -/* Define this if struct utmpx have ut_syslen */ -#undef HAVE_UT_SYSLEN - -/* Define this if struct winsize is declared in sys/termios.h */ -#undef HAVE_STRUCT_WINSIZE - -/* Define this if struct winsize have ws_xpixel */ -#undef HAVE_WS_XPIXEL - -/* Define this if struct winsize have ws_ypixel */ -#undef HAVE_WS_YPIXEL - -/* Define this to be the directory where the dictionary for cracklib */ -/* resides */ -#undef DICTPATH - -/* Define this if you want to use SOCKS v5 */ -#undef SOCKS - -/* Define this to the path of the mail spool directory */ -#undef KRB4_MAILDIR - -/* Define this if `struct sockaddr' includes sa_len */ -#undef SOCKADDR_HAS_SA_LEN - -/* Define this if `struct siaentity' includes ouid */ -#undef SIAENTITY_HAS_OUID - -/* Define if getlogin has POSIX flavour, as opposed to BSD */ -#undef POSIX_GETLOGIN - -/* Define if getpwnam_r has POSIX flavour */ -#undef POSIX_GETPWNAM_R - -/* define if getcwd() is broken (such as in SunOS) */ -#undef BROKEN_GETCWD - -/* define if the system is missing a prototype for crypt() */ -#undef NEED_CRYPT_PROTO - -/* define if the system is missing a prototype for strtok_r() */ -#undef NEED_STRTOK_R_PROTO - -/* define if /bin/ls takes -A */ -#undef HAVE_LS_A - -/* define if you have h_errno */ -#undef HAVE_H_ERRNO - -/* define if you have h_errlist but not hstrerror */ -#undef HAVE_H_ERRLIST - -/* define if you have h_nerr but not hstrerror */ -#undef HAVE_H_NERR - -/* define if your system doesn't declare h_errlist */ -#undef HAVE_H_ERRLIST_DECLARATION - -/* define if your system doesn't declare h_nerr */ -#undef HAVE_H_NERR_DECLARATION - -/* define this if you need a declaration for h_errno */ -#undef HAVE_H_ERRNO_DECLARATION - -/* define if you need a declaration for optarg */ -#undef HAVE_OPTARG_DECLARATION - -/* define if you need a declaration for optind */ -#undef HAVE_OPTIND_DECLARATION - -/* define if you need a declaration for opterr */ -#undef HAVE_OPTERR_DECLARATION - -/* define if you need a declaration for optopt */ -#undef HAVE_OPTOPT_DECLARATION - -/* define if you need a declaration for __progname */ -#undef HAVE___PROGNAME_DECLARATION - /* Define if you have the XauReadAuth function. */ #undef HAVE_XAUREADAUTH /* Define if you have the XauWriteAuth function. */ #undef HAVE_XAUWRITEAUTH /* Define if you have the _getpty function. */ #undef HAVE__GETPTY /* Define if you have the _scrsize function. */ #undef HAVE__SCRSIZE /* Define if you have the _setsid function. */ #undef HAVE__SETSID /* Define if you have the _stricmp function. */ #undef HAVE__STRICMP /* Define if you have the asnprintf function. */ #undef HAVE_ASNPRINTF /* Define if you have the asprintf function. */ #undef HAVE_ASPRINTF +/* Define if you have the atexit function. */ +#undef HAVE_ATEXIT + +/* Define if you have the cap_set_proc function. */ +#undef HAVE_CAP_SET_PROC + +/* Define if you have the cgetent function. */ +#undef HAVE_CGETENT + /* Define if you have the chown function. */ #undef HAVE_CHOWN +/* Define if you have the chroot function. */ +#undef HAVE_CHROOT + +/* Define if you have the copyhostent function. */ +#undef HAVE_COPYHOSTENT + +/* Define if you have the crypt function. */ +#undef HAVE_CRYPT + /* Define if you have the daemon function. */ #undef HAVE_DAEMON -/* Define if you have the dbm_firstkey function. */ -#undef HAVE_DBM_FIRSTKEY +/* Define if you have the dlopen function. */ +#undef HAVE_DLOPEN -/* Define if you have the dbopen function. */ -#undef HAVE_DBOPEN - /* Define if you have the dn_expand function. */ #undef HAVE_DN_EXPAND /* Define if you have the el_init function. */ #undef HAVE_EL_INIT /* Define if you have the err function. */ #undef HAVE_ERR /* Define if you have the errx function. */ #undef HAVE_ERRX +/* Define if you have the fattach function. */ +#undef HAVE_FATTACH + /* Define if you have the fchmod function. */ #undef HAVE_FCHMOD /* Define if you have the fchown function. */ #undef HAVE_FCHOWN /* Define if you have the fcntl function. */ #undef HAVE_FCNTL /* Define if you have the flock function. */ #undef HAVE_FLOCK +/* Define if you have the fnmatch function. */ +#undef HAVE_FNMATCH + /* Define if you have the forkpty function. */ #undef HAVE_FORKPTY +/* Define if you have the freehostent function. */ +#undef HAVE_FREEHOSTENT + /* Define if you have the frevoke function. */ #undef HAVE_FREVOKE /* Define if you have the getattr function. */ #undef HAVE_GETATTR /* Define if you have the getcwd function. */ #undef HAVE_GETCWD /* Define if you have the getdtablesize function. */ #undef HAVE_GETDTABLESIZE +/* Define if you have the getegid function. */ +#undef HAVE_GETEGID + +/* Define if you have the geteuid function. */ +#undef HAVE_GETEUID + +/* Define if you have the getgid function. */ +#undef HAVE_GETGID + /* Define if you have the gethostbyname function. */ #undef HAVE_GETHOSTBYNAME /* Define if you have the gethostname function. */ #undef HAVE_GETHOSTNAME +/* Define if you have the getipnodebyaddr function. */ +#undef HAVE_GETIPNODEBYADDR + +/* Define if you have the getipnodebyname function. */ +#undef HAVE_GETIPNODEBYNAME + /* Define if you have the getlogin function. */ #undef HAVE_GETLOGIN +/* Define if you have the getmsg function. */ +#undef HAVE_GETMSG + /* Define if you have the getopt function. */ #undef HAVE_GETOPT /* Define if you have the getpagesize function. */ #undef HAVE_GETPAGESIZE /* Define if you have the getpriority function. */ #undef HAVE_GETPRIORITY /* Define if you have the getpwnam_r function. */ #undef HAVE_GETPWNAM_R +/* Define if you have the getrlimit function. */ +#undef HAVE_GETRLIMIT + /* Define if you have the getservbyname function. */ #undef HAVE_GETSERVBYNAME /* Define if you have the getsockopt function. */ #undef HAVE_GETSOCKOPT /* Define if you have the getspnam function. */ #undef HAVE_GETSPNAM -/* Define if you have the getspuid function. */ -#undef HAVE_GETSPUID - /* Define if you have the gettimeofday function. */ #undef HAVE_GETTIMEOFDAY +/* Define if you have the gettosbyname function. */ +#undef HAVE_GETTOSBYNAME + /* Define if you have the getudbnam function. */ #undef HAVE_GETUDBNAM /* Define if you have the getuid function. */ #undef HAVE_GETUID /* Define if you have the getusershell function. */ #undef HAVE_GETUSERSHELL /* Define if you have the grantpt function. */ #undef HAVE_GRANTPT /* Define if you have the hstrerror function. */ #undef HAVE_HSTRERROR /* Define if you have the inet_aton function. */ #undef HAVE_INET_ATON +/* Define if you have the inet_ntop function. */ +#undef HAVE_INET_NTOP + +/* Define if you have the inet_pton function. */ +#undef HAVE_INET_PTON + /* Define if you have the initgroups function. */ #undef HAVE_INITGROUPS /* Define if you have the innetgr function. */ #undef HAVE_INNETGR /* Define if you have the iruserok function. */ #undef HAVE_IRUSEROK /* Define if you have the logout function. */ #undef HAVE_LOGOUT /* Define if you have the logwtmp function. */ #undef HAVE_LOGWTMP /* Define if you have the lstat function. */ #undef HAVE_LSTAT /* Define if you have the memmove function. */ #undef HAVE_MEMMOVE /* Define if you have the mkstemp function. */ #undef HAVE_MKSTEMP /* Define if you have the mktime function. */ #undef HAVE_MKTIME /* Define if you have the odm_initialize function. */ #undef HAVE_ODM_INITIALIZE +/* Define if you have the on_exit function. */ +#undef HAVE_ON_EXIT + +/* Define if you have the parsetos function. */ +#undef HAVE_PARSETOS + /* Define if you have the ptsname function. */ #undef HAVE_PTSNAME /* Define if you have the putenv function. */ #undef HAVE_PUTENV /* Define if you have the rand function. */ #undef HAVE_RAND /* Define if you have the random function. */ #undef HAVE_RANDOM /* Define if you have the rcmd function. */ #undef HAVE_RCMD /* Define if you have the readline function. */ #undef HAVE_READLINE +/* Define if you have the readv function. */ +#undef HAVE_READV + +/* Define if you have the recvmsg function. */ +#undef HAVE_RECVMSG + /* Define if you have the res_search function. */ #undef HAVE_RES_SEARCH /* Define if you have the revoke function. */ #undef HAVE_REVOKE +/* Define if you have the sa_family_t function. */ +#undef HAVE_SA_FAMILY_T + +/* Define if you have the sendmsg function. */ +#undef HAVE_SENDMSG + /* Define if you have the setegid function. */ #undef HAVE_SETEGID /* Define if you have the setenv function. */ #undef HAVE_SETENV /* Define if you have the seteuid function. */ #undef HAVE_SETEUID /* Define if you have the setitimer function. */ #undef HAVE_SETITIMER /* Define if you have the setlim function. */ #undef HAVE_SETLIM /* Define if you have the setlogin function. */ #undef HAVE_SETLOGIN /* Define if you have the setpcred function. */ #undef HAVE_SETPCRED /* Define if you have the setpgid function. */ #undef HAVE_SETPGID /* Define if you have the setpriority function. */ #undef HAVE_SETPRIORITY /* Define if you have the setproctitle function. */ #undef HAVE_SETPROCTITLE /* Define if you have the setregid function. */ #undef HAVE_SETREGID /* Define if you have the setresgid function. */ #undef HAVE_SETRESGID /* Define if you have the setresuid function. */ #undef HAVE_SETRESUID /* Define if you have the setreuid function. */ #undef HAVE_SETREUID /* Define if you have the setsid function. */ #undef HAVE_SETSID /* Define if you have the setsockopt function. */ #undef HAVE_SETSOCKOPT /* Define if you have the setutent function. */ #undef HAVE_SETUTENT -/* Define if you have the snprintf function. */ -#undef HAVE_SNPRINTF +/* Define if you have the sgi_getcapabilitybyname function. */ +#undef HAVE_SGI_GETCAPABILITYBYNAME +/* Define if you have the sigaction function. */ +#undef HAVE_SIGACTION + /* Define if you have the socket function. */ #undef HAVE_SOCKET /* Define if you have the strcasecmp function. */ #undef HAVE_STRCASECMP /* Define if you have the strdup function. */ #undef HAVE_STRDUP /* Define if you have the strerror function. */ #undef HAVE_STRERROR /* Define if you have the strftime function. */ #undef HAVE_STRFTIME +/* Define if you have the strlcat function. */ +#undef HAVE_STRLCAT + +/* Define if you have the strlcpy function. */ +#undef HAVE_STRLCPY + /* Define if you have the strlwr function. */ #undef HAVE_STRLWR +/* Define if you have the strncasecmp function. */ +#undef HAVE_STRNCASECMP + +/* Define if you have the strndup function. */ +#undef HAVE_STRNDUP + /* Define if you have the strnlen function. */ #undef HAVE_STRNLEN +/* Define if you have the strptime function. */ +#undef HAVE_STRPTIME + +/* Define if you have the strsep function. */ +#undef HAVE_STRSEP + /* Define if you have the strtok_r function. */ #undef HAVE_STRTOK_R +/* Define if you have the struct_sockaddr_storage function. */ +#undef HAVE_STRUCT_SOCKADDR_STORAGE + /* Define if you have the strupr function. */ #undef HAVE_STRUPR /* Define if you have the swab function. */ #undef HAVE_SWAB +/* Define if you have the sysconf function. */ +#undef HAVE_SYSCONF + +/* Define if you have the sysctl function. */ +#undef HAVE_SYSCTL + /* Define if you have the syslog function. */ #undef HAVE_SYSLOG /* Define if you have the tgetent function. */ #undef HAVE_TGETENT /* Define if you have the ttyname function. */ #undef HAVE_TTYNAME /* Define if you have the ttyslot function. */ #undef HAVE_TTYSLOT /* Define if you have the ulimit function. */ #undef HAVE_ULIMIT /* Define if you have the uname function. */ #undef HAVE_UNAME /* Define if you have the unlockpt function. */ #undef HAVE_UNLOCKPT /* Define if you have the unsetenv function. */ #undef HAVE_UNSETENV /* Define if you have the vasnprintf function. */ #undef HAVE_VASNPRINTF /* Define if you have the vasprintf function. */ #undef HAVE_VASPRINTF /* Define if you have the verr function. */ #undef HAVE_VERR /* Define if you have the verrx function. */ #undef HAVE_VERRX /* Define if you have the vhangup function. */ #undef HAVE_VHANGUP /* Define if you have the vsnprintf function. */ #undef HAVE_VSNPRINTF +/* Define if you have the vsyslog function. */ +#undef HAVE_VSYSLOG + /* Define if you have the vwarn function. */ #undef HAVE_VWARN /* Define if you have the vwarnx function. */ #undef HAVE_VWARNX /* Define if you have the warn function. */ #undef HAVE_WARN /* Define if you have the warnx function. */ #undef HAVE_WARNX +/* Define if you have the writev function. */ +#undef HAVE_WRITEV + /* Define if you have the yp_get_default_domain function. */ #undef HAVE_YP_GET_DEFAULT_DOMAIN /* Define if you have the header file. */ #undef HAVE_ARPA_FTP_H /* Define if you have the header file. */ #undef HAVE_ARPA_INET_H /* Define if you have the header file. */ #undef HAVE_ARPA_NAMESER_H /* Define if you have the header file. */ #undef HAVE_ARPA_TELNET_H -/* Define if you have the header file. */ -#undef HAVE_BIND_BITYPES_H - /* Define if you have the header file. */ #undef HAVE_BSD_BSD_H /* Define if you have the header file. */ #undef HAVE_BSDSETJMP_H +/* Define if you have the header file. */ +#undef HAVE_CAPABILITY_H + /* Define if you have the header file. */ #undef HAVE_CRYPT_H +/* Define if you have the header file. */ +#undef HAVE_CURSES_H + +/* Define if you have the header file. */ +#undef HAVE_DB_H + /* Define if you have the header file. */ #undef HAVE_DBM_H /* Define if you have the header file. */ #undef HAVE_DIRENT_H /* Define if you have the header file. */ #undef HAVE_ERR_H +/* Define if you have the header file. */ +#undef HAVE_ERRNO_H + /* Define if you have the header file. */ #undef HAVE_FCNTL_H +/* Define if you have the header file. */ +#undef HAVE_FNMATCH_H + /* Define if you have the header file. */ #undef HAVE_GRP_H +/* Define if you have the header file. */ +#undef HAVE_INTTYPES_H + /* Define if you have the header file. */ #undef HAVE_IO_H /* Define if you have the header file. */ #undef HAVE_LASTLOG_H +/* Define if you have the header file. */ +#undef HAVE_LIBUTIL_H + +/* Define if you have the header file. */ +#undef HAVE_LIMITS_H + /* Define if you have the header file. */ #undef HAVE_LOGIN_H /* Define if you have the header file. */ #undef HAVE_MAILLOCK_H /* Define if you have the header file. */ #undef HAVE_NDBM_H /* Define if you have the header file. */ #undef HAVE_NET_IF_H /* Define if you have the header file. */ #undef HAVE_NET_IF_TUN_H /* Define if you have the header file. */ #undef HAVE_NET_IF_VAR_H /* Define if you have the header file. */ #undef HAVE_NETDB_H /* Define if you have the header file. */ #undef HAVE_NETINET_IN_H /* Define if you have the header file. */ #undef HAVE_NETINET_IN6_MACHTYPES_H /* Define if you have the header file. */ #undef HAVE_NETINET_IN_SYSTM_H /* Define if you have the header file. */ #undef HAVE_NETINET_IP_H /* Define if you have the header file. */ #undef HAVE_NETINET_TCP_H /* Define if you have the header file. */ #undef HAVE_PATHS_H /* Define if you have the header file. */ #undef HAVE_PTY_H /* Define if you have the header file. */ #undef HAVE_PWD_H /* Define if you have the header file. */ #undef HAVE_RESOLV_H /* Define if you have the header file. */ #undef HAVE_RPCSVC_DBM_H +/* Define if you have the header file. */ +#undef HAVE_RPCSVC_YPCLNT_H + /* Define if you have the header file. */ #undef HAVE_SAC_H /* Define if you have the header file. */ #undef HAVE_SECURITY_PAM_MODULES_H /* Define if you have the header file. */ #undef HAVE_SHADOW_H /* Define if you have the header file. */ #undef HAVE_SIAD_H /* Define if you have the header file. */ #undef HAVE_SIGNAL_H +/* Define if you have the header file. */ +#undef HAVE_STANDARDS_H + /* Define if you have the header file. */ #undef HAVE_STROPTS_H /* Define if you have the header file. */ #undef HAVE_SYS_BITYPES_H +/* Define if you have the header file. */ +#undef HAVE_SYS_CAPABILITY_H + /* Define if you have the header file. */ #undef HAVE_SYS_CATEGORY_H -/* Define if you have the header file. */ -#undef HAVE_SYS_CDEFS_H - /* Define if you have the header file. */ #undef HAVE_SYS_FILE_H /* Define if you have the header file. */ #undef HAVE_SYS_FILIO_H /* Define if you have the header file. */ #undef HAVE_SYS_IOCCOM_H /* Define if you have the header file. */ #undef HAVE_SYS_IOCTL_H /* Define if you have the header file. */ #undef HAVE_SYS_LOCKING_H /* Define if you have the header file. */ #undef HAVE_SYS_MMAN_H /* Define if you have the header file. */ #undef HAVE_SYS_PARAM_H /* Define if you have the header file. */ #undef HAVE_SYS_PROC_H +/* Define if you have the header file. */ +#undef HAVE_SYS_PTY_H + /* Define if you have the header file. */ #undef HAVE_SYS_PTYIO_H /* Define if you have the header file. */ #undef HAVE_SYS_PTYVAR_H /* Define if you have the header file. */ #undef HAVE_SYS_RESOURCE_H /* Define if you have the header file. */ #undef HAVE_SYS_SELECT_H /* Define if you have the header file. */ #undef HAVE_SYS_SOCKET_H /* Define if you have the header file. */ #undef HAVE_SYS_SOCKIO_H /* Define if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define if you have the header file. */ #undef HAVE_SYS_STR_TTY_H /* Define if you have the header file. */ #undef HAVE_SYS_STREAM_H /* Define if you have the header file. */ #undef HAVE_SYS_STROPTS_H /* Define if you have the header file. */ #undef HAVE_SYS_STRTTY_H /* Define if you have the header file. */ #undef HAVE_SYS_SYSCALL_H /* Define if you have the header file. */ #undef HAVE_SYS_SYSCTL_H /* Define if you have the header file. */ #undef HAVE_SYS_TERMIO_H /* Define if you have the header file. */ #undef HAVE_SYS_TIME_H /* Define if you have the header file. */ #undef HAVE_SYS_TIMEB_H /* Define if you have the header file. */ #undef HAVE_SYS_TIMES_H /* Define if you have the header file. */ #undef HAVE_SYS_TTY_H /* Define if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define if you have the header file. */ #undef HAVE_SYS_UIO_H /* Define if you have the header file. */ #undef HAVE_SYS_UN_H /* Define if you have the header file. */ #undef HAVE_SYS_UTSNAME_H /* Define if you have the header file. */ #undef HAVE_SYS_WAIT_H /* Define if you have the header file. */ #undef HAVE_SYSLOG_H +/* Define if you have the header file. */ +#undef HAVE_TERM_H + +/* Define if you have the header file. */ +#undef HAVE_TERMCAP_H + /* Define if you have the header file. */ #undef HAVE_TERMIO_H /* Define if you have the header file. */ #undef HAVE_TERMIOS_H /* Define if you have the header file. */ #undef HAVE_TMPDIR_H /* Define if you have the header file. */ #undef HAVE_TTYENT_H /* Define if you have the header file. */ #undef HAVE_UDB_H /* Define if you have the header file. */ #undef HAVE_ULIMIT_H /* Define if you have the header file. */ #undef HAVE_UNISTD_H /* Define if you have the header file. */ #undef HAVE_USERPW_H /* Define if you have the header file. */ #undef HAVE_USERSEC_H /* Define if you have the header file. */ #undef HAVE_UTIL_H /* Define if you have the header file. */ #undef HAVE_UTIME_H /* Define if you have the header file. */ #undef HAVE_UTMP_H /* Define if you have the header file. */ #undef HAVE_UTMPX_H /* Define if you have the header file. */ #undef HAVE_WAIT_H -/* Define if you have the header file. */ -#undef HAVE_WINSOCK_H - /* Define if you have the X11 library (-lX11). */ #undef HAVE_LIBX11 /* Define if you have the Xau library (-lXau). */ #undef HAVE_LIBXAU /* Define if you have the c_r library (-lc_r). */ #undef HAVE_LIBC_R /* Define if you have the cfg library (-lcfg). */ #undef HAVE_LIBCFG +/* Define if you have the crypt library (-lcrypt). */ +#undef HAVE_LIBCRYPT + +/* Define if you have the curses library (-lcurses). */ +#undef HAVE_LIBCURSES + +/* Define if you have the dl library (-ldl). */ +#undef HAVE_LIBDL + /* Define if you have the edit library (-ledit). */ #undef HAVE_LIBEDIT -/* Define if you have the gdbm library (-lgdbm). */ -#undef HAVE_LIBGDBM +/* Define if you have the ncurses library (-lncurses). */ +#undef HAVE_LIBNCURSES -/* Define if you have the ndbm library (-lndbm). */ -#undef HAVE_LIBNDBM - /* Define if you have the nsl library (-lnsl). */ #undef HAVE_LIBNSL /* Define if you have the odm library (-lodm). */ #undef HAVE_LIBODM /* Define if you have the readline library (-lreadline). */ #undef HAVE_LIBREADLINE /* Define if you have the resolv library (-lresolv). */ #undef HAVE_LIBRESOLV /* Define if you have the s library (-ls). */ #undef HAVE_LIBS /* Define if you have the socket library (-lsocket). */ #undef HAVE_LIBSOCKET /* Define if you have the syslog library (-lsyslog). */ #undef HAVE_LIBSYSLOG /* Define if you have the termcap library (-ltermcap). */ #undef HAVE_LIBTERMCAP /* Define if you have the util library (-lutil). */ #undef HAVE_LIBUTIL +/* Name of package */ +#undef PACKAGE + +/* Version number of package */ +#undef VERSION + +/* Define to what version of SunOS you are running. */ +#undef SunOS + +/* Define if you have the socks package. */ +#undef SOCKS + +/* Define to enable old kdestroy behavior. */ +#undef LEGACY_KDESTROY + +/* Define if you want to match subdomains. */ +#undef MATCH_SUBDOMAINS + +/* Define this to be the directory where the + dictionary for cracklib resides. */ +#undef DICTPATH + +/* Define this to the path of the mail spool directory. */ +#undef KRB4_MAILDIR + +/* Define this to the kerberos database directory. */ +#undef DB_DIR + +/* Define to enable new master key code. */ +#undef RANDOM_MKEY + +/* Define this to the location of the master key. */ +#undef MKEYFILE + +/* Define to enable basic OSF C2 support. */ +#undef HAVE_OSFC2 + +/* Define if you don't want to use mmap. */ +#undef NO_MMAP + +/* Define if you don't wan't support for AFS. */ +#undef NO_AFS + +/* Set this to the type of des-quad-cheksum to use. */ +#undef DES_QUAD_DEFAULT + +/* Define if you have the readline package. */ +#undef READLINE + +/* Define if you have the hesiod package. */ +#undef HESIOD + +/* define if your compiler has __attribute__ */ +#undef HAVE___ATTRIBUTE__ + +/* Huh? */ +#undef HAVE_STRANGE_INT8_T + +/* Define if NDBM really is DB (creates files ending in .db). */ +#undef HAVE_NEW_DB + +/* Define if you have NDBM (and not DBM) */ +#undef NDBM + +/* define if you have a working snprintf */ +#undef HAVE_SNPRINTF + +/* define if the system is missing a prototype for snprintf() */ +#undef NEED_SNPRINTF_PROTO + +/* define if you have a glob() that groks + GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE */ +#undef HAVE_GLOB + +/* define if the system is missing a prototype for glob() */ +#undef NEED_GLOB_PROTO + +/* Define if getpwnam_r has POSIX flavour. */ +#undef POSIX_GETPWNAM_R + +/* Define if getlogin has POSIX flavour (and not BSD). */ +#undef POSIX_GETLOGIN + +/* define if the system is missing a prototype for hstrerror() */ +#undef NEED_HSTRERROR_PROTO + +/* define if the system is missing a prototype for gethostname() */ +#undef NEED_GETHOSTNAME_PROTO + +/* define if the system is missing a prototype for mkstemp() */ +#undef NEED_MKSTEMP_PROTO + +/* define if the system is missing a prototype for inet_aton() */ +#undef NEED_INET_ATON_PROTO + +/* Define if realloc(NULL, X) doesn't work. */ +#undef BROKEN_REALLOC + +/* Define if getcwd is broken (like in SunOS 4). */ +#undef BROKEN_GETCWD + +/* define if prototype of gethostbyname is compatible with + struct hostent *gethostbyname(const char *) */ +#undef GETHOSTBYNAME_PROTO_COMPATIBLE + +/* define if prototype of gethostbyaddr is compatible with + struct hostent *gethostbyaddr(const void *, size_t, int) */ +#undef GETHOSTBYADDR_PROTO_COMPATIBLE + +/* define if prototype of getservbyname is compatible with + struct servent *getservbyname(const char *, const char *) */ +#undef GETSERVBYNAME_PROTO_COMPATIBLE + +/* define if prototype of openlog is compatible with + void openlog(const char *, int, int) */ +#undef OPENLOG_PROTO_COMPATIBLE + +/* define if the system is missing a prototype for crypt() */ +#undef NEED_CRYPT_PROTO + +/* define if the system is missing a prototype for fclose() */ +#undef NEED_FCLOSE_PROTO + +/* define if the system is missing a prototype for strtok_r() */ +#undef NEED_STRTOK_R_PROTO + +/* define if the system is missing a prototype for strsep() */ +#undef NEED_STRSEP_PROTO + +/* define if the system is missing a prototype for getusershell() */ +#undef NEED_GETUSERSHELL_PROTO + +/* define if the system is missing a prototype for utime() */ +#undef NEED_UTIME_PROTO + +/* define if you have h_errno */ +#undef HAVE_H_ERRNO + +/* define if your system declares h_errno */ +#undef HAVE_H_ERRNO_DECLARATION + +/* define if you have h_errlist */ +#undef HAVE_H_ERRLIST + +/* define if your system declares h_errlist */ +#undef HAVE_H_ERRLIST_DECLARATION + +/* define if you have h_nerr */ +#undef HAVE_H_NERR + +/* define if your system declares h_nerr */ +#undef HAVE_H_NERR_DECLARATION + +/* define if you have __progname */ +#undef HAVE___PROGNAME + +/* define if your system declares __progname */ +#undef HAVE___PROGNAME_DECLARATION + +/* define if your system declares optarg */ +#undef HAVE_OPTARG_DECLARATION + +/* define if your system declares optind */ +#undef HAVE_OPTIND_DECLARATION + +/* define if your system declares opterr */ +#undef HAVE_OPTERR_DECLARATION + +/* define if your system declares optopt */ +#undef HAVE_OPTOPT_DECLARATION + +/* define if your system declares environ */ +#undef HAVE_ENVIRON_DECLARATION + +/* Define if RETSIGTYPE == void. */ +#undef VOID_RETSIGTYPE + +/* Define if struct utmp has field ut_addr. */ +#undef HAVE_STRUCT_UTMP_UT_ADDR + +/* Define if struct utmp has field ut_host. */ +#undef HAVE_STRUCT_UTMP_UT_HOST + +/* Define if struct utmp has field ut_id. */ +#undef HAVE_STRUCT_UTMP_UT_ID + +/* Define if struct utmp has field ut_pid. */ +#undef HAVE_STRUCT_UTMP_UT_PID + +/* Define if struct utmp has field ut_type. */ +#undef HAVE_STRUCT_UTMP_UT_TYPE + +/* Define if struct utmp has field ut_user. */ +#undef HAVE_STRUCT_UTMP_UT_USER + +/* Define if struct utmpx has field ut_exit. */ +#undef HAVE_STRUCT_UTMPX_UT_EXIT + +/* Define if struct utmpx has field ut_syslen. */ +#undef HAVE_STRUCT_UTMPX_UT_SYSLEN + +/* Define if struct tm has field tm_gmtoff. */ +#undef HAVE_STRUCT_TM_TM_GMTOFF + +/* Define if struct tm has field tm_zone. */ +#undef HAVE_STRUCT_TM_TM_ZONE + +/* define if you have timezone */ +#undef HAVE_TIMEZONE + +/* define if your system declares timezone */ +#undef HAVE_TIMEZONE_DECLARATION + +/* define if you have struct spwd */ +#undef HAVE_STRUCT_SPWD + +/* define if struct winsize is declared in sys/termios.h */ +#undef HAVE_STRUCT_WINSIZE + +/* define if struct winsize has ws_xpixel */ +#undef HAVE_WS_XPIXEL + +/* define if struct winsize has ws_ypixel */ +#undef HAVE_WS_YPIXEL + +/* Define this to what the type ssize_t should be. */ +#undef ssize_t + +/* Define if struct sockaddr has field sa_len. */ +#undef HAVE_STRUCT_SOCKADDR_SA_LEN + +/* Define if SIAENTITY has field ouid. */ +#undef HAVE_SIAENTITY_OUID + +/* Define if you have a working getmsg. */ +#undef HAVE_GETMSG + +/* Define if el_init takes four arguments. */ +#undef HAVE_FOUR_VALUED_EL_INIT + +/* Define if you have a readline function. */ +#undef HAVE_READLINE + +/* Define if you have working stream ptys. */ +#undef STREAMSPTY + +/* Define if /bin/ls has a `-A' flag. */ +#undef HAVE_LS_A + + #undef HAVE_INT8_T #undef HAVE_INT16_T #undef HAVE_INT32_T #undef HAVE_INT64_T #undef HAVE_U_INT8_T #undef HAVE_U_INT16_T #undef HAVE_U_INT32_T #undef HAVE_U_INT64_T +/* This for compat with heimdal (or something) */ +#define KRB_PUT_INT(f, t, l, s) krb_put_int((f), (t), (l), (s)) + +#define HAVE_KRB_ENABLE_DEBUG 1 + +#define HAVE_KRB_DISABLE_DEBUG 1 + +#define HAVE_KRB_GET_OUR_IP_FOR_REALM 1 + #define RCSID(msg) \ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } /* * Set ORGANIZATION to be the desired organization string printed * by the 'kinit' program. It may have spaces. */ #define ORGANIZATION "eBones International" #if 0 #undef BINDIR #undef LIBDIR #undef LIBEXECDIR #undef SBINDIR #endif #if 0 #define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0} #define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0} #define KRB_EQUIV "/etc/krb.equiv" #define KEYFILE "/etc/srvtab" #define KRBDIR "/var/kerberos" #define DBM_FILE KRBDIR "/principal" #define DEFAULT_ACL_DIR KRBDIR #define KRBLOG "/var/log/kerberos.log" /* master server */ #define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ #define KADM_SYSLOG "/var/log/admin_server.syslog" #define K_LOGFIL "/var/log/kpropd.log" #endif /* Maximum values on all known systems */ #define MaxHostNameLen (64+4) #define MaxPathLen (1024+4) -/* - * Define NDBM if you are using the 4.3 ndbm library (which is part of - * libc). If not defined, 4.2 dbm will be assumed. - */ -#if defined(HAVE_DBM_FIRSTKEY) -#define NDBM -#endif - /* ftp stuff -------------------------------------------------- */ #define KERBEROS /* telnet stuff ----------------------------------------------- */ +/* define this for OTP support */ +#undef OTP + /* define this if you have kerberos 4 */ #undef KRB4 /* define this if you want encryption */ #undef ENCRYPTION /* define this if you want authentication */ #undef AUTHENTICATION #if defined(ENCRYPTION) && !defined(AUTHENTICATION) #define AUTHENTICATION 1 #endif /* Set this if you want des encryption */ #undef DES_ENCRYPTION /* Set this to the default system lead string for telnetd * can contain %-escapes: %s=sysname, %m=machine, %r=os-release * %v=os-version, %t=tty, %h=hostname, %d=date and time */ #undef USE_IM /* define this if you want diagnostics in telnetd */ #undef DIAGNOSTICS /* define this if you want support for broken ENV_{VALUE,VAR} systems */ #undef ENV_HACK /* */ #undef OLD_ENVIRON /* Used with login -p */ #undef LOGIN_ARGS -/* Define if there are working stream ptys */ -#undef STREAMSPTY - /* set this to a sensible login */ #ifndef LOGIN_PATH #define LOGIN_PATH BINDIR "/login" #endif /* ------------------------------------------------------------ */ -/* - * Define this if your ndbm-library really is berkeley db and creates - * files that ends in .db. - */ -#undef HAVE_NEW_DB +#ifdef BROKEN_REALLOC +#define realloc(X, Y) isoc_realloc((X), (Y)) +#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y)) +#endif -/* Define this if you have a working getmsg */ -#undef HAVE_GETMSG - -/* Define to enable new master key code */ -#undef RANDOM_MKEY - -/* Location of the master key file, default value lives in */ -#undef MKEYFILE - -/* Define if you don't want support for afs, might be a good idea on - AIX if you don't have afs */ -#undef NO_AFS - -/* Define if you have a readline compatible library */ -#undef HAVE_READLINE - #ifdef VOID_RETSIGTYPE #define SIGRETURN(x) return #else #define SIGRETURN(x) return (RETSIGTYPE)(x) #endif -/* Define this if your compiler supports '#pragma weak' */ -#undef HAVE_PRAGMA_WEAK - /* Temporary fixes for krb_{rd,mk}_safe */ #define DES_QUAD_GUESS 0 #define DES_QUAD_NEW 1 #define DES_QUAD_OLD 2 -/* Set this to one of the constants above to specify default checksum - type to emit */ -#undef DES_QUAD_DEFAULT +/* + * All these are system-specific defines that I would rather not have at all. + */ /* * AIX braindamage! */ #if _AIX #define _ALL_SOURCE -#define _POSIX_SOURCE -/* this is left for hysteric reasons :-) */ -#define unix /* well, ok... */ +/* XXX this is gross, but kills about a gazillion warnings */ +struct ether_addr; +struct sockaddr; +struct sockaddr_dl; +struct sockaddr_in; #endif -/* - * SunOS braindamage! (Sun include files are generally braindead) - */ -#if (defined(sun) || defined(__sun)) -#if defined(__svr4__) || defined(__SVR4) -#define SunOS 5 -#else -#define SunOS 4 -#endif -#endif - #if defined(__sgi) || defined(sgi) #if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4) #define IRIX 5 #else #define IRIX 4 #endif #endif /* IRIX 4 braindamage */ #if IRIX == 4 && !defined(__STDC__) #define __STDC__ 0 +#endif + +/* + * Defining this enables lots of useful (and used) extensions on + * glibc-based systems such as Linux + */ + +#define _GNU_SOURCE + +/* some strange OS/2 stuff. From */ + +#ifdef __EMX__ +#define _EMX_TCPIP +#define MAIL_USE_SYSTEM_LOCK +#endif + +#ifdef ROKEN_RENAME +#include "roken_rename.h" #endif Index: stable/3/crypto/kerberosIV/include/sys/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/include/sys/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/include/sys/Makefile.in (revision 62578) @@ -1,53 +1,48 @@ -# $Id: Makefile.in,v 1.18 1997/05/11 04:29:47 assar Exp $ +# $Id: Makefile.in,v 1.22 1998/03/15 05:57:53 assar Exp $ srcdir = @srcdir@ VPATH = @srcdir@ SHELL = /bin/sh LN_S = @LN_S@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ includedir = @includedir@ -HAVE_CDEFS = @ac_cv_header_sys_cdefs_h@ +BROKEN_SOCKET_H = @krb_cv_header_sys_socket_h_broken@ @SET_MAKE@ -HEADERS = cdefs.h +HEADERS = socket.h all: stamp-headers Wall: $(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" install: all - $(MKINSTALLDIRS) $(includedir)/sys - -if test "$(HAVE_CDEFS)" != yes; then \ - $(INSTALL_DATA) cdefs.h $(includedir)/sys/cdefs.h ; \ - fi uninstall: - -if test "$(HAVE_CDEFS)" != yes; then \ - rm -f $(includedir)/sys/cdefs.h ; \ - fi clean: rm -f $(HEADERS) stamp-headers mostlyclean: clean distclean: clean rm -f Makefile config.status *~ realclean: clean -cdefs.h: - if test "$(HAVE_CDEFS)" != yes; then \ - $(LN_S) ${srcdir}/cdefs.H cdefs.h; \ +socket.h: + if test "$(BROKEN_SOCKET_H)" = yes; then \ + $(LN_S) $(srcdir)/socket.x socket.h; \ fi || true stamp-headers: $(MAKE) $(HEADERS) touch stamp-headers + +.PHONY: all Wall install uninstall clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/kadmin/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/kadmin/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/Makefile.in (revision 62578) @@ -1,125 +1,125 @@ -# $Id: Makefile.in,v 1.37 1997/05/02 17:50:35 assar Exp $ +# $Id: Makefile.in,v 1.47 1999/03/10 19:01:13 joda Exp $ SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ -topdir=.. +top_builddir=.. CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ LN_S = @LN_S@ DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ LIB_tgetent = @LIB_tgetent@ LIB_readline = @LIB_readline@ LIB_DBM = @LIB_DBM@ LIBS = @LIBS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs CRACKLIB = @CRACKLIB@ prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ libexecdir = @libexecdir@ bindir = @bindir@ sbindir = @sbindir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ PROG_BIN = kpasswd$(EXECSUFFIX) \ kadmin$(EXECSUFFIX) PROG_SBIN = ksrvutil$(EXECSUFFIX) PROG_LIBEXEC = kadmind$(EXECSUFFIX) PROGS = $(PROG_BIN) $(PROG_SBIN) $(PROG_LIBEXEC) SOURCES = kpasswd.c kadmin.c kadm_server.c kadm_funcs.c pw_check.c \ admin_server.c kadm_ser_wrap.c ksrvutil.c ksrvutil_get.c \ - new_pwd.c + new_pwd.c random_password.c OBJECTS = kpasswd.o kadmin.o kadm_server.o kadm_funcs.o \ admin_server.o kadm_ser_wrap.o ksrvutil.o ksrvutil_get.o \ - new_pwd.o + new_pwd.o random_password.o all: $(PROGS) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + $(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $< install: all - $(MKINSTALLDIRS) $(bindir) + $(MKINSTALLDIRS) $(DESTDIR)$(bindir) for x in $(PROG_BIN); do \ - $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done - $(MKINSTALLDIRS) $(sbindir) + $(MKINSTALLDIRS) $(DESTDIR)$(sbindir) for x in $(PROG_SBIN); do \ - $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(sbindir)/`echo $$x | sed '$(transform)'`; \ done - $(MKINSTALLDIRS) $(libexecdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) for x in $(PROG_LIBEXEC); do \ - $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done @rm -f $(prefix)/sbin/kadmin uninstall: for x in $(PROG_BIN); do \ - rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done for x in $(PROG_SBIN); do \ - rm -f $(sbindir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(sbindir)/`echo $$x | sed '$(transform)'`; \ done for x in $(PROG_LIBEXEC); do \ - rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done TAGS: $(SOURCES) etags $(SOURCES) check: clean: rm -f *.a *.o $(PROGS) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - -KLIB=-L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../util/et -lcom_err +KLIB=-L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/com_err -lcom_err LIBROKEN=-L../lib/roken -lroken kpasswd$(EXECSUFFIX): kpasswd.o new_pwd.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpasswd.o new_pwd.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kpasswd.o new_pwd.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) -kadmin$(EXECSUFFIX): kadmin.o new_pwd.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ new_pwd.o kadmin.o -L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/sl -lsl -L../util/et -lcom_err $(LIBROKEN) $(LIBS) $(LIB_readline) $(LIBROKEN) +kadmin_OBJECTS = kadmin.o new_pwd.o random_password.o +kadmin$(EXECSUFFIX): $(kadmin_OBJECTS) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(kadmin_OBJECTS) $(KLIB) -L../lib/sl -lsl $(LIBROKEN) $(LIBS) $(LIB_readline) $(LIBROKEN) + KADMIND_OBJECTS=kadm_server.o kadm_funcs.o admin_server.o kadm_ser_wrap.o pw_check.o kadmind$(EXECSUFFIX): $(KADMIND_OBJECTS) - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KADMIND_OBJECTS) -L../lib/kdb -lkdb -L../lib/acl -lacl $(KLIB) $(CRACKLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KADMIND_OBJECTS) -L../lib/kdb -lkdb -L../lib/acl -lacl $(KLIB) $(CRACKLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) ksrvutil$(EXECSUFFIX): ksrvutil.o ksrvutil_get.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ksrvutil.o ksrvutil_get.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ ksrvutil.o ksrvutil_get.o $(KLIB) $(LIBROKEN) $(LIBS) $(OBJECTS): ../include/config.h + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/kadmin/admin_server.c =================================================================== --- stable/3/crypto/kerberosIV/kadmin/admin_server.c (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/admin_server.c (revision 62578) @@ -1,432 +1,460 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * Top-level loop of the kerberos Administration server */ /* admin_server.c this holds the main loop and initialization and cleanup code for the server */ #include "kadm_locl.h" -RCSID("$Id: admin_server.c,v 1.41 1997/05/27 15:52:53 bg Exp $"); +RCSID("$Id: admin_server.c,v 1.49 1999/11/13 06:32:19 assar Exp $"); /* Almost all procs and such need this, so it is global */ admin_params prm; /* The command line parameters struct */ /* GLOBAL */ char *acldir = DEFAULT_ACL_DIR; static char krbrlm[REALM_SZ]; static unsigned pidarraysize = 0; -static int *pidarray = (int *)0; +static int *pidarray = NULL; static int exit_now = 0; static RETSIGTYPE doexit(int sig) { exit_now = 1; SIGRETURN(0); } static RETSIGTYPE do_child(int sig) { int pid; int i, j; int status; pid = wait(&status); /* Reinstall signal handlers for SysV. Must be done *after* wait */ signal(SIGCHLD, do_child); for (i = 0; i < pidarraysize; i++) if (pidarray[i] == pid) { /* found it */ for (j = i; j < pidarraysize-1; j++) /* copy others down */ pidarray[j] = pidarray[j+1]; pidarraysize--; if ((WIFEXITED(status) && WEXITSTATUS(status) != 0) || WIFSIGNALED(status)) krb_log("child %d: termsig %d, retcode %d", pid, WTERMSIG(status), WEXITSTATUS(status)); SIGRETURN(0); } krb_log("child %d not in list: termsig %d, retcode %d", pid, WTERMSIG(status), WEXITSTATUS(status)); SIGRETURN(0); } static void kill_children(void) { int i; for (i = 0; i < pidarraysize; i++) { kill(pidarray[i], SIGINT); krb_log("killing child %d", pidarray[i]); } } /* close the system log file */ static void close_syslog(void) { krb_log("Shutting down admin server"); } static void byebye(void) /* say goodnight gracie */ { printf("Admin Server (kadm server) has completed operation.\n"); } static void clear_secrets(void) { memset(server_parm.master_key, 0, sizeof(server_parm.master_key)); memset(server_parm.master_key_schedule, 0, sizeof(server_parm.master_key_schedule)); server_parm.master_key_version = 0L; } #ifdef DEBUG #define cleanexit(code) {kerb_fini(); return;} #endif #ifndef DEBUG static void cleanexit(int val) { kerb_fini(); clear_secrets(); exit(val); } #endif static void process_client(int fd, struct sockaddr_in *who) { u_char *dat; int dat_len; u_short dlen; int retval; - int on = 1; Principal service; des_cblock skey; int more; int status; #if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) - if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0) + { + int on = 1; + + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, + (void *)&on, sizeof(on)) < 0) krb_log("setsockopt keepalive: %d",errno); + } #endif server_parm.recv_addr = *who; if (kerb_init()) { /* Open as client */ krb_log("can't open krb db"); cleanexit(1); } /* need to set service key to changepw.KRB_MASTER */ status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, 1, &more); if (status == -1) { /* db locked */ - int32_t retcode = KADM_DB_INUSE; char *pdat; - dat_len = KADM_VERSIZE + sizeof(retcode); - dat = (u_char *) malloc((unsigned)dat_len); + dat_len = KADM_VERSIZE + 4; + dat = (u_char *) malloc(dat_len); + if (dat == NULL) { + krb_log("malloc failed"); + cleanexit(4); + } pdat = (char *) dat; - retcode = htonl((u_int32_t) KADM_DB_INUSE); - strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); - memcpy(pdat+KADM_VERSIZE, &retcode, sizeof(retcode)); + memcpy(pdat, KADM_ULOSE, KADM_VERSIZE); + krb_put_int (KADM_DB_INUSE, pdat + KADM_VERSIZE, 4, 4); goto out; } else if (!status) { krb_log("no service %s.%s",server_parm.sname, server_parm.sinst); cleanexit(2); } copy_to_key(&service.key_low, &service.key_high, skey); memset(&service, 0, sizeof(service)); kdb_encrypt_key (&skey, &skey, &server_parm.master_key, server_parm.master_key_schedule, DES_DECRYPT); krb_set_key(skey, 0); /* if error, will show up when rd_req fails */ memset(skey, 0, sizeof(skey)); while (1) { + void *errpkt; + + errpkt = malloc(KADM_VERSIZE + 4); + if (errpkt == NULL) { + krb_log("malloc: no memory"); + close(fd); + cleanexit(4); + } + if ((retval = krb_net_read(fd, &dlen, sizeof(u_short))) != sizeof(u_short)) { if (retval < 0) krb_log("dlen read: %s",error_message(errno)); else if (retval) krb_log("short dlen read: %d",retval); close(fd); cleanexit(retval ? 3 : 0); } if (exit_now) { cleanexit(0); } dat_len = ntohs(dlen); dat = (u_char *) malloc(dat_len); - if (!dat) { + if (dat == NULL) { krb_log("malloc: No memory"); close(fd); cleanexit(4); } if ((retval = krb_net_read(fd, dat, dat_len)) != dat_len) { if (retval < 0) krb_log("data read: %s",error_message(errno)); else krb_log("short read: %d vs. %d", dat_len, retval); close(fd); cleanexit(5); } if (exit_now) { cleanexit(0); } - if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS) + if ((retval = kadm_ser_in(&dat, &dat_len, errpkt)) != KADM_SUCCESS) krb_log("processing request: %s", error_message(retval)); /* kadm_ser_in did the processing and returned stuff in dat & dat_len , return the appropriate data */ out: dlen = htons(dat_len); if (krb_net_write(fd, &dlen, sizeof(u_short)) < 0) { krb_log("writing dlen to client: %s",error_message(errno)); close(fd); cleanexit(6); } if (krb_net_write(fd, dat, dat_len) < 0) { krb_log("writing to client: %s", error_message(errno)); close(fd); cleanexit(7); } free(dat); } /*NOTREACHED*/ } /* kadm_listen listen on the admin servers port for a request */ static int kadm_listen(void) { int found; int admin_fd; int peer_fd; fd_set mask, readfds; struct sockaddr_in peer; int addrlen; int pid; signal(SIGINT, doexit); signal(SIGTERM, doexit); signal(SIGHUP, doexit); signal(SIGQUIT, doexit); signal(SIGPIPE, SIG_IGN); /* get errors on write() */ signal(SIGALRM, doexit); signal(SIGCHLD, do_child); if (setsid() < 0) krb_log("setsid() failed"); if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) return KADM_NO_SOCK; #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) { int one=1; setsockopt(admin_fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one)); } #endif if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, sizeof(struct sockaddr_in)) < 0) return KADM_NO_BIND; listen(admin_fd, 1); FD_ZERO(&mask); FD_SET(admin_fd, &mask); for (;;) { /* loop nearly forever */ if (exit_now) { clear_secrets(); kill_children(); return(0); } readfds = mask; if ((found = select(admin_fd+1, &readfds, 0, 0, (struct timeval *)0)) == 0) continue; /* no things read */ if (found < 0) { if (errno != EINTR) krb_log("select: %s",error_message(errno)); continue; } if (FD_ISSET(admin_fd, &readfds)) { /* accept the conn */ addrlen = sizeof(peer); if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer, &addrlen)) < 0) { krb_log("accept: %s",error_message(errno)); continue; } #ifndef DEBUG /* if you want a sep daemon for each server */ if ((pid = fork())) { + void *tmp; + /* parent */ if (pid < 0) { krb_log("fork: %s",error_message(errno)); close(peer_fd); continue; } /* fork succeded: keep tabs on child */ close(peer_fd); - if (pidarray) { - pidarray = (int *)realloc(pidarray, ++pidarraysize); - pidarray[pidarraysize-1] = pid; + tmp = realloc(pidarray, + (pidarraysize + 1) * sizeof(*pidarray)); + if(tmp == NULL) { + krb_log ("malloc: no memory. pid %u on its own", + (unsigned)pid); } else { - pidarray = (int *)malloc(pidarraysize = 1); - pidarray[0] = pid; + pidarray = tmp; + pidarray[pidarraysize++] = pid; } } else { /* child */ close(admin_fd); #endif /* DEBUG */ /* * If we are multihomed we need to figure out which * local address that is used this time since it is * used in "direction" comparison. */ getsockname(peer_fd, (struct sockaddr *)&server_parm.admin_addr, &addrlen); /* do stuff */ process_client (peer_fd, &peer); #ifndef DEBUG } #endif } else { krb_log("something else woke me up!"); return(0); } } /*NOTREACHED*/ } /* ** Main does the logical thing, it sets up the database and RPC interface, ** as well as handling the creation and maintenance of the syslog file... */ int main(int argc, char **argv) /* admin_server main routine */ { int errval; int c; + struct in_addr i_addr; set_progname (argv[0]); umask(077); /* Create protected files */ + i_addr.s_addr = INADDR_ANY; /* initialize the admin_params structure */ prm.sysfile = KADM_SYSLOG; /* default file name */ prm.inter = 0; memset(krbrlm, 0, sizeof(krbrlm)); - while ((c = getopt(argc, argv, "f:hmnd:a:r:")) != EOF) + while ((c = getopt(argc, argv, "f:hmnd:a:r:i:")) != -1) switch(c) { case 'f': /* Syslog file name change */ prm.sysfile = optarg; break; case 'n': prm.inter = 0; break; case 'm': prm.inter = 1; break; case 'a': /* new acl directory */ acldir = optarg; break; case 'd': /* put code to deal with alt database place */ if ((errval = kerb_db_set_name(optarg))) errx (1, "opening database %s: %s", optarg, error_message(errval)); break; case 'r': - strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); + strlcpy (krbrlm, optarg, sizeof(krbrlm)); break; + case 'i': + /* Only listen on this address */ + if(inet_aton (optarg, &i_addr) == 0) { + fprintf (stderr, "Bad address: %s\n", optarg); + exit (1); + } + break; case 'h': /* get help on using admin_server */ default: - errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir]"); + errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir] [-i address_to_listen_on]"); } if (krbrlm[0] == 0) - if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) + if (krb_get_lrealm(krbrlm, 1) != KSUCCESS) errx (1, "Unable to get local realm. Fix krb.conf or use -r."); printf("KADM Server %s initializing\n",KADM_VERSTR); printf("Please do not use 'kill -9' to kill this job, use a\n"); printf("regular kill instead\n\n"); kset_logfile(prm.sysfile); krb_log("Admin server starting"); kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); errval = kerb_init(); /* Open the Kerberos database */ if (errval) { warnx ("error: kerb_init() failed"); close_syslog(); byebye(); } /* set up the server_parm struct */ - if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) { + if ((errval = kadm_ser_init(prm.inter, krbrlm, i_addr))==KADM_SUCCESS) { kerb_fini(); /* Close the Kerberos database-- will re-open later */ errval = kadm_listen(); /* listen for calls to server from clients */ } if (errval != KADM_SUCCESS) { warnx("error: %s",error_message(errval)); kerb_fini(); /* Close if error */ } close_syslog(); /* Close syslog file, print closing note */ byebye(); /* Say bye bye on the terminal in use */ exit(1); } /* procedure main */ Index: stable/3/crypto/kerberosIV/kadmin/kadm_funcs.c =================================================================== --- stable/3/crypto/kerberosIV/kadmin/kadm_funcs.c (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/kadm_funcs.c (revision 62578) @@ -1,411 +1,437 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * Kerberos administration server-side database manipulation routines */ /* * kadm_funcs.c * the actual database manipulation code */ #include "kadm_locl.h" -RCSID("$Id: kadm_funcs.c,v 1.16 1997/05/02 14:28:49 assar Exp $"); +RCSID("$Id: kadm_funcs.c,v 1.18 1999/09/16 20:41:40 assar Exp $"); static int check_access(char *pname, char *pinst, char *prealm, enum acl_types acltype) { char checkname[MAX_K_NAME_SZ]; char filename[MaxPathLen]; snprintf(checkname, sizeof(checkname), "%s.%s@%s", pname, pinst, prealm); switch (acltype) { case ADDACL: snprintf(filename, sizeof(filename), "%s%s", acldir, ADD_ACL_FILE); break; case GETACL: snprintf(filename, sizeof(filename), "%s%s", acldir, GET_ACL_FILE); break; case MODACL: snprintf(filename, sizeof(filename), "%s%s", acldir, MOD_ACL_FILE); break; case DELACL: snprintf(filename, sizeof(filename), "%s%s", acldir, DEL_ACL_FILE); break; default: krb_log("WARNING in check_access: default case in switch"); return 0; } return(acl_check(filename, checkname)); } static int wildcard(char *str) { if (!strcmp(str, WILDCARD_STR)) return(1); return(0); } static int fail(int code, char *oper, char *princ) { krb_log("ERROR: %s: %s (%s)", oper, princ, error_message(code)); return code; } #define failadd(code) { fail(code, "ADD", victim); return code; } #define faildelete(code) { fail(code, "DELETE", victim); return code; } #define failget(code) { fail(code, "GET", victim); return code; } #define failmod(code) { fail(code, "MOD", victim); return code; } #define failchange(code) { fail(code, "CHANGE", admin); return code; } int kadm_add_entry (char *rname, char *rinstance, char *rrealm, Kadm_vals *valsin, Kadm_vals *valsout) { long numfound; /* check how many we get written */ int more; /* pointer to more grabbed records */ Principal data_i, data_o; /* temporary principal */ u_char flags[4]; des_cblock newpw; Principal default_princ; char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; - strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); - strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + strlcpy(admin, + krb_unparse_name_long(rname, rinstance, rrealm), + sizeof(admin)); + strlcpy(victim, + krb_unparse_name_long(valsin->name, + valsin->instance, + NULL), + sizeof(victim)); krb_log("ADD: %s by %s", victim, admin); if (!check_access(rname, rinstance, rrealm, ADDACL)) { krb_log("WARNING: ADD: %s permission denied", admin); return KADM_UNAUTH; } /* Need to check here for "legal" name and instance */ if (wildcard(valsin->name) || wildcard(valsin->instance)) { failadd(KADM_ILL_WILDCARD); } numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, &default_princ, 1, &more); if (numfound == -1) { failadd(KADM_DB_INUSE); } else if (numfound != 1) { failadd(KADM_UK_RERROR); } kadm_vals_to_prin(valsin->fields, &data_i, valsin); - strncpy(data_i.name, valsin->name, ANAME_SZ); - strncpy(data_i.instance, valsin->instance, INST_SZ); + strlcpy(data_i.name, valsin->name, ANAME_SZ); + strlcpy(data_i.instance, valsin->instance, INST_SZ); if (!IS_FIELD(KADM_EXPDATE,valsin->fields)) data_i.exp_date = default_princ.exp_date; if (!IS_FIELD(KADM_ATTR,valsin->fields)) data_i.attributes = default_princ.attributes; if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) data_i.max_life = default_princ.max_life; memset(&default_princ, 0, sizeof(default_princ)); /* convert to host order */ data_i.key_low = ntohl(data_i.key_low); data_i.key_high = ntohl(data_i.key_high); copy_to_key(&data_i.key_low, &data_i.key_high, newpw); /* encrypt new key in master key */ kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key, server_parm.master_key_schedule, DES_ENCRYPT); copy_from_key(newpw, &data_i.key_low, &data_i.key_high); memset(newpw, 0, sizeof(newpw)); data_o = data_i; numfound = kerb_get_principal(valsin->name, valsin->instance, &data_o, 1, &more); if (numfound == -1) { failadd(KADM_DB_INUSE); } else if (numfound) { failadd(KADM_INUSE); } else { data_i.key_version++; data_i.kdc_key_ver = server_parm.master_key_version; - strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1); - strncpy(data_i.mod_instance, rinstance, - sizeof(data_i.mod_instance)-1); + strlcpy(data_i.mod_name, rname, sizeof(data_i.mod_name)); + strlcpy(data_i.mod_instance, rinstance, + sizeof(data_i.mod_instance)); numfound = kerb_put_principal(&data_i, 1); if (numfound == -1) { failadd(KADM_DB_INUSE); } else if (numfound) { failadd(KADM_UK_SERROR); } else { numfound = kerb_get_principal(valsin->name, valsin->instance, &data_o, 1, &more); if ((numfound!=1) || (more!=0)) { failadd(KADM_UK_RERROR); } memset(flags, 0, sizeof(flags)); SET_FIELD(KADM_NAME,flags); SET_FIELD(KADM_INST,flags); SET_FIELD(KADM_EXPDATE,flags); SET_FIELD(KADM_ATTR,flags); SET_FIELD(KADM_MAXLIFE,flags); kadm_prin_to_vals(flags, valsout, &data_o); krb_log("ADD: %s added", victim); return KADM_DATA; /* Set all the appropriate fields */ } } } int kadm_delete_entry (char *rname, char *rinstance, char *rrealm, Kadm_vals *valsin) { int ret; char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; - strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); - strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + strlcpy(admin, + krb_unparse_name_long(rname, rinstance, rrealm), + sizeof(admin)); + strlcpy(victim, + krb_unparse_name_long(valsin->name, + valsin->instance, + NULL), + sizeof(victim)); krb_log("DELETE: %s by %s", victim, admin); if (!check_access(rname, rinstance, rrealm, DELACL)) { krb_log("WARNING: DELETE: %s permission denied", admin); return KADM_UNAUTH; } /* Need to check here for "legal" name and instance */ if (wildcard(valsin->name) || wildcard(valsin->instance)) { faildelete(KADM_ILL_WILDCARD); } #define EQ(V,N,I) (strcmp((V)->name, (N)) == 0 && strcmp((V)->instance, (I)) == 0) if(EQ(valsin, PWSERV_NAME, KRB_MASTER) || EQ(valsin, "K", "M") || EQ(valsin, "default", "") || EQ(valsin, KRB_TICKET_GRANTING_TICKET, server_parm.krbrlm)){ krb_log("WARNING: DELETE: %s is immutable", victim); return KADM_IMMUTABLE; /* XXX */ } ret = kerb_delete_principal(valsin->name, valsin->instance); if(ret == -1) return KADM_DB_INUSE; /* XXX */ krb_log("DELETE: %s removed.", victim); return KADM_SUCCESS; } int kadm_get_entry (char *rname, char *rinstance, char *rrealm, Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout) { long numfound; /* check how many were returned */ int more; /* To point to more name.instances */ Principal data_o; /* Data object to hold Principal */ char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; - strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); - strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + strlcpy(admin, + krb_unparse_name_long(rname, rinstance, rrealm), + sizeof(admin)); + strlcpy(victim, + krb_unparse_name_long(valsin->name, + valsin->instance, + NULL), + sizeof(victim)); krb_log("GET: %s by %s", victim, admin); if (!check_access(rname, rinstance, rrealm, GETACL)) { krb_log("WARNING: GET: %s permission denied", admin); return KADM_UNAUTH; } if (wildcard(valsin->name) || wildcard(valsin->instance)) { failget(KADM_ILL_WILDCARD); } /* Look up the record in the database */ numfound = kerb_get_principal(valsin->name, valsin->instance, &data_o, 1, &more); if (numfound == -1) { failget(KADM_DB_INUSE); } else if (numfound) { /* We got the record, let's return it */ kadm_prin_to_vals(flags, valsout, &data_o); krb_log("GET: %s retrieved", victim); return KADM_DATA; /* Set all the appropriate fields */ } else { failget(KADM_NOENTRY); /* Else whimper and moan */ } } int kadm_mod_entry (char *rname, char *rinstance, char *rrealm, Kadm_vals *valsin, Kadm_vals *valsin2, Kadm_vals *valsout) { long numfound; int more; Principal data_o, temp_key; u_char fields[4]; des_cblock newpw; char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; - strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); - strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + strlcpy(admin, + krb_unparse_name_long(rname, rinstance, rrealm), + sizeof(admin)); + strlcpy(victim, + krb_unparse_name_long(valsin->name, + valsin->instance, + NULL), + sizeof(victim)); krb_log("MOD: %s by %s", victim, admin); if (wildcard(valsin->name) || wildcard(valsin->instance)) { failmod(KADM_ILL_WILDCARD); } if (!check_access(rname, rinstance, rrealm, MODACL)) { krb_log("WARNING: MOD: %s permission denied", admin); return KADM_UNAUTH; } numfound = kerb_get_principal(valsin->name, valsin->instance, &data_o, 1, &more); if (numfound == -1) { failmod(KADM_DB_INUSE); } else if (numfound) { kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); - strncpy(data_o.name, valsin->name, ANAME_SZ); - strncpy(data_o.instance, valsin->instance, INST_SZ); + strlcpy(data_o.name, valsin->name, ANAME_SZ); + strlcpy(data_o.instance, valsin->instance, INST_SZ); if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) data_o.exp_date = temp_key.exp_date; if (IS_FIELD(KADM_ATTR,valsin2->fields)) data_o.attributes = temp_key.attributes; if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) data_o.max_life = temp_key.max_life; if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { data_o.key_version++; data_o.kdc_key_ver = server_parm.master_key_version; /* convert to host order */ temp_key.key_low = ntohl(temp_key.key_low); temp_key.key_high = ntohl(temp_key.key_high); copy_to_key(&temp_key.key_low, &temp_key.key_high, newpw); /* encrypt new key in master key */ kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key, server_parm.master_key_schedule, DES_ENCRYPT); copy_from_key(newpw, &data_o.key_low, &data_o.key_high); memset(newpw, 0, sizeof(newpw)); } memset(&temp_key, 0, sizeof(temp_key)); - strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); - strncpy(data_o.mod_instance, rinstance, - sizeof(data_o.mod_instance)-1); + strlcpy(data_o.mod_name, rname, sizeof(data_o.mod_name)); + strlcpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)); more = kerb_put_principal(&data_o, 1); memset(&data_o, 0, sizeof(data_o)); if (more == -1) { failmod(KADM_DB_INUSE); } else if (more) { failmod(KADM_UK_SERROR); } else { numfound = kerb_get_principal(valsin->name, valsin->instance, &data_o, 1, &more); if ((more!=0)||(numfound!=1)) { failmod(KADM_UK_RERROR); } memset(fields, 0, sizeof(fields)); SET_FIELD(KADM_NAME,fields); SET_FIELD(KADM_INST,fields); SET_FIELD(KADM_EXPDATE,fields); SET_FIELD(KADM_ATTR,fields); SET_FIELD(KADM_MAXLIFE,fields); kadm_prin_to_vals(fields, valsout, &data_o); krb_log("MOD: %s modified", victim); return KADM_DATA; /* Set all the appropriate fields */ } } else { failmod(KADM_NOENTRY); } } int kadm_change (char *rname, char *rinstance, char *rrealm, unsigned char *newpw) { long numfound; int more; Principal data_o; des_cblock local_pw; char admin[MAX_K_NAME_SZ]; - strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + strlcpy(admin, + krb_unparse_name_long(rname, rinstance, rrealm), + sizeof(admin)); krb_log("CHANGE: %s", admin); if (strcmp(server_parm.krbrlm, rrealm)) { krb_log("ERROR: CHANGE: request from wrong realm %s", rrealm); return(KADM_WRONG_REALM); } if (wildcard(rname) || wildcard(rinstance)) { failchange(KADM_ILL_WILDCARD); } memcpy(local_pw, newpw, sizeof(local_pw)); /* encrypt new key in master key */ kdb_encrypt_key (&local_pw, &local_pw, &server_parm.master_key, server_parm.master_key_schedule, DES_ENCRYPT); numfound = kerb_get_principal(rname, rinstance, &data_o, 1, &more); if (numfound == -1) { failchange(KADM_DB_INUSE); } else if (numfound) { copy_from_key(local_pw, &data_o.key_low, &data_o.key_high); data_o.key_version++; data_o.kdc_key_ver = server_parm.master_key_version; - strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); - strncpy(data_o.mod_instance, rinstance, - sizeof(data_o.mod_instance)-1); + strlcpy(data_o.mod_name, rname, sizeof(data_o.mod_name)); + strlcpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)); more = kerb_put_principal(&data_o, 1); memset(local_pw, 0, sizeof(local_pw)); memset(&data_o, 0, sizeof(data_o)); if (more == -1) { failchange(KADM_DB_INUSE); } else if (more) { failchange(KADM_UK_SERROR); } else { krb_log("CHANGE: %s's password changed", admin); return KADM_SUCCESS; } } else { failchange(KADM_NOENTRY); } } Index: stable/3/crypto/kerberosIV/kadmin/kadm_locl.h =================================================================== --- stable/3/crypto/kerberosIV/kadmin/kadm_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/kadm_locl.h (revision 62578) @@ -1,148 +1,154 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: kadm_locl.h,v 1.25 1997/05/20 18:40:43 bg Exp $ */ +/* $Id: kadm_locl.h,v 1.31 1999/12/02 16:58:36 joda Exp $ */ #include "config.h" #include "protos.h" #include #include #include #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifdef HAVE_SYS_SELECT_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #include #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_RESOURCE_H #include #endif /* HAVE_SYS_RESOURCE_H */ #ifdef HAVE_SYS_WAIT_H #include #endif #ifdef HAVE_PWD_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_NETDB_H #include #endif +#ifdef HAVE_ARPA_INET_H +#include +#endif #ifdef HAVE_SYSLOG_H #include #endif #include #ifdef SOCKS #include +/* This doesn't belong here. */ +struct tm *localtime(const time_t *); +struct hostent *gethostbyname(const char *); #endif #include #include #include #include #include #include #include #include #include #include +#include + #include "kadm_server.h" #include "pw_check.h" /* from libacl */ /* int acl_check(char *acl, char *principal); */ /* GLOBALS */ extern char *acldir; extern Kadm_Server server_parm; /* Utils */ -int kadm_change __P((char *, char *, char *, des_cblock)); -int kadm_add_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *)); -int kadm_mod_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *)); -int kadm_get_entry __P((char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *)); -int kadm_delete_entry __P((char *, char *, char *, Kadm_vals *)); -int kadm_ser_cpw __P((u_char *, int, AUTH_DAT *, u_char **, int *)); -int kadm_ser_add __P((u_char *, int, AUTH_DAT *, u_char **, int *)); -int kadm_ser_mod __P((u_char *, int, AUTH_DAT *, u_char **, int *)); -int kadm_ser_get __P((u_char *, int, AUTH_DAT *, u_char **, int *)); -int kadm_ser_delete __P((u_char *, int, AUTH_DAT *, u_char **, int *)); -int kadm_ser_init __P((int inter, char realm[])); -int kadm_ser_in __P((u_char **, int *)); +int kadm_change (char *, char *, char *, des_cblock); +int kadm_add_entry (char *, char *, char *, Kadm_vals *, Kadm_vals *); +int kadm_mod_entry (char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *); +int kadm_get_entry (char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *); +int kadm_delete_entry (char *, char *, char *, Kadm_vals *); +int kadm_ser_cpw (u_char *, int, AUTH_DAT *, u_char **, int *); +int kadm_ser_add (u_char *, int, AUTH_DAT *, u_char **, int *); +int kadm_ser_mod (u_char *, int, AUTH_DAT *, u_char **, int *); +int kadm_ser_get (u_char *, int, AUTH_DAT *, u_char **, int *); +int kadm_ser_delete (u_char *, int, AUTH_DAT *, u_char **, int *); +int kadm_ser_init (int inter, char realm[], struct in_addr); +int kadm_ser_in (u_char **, int *, u_char *); -int get_pw_new_pwd __P((char *pword, int pwlen, krb_principal *pr, int print_realm)); +int get_pw_new_pwd (char *pword, int pwlen, krb_principal *pr, int print_realm); /* cracklib */ -char *FascistCheck __P((char *password, char *path, char **strings)); +char *FascistCheck (char *password, char *path, char **strings); + +void +random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high); Index: stable/3/crypto/kerberosIV/kadmin/kadm_ser_wrap.c =================================================================== --- stable/3/crypto/kerberosIV/kadmin/kadm_ser_wrap.c (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/kadm_ser_wrap.c (revision 62578) @@ -1,213 +1,225 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * Kerberos administration server-side support functions */ /* kadm_ser_wrap.c unwraps wrapped packets and calls the appropriate server subroutine */ #include "kadm_locl.h" -RCSID("$Id: kadm_ser_wrap.c,v 1.20 1997/05/02 10:29:14 joda Exp $"); +RCSID("$Id: kadm_ser_wrap.c,v 1.25 1999/09/16 20:41:41 assar Exp $"); /* GLOBAL */ Kadm_Server server_parm; /* kadm_ser_init set up the server_parm structure */ int -kadm_ser_init(int inter, char *realm) - /* interactive or from file */ - +kadm_ser_init(int inter, /* interactive or from file */ + char *realm, + struct in_addr addr) { struct hostent *hp; char hostname[MaxHostNameLen]; init_kadm_err_tbl(); init_krb_err_tbl(); - if (k_gethostname(hostname, sizeof(hostname))) + if (gethostname(hostname, sizeof(hostname))) return KADM_NO_HOSTNAME; - strcpy(server_parm.sname, PWSERV_NAME); - strcpy(server_parm.sinst, KRB_MASTER); - strcpy(server_parm.krbrlm, realm); + strlcpy(server_parm.sname, + PWSERV_NAME, + sizeof(server_parm.sname)); + strlcpy(server_parm.sinst, + KRB_MASTER, + sizeof(server_parm.sinst)); + strlcpy(server_parm.krbrlm, + realm, + sizeof(server_parm.krbrlm)); server_parm.admin_fd = -1; /* setting up the addrs */ memset(&server_parm.admin_addr,0, sizeof(server_parm.admin_addr)); server_parm.admin_addr.sin_port = k_getportbyname (KADM_SNAME, "tcp", htons(751)); server_parm.admin_addr.sin_family = AF_INET; if ((hp = gethostbyname(hostname)) == NULL) return KADM_NO_HOSTNAME; - server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY; + server_parm.admin_addr.sin_addr = addr; /* setting up the database */ if (kdb_get_master_key((inter==1), &server_parm.master_key, server_parm.master_key_schedule) != 0) return KADM_NO_MAST; if ((server_parm.master_key_version = kdb_verify_master_key(&server_parm.master_key, server_parm.master_key_schedule,stderr))<0) return KADM_NO_VERI; return KADM_SUCCESS; } -static void errpkt(u_char **dat, int *dat_len, int code) -{ - u_int32_t retcode; - char *pdat; +/* + * + */ +static void +errpkt(u_char *errdat, u_char **dat, int *dat_len, int code) +{ free(*dat); /* free up req */ - *dat_len = KADM_VERSIZE + sizeof(u_int32_t); - *dat = (u_char *) malloc((unsigned)*dat_len); - pdat = (char *) *dat; - retcode = htonl((u_int32_t) code); - strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); - memcpy(&pdat[KADM_VERSIZE], &retcode, sizeof(u_int32_t)); - return; + *dat_len = KADM_VERSIZE + 4; + memcpy(errdat, KADM_ULOSE, KADM_VERSIZE); + krb_put_int (code, errdat + KADM_VERSIZE, 4, 4); + *dat = errdat; } /* kadm_ser_in unwrap the data stored in dat, process, and return it. */ int -kadm_ser_in(u_char **dat, int *dat_len) +kadm_ser_in(u_char **dat, int *dat_len, u_char *errdat) { u_char *in_st; /* pointer into the sent packet */ int in_len,retc; /* where in packet we are, for returns */ u_int32_t r_len; /* length of the actual packet */ KTEXT_ST authent; /* the authenticator */ AUTH_DAT ad; /* who is this, klink */ u_int32_t ncksum; /* checksum of encrypted data */ des_key_schedule sess_sched; /* our schedule */ MSG_DAT msg_st; u_char *retdat, *tmpdat; int retval, retlen; if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { - errpkt(dat, dat_len, KADM_BAD_VER); + errpkt(errdat, dat, dat_len, KADM_BAD_VER); return KADM_BAD_VER; } in_len = KADM_VERSIZE; /* get the length */ if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) return KADM_LENGTH_ERROR; in_len += retc; authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t); memcpy(authent.dat, (char *)(*dat) + in_len, authent.length); authent.mbz = 0; /* service key should be set before here */ if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst, server_parm.recv_addr.sin_addr.s_addr, &ad, NULL))) { - errpkt(dat, dat_len,retc + krb_err_base); + errpkt(errdat, dat, dat_len, retc + krb_err_base); return retc + krb_err_base; } #define clr_cli_secrets() {memset(sess_sched, 0, sizeof(sess_sched)); memset(ad.session, 0,sizeof(ad.session));} in_st = *dat + *dat_len - r_len; #ifdef NOENCRYPTION ncksum = 0; #else ncksum = des_quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len, 0, &ad.session); #endif if (ncksum!=ad.checksum) { /* yow, are we correct yet */ clr_cli_secrets(); - errpkt(dat, dat_len,KADM_BAD_CHK); + errpkt(errdat, dat, dat_len, KADM_BAD_CHK); return KADM_BAD_CHK; } #ifdef NOENCRYPTION memset(sess_sched, 0, sizeof(sess_sched)); #else des_key_sched(&ad.session, sess_sched); #endif if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, &ad.session, &server_parm.recv_addr, &server_parm.admin_addr, &msg_st))) { clr_cli_secrets(); - errpkt(dat, dat_len,retc + krb_err_base); + errpkt(errdat, dat, dat_len, retc + krb_err_base); return retc + krb_err_base; } switch (msg_st.app_data[0]) { case CHANGE_PW: retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length - 1, &ad, &retdat, &retlen); break; case ADD_ENT: retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length - 1, &ad, &retdat, &retlen); break; case GET_ENT: retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length - 1, &ad, &retdat, &retlen); break; case MOD_ENT: retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length - 1, &ad, &retdat, &retlen); break; case DEL_ENT: retval = kadm_ser_delete(msg_st.app_data + 1, msg_st.app_length - 1, &ad, &retdat, &retlen); break; default: clr_cli_secrets(); - errpkt(dat, dat_len, KADM_NO_OPCODE); + errpkt(errdat, dat, dat_len, KADM_NO_OPCODE); return KADM_NO_OPCODE; } /* Now seal the response back into a priv msg */ + tmpdat = (u_char *) malloc(retlen + KADM_VERSIZE + 4); + if (tmpdat == NULL) { + clr_cli_secrets(); + errpkt(errdat, dat, dat_len, KADM_NOMEM); + return KADM_NOMEM; + } free(*dat); - tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + - sizeof(u_int32_t))); - strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE); - retval = htonl((u_int32_t)retval); - memcpy((char *)tmpdat + KADM_VERSIZE, &retval, sizeof(u_int32_t)); + memcpy(tmpdat, KADM_VERSTR, KADM_VERSIZE); + krb_put_int(retval, tmpdat + KADM_VERSIZE, 4, 4); if (retlen) { - memcpy((char *)tmpdat + KADM_VERSIZE + sizeof(u_int32_t), retdat, - retlen); + memcpy(tmpdat + KADM_VERSIZE + 4, retdat, retlen); free(retdat); } /* slop for mk_priv stuff */ - *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + - sizeof(u_int32_t) + 200)); + *dat = (u_char *) malloc(retlen + KADM_VERSIZE + + sizeof(u_int32_t) + 200); + if (*dat == NULL) { + clr_cli_secrets(); + errpkt(errdat, dat, dat_len, KADM_NOMEM); + return KADM_NOMEM; + } if ((*dat_len = krb_mk_priv(tmpdat, *dat, (u_int32_t) (retlen + KADM_VERSIZE + sizeof(u_int32_t)), sess_sched, &ad.session, &server_parm.admin_addr, &server_parm.recv_addr)) < 0) { clr_cli_secrets(); - errpkt(dat, dat_len, KADM_NO_ENCRYPT); + errpkt(errdat, dat, dat_len, KADM_NO_ENCRYPT); return KADM_NO_ENCRYPT; } clr_cli_secrets(); return KADM_SUCCESS; } Index: stable/3/crypto/kerberosIV/kadmin/kadmin.c =================================================================== --- stable/3/crypto/kerberosIV/kadmin/kadmin.c (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/kadmin.c (revision 62578) @@ -1,845 +1,1145 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * Kerberos database administrator's tool. * * The default behavior of kadmin is if the -m option is given * on the commandline, multiple requests are allowed to be given * with one entry of the admin password (until the tickets expire). */ #include "kadm_locl.h" +#include "getarg.h" +#include "parse_time.h" -RCSID("$Id: kadmin.c,v 1.48 1997/05/13 09:43:06 bg Exp $"); +RCSID("$Id: kadmin.c,v 1.62 1999/11/02 17:02:14 bg Exp $"); -static void change_password(int argc, char **argv); -static void change_key(int argc, char **argv); -static void change_admin_password(int argc, char **argv); -static void add_new_key(int argc, char **argv); -static void del_entry(int argc, char **argv); -static void get_entry(int argc, char **argv); -static void mod_entry(int argc, char **argv); -static void help(int argc, char **argv); -static void clean_up_cmd(int argc, char **argv); -static void quit_cmd(int argc, char **argv); +static int change_password(int argc, char **argv); +static int change_key(int argc, char **argv); +static int change_admin_password(int argc, char **argv); +static int add_new_key(int argc, char **argv); +static int del_entry(int argc, char **argv); +static int get_entry(int argc, char **argv); +static int mod_entry(int argc, char **argv); +static int help(int argc, char **argv); +static int clean_up_cmd(int argc, char **argv); +static int quit_cmd(int argc, char **argv); +static int set_timeout_cmd(int argc, char **argv); +static int set_timeout(const char *); + static SL_cmd cmds[] = { {"change_password", change_password, "Change a user's password"}, {"cpw"}, {"passwd"}, {"change_key", change_key, "Change a user's password as a DES binary key"}, {"ckey"}, {"change_admin_password", change_admin_password, "Change your admin password"}, {"cap"}, {"add_new_key", add_new_key, "Add new user to kerberos database"}, {"ank"}, {"del_entry", del_entry, "Delete entry from database"}, {"del"}, {"delete"}, {"get_entry", get_entry, "Get entry from kerberos database"}, {"mod_entry", mod_entry, "Modify entry in kerberos database"}, {"destroy_tickets", clean_up_cmd, "Destroy admin tickets"}, + {"set_timeout", set_timeout_cmd, "Set ticket timeout"}, + {"timeout" }, {"exit", quit_cmd, "Exit program"}, {"quit"}, {"help", help, "Help"}, {"?"}, {NULL} }; #define BAD_PW 1 #define GOOD_PW 0 #define FUDGE_VALUE 15 /* for ticket expiration time */ #define PE_NO 0 #define PE_YES 1 #define PE_UNSURE 2 /* for get_password, whether it should do the swapping...necessary for using vals structure, unnecessary for change_pw requests */ #define DONTSWAP 0 #define SWAP 1 static krb_principal pr; static char default_realm[REALM_SZ]; /* default kerberos realm */ static char krbrlm[REALM_SZ]; /* current realm being administered */ -static int multiple = 0; /* Allow multiple requests per ticket */ #ifdef NOENCRYPTION #define read_long_pw_string placebo_read_pw_string #else #define read_long_pw_string des_read_pw_string #endif static void get_maxlife(Kadm_vals *vals) { char buff[BUFSIZ]; time_t life; int l; do { printf("Maximum ticket lifetime? (%d) [%s] ", vals->max_life, krb_life_to_atime(vals->max_life)); fflush(stdout); if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') { clearerr(stdin); return; } life = krb_atime_to_life(buff); } while (life <= 0); l = strlen(buff); if (buff[l-2] == 'm') life = krb_time_to_life(0L, life*60); if (buff[l-2] == 'h') life = krb_time_to_life(0L, life*60*60); vals->max_life = life; SET_FIELD(KADM_MAXLIFE,vals->fields); } static void get_attr(Kadm_vals *vals) { char buff[BUFSIZ], *out; int attr; do { printf("Attributes? [0x%.2x] ", vals->attributes); fflush(stdout); if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') { clearerr(stdin); return; } attr = strtol(buff, &out, 0); if (attr == 0 && out == buff) attr = -1; } while (attr < 0 || attr > 0xffff); vals->attributes = attr; SET_FIELD(KADM_ATTR,vals->fields); } +static time_t +parse_expdate(const char *str) +{ + struct tm edate; + + memset(&edate, 0, sizeof(edate)); + if (sscanf(str, "%d-%d-%d", + &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) { + edate.tm_mon--; /* January is 0, not 1 */ + edate.tm_hour = 23; /* nearly midnight at the end of the */ + edate.tm_min = 59; /* specified day */ + } + if(krb_check_tm (edate)) + return -1; + edate.tm_year -= 1900; + return tm2time (edate, 1); +} + static void get_expdate(Kadm_vals *vals) { char buff[BUFSIZ]; - struct tm edate; + time_t t; - memset(&edate, 0, sizeof(edate)); do { - printf("Expiration date (enter yyyy-mm-dd) ? [%.24s] ", - asctime(k_localtime(&vals->exp_date))); + strftime(buff, sizeof(buff), "%Y-%m-%d", k_localtime(&vals->exp_date)); + printf("Expiration date (enter yyyy-mm-dd) ? [%s] ", buff); fflush(stdout); if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') { clearerr(stdin); return; } - if (sscanf(buff, "%d-%d-%d", - &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) { - edate.tm_mon--; /* January is 0, not 1 */ - edate.tm_hour = 23; /* nearly midnight at the end of the */ - edate.tm_min = 59; /* specified day */ - } - } while (krb_check_tm (edate)); - - edate.tm_year -= 1900; - vals->exp_date = tm2time (edate, 1); + t = parse_expdate(buff); + }while(t < 0); + vals->exp_date = t; SET_FIELD(KADM_EXPDATE,vals->fields); } static int princ_exists(char *name, char *instance, char *realm) { int status; + int old = krb_use_admin_server(1); status = krb_get_pw_in_tkt(name, instance, realm, KRB_TICKET_GRANTING_TICKET, realm, 1, ""); + krb_use_admin_server(old); if ((status == KSUCCESS) || (status == INTK_BADPW)) return(PE_YES); else if (status == KDC_PR_UNKNOWN) return(PE_NO); else return(PE_UNSURE); } -static int -get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap) +static void +passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap) { - char new_passwd[MAX_KPW_LEN]; /* new password */ des_cblock newkey; - if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1)) - return(BAD_PW); - if (strlen(new_passwd) == 0) { + if (strlen(password) == 0) { printf("Using random password.\n"); #ifdef NOENCRYPTION memset(newkey, 0, sizeof(newkey)); #else des_new_random_key(&newkey); #endif } else { #ifdef NOENCRYPTION memset(newkey, 0, sizeof(newkey)); #else - des_string_to_key(new_passwd, &newkey); + des_string_to_key(password, &newkey); #endif - memset(new_passwd, 0, sizeof(new_passwd)); } memcpy(low, newkey, 4); memcpy(high, ((char *)newkey) + 4, 4); memset(newkey, 0, sizeof(newkey)); #ifdef NOENCRYPTION *low = 1; #endif if (byteswap != DONTSWAP) { *low = htonl(*low); *high = htonl(*high); } +} + +static int +get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap) +{ + char new_passwd[MAX_KPW_LEN]; /* new password */ + + if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1)) + return(BAD_PW); + passwd_to_lowhigh (low, high, new_passwd, byteswap); + memset (new_passwd, 0, sizeof(new_passwd)); return(GOOD_PW); } static int get_admin_password(void) { int status; char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ int ticket_life = 1; /* minimum ticket lifetime */ CREDENTIALS c; - if (multiple) { + alarm(0); /* If admin tickets exist and are valid, just exit. */ memset(&c, 0, sizeof(c)); if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS) /* * If time is less than lifetime - FUDGE_VALUE after issue date, * tickets will probably last long enough for the next * transaction. */ if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE)) return(KADM_SUCCESS); ticket_life = DEFAULT_TKT_LIFE; - } if (princ_exists(pr.name, pr.instance, pr.realm) != PE_NO) { char prompt[256]; - snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr)); + snprintf(prompt, sizeof(prompt), "%s's Password: ", + krb_unparse_name(&pr)); if (read_long_pw_string(admin_passwd, sizeof(admin_passwd)-1, prompt, 0)) { warnx ("Error reading admin password."); goto bad; } status = krb_get_pw_in_tkt(pr.name, pr.instance, pr.realm, PWSERV_NAME, KADM_SINST, ticket_life, admin_passwd); memset(admin_passwd, 0, sizeof(admin_passwd)); /* Initialize non shared random sequence from session key. */ memset(&c, 0, sizeof(c)); krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c); des_init_random_number_generator(&c.session); } else status = KDC_PR_UNKNOWN; switch(status) { case GT_PW_OK: return(GOOD_PW); case KDC_PR_UNKNOWN: printf("Principal %s does not exist.\n", krb_unparse_name(&pr)); goto bad; case GT_PW_BADPW: printf("Incorrect admin password.\n"); goto bad; default: com_err("kadmin", status+krb_err_base, "while getting password tickets"); goto bad; } bad: memset(admin_passwd, 0, sizeof(admin_passwd)); dest_tkt(); return(BAD_PW); } -static void -usage(void) -{ - fprintf (stderr, "Usage: kadmin [[-u|-p] admin_name] [-r default_realm]" - " [-m]\n" - " -m allows multiple admin requests to be " - "serviced with one entry of admin\n" - " password.\n"); - exit (1); -} +static char *principal; +static char *username; +static char *realm; +static char *timeout; +static int tflag; /* use existing tickets */ +static int mflag; /* compatibility */ +static int version_flag; +static int help_flag; -/* GLOBAL */ -static void +static time_t destroy_timeout = 5 * 60; + +struct getargs args[] = { + { NULL, 'p', arg_string, &principal, + "principal to authenticate as"}, + { NULL, 'u', arg_string, &username, + "username, other than default" }, + { NULL, 'r', arg_string, &realm, "local realm" }, + { NULL, 'm', arg_flag, &mflag, "disable ticket timeout" }, + { NULL, 'T', arg_string, &timeout, "default ticket timeout" }, + { NULL, 't', arg_flag, &tflag, "use existing tickets" }, + { "version",0, arg_flag, &version_flag }, + { "help", 'h', arg_flag, &help_flag }, +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static int clean_up() { - dest_tkt(); + if(!tflag) + return dest_tkt() == KSUCCESS; + return 0; } -static void +static int clean_up_cmd (int argc, char **argv) { clean_up(); + return 0; } -/* GLOBAL */ -static void -quit() +static int +quit_cmd (int argc, char **argv) { - printf("Cleaning up and exiting.\n"); - clean_up(); - exit(0); + return 1; } static void -quit_cmd (int argc, char **argv) +usage(int code) { - quit(); + arg_printusage(args, num_args, NULL, "[command]"); + exit(code); } -static void +static int do_init(int argc, char **argv) { - int c; - int tflag = 0; - char tktstring[MaxPathLen]; - int k_errno; + int optind = 0; + int ret; set_progname (argv[0]); + if(getarg(args, num_args, argc, argv, &optind) < 0) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } + memset(&pr, 0, sizeof(pr)); - if (krb_get_default_principal(pr.name, pr.instance, default_realm) < 0) - errx (1, "I could not even guess who you might be"); - while ((c = getopt(argc, argv, "p:u:r:mt")) != EOF) - switch (c) { - case 'p': - case 'u': - if((k_errno = krb_parse_name(optarg, &pr)) != KSUCCESS) - errx (1, "%s", krb_get_err_text(k_errno)); - break; - case 'r': - memset(default_realm, 0, sizeof(default_realm)); - strncpy(default_realm, optarg, sizeof(default_realm) - 1); - break; - case 'm': - multiple++; - break; - case 't': - tflag++; - break; - default: - usage(); - break; + ret = krb_get_default_principal(pr.name, pr.instance, default_realm); + if(ret < 0) + errx(1, "Can't figure out default principal"); + if(pr.instance[0] == '\0') + strlcpy(pr.instance, "admin", sizeof(pr.instance)); + if(principal) { + if(username) + warnx("Ignoring username when principal is given"); + ret = krb_parse_name(principal, &pr); + if(ret) + errx(1, "%s: %s", principal, krb_get_err_text(ret)); + if(pr.realm[0] != '\0') + strlcpy(default_realm, pr.realm, sizeof(default_realm)); + } else if(username) { + strlcpy(pr.name, username, sizeof(pr.name)); + strlcpy(pr.instance, "admin", sizeof(pr.instance)); } - if (optind < argc) - usage(); - strcpy(krbrlm, default_realm); + if(realm) + strlcpy(default_realm, realm, sizeof(default_realm)); + + strlcpy(krbrlm, default_realm, sizeof(krbrlm)); + + if(pr.realm[0] == '\0') + strlcpy(pr.realm, krbrlm, sizeof(pr.realm)); + if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS) *krbrlm = '\0'; - if (pr.realm[0] == '\0') - strcpy (pr.realm, krbrlm); - if (pr.instance[0] == '\0') - strcpy(pr.instance, "admin"); - if (!tflag) { - snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_adm_%d",(int)getpid()); + if(timeout) { + if(set_timeout(timeout) == -1) + warnx("bad timespecification `%s'", timeout); + } else if(mflag) + destroy_timeout = 0; + + if (tflag) + destroy_timeout = 0; /* disable timeout */ + else{ + char tktstring[128]; + snprintf(tktstring, sizeof(tktstring), "%s_adm_%d", + TKT_ROOT, (int)getpid()); krb_set_tkt_string(tktstring); } + return optind; +} +static void +sigalrm(int sig) +{ + if(clean_up()) + printf("\nTickets destroyed.\n"); } int main(int argc, char **argv) { - do_init(argc, argv); - - printf("Welcome to the Kerberos Administration Program, version 2\n"); - printf("Type \"help\" if you need it.\n"); - sl_loop (cmds, "kadmin: "); - printf("\n"); - quit(); + int optind = do_init(argc, argv); + if(argc > optind) + sl_command(cmds, argc - optind, argv + optind); + else { + void *data = NULL; + signal(SIGALRM, sigalrm); + while(sl_command_loop(cmds, "kadmin: ", &data) == 0) + alarm(destroy_timeout); + } + clean_up(); exit(0); } static int setvals(Kadm_vals *vals, char *string) { char realm[REALM_SZ]; int status = KADM_SUCCESS; memset(vals, 0, sizeof(*vals)); memset(realm, 0, sizeof(realm)); SET_FIELD(KADM_NAME,vals->fields); SET_FIELD(KADM_INST,vals->fields); if ((status = kname_parse(vals->name, vals->instance, realm, string))) { printf("kerberos error: %s\n", krb_get_err_text(status)); return status; } if (!realm[0]) - strcpy(realm, default_realm); + strlcpy(realm, default_realm, sizeof(realm)); if (strcmp(realm, krbrlm)) { - strcpy(krbrlm, realm); + strlcpy(krbrlm, realm, sizeof(krbrlm)); if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) != KADM_SUCCESS) printf("kadm error for realm %s: %s\n", krbrlm, error_message(status)); } if (status) return 1; else return KADM_SUCCESS; } -static void +static int +set_timeout(const char *timespec) +{ + int t = parse_time(timespec, "s"); + if(t == -1) + return -1; + destroy_timeout = t; + return 0; +} + +static int +set_timeout_cmd(int argc, char **argv) +{ + char ts[128]; + if (argc > 2) { + printf("Usage: set_timeout [timeout]\n"); + return 0; + } + if(argc == 2) { + if(set_timeout(argv[1]) == -1){ + printf("Bad time specification `%s'\n", argv[1]); + return 0; + } + } + if(destroy_timeout == 0) + printf("Timeout disabled.\n"); + else{ + unparse_time(destroy_timeout, ts, sizeof(ts)); + printf("Timeout after %s.\n", ts); + } + return 0; +} + +static int change_password(int argc, char **argv) { Kadm_vals old, new; int status; char pw_prompt[BUFSIZ]; - if (argc != 2) { - printf("Usage: change_password loginname\n"); - return; + char pw[32]; + int generate_password = 0; + int i; + int optind = 0; + char *user = NULL; + + struct getargs cpw_args[] = { + { "random", 'r', arg_flag, NULL, "generate random password" }, + }; + i = 0; + cpw_args[i++].value = &generate_password; + + if(getarg(cpw_args, sizeof(cpw_args) / sizeof(cpw_args[0]), + argc, argv, &optind)){ + arg_printusage(cpw_args, + sizeof(cpw_args) / sizeof(cpw_args[0]), + "cpw", + "principal"); + return 0; } - if (setvals(&old, argv[1]) != KADM_SUCCESS) - return; + argc -= optind; + argv += optind; + if (argc != 1) { + printf("Usage: change_password [options] principal\n"); + return 0; + } + + user = argv[0]; + + if (setvals(&old, user) != KADM_SUCCESS) + return 0; + new = old; SET_FIELD(KADM_DESKEY,new.fields); if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { /* get the admin's password */ if (get_admin_password() != GOOD_PW) - return; + return 0; + + if (generate_password) { + random_password(pw, sizeof(pw), &new.key_low, &new.key_high); + } else { /* get the new password */ - snprintf(pw_prompt, sizeof(pw_prompt), "New password for %s:", argv[1]); + snprintf(pw_prompt, sizeof(pw_prompt), + "New password for %s:", user); if (get_password(&new.key_low, &new.key_high, - pw_prompt, SWAP) == GOOD_PW) { + pw_prompt, SWAP) != GOOD_PW) { + printf("Error reading password; password unchanged\n"); + return 0; + } + } + status = kadm_mod(&old, &new); if (status == KADM_SUCCESS) { - printf("Password changed for %s.\n", argv[1]); + printf("Password changed for %s.\n", user); + if (generate_password) + printf("Password is: %s\n", pw); } else { printf("kadmin: %s\nwhile changing password for %s", - error_message(status), argv[1]); + error_message(status), user); } - } else - printf("Error reading password; password unchanged\n"); + + memset(pw, 0, sizeof(pw)); memset(&new, 0, sizeof(new)); - if (!multiple) - clean_up(); - } - else + } else printf("kadmin: Principal %s does not exist.\n", krb_unparse_name_long (old.name, old.instance, krbrlm)); - return; + return 0; } static int getkey(unsigned char *k) { int i, c; for (i = 0; i < 8; i++) { c = getchar(); if (c == EOF) return 0; else if (c == '\\') { int oct = -1; scanf("%03o", &oct); if (oct < 0 || oct > 255) return 0; k[i] = oct; } else if (!isalpha(c)) return 0; else k[i] = c; } c = getchar(); if (c != '\n') return 0; return 1; /* Success */ } static void printkey(unsigned char *tkey) { int j; for(j = 0; j < 8; j++) if(tkey[j] != '\\' && isalpha(tkey[j]) != 0) printf("%c", tkey[j]); else printf("\\%03o",(unsigned char)tkey[j]); printf("\n"); } -static void +static int change_key(int argc, char **argv) { Kadm_vals old, new; unsigned char newkey[8]; int status; if (argc != 2) { printf("Usage: change_key principal-name\n"); - return; + return 0; } if (setvals(&old, argv[1]) != KADM_SUCCESS) - return; + return 0; new = old; SET_FIELD(KADM_DESKEY,new.fields); if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { /* get the admin's password */ if (get_admin_password() != GOOD_PW) - return; + return 0; /* get the new password */ printf("New DES key for %s: ", argv[1]); if (getkey(newkey)) { memcpy(&new.key_low, newkey, 4); memcpy(&new.key_high, ((char *)newkey) + 4, 4); printf("Entered key for %s: ", argv[1]); printkey(newkey); memset(newkey, 0, sizeof(newkey)); status = kadm_mod(&old, &new); if (status == KADM_SUCCESS) { printf("Key changed for %s.\n", argv[1]); } else { printf("kadmin: %s\nwhile changing key for %s", error_message(status), argv[1]); } } else printf("Error reading key; key unchanged\n"); memset(&new, 0, sizeof(new)); - if (!multiple) - clean_up(); } else printf("kadmin: Principal %s does not exist.\n", krb_unparse_name_long (old.name, old.instance, krbrlm)); - return; + return 0; } -static void +static int change_admin_password(int argc, char **argv) { des_cblock newkey; int status; char pword[MAX_KPW_LEN]; char *pw_msg; + alarm(0); if (argc != 1) { printf("Usage: change_admin_password\n"); - return; + return 0; } if (get_pw_new_pwd(pword, sizeof(pword), &pr, 1) == 0) { des_string_to_key(pword, &newkey); status = kadm_change_pw_plain(newkey, pword, &pw_msg); if(status == KADM_INSECURE_PW) printf("Insecure password: %s\n", pw_msg); else if (status == KADM_SUCCESS) printf("Admin password changed\n"); else printf("kadm error: %s\n",error_message(status)); memset(newkey, 0, sizeof(newkey)); memset(pword, 0, sizeof(pword)); } - if (!multiple) - clean_up(); - return; + return 0; } -static void +void random_password(char*, size_t, u_int32_t*, u_int32_t*); + +static int add_new_key(int argc, char **argv) { - Kadm_vals new; + int i; char pw_prompt[BUFSIZ]; int status; + int generate_password = 0; + char *password = NULL; - if (argc != 2) { - printf("Usage: add_new_key user_name.\n"); - return; + char *expiration_string = NULL; + time_t default_expiration = 0; + int expiration_set = 0; + + char *life_string = NULL; + time_t default_life = 0; + int life_set = 0; + + int attributes = -1; + int default_attributes = 0; + int attributes_set = 0; + + int optind = 0; + + /* XXX remember to update value assignments below */ + struct getargs add_args[] = { + { "random", 'r', arg_flag, NULL, "generate random password" }, + { "password", 'p', arg_string, NULL }, + { "life", 'l', arg_string, NULL, "max ticket life" }, + { "expiration", 'e', arg_string, NULL, "principal expiration" }, + { "attributes", 'a', arg_integer, NULL } + }; + i = 0; + add_args[i++].value = &generate_password; + add_args[i++].value = &password; + add_args[i++].value = &life_string; + add_args[i++].value = &expiration_string; + add_args[i++].value = &attributes; + + + if(getarg(add_args, sizeof(add_args) / sizeof(add_args[0]), + argc, argv, &optind)){ + arg_printusage(add_args, + sizeof(add_args) / sizeof(add_args[0]), + "add", + "principal ..."); + return 0; } - if (setvals(&new, argv[1]) != KADM_SUCCESS) - return; + if(expiration_string) { + default_expiration = parse_expdate(expiration_string); + if(default_expiration < 0) + warnx("Unknown expiration date `%s'", expiration_string); + else + expiration_set = 1; + } + if(life_string) { + time_t t = parse_time(life_string, "hour"); + if(t == -1) + warnx("Unknown lifetime `%s'", life_string); + else { + default_life = krb_time_to_life(0, t); + life_set = 1; + } + } + if(attributes != -1) { + default_attributes = attributes; + attributes_set = 1; + } + + + { + char default_name[ANAME_SZ + INST_SZ + 1]; + char old_default[INST_SZ + 1] = ""; + Kadm_vals new, default_vals; + char pw[32]; + u_char fields[4]; + + for(i = optind; i < argc; i++) { + if (setvals(&new, argv[i]) != KADM_SUCCESS) + return 0; SET_FIELD(KADM_EXPDATE,new.fields); SET_FIELD(KADM_ATTR,new.fields); SET_FIELD(KADM_MAXLIFE,new.fields); SET_FIELD(KADM_DESKEY,new.fields); - if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) { - Kadm_vals vals; - u_char fields[4]; - char n[ANAME_SZ + INST_SZ + 1]; - + if (princ_exists(new.name, new.instance, krbrlm) == PE_YES) { + printf("kadmin: Principal %s already exists.\n", argv[i]); + continue; + } /* get the admin's password */ if (get_admin_password() != GOOD_PW) - return; + return 0; + snprintf (default_name, sizeof(default_name), + "default.%s", new.instance); + if(strcmp(old_default, default_name) != 0) { memset(fields, 0, sizeof(fields)); SET_FIELD(KADM_NAME,fields); SET_FIELD(KADM_INST,fields); SET_FIELD(KADM_EXPDATE,fields); SET_FIELD(KADM_ATTR,fields); SET_FIELD(KADM_MAXLIFE,fields); - snprintf (n, sizeof(n), "default.%s", new.instance); - if (setvals(&vals, n) != KADM_SUCCESS) - return; + if (setvals(&default_vals, default_name) != KADM_SUCCESS) + return 0; - if (kadm_get(&vals, fields) != KADM_SUCCESS) { - if (setvals(&vals, "default") != KADM_SUCCESS) - return; - if ((status = kadm_get(&vals, fields)) != KADM_SUCCESS) { - printf ("kadm error: %s\n", error_message(status)); - return; + if (kadm_get(&default_vals, fields) != KADM_SUCCESS) { + /* no such entry, try just `default' */ + if (setvals(&default_vals, "default") != KADM_SUCCESS) + continue; + if ((status = kadm_get(&default_vals, fields)) != KADM_SUCCESS) { + warnx ("kadm error: %s", error_message(status)); + break; /* no point in continuing */ } } - if (vals.max_life == 255) /* Defaults not set! */ { + if (default_vals.max_life == 255) /* Defaults not set! */ { /* This is the default maximum lifetime for new principals. */ if (strcmp(new.instance, "admin") == 0) - vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */ + default_vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */ else if (strcmp(new.instance, "root") == 0) - vals.max_life = 96; /* 8 hours */ + default_vals.max_life = 96; /* 8 hours */ else if (krb_life_to_time(0, 162) >= 24*60*60) - vals.max_life = 162; /* ca 100 hours */ + default_vals.max_life = 162; /* ca 100 hours */ else - vals.max_life = 255; /* ca 21 hours (maximum) */ + default_vals.max_life = 255; /* ca 21 hours (maximum) */ /* Also fix expiration date. */ - if (strcmp(new.name, "rcmd") == 0) - vals.exp_date = 1104814999; /* Tue Jan 4 06:03:19 2005 */ + { + time_t now; + struct tm tm; + + now = time(0); + tm = *gmtime(&now); + if (strcmp(new.name, "rcmd") == 0 || + strcmp(new.name, "ftp") == 0 || + strcmp(new.name, "pop") == 0) + tm.tm_year += 5; else - vals.exp_date = time(0) + 2*(365*24*60*60); /* + ca 2 years */ + tm.tm_year += 2; + default_vals.exp_date = mktime(&tm); } + default_vals.attributes = default_vals.attributes; + } + if(!life_set) + default_life = default_vals.max_life; + if(!expiration_set) + default_expiration = default_vals.exp_date; + if(!attributes_set) + default_attributes = default_vals.attributes; + } - new.max_life = vals.max_life; - new.exp_date = vals.exp_date; - new.attributes = vals.attributes; + new.max_life = default_life; + new.exp_date = default_expiration; + new.attributes = default_attributes; + if(!life_set) get_maxlife(&new); + if(!attributes_set) get_attr(&new); + if(!expiration_set) get_expdate(&new); + if(generate_password) { + random_password(pw, sizeof(pw), &new.key_low, &new.key_high); + } else if (password == NULL) { /* get the new password */ - snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:", argv[1]); + snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:", + argv[i]); if (get_password(&new.key_low, &new.key_high, - pw_prompt, SWAP) == GOOD_PW) { - status = kadm_add(&new); - if (status == KADM_SUCCESS) { - printf("%s added to database.\n", argv[1]); + pw_prompt, SWAP) != GOOD_PW) { + printf("Error reading password: %s not added\n", argv[i]); + memset(&new, 0, sizeof(new)); + return 0; + } } else { - printf("kadm error: %s\n",error_message(status)); + passwd_to_lowhigh (&new.key_low, &new.key_high, password, SWAP); + memset (password, 0, strlen(password)); } + + status = kadm_add(&new); + if (status == KADM_SUCCESS) { + printf("%s added to database", argv[i]); + if (generate_password) + printf (" with password `%s'", pw); + printf (".\n"); } else - printf("Error reading password; %s not added\n",argv[1]); + printf("kadm error: %s\n",error_message(status)); + + memset(pw, 0, sizeof(pw)); memset(&new, 0, sizeof(new)); - if (!multiple) - clean_up(); } - else - printf("kadmin: Principal already exists.\n"); - return; } -static void + return 0; +} + +static int del_entry(int argc, char **argv) { int status; Kadm_vals vals; + int i; - if (argc != 2) { - printf("Usage: del_entry username\n"); - return; + if (argc < 2) { + printf("Usage: delete principal...\n"); + return 0; } - if (setvals(&vals, argv[1]) != KADM_SUCCESS) - return; + for(i = 1; i < argc; i++) { + if (setvals(&vals, argv[i]) != KADM_SUCCESS) + return 0; if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { /* get the admin's password */ if (get_admin_password() != GOOD_PW) - return; + return 0; - if ((status = kadm_del(&vals)) == KADM_SUCCESS){ - printf("%s removed from database.\n", argv[1]); - } else { + if ((status = kadm_del(&vals)) == KADM_SUCCESS) + printf("%s removed from database.\n", argv[i]); + else printf("kadm error: %s\n",error_message(status)); } - - if (!multiple) - clean_up(); - } else printf("kadmin: Principal %s does not exist.\n", krb_unparse_name_long (vals.name, vals.instance, krbrlm)); - return; + } + return 0; } -static void +static int get_entry(int argc, char **argv) { int status; u_char fields[4]; Kadm_vals vals; if (argc != 2) { printf("Usage: get_entry username\n"); - return; + return 0; } memset(fields, 0, sizeof(fields)); SET_FIELD(KADM_NAME,fields); SET_FIELD(KADM_INST,fields); SET_FIELD(KADM_EXPDATE,fields); SET_FIELD(KADM_ATTR,fields); SET_FIELD(KADM_MAXLIFE,fields); #if 0 SET_FIELD(KADM_DESKEY,fields); #endif +#ifdef EXTENDED_KADM + SET_FIELD(KADM_MODDATE, fields); + SET_FIELD(KADM_MODNAME, fields); + SET_FIELD(KADM_MODINST, fields); + SET_FIELD(KADM_KVNO, fields); +#endif if (setvals(&vals, argv[1]) != KADM_SUCCESS) - return; + return 0; if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { /* get the admin's password */ if (get_admin_password() != GOOD_PW) - return; + return 0; if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS) prin_vals(&vals); else printf("kadm error: %s\n",error_message(status)); - - if (!multiple) - clean_up(); } else printf("kadmin: Principal %s does not exist.\n", krb_unparse_name_long (vals.name, vals.instance, krbrlm)); - return; + return 0; } -static void +static int mod_entry(int argc, char **argv) { int status; u_char fields[4]; Kadm_vals ovals, nvals; + int i; - if (argc != 2) { - printf("Usage: mod_entry username\n"); - return; + char *expiration_string = NULL; + time_t default_expiration = 0; + int expiration_set = 0; + + char *life_string = NULL; + time_t default_life = 0; + int life_set = 0; + + int attributes = -1; + int default_attributes = 0; + int attributes_set = 0; + + int optind = 0; + + /* XXX remember to update value assignments below */ + struct getargs mod_args[] = { + { "life", 'l', arg_string, NULL, "max ticket life" }, + { "expiration", 'e', arg_string, NULL, "principal expiration" }, + { "attributes", 'a', arg_integer, NULL } + }; + i = 0; + mod_args[i++].value = &life_string; + mod_args[i++].value = &expiration_string; + mod_args[i++].value = &attributes; + + + if(getarg(mod_args, sizeof(mod_args) / sizeof(mod_args[0]), + argc, argv, &optind)){ + arg_printusage(mod_args, + sizeof(mod_args) / sizeof(mod_args[0]), + "mod", + "principal ..."); + return 0; } + if(expiration_string) { + default_expiration = parse_expdate(expiration_string); + if(default_expiration < 0) + warnx("Unknown expiration date `%s'", expiration_string); + else + expiration_set = 1; + } + if(life_string) { + time_t t = parse_time(life_string, "hour"); + if(t == -1) + warnx("Unknown lifetime `%s'", life_string); + else { + default_life = krb_time_to_life(0, t); + life_set = 1; + } + } + if(attributes != -1) { + default_attributes = attributes; + attributes_set = 1; + } + + + for(i = optind; i < argc; i++) { + memset(fields, 0, sizeof(fields)); SET_FIELD(KADM_NAME,fields); SET_FIELD(KADM_INST,fields); SET_FIELD(KADM_EXPDATE,fields); SET_FIELD(KADM_ATTR,fields); SET_FIELD(KADM_MAXLIFE,fields); - if (setvals(&ovals, argv[1]) != KADM_SUCCESS) - return; + if (setvals(&ovals, argv[i]) != KADM_SUCCESS) + return 0; nvals = ovals; if (princ_exists(ovals.name, ovals.instance, krbrlm) == PE_NO) { printf("kadmin: Principal %s does not exist.\n", krb_unparse_name_long (ovals.name, ovals.instance, krbrlm)); - return; + return 0; } /* get the admin's password */ if (get_admin_password() != GOOD_PW) - return; + return 0; if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) { printf("[ unable to retrieve current settings: %s ]\n", error_message(status)); nvals.max_life = DEFAULT_TKT_LIFE; nvals.exp_date = 0; nvals.attributes = 0; } else { nvals.max_life = ovals.max_life; nvals.exp_date = ovals.exp_date; nvals.attributes = ovals.attributes; } + if(life_set) { + nvals.max_life = default_life; + SET_FIELD(KADM_MAXLIFE, nvals.fields); + } else get_maxlife(&nvals); + if(attributes_set) { + nvals.attributes = default_attributes; + SET_FIELD(KADM_ATTR, nvals.fields); + } else get_attr(&nvals); + if(expiration_set) { + nvals.exp_date = default_expiration; + SET_FIELD(KADM_EXPDATE, nvals.fields); + } else get_expdate(&nvals); if (IS_FIELD(KADM_MAXLIFE, nvals.fields) || IS_FIELD(KADM_ATTR, nvals.fields) || IS_FIELD(KADM_EXPDATE, nvals.fields)) { if ((status = kadm_mod(&ovals, &nvals)) != KADM_SUCCESS) { printf("kadm error: %s\n",error_message(status)); goto out; } if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) { printf("kadm error: %s\n",error_message(status)); goto out; } } prin_vals(&ovals); + } out: - if (!multiple) - clean_up(); - return; + return 0; } -static void +static int help(int argc, char **argv) { sl_help (cmds, argc, argv); + return 0; } Index: stable/3/crypto/kerberosIV/kadmin/kpasswd.c =================================================================== --- stable/3/crypto/kerberosIV/kadmin/kpasswd.c (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/kpasswd.c (revision 62578) @@ -1,163 +1,177 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * change your password with kerberos */ #include "kadm_locl.h" -RCSID("$Id: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $"); +RCSID("$Id: kpasswd.c,v 1.29 1999/11/13 06:33:20 assar Exp $"); static void usage(int value) { fprintf(stderr, "Usage: "); fprintf(stderr, "kpasswd [-h ] [-n user] [-i instance] [-r realm] "); fprintf(stderr, "[-u fullname]\n"); exit(value); } int main(int argc, char **argv) { krb_principal principal; krb_principal default_principal; int realm_given = 0; /* True if realm was give on cmdline */ int use_default = 1; /* True if we should use default name */ int status; /* return code */ char pword[MAX_KPW_LEN]; int c; char tktstring[MaxPathLen]; set_progname (argv[0]); memset (&principal, 0, sizeof(principal)); memset (&default_principal, 0, sizeof(default_principal)); krb_get_default_principal (default_principal.name, default_principal.instance, default_principal.realm); - while ((c = getopt(argc, argv, "u:n:i:r:h")) != EOF) { + while ((c = getopt(argc, argv, "u:n:i:r:h")) != -1) { switch (c) { case 'u': status = krb_parse_name (optarg, &principal); if (status != KSUCCESS) errx (2, "%s", krb_get_err_text(status)); if (principal.realm[0]) realm_given++; else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS) errx (1, "Could not find default realm!"); break; case 'n': if (k_isname(optarg)) - strncpy(principal.name, optarg, sizeof(principal.name) - 1); + strlcpy(principal.name, + optarg, + sizeof(principal.name)); else { warnx("Bad name: %s", optarg); usage(1); } break; case 'i': if (k_isinst(optarg)) - strncpy(principal.instance, + strlcpy(principal.instance, optarg, - sizeof(principal.instance) - 1); + sizeof(principal.instance)); else { warnx("Bad instance: %s", optarg); usage(1); } break; case 'r': if (k_isrealm(optarg)) { - strncpy(principal.realm, optarg, sizeof(principal.realm) - 1); + strlcpy(principal.realm, + optarg, + sizeof(principal.realm)); realm_given++; } else { warnx("Bad realm: %s", optarg); usage(1); } break; case 'h': usage(0); break; default: usage(1); break; } use_default = 0; } if (optind < argc) { use_default = 0; status = krb_parse_name (argv[optind], &principal); if(status != KSUCCESS) errx (1, "%s", krb_get_err_text (status)); } if (use_default) { - strcpy(principal.name, default_principal.name); - strcpy(principal.instance, default_principal.instance); - strcpy(principal.realm, default_principal.realm); + strlcpy(principal.name, + default_principal.name, + sizeof(principal.name)); + strlcpy(principal.instance, + default_principal.instance, + sizeof(principal.instance)); + strlcpy(principal.realm, + default_principal.realm, + sizeof(principal.realm)); } else { if (!principal.name[0]) - strcpy(principal.name, default_principal.name); + strlcpy(principal.name, + default_principal.name, + sizeof(principal.name)); if (!principal.realm[0]) - strcpy(principal.realm, default_principal.realm); + strlcpy(principal.realm, + default_principal.realm, + sizeof(principal.realm)); } - snprintf(tktstring, sizeof(tktstring), - TKT_ROOT "_cpw_%u", (unsigned)getpid()); + snprintf(tktstring, sizeof(tktstring), "%s_cpw_%u", + TKT_ROOT, (unsigned)getpid()); krb_set_tkt_string(tktstring); if (get_pw_new_pwd(pword, sizeof(pword), &principal, realm_given)) { dest_tkt (); exit(1); } status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm); if (status != KADM_SUCCESS) com_err(argv[0], status, "while initializing"); else { des_cblock newkey; char *pw_msg; /* message from server */ des_string_to_key(pword, &newkey); status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg); memset(newkey, 0, sizeof(newkey)); if (status == KADM_INSECURE_PW) warnx ("Insecure password: %s", pw_msg); else if (status != KADM_SUCCESS) com_err(argv[0], status, " attempting to change password."); } memset(pword, 0, sizeof(pword)); if (status != KADM_SUCCESS) fprintf(stderr,"Password NOT changed.\n"); else printf("Password changed.\n"); dest_tkt(); if (status) return 2; else return 0; } Index: stable/3/crypto/kerberosIV/kadmin/ksrvutil.c =================================================================== --- stable/3/crypto/kerberosIV/kadmin/ksrvutil.c (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/ksrvutil.c (revision 62578) @@ -1,601 +1,638 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * list and update contents of srvtab files */ /* * ksrvutil * list and update the contents of srvtab files */ #include "kadm_locl.h" -RCSID("$Id: ksrvutil.c,v 1.39 1997/05/02 14:28:52 assar Exp $"); +RCSID("$Id: ksrvutil.c,v 1.50 1999/11/13 06:33:59 assar Exp $"); #include "ksrvutil.h" #ifdef NOENCRYPTION #define read_long_pw_string placebo_read_pw_string #else /* NOENCRYPTION */ #define read_long_pw_string des_read_pw_string #endif /* NOENCRYPTION */ #define SRVTAB_MODE 0600 /* rw------- */ #define PAD " " #define VNO_HEADER "Version" #define VNO_FORMAT "%4d " #define KEY_HEADER " Key " /* 17 characters long */ #define PRINC_HEADER " Principal\n" #define PRINC_FORMAT "%s" char u_name[ANAME_SZ]; char u_inst[INST_SZ]; char u_realm[REALM_SZ]; int destroyp = FALSE; /* Should the ticket file be destroyed? */ static unsigned short get_mode(char *filename) { struct stat statbuf; unsigned short mode; memset(&statbuf, 0, sizeof(statbuf)); if (stat(filename, &statbuf) < 0) mode = SRVTAB_MODE; else mode = statbuf.st_mode; return(mode); } static void copy_keyfile(char *keyfile, char *backup_keyfile) { int keyfile_fd; int backup_keyfile_fd; int keyfile_mode; char buf[BUFSIZ]; /* for copying keyfiles */ int rcount; /* for copying keyfiles */ int try_again; memset(buf, 0, sizeof(buf)); do { try_again = FALSE; if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { if (errno != ENOENT) - err (1, "read %s", keyfile); + err (1, "open %s", keyfile); else { try_again = TRUE; if ((keyfile_fd = open(keyfile, O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) err(1, "create %s", keyfile); else if (close(keyfile_fd) < 0) err (1, "close %s", keyfile); } } } while(try_again); keyfile_mode = get_mode(keyfile); if ((backup_keyfile_fd = open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, keyfile_mode)) < 0) - err (1, "write %s", backup_keyfile); + err (1, "open %s", backup_keyfile); do { if ((rcount = read(keyfile_fd, buf, sizeof(buf))) < 0) err (1, "read %s", keyfile); if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) err (1, "write %s", backup_keyfile); } while (rcount); if (close(backup_keyfile_fd) < 0) err(1, "close %s", backup_keyfile); if (close(keyfile_fd) < 0) err(1, "close %s", keyfile); } void leave(char *str, int x) { if (str) fprintf(stderr, "%s\n", str); if (destroyp) dest_tkt(); exit(x); } void safe_read_stdin(char *prompt, char *buf, size_t size) { printf("%s", prompt); fflush(stdout); memset(buf, 0, size); if (read(0, buf, size - 1) < 0) { warn("read stdin"); leave(NULL, 1); } buf[strlen(buf)-1] = 0; } void safe_write(char *filename, int fd, void *buf, size_t len) { if (write(fd, buf, len) != len) { warn("write %s", filename); close(fd); leave("In progress srvtab in this file.", 1); } } static int yes_no(char *string, int dflt) { char ynbuf[5]; printf("%s (y,n) [%c]", string, dflt?'y':'n'); for (;;) { safe_read_stdin("", ynbuf, sizeof(ynbuf)); if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N')) return(0); else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y')) return(1); else if(ynbuf[0] == 0) return dflt; else { printf("Please enter 'y' or 'n': "); fflush(stdout); } } } int yn(char *string) { return yes_no(string, 1); } int ny(char *string) { return yes_no(string, 0); } static void -append_srvtab(char *filename, int fd, char *sname, char *sinst, char *srealm, unsigned char key_vno, unsigned char *key) +append_srvtab(char *filename, int fd, char *sname, char *sinst, char *srealm, + unsigned char key_vno, unsigned char *key) { /* Add one to append null */ safe_write(filename, fd, sname, strlen(sname) + 1); safe_write(filename, fd, sinst, strlen(sinst) + 1); safe_write(filename, fd, srealm, strlen(srealm) + 1); safe_write(filename, fd, &key_vno, 1); safe_write(filename, fd, key, sizeof(des_cblock)); fsync(fd); } static void print_key(unsigned char *key) { int i; for (i = 0; i < 4; i++) printf("%02x", key[i]); printf(" "); for (i = 4; i < 8; i++) printf("%02x", key[i]); } static void print_name(char *name, char *inst, char *realm) { printf("%s", krb_unparse_name_long(name, inst, realm)); } static int get_svc_new_key(des_cblock *new_key, char *sname, char *sinst, char *srealm, char *keyfile) { int status = KADM_SUCCESS; if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME, KADM_SINST, 1, keyfile)) == KSUCCESS) && ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, srealm)) == KADM_SUCCESS)) { #ifdef NOENCRYPTION memset(new_key, 0, sizeof(des_cblock)); (*new_key)[0] = (unsigned char) 1; #else /* NOENCRYPTION */ des_new_random_key(new_key); #endif /* NOENCRYPTION */ return(KADM_SUCCESS); } return(status); } static void get_key_from_password(des_cblock (*key), char *cellname) { char password[MAX_KPW_LEN]; /* storage for the password */ if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1)) leave("Error reading password.", 1); #ifdef NOENCRYPTION memset(key, 0, sizeof(des_cblock)); (*key)[0] = (unsigned char) 1; #else /* NOENCRYPTION */ if (strlen(cellname) == 0) des_string_to_key(password, key); else afs_string_to_key(password, cellname, key); #endif /* NOENCRYPTION */ memset(password, 0, sizeof(password)); } static void usage(void) { fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] "); - fprintf(stderr, "[-p principal] [-r realm] "); + fprintf(stderr, "[-p principal] [-r realm] [-u]"); fprintf(stderr, "[-c AFS cellname] "); - fprintf(stderr, "{list | change | add | get}\n"); - fprintf(stderr, " -i causes the program to ask for "); - fprintf(stderr, "confirmation before changing keys.\n"); - fprintf(stderr, " -k causes the key to printed for list or "); - fprintf(stderr, "change.\n"); + fprintf(stderr, "{list | change | add | get | delete}\n"); + fprintf(stderr, " -i causes the program to ask for " + "confirmation before changing keys.\n"); + fprintf(stderr, " -k causes the key to printed for list or change.\n"); + fprintf(stderr, " -u creates one keyfile for each principal " + "(only used with `get')\n"); exit(1); } int main(int argc, char **argv) { char sname[ANAME_SZ]; /* name of service */ char sinst[INST_SZ]; /* instance of service */ char srealm[REALM_SZ]; /* realm of service */ unsigned char key_vno; /* key version number */ int status; /* general purpose error status */ des_cblock new_key; des_cblock old_key; char change_tkt[MaxPathLen]; /* Ticket to use for key change */ char keyfile[MaxPathLen]; /* Original keyfile */ char work_keyfile[MaxPathLen]; /* Working copy of keyfile */ char backup_keyfile[MaxPathLen]; /* Backup copy of keyfile */ unsigned short keyfile_mode; /* Protections on keyfile */ int work_keyfile_fd = -1; /* Initialize so that */ int backup_keyfile_fd = -1; /* compiler doesn't complain */ char local_realm[REALM_SZ]; /* local kerberos realm */ char cellname[1024]; /* AFS cell name */ int c; int interactive = FALSE; int list = FALSE; int change = FALSE; + int unique_filename = FALSE; int add = FALSE; + int delete = FALSE; int get = FALSE; int key = FALSE; /* do we show keys? */ int arg_entered = FALSE; int change_this_key = FALSE; char databuf[BUFSIZ]; int first_printed = FALSE; /* have we printed the first item? */ memset(sname, 0, sizeof(sname)); memset(sinst, 0, sizeof(sinst)); memset(srealm, 0, sizeof(srealm)); memset(change_tkt, 0, sizeof(change_tkt)); memset(keyfile, 0, sizeof(keyfile)); memset(work_keyfile, 0, sizeof(work_keyfile)); memset(backup_keyfile, 0, sizeof(backup_keyfile)); memset(local_realm, 0, sizeof(local_realm)); memset(cellname, 0, sizeof(cellname)); set_progname (argv[0]); if (krb_get_default_principal(u_name, u_inst, u_realm) < 0) errx (1, "could not get default principal"); /* This is used only as a default for adding keys */ if (krb_get_lrealm(local_realm, 1) != KSUCCESS) - strcpy(local_realm, KRB_REALM); + strlcpy(local_realm, + KRB_REALM, + sizeof(local_realm)); - while((c = getopt(argc, argv, "ikc:f:p:r:")) != EOF) { + while((c = getopt(argc, argv, "ikc:f:p:r:u")) != -1) { switch (c) { case 'i': interactive++; break; case 'k': key++; break; case 'c': - strcpy(cellname, optarg); + strlcpy(cellname, optarg, sizeof(cellname)); break; case 'f': - strcpy(keyfile, optarg); + strlcpy(keyfile, optarg, sizeof(keyfile)); break; case 'p': if((status = kname_parse (u_name, u_inst, u_realm, optarg)) != KSUCCESS) errx (1, "principal %s: %s", optarg, krb_get_err_text(status)); break; case 'r': - strcpy(u_realm, optarg); + strlcpy(u_realm, optarg, sizeof(u_realm)); + break; + case 'u': + unique_filename = 1; break; case '?': usage(); } } if (optind >= argc) usage(); if (*u_realm == '\0') - strcpy (u_realm, local_realm); + strlcpy (u_realm, local_realm, sizeof(u_realm)); if (strcmp(argv[optind], "list") == 0) { if (arg_entered) usage(); else { arg_entered++; list++; } } else if (strcmp(argv[optind], "change") == 0) { if (arg_entered) usage(); else { arg_entered++; change++; } } else if (strcmp(argv[optind], "add") == 0) { if (arg_entered) usage(); else { arg_entered++; add++; } } else if (strcmp(argv[optind], "get") == 0) { if (arg_entered) usage(); else { arg_entered++; get++; } } + else if (strcmp(argv[optind], "delete") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + delete++; + } + } else usage(); ++optind; if (!arg_entered) usage(); + if(unique_filename && !get) + warnx("`-u' flag is only used with `get'"); + if (!keyfile[0]) - strcpy(keyfile, KEYFILE); + strlcpy(keyfile, KEYFILE, sizeof(keyfile)); - strcpy(work_keyfile, keyfile); - strcpy(backup_keyfile, keyfile); - - if (change || add || get) { - strcat(work_keyfile, ".work"); - strcat(backup_keyfile, ".old"); + strlcpy(work_keyfile, keyfile, sizeof(work_keyfile)); + strlcpy(backup_keyfile, keyfile, sizeof(backup_keyfile)); + if (change || add || (get && !unique_filename) || delete) { + snprintf(work_keyfile, sizeof(work_keyfile), "%s.work", keyfile); + snprintf(backup_keyfile, sizeof(backup_keyfile), "%s.old", keyfile); copy_keyfile(keyfile, backup_keyfile); } - if (add || get) + if (add || (get && !unique_filename)) copy_keyfile(backup_keyfile, work_keyfile); keyfile_mode = get_mode(keyfile); - if (change || list) + if (change || list || delete) if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) err (1, "open %s", backup_keyfile); - if (change) { + if (change || delete) { if ((work_keyfile_fd = open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, SRVTAB_MODE)) < 0) err (1, "creat %s", work_keyfile); } else if (add) { if ((work_keyfile_fd = open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) err (1, "open with append %s", work_keyfile ); } - else if (get) { + else if (get && !unique_filename) { if ((work_keyfile_fd = open(work_keyfile, O_RDWR | O_CREAT, SRVTAB_MODE)) < 0) err (1, "open for writing %s", work_keyfile); } - if (change || list) { + if (change || list || delete) { while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) && (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) && (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) && (read(backup_keyfile_fd, &key_vno, 1) > 0) && (read(backup_keyfile_fd, old_key, sizeof(old_key)) > 0)) { if (list) { if (!first_printed) { printf(VNO_HEADER); printf(PAD); if (key) { printf(KEY_HEADER); printf(PAD); } printf(PRINC_HEADER); first_printed = 1; } printf(VNO_FORMAT, key_vno); printf(PAD); if (key) { print_key(old_key); printf(PAD); } print_name(sname, sinst, srealm); printf("\n"); } else if (change) { - snprintf(change_tkt, sizeof(change_tkt), - TKT_ROOT "_ksrvutil.%u", - (unsigned)getpid()); + snprintf(change_tkt, sizeof(change_tkt), "%s_ksrvutil.%u", + TKT_ROOT, (unsigned)getpid()); krb_set_tkt_string(change_tkt); destroyp = TRUE; printf("\nPrincipal: "); print_name(sname, sinst, srealm); printf("; version %d\n", key_vno); if (interactive) change_this_key = yn("Change this key?"); - else if (change) - change_this_key = 1; else - change_this_key = 0; + change_this_key = 1; if (change_this_key) printf("Changing to version %d.\n", key_vno + 1); else if (change) printf("Not changing this key.\n"); if (change_this_key) { /* * This is not a good choice of seed when/if the * key has been compromised so we also use a * random sequence number! */ des_init_random_number_generator(&old_key); { des_cblock seqnum; des_generate_random_block(&seqnum); des_set_sequence_number((unsigned char *)&seqnum); } /* * Pick a new key and determine whether or not * it is safe to change */ if ((status = get_svc_new_key(&new_key, sname, sinst, srealm, keyfile)) == KADM_SUCCESS) key_vno++; else { memcpy(new_key, old_key, sizeof(new_key)); warnx ("Key NOT changed: %s\n", krb_get_err_text(status)); change_this_key = FALSE; } } else memcpy(new_key, old_key, sizeof(new_key)); append_srvtab(work_keyfile, work_keyfile_fd, sname, sinst, srealm, key_vno, new_key); if (key && change_this_key) { printf("Old key: "); print_key(old_key); printf("; new key: "); print_key(new_key); printf("\n"); } if (change_this_key) { if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) { printf("Key changed.\n"); dest_tkt(); } else { com_err(__progname, status, " attempting to change password."); dest_tkt(); /* XXX This knows the format of a keyfile */ if (lseek(work_keyfile_fd, -9, SEEK_CUR) >= 0) { key_vno--; safe_write(work_keyfile, work_keyfile_fd, &key_vno, 1); safe_write(work_keyfile, work_keyfile_fd, old_key, sizeof(des_cblock)); fsync(work_keyfile_fd); fprintf(stderr,"Key NOT changed.\n"); } else { warn ("Unable to revert keyfile"); leave("", 1); } } } + } else if(delete) { + int delete_this_key; + printf("\nPrincipal: "); + print_name(sname, sinst, srealm); + printf("; version %d\n", key_vno); + delete_this_key = yn("Delete this key?"); + + if (delete_this_key) + printf("Deleting this key.\n"); + + if (!delete_this_key) { + append_srvtab(work_keyfile, work_keyfile_fd, + sname, sinst, srealm, key_vno, old_key); + } } memset(old_key, 0, sizeof(des_cblock)); memset(new_key, 0, sizeof(des_cblock)); } } else if (add) { do { do { + char *p; + safe_read_stdin("Name: ", databuf, sizeof(databuf)); - strncpy(sname, databuf, sizeof(sname) - 1); - if (strchr(sname, '.') != 0) { - strcpy(sinst, strchr(sname, '.') + 1); - *(strchr(sname, '.')) = 0; + p = strchr(databuf, '.'); + if (p != NULL) { + *p++ = '\0'; + strlcpy (sname, databuf, sizeof(sname)); + strlcpy (sinst, p, sizeof(sinst)); } else { + strlcpy (sname, databuf, sizeof(sname)); safe_read_stdin("Instance: ", databuf, sizeof(databuf)); - strncpy(sinst, databuf, sizeof(sinst) - 1); + strlcpy (sinst, databuf, sizeof(databuf)); } + safe_read_stdin("Realm: ", databuf, sizeof(databuf)); - strncpy(srealm, databuf, sizeof(srealm) - 1); + if (databuf[0] != '\0') + strlcpy (srealm, databuf, sizeof(srealm)); + else + strlcpy (srealm, local_realm, sizeof(srealm)); + safe_read_stdin("Version number: ", databuf, sizeof(databuf)); key_vno = atoi(databuf); - if (key_vno == 0) - key_vno = 1; /* Version numbers are never 0 */ if (!srealm[0]) - strcpy(srealm, local_realm); + strlcpy(srealm, local_realm, sizeof(srealm)); printf("New principal: "); print_name(sname, sinst, srealm); printf("; version %d\n", key_vno); } while (!yn("Is this correct?")); get_key_from_password(&new_key, cellname); if (key) { printf("Key: "); print_key(new_key); printf("\n"); } append_srvtab(work_keyfile, work_keyfile_fd, sname, sinst, srealm, key_vno, new_key); printf("Key successfully added.\n"); } while (yn("Would you like to add another key?")); } else if (get) { - ksrvutil_get(work_keyfile_fd, work_keyfile, + ksrvutil_get(unique_filename, work_keyfile_fd, work_keyfile, argc - optind, argv + optind); } - if (change || list) + if (change || list || delete) if (close(backup_keyfile_fd) < 0) warn ("close %s", backup_keyfile); - if (change || add || get) { + if (change || add || (get && !unique_filename) || delete) { if (close(work_keyfile_fd) < 0) err (1, "close %s", work_keyfile); if (rename(work_keyfile, keyfile) < 0) err (1, "rename(%s, %s)", work_keyfile, keyfile); chmod(backup_keyfile, keyfile_mode); chmod(keyfile, keyfile_mode); printf("Old keyfile in %s.\n", backup_keyfile); } return 0; } Index: stable/3/crypto/kerberosIV/kadmin/ksrvutil.h =================================================================== --- stable/3/crypto/kerberosIV/kadmin/ksrvutil.h (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/ksrvutil.h (revision 62578) @@ -1,54 +1,50 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* - * $Id: ksrvutil.h,v 1.8 1997/04/01 03:58:55 assar Exp $ + * $Id: ksrvutil.h,v 1.10 1999/12/02 16:58:36 joda Exp $ * */ extern char u_name[], u_inst[], u_realm[]; extern int destroyp; void leave(char *str, int x); void safe_read_stdin(char *prompt, char *buf, size_t size); void safe_write(char *filename, int fd, void *buf, size_t len); int yn(char *string); int ny(char *string); -void ksrvutil_get(int fd, char *filename, int argc, char **argv); +void ksrvutil_get(int unique_filename, int fd, + char *filename, int argc, char **argv); Index: stable/3/crypto/kerberosIV/kadmin/ksrvutil_get.c =================================================================== --- stable/3/crypto/kerberosIV/kadmin/ksrvutil_get.c (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/ksrvutil_get.c (revision 62578) @@ -1,400 +1,434 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kadm_locl.h" #include "ksrvutil.h" -RCSID("$Id: ksrvutil_get.c,v 1.32 1997/05/05 21:14:57 assar Exp $"); +RCSID("$Id: ksrvutil_get.c,v 1.43 1999/12/02 16:58:36 joda Exp $"); #define BAD_PW 1 #define GOOD_PW 0 #define FUDGE_VALUE 15 /* for ticket expiration time */ #define PE_NO 0 #define PE_YES 1 #define PE_UNSURE 2 -static char tktstring[128]; +static char tktstring[MaxPathLen]; static int princ_exists(char *name, char *instance, char *realm) { int status; status = krb_get_pw_in_tkt(name, instance, realm, KRB_TICKET_GRANTING_TICKET, realm, 1, ""); if ((status == KSUCCESS) || (status == INTK_BADPW)) return(PE_YES); else if (status == KDC_PR_UNKNOWN) return(PE_NO); else return(PE_UNSURE); } static int get_admin_password(char *myname, char *myinst, char *myrealm) { int status; char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ int ticket_life = 1; /* minimum ticket lifetime */ char buf[1024]; CREDENTIALS c; if (princ_exists(myname, myinst, myrealm) != PE_NO) { snprintf(buf, sizeof(buf), "Password for %s: ", krb_unparse_name_long (myname, myinst, myrealm)); if (des_read_pw_string(admin_passwd, sizeof(admin_passwd)-1, buf, 0)) { fprintf(stderr, "Error reading admin password.\n"); goto bad; } status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME, KADM_SINST, ticket_life, admin_passwd); memset(admin_passwd, 0, sizeof(admin_passwd)); /* Initialize non shared random sequence from session key. */ memset(&c, 0, sizeof(c)); krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c); des_init_random_number_generator(&c.session); - } - else + } else status = KDC_PR_UNKNOWN; switch(status) { case GT_PW_OK: return(GOOD_PW); case KDC_PR_UNKNOWN: printf("Principal %s does not exist.\n", krb_unparse_name_long(myname, myinst, myrealm)); goto bad; case GT_PW_BADPW: printf("Incorrect admin password.\n"); goto bad; default: com_err("kadmin", status+krb_err_base, "while getting password tickets"); goto bad; } bad: memset(admin_passwd, 0, sizeof(admin_passwd)); dest_tkt(); return(BAD_PW); } static void srvtab_put_key (int fd, char *filename, char *name, char *inst, char *realm, int8_t kvno, des_cblock key) { char sname[ANAME_SZ]; /* name of service */ char sinst[INST_SZ]; /* instance of service */ char srealm[REALM_SZ]; /* realm of service */ int8_t skvno; des_cblock skey; lseek(fd, 0, SEEK_SET); while(getst(fd, sname, SNAME_SZ) > 0 && getst(fd, sinst, INST_SZ) > 0 && getst(fd, srealm, REALM_SZ) > 0 && read(fd, &skvno, sizeof(skvno)) > 0 && read(fd, skey, sizeof(skey)) > 0) { if(strcmp(name, sname) == 0 && strcmp(inst, sinst) == 0 && strcmp(realm, srealm) == 0) { lseek(fd, lseek(fd,0,SEEK_CUR)-(sizeof(skvno) + sizeof(skey)), SEEK_SET); safe_write(filename, fd, &kvno, sizeof(kvno)); safe_write(filename, fd, key, sizeof(des_cblock)); return; } } safe_write(filename, fd, name, strlen(name) + 1); safe_write(filename, fd, inst, strlen(inst) + 1); safe_write(filename, fd, realm, strlen(realm) + 1); safe_write(filename, fd, &kvno, sizeof(kvno)); safe_write(filename, fd, key, sizeof(des_cblock)); } /* * node list of services */ struct srv_ent{ char name[SNAME_SZ]; char inst[INST_SZ]; char realm[REALM_SZ]; struct srv_ent *next; }; static int -key_to_key(char *user, char *instance, char *realm, void *arg, +key_to_key(const char *user, + char *instance, + const char *realm, + const void *arg, des_cblock *key) { memcpy(key, arg, sizeof(des_cblock)); return 0; } static void -get_srvtab_ent(int fd, char *filename, char *name, char *inst, char *realm) +get_srvtab_ent(int unique_filename, int fd, char *filename, + char *name, char *inst, char *realm) { char chname[128]; des_cblock newkey; char old_tktfile[MaxPathLen], new_tktfile[MaxPathLen]; char garbage_name[ANAME_SZ]; char garbage_inst[ANAME_SZ]; CREDENTIALS c; u_int8_t kvno; Kadm_vals values; int ret; - strncpy(chname, krb_get_phost(inst), sizeof(chname)); + strlcpy(chname, krb_get_phost(inst), sizeof(chname)); if(strcmp(inst, chname)) fprintf(stderr, "Warning: Are you sure `%s' should not be `%s'?\n", inst, chname); memset(&values, 0, sizeof(values)); - strcpy(values.name, name); - strcpy(values.instance, inst); + strlcpy(values.name, name, sizeof(values.name)); + strlcpy(values.instance, inst, sizeof(values.instance)); des_new_random_key(&newkey); values.key_low = (newkey[0] << 24) | (newkey[1] << 16) | (newkey[2] << 8) | (newkey[3] << 0); values.key_high = (newkey[4] << 24) | (newkey[5] << 16) | (newkey[6] << 8) | (newkey[7] << 0); SET_FIELD(KADM_NAME,values.fields); SET_FIELD(KADM_INST,values.fields); SET_FIELD(KADM_DESKEY,values.fields); ret = kadm_mod(&values, &values); if(ret == KADM_NOENTRY) ret = kadm_add(&values); if (ret != KSUCCESS) { warnx ("Couldn't get srvtab entry for %s.%s: %s", name, inst, error_message(ret)); return; } values.key_low = values.key_high = 0; /* get the key version number */ + { + int old = krb_use_admin_server(1); - strcpy(old_tktfile, tkt_string()); - snprintf(new_tktfile, sizeof(new_tktfile), - TKT_ROOT "_ksrvutil-get.%u", - (unsigned)getpid()); + strlcpy(old_tktfile, tkt_string(), sizeof(old_tktfile)); + snprintf(new_tktfile, sizeof(new_tktfile), "%s_ksrvutil-get.%u", + TKT_ROOT, (unsigned)getpid()); krb_set_tkt_string(new_tktfile); ret = krb_get_in_tkt(name, inst, realm, name, inst, 1, key_to_key, NULL, &newkey); + krb_use_admin_server(old); + if (ret) { + warnx ("getting tickets for %s: %s", + krb_unparse_name_long(name, inst, realm), + krb_get_err_text(ret)); + return; + } + } if (ret == KSUCCESS && (ret = tf_init(tkt_string(), R_TKT_FIL)) == KSUCCESS && (ret = tf_get_pname(garbage_name)) == KSUCCESS && (ret = tf_get_pinst(garbage_inst)) == KSUCCESS && (ret = tf_get_cred(&c)) == KSUCCESS) kvno = c.kvno; else { - warnx ("Could not find the cred in the ticket file"); + warnx ("Could not find the cred in the ticket file: %s", + krb_get_err_text(ret)); return; } tf_close(); krb_set_tkt_string(old_tktfile); unlink(new_tktfile); if(ret != KSUCCESS) { memset(&newkey, 0, sizeof(newkey)); warnx ("Could not get a ticket for %s: %s\n", krb_unparse_name_long(name, inst, realm), krb_get_err_text(ret)); return; } /* Write the new key & c:o to the srvtab file */ + if(unique_filename){ + char *fn; + asprintf(&fn, "%s-%s", filename, + krb_unparse_name_long(name, inst, realm)); + if(fn == NULL){ + warnx("Out of memory"); + leave(NULL, 1); + } + fd = open(fn, O_RDWR | O_CREAT | O_TRUNC, 0600); /* XXX flags, mode? */ + if(fd < 0){ + warn("%s", fn); + leave(NULL, 1); + } + srvtab_put_key (fd, fn, name, inst, realm, kvno, newkey); + close(fd); + fprintf (stderr, "Created %s\n", fn); + free(fn); + }else{ srvtab_put_key (fd, filename, name, inst, realm, kvno, newkey); + fprintf (stderr, "Added %s\n", + krb_unparse_name_long (name, inst, realm)); + } memset(&newkey, 0, sizeof(newkey)); - - fprintf (stderr, "Added %s\n", krb_unparse_name_long (name, inst, realm)); } static void -ksrvutil_kadm(int fd, char *filename, struct srv_ent *p) +ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p) { int ret; CREDENTIALS c; ret = kadm_init_link(PWSERV_NAME, KADM_SINST, u_realm); if (ret != KADM_SUCCESS) { warnx("Couldn't initialize kadmin link: %s", error_message(ret)); leave(NULL, 1); } ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c); if (ret == KSUCCESS) des_init_random_number_generator (&c.session); else { umask(077); /* * create ticket file and get admin tickets */ - snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_ksrvutil_%d", (int)getpid()); + snprintf(tktstring, sizeof(tktstring), "%s_ksrvutil_%d", + TKT_ROOT, (int)getpid()); krb_set_tkt_string(tktstring); destroyp = TRUE; ret = get_admin_password(u_name, u_inst, u_realm); if (ret) { warnx("Couldn't get admin password."); leave(NULL, 1); } } for(;p;){ - get_srvtab_ent(fd, filename, p->name, p->inst, p->realm); + get_srvtab_ent(unique_filename, fd, filename, p->name, p->inst, p->realm); p=p->next; } unlink(tktstring); } static void parseinput (char *result, size_t sz, char *val, char *def) { char *lim; int inq; if (val[0] == '\0') { - strncpy (result, def, sz-1); + strlcpy (result, def, sz); return; } lim = result + sz - 1; inq = 0; while(*val && result < lim) { switch(*val) { case '\'' : inq = !inq; ++val; break; case '\\' : if(!inq) val++; default: *result++ = *val++; break; } } *result = '\0'; } void -ksrvutil_get(int fd, char *filename, int argc, char **argv) +ksrvutil_get(int unique_filename, int fd, char *filename, int argc, char **argv) { char sname[ANAME_SZ]; /* name of service */ char sinst[INST_SZ]; /* instance of service */ char srealm[REALM_SZ]; /* realm of service */ char databuf[BUFSIZ]; char local_hostname[100]; char prompt[100]; struct srv_ent *head=NULL; int i; - k_gethostname(local_hostname, sizeof(local_hostname)); - strcpy(local_hostname, krb_get_phost(local_hostname)); + gethostname(local_hostname, sizeof(local_hostname)); + strlcpy(local_hostname, + krb_get_phost(local_hostname), + sizeof(local_hostname)); if (argc) for(i=0; i < argc; ++i) { struct srv_ent *p=malloc(sizeof(*p)); if(p == NULL) { warnx ("out of memory in malloc"); leave(NULL,1); } p->next = head; - strcpy (p->realm, u_realm); + strlcpy (p->realm, u_realm, sizeof(p->realm)); if (kname_parse (p->name, p->inst, p->realm, argv[i]) != KSUCCESS) { warnx ("parse error on '%s'\n", argv[i]); free(p); continue; } if (p->name[0] == '\0') - strcpy(p->name, "rcmd"); + strlcpy(p->name, "rcmd", sizeof(p->name)); if (p->inst[0] == '\0') - strcpy(p->inst, local_hostname); + strlcpy(p->inst, local_hostname, sizeof(p->inst)); if (p->realm[0] == '\0') - strcpy(p->realm, u_realm); + strlcpy(p->realm, u_realm, sizeof(p->realm)); head = p; } else do{ safe_read_stdin("Name [rcmd]: ", databuf, sizeof(databuf)); parseinput (sname, sizeof(sname), databuf, "rcmd"); snprintf(prompt, sizeof(prompt), "Instance [%s]: ", local_hostname); safe_read_stdin(prompt, databuf, sizeof(databuf)); parseinput (sinst, sizeof(sinst), databuf, local_hostname); snprintf(prompt, sizeof(prompt), "Realm [%s]: ", u_realm); safe_read_stdin(prompt, databuf, sizeof(databuf)); parseinput (srealm, sizeof(srealm), databuf, u_realm); if(yn("Is this correct?")){ struct srv_ent *p=(struct srv_ent*)malloc(sizeof(struct srv_ent)); + if (p == NULL) { + warnx ("out of memory in malloc"); + leave(NULL,1); + } p->next=head; head=p; - strcpy(p->name, sname); - strcpy(p->inst, sinst); - strcpy(p->realm, srealm); + strlcpy(p->name, sname, sizeof(p->name)); + strlcpy(p->inst, sinst, sizeof(p->inst)); + strlcpy(p->realm, srealm, sizeof(p->realm)); } }while(ny("Add more keys?")); - ksrvutil_kadm(fd, filename, head); + ksrvutil_kadm(unique_filename, fd, filename, head); { struct srv_ent *p=head, *q; while(p){ q=p; p=p->next; free(q); } } } Index: stable/3/crypto/kerberosIV/kadmin/new_pwd.c =================================================================== --- stable/3/crypto/kerberosIV/kadmin/new_pwd.c (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/new_pwd.c (revision 62578) @@ -1,146 +1,140 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kadm_locl.h" -RCSID("$Id: new_pwd.c,v 1.11 1997/05/02 14:28:54 assar Exp $"); +RCSID("$Id: new_pwd.c,v 1.14 1999/12/02 16:58:36 joda Exp $"); #ifdef NOENCRYPTION #define read_long_pw_string placebo_read_pw_string #else #define read_long_pw_string des_read_pw_string #endif static char * check_pw (char *pword) { - if (strlen(pword) == 0) - return "Null passwords are not allowed - Please enter a longer password."; - - if (strlen(pword) < MIN_KPW_LEN) + int ret = kadm_check_pw(pword); + switch(ret) { + case 0: + return NULL; + case KADM_PASS_Q_NULL: + return "Null passwords are not allowed - " + "Please enter a longer password."; + case KADM_PASS_Q_TOOSHORT: return "Password is to short - Please enter a longer password."; - - /* Don't allow all lower case passwords regardless of length */ - { - char *t; - for (t = pword; *t && islower(*t); t++) - ; - if (*t == 0) + case KADM_PASS_Q_CLASS: + /* XXX */ return "Please don't use an all-lower case password.\n" "\tUnusual capitalization, delimiter characters or " "digits are suggested."; } - - return NULL; + return "Password is insecure"; /* XXX this shouldn't happen */ } int get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm) { char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ char p[MAX_K_NAME_SZ]; char local_realm[REALM_SZ]; int status; char *expl; /* * We don't care about failure; this is to determine whether or * not to print the realm in the prompt for a new password. */ krb_get_lrealm(local_realm, 1); if (strcmp(local_realm, pr->realm)) print_realm++; { char *q; krb_unparse_name_r(pr, p); if(print_realm == 0 && (q = strrchr(p, '@'))) *q = 0; } snprintf(ppromp, sizeof(ppromp), "Old password for %s:", p); if (read_long_pw_string(pword, pwlen-1, ppromp, 0)) { fprintf(stderr, "Error reading old password.\n"); return -1; } status = krb_get_pw_in_tkt(pr->name, pr->instance, pr->realm, PWSERV_NAME, KADM_SINST, 1, pword); if (status != KSUCCESS) { if (status == INTK_BADPW) { printf("Incorrect old password.\n"); return -1; } else { fprintf(stderr, "Kerberos error: %s\n", krb_get_err_text(status)); return -1; } } memset(pword, 0, pwlen); do { char verify[MAX_KPW_LEN]; + snprintf(npromp, sizeof(npromp), "New Password for %s:",p); if (read_long_pw_string(pword, pwlen-1, npromp, 0)) { fprintf(stderr, "Error reading new password, password unchanged.\n"); return -1; } expl = check_pw (pword); if (expl) { printf("\n\t%s\n\n", expl); continue; } /* Now we got an ok password, verify it. */ snprintf(npromp, sizeof(npromp), "Verifying New Password for %s:", p); if (read_long_pw_string(verify, MAX_KPW_LEN-1, npromp, 0)) { fprintf(stderr, "Error reading new password, password unchanged.\n"); return -1; } if (strcmp(pword, verify) != 0) { printf("Verify failure - try again\n"); expl = ""; /* continue */ } } while (expl); return 0; } Index: stable/3/crypto/kerberosIV/kadmin/pw_check.c =================================================================== --- stable/3/crypto/kerberosIV/kadmin/pw_check.c (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/pw_check.c (revision 62578) @@ -1,87 +1,82 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kadm_locl.h" -RCSID("$Id: pw_check.c,v 1.13 1997/04/01 08:17:50 joda Exp $"); +RCSID("$Id: pw_check.c,v 1.14 1999/12/02 16:58:36 joda Exp $"); /* * kadm_pw_check * * pw : new password or "" if none passed * newkey : key for pw as passed from client * strings : interesting strings to check for * * returns NULL if pw is ok, else an explanatory string */ int kadm_pw_check(char *pw, des_cblock *newkey, char **pw_msg, char **strings) { des_cblock pwkey; int status=KADM_SUCCESS; if (pw == NULL || *pw == '\0') return status; /* XXX - Change this later */ #ifndef NO_PW_CHECK *pw_msg = NULL; des_string_to_key(pw, &pwkey); /* Check AFS string to key also! */ if (memcmp(pwkey, *newkey, sizeof(pwkey)) != 0) { /* no password or bad key */ status=KADM_PW_MISMATCH; *pw_msg = "Password doesn't match supplied DES key"; } else if (strlen(pw) < MIN_KPW_LEN) { status = KADM_INSECURE_PW; *pw_msg="Password is too short"; } #ifdef DICTPATH *pw_msg = FascistCheck(pw, DICTPATH, strings); if (*pw_msg) return KADM_INSECURE_PW; #endif memset(pwkey, 0, sizeof(pwkey)); #endif return status; } Index: stable/3/crypto/kerberosIV/kadmin/pw_check.h =================================================================== --- stable/3/crypto/kerberosIV/kadmin/pw_check.h (revision 62577) +++ stable/3/crypto/kerberosIV/kadmin/pw_check.h (revision 62578) @@ -1,45 +1,40 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* - * $Id: pw_check.h,v 1.6 1997/04/01 08:17:50 joda Exp $ + * $Id: pw_check.h,v 1.7 1999/12/02 16:58:36 joda Exp $ */ int kadm_pw_check(char *pw, des_cblock *newkey, char **pw_msg, char **strings); Index: stable/3/crypto/kerberosIV/kuser/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/kuser/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/kuser/Makefile.in (revision 62578) @@ -1,92 +1,90 @@ -# $Id: Makefile.in,v 1.23 1997/03/23 13:04:08 assar Exp $ +# $Id: Makefile.in,v 1.30 1999/03/10 19:01:14 joda Exp $ SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ -topdir = .. +top_builddir = .. CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ LIBS = @LIBS@ KRB_KAFS_LIB = @KRB_KAFS_LIB@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ libdir = @libdir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ PROGS = kinit$(EXECSUFFIX) \ kdestroy$(EXECSUFFIX) \ klist$(EXECSUFFIX) SOURCES = kinit.c kdestroy.c klist.c OBJECTS = kinit.o kdestroy.o klist.o all: $(PROGS) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + $(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $< install: all - $(MKINSTALLDIRS) $(bindir) + $(MKINSTALLDIRS) $(DESTDIR)$(bindir) for x in $(PROGS); do \ - $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done uninstall: for x in $(PROGS); do \ - rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done TAGS: $(SOURCES) etags $(SOURCES) check: clean: rm -f *.a *.o $(PROGS) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - KLIB=-L../lib/krb -lkrb -L../lib/des -ldes LIBROKEN=-L../lib/roken -lroken kinit$(EXECSUFFIX): kinit.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) kdestroy$(EXECSUFFIX): kdestroy.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) klist$(EXECSUFFIX): klist.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) # su move to appl/bsd $(OBJECTS): ../include/config.h + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/kuser/kdestroy.c =================================================================== --- stable/3/crypto/kerberosIV/kuser/kdestroy.c (revision 62577) +++ stable/3/crypto/kerberosIV/kuser/kdestroy.c (revision 62578) @@ -1,72 +1,113 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * For copying and distribution information, please see the file - * . + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * This program causes Kerberos tickets to be destroyed. - * Options are: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * -q[uiet] - no bell even if tickets not destroyed - * -f[orce] - no message printed at all - * -t - do not destroy tokens + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kuser_locl.h" #include +#include -RCSID("$Id: kdestroy.c,v 1.8 1997/03/30 16:15:03 joda Exp $"); +RCSID("$Id: kdestroy.c,v 1.17 1999/12/02 16:58:36 joda Exp $"); +#ifdef LEGACY_KDESTROY +int ticket_flag = 1; +int unlog_flag = 0; +#else +int ticket_flag = -1; +int unlog_flag = -1; +#endif +int quiet_flag; +int help_flag; +int version_flag; + +struct getargs args[] = { + { "quiet", 'q', arg_flag, &quiet_flag, + "don't print any messages" }, + { NULL, 'f', arg_flag, &quiet_flag }, + { "tickets", 't', arg_flag, &ticket_flag, + "destroy tickets" }, + { "unlog", 'u', arg_flag, &unlog_flag, + "destroy AFS tokens" }, + { "version", 0, arg_flag, &version_flag }, + { "help", 'h', arg_flag, &help_flag } +}; + +int num_args = sizeof(args) / sizeof(args[0]); + static void -usage(void) +usage(int code) { - fprintf(stderr, "Usage: %s [-f] [-q] [-t]\n", __progname); - exit(1); + arg_printusage(args, num_args, NULL, ""); + exit(code); } int main(int argc, char **argv) { - int fflag=0, tflag = 0, k_errno; - int c; + int optind = 0; + int ret = RET_TKFIL; set_progname(argv[0]); + if(getarg(args, num_args, argc, argv, &optind)) + usage(1); - while((c = getopt(argc, argv, "fqt")) >= 0){ - switch(c){ - case 'f': - case 'q': - fflag++; - break; - case 't': - tflag++; - break; - default: - usage(); - } + if(help_flag) + usage(0); + + if(version_flag) { + print_version(NULL); + exit(0); } - if(argc - optind > 0) - usage(); - k_errno = dest_tkt(); + if (unlog_flag == -1 && ticket_flag == -1) + unlog_flag = ticket_flag = 1; - if(!tflag && k_hasafs()) + if (ticket_flag) + ret = dest_tkt(); + + if (unlog_flag && k_hasafs()) k_unlog(); - if (fflag) { - if (k_errno != 0 && k_errno != RET_TKFIL) - exit(1); - else - exit(0); - } else { - if (k_errno == 0) + if (!quiet_flag) { + if (ret == KSUCCESS) printf("Tickets destroyed.\n"); - else if (k_errno == RET_TKFIL) + else if (ret == RET_TKFIL) printf("No tickets to destroy.\n"); else { printf("Tickets NOT destroyed.\n"); - exit(1); } } - exit(0); + + if (ret == KSUCCESS || ret == RET_TKFIL) + return 0; + else + return 1; } Index: stable/3/crypto/kerberosIV/kuser/kinit.c =================================================================== --- stable/3/crypto/kerberosIV/kuser/kinit.c (revision 62577) +++ stable/3/crypto/kerberosIV/kuser/kinit.c (revision 62578) @@ -1,187 +1,186 @@ /* * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Routine to initialize user to Kerberos. Prompts optionally for * user, instance and realm. Authenticates user and gets a ticket * for the Kerberos ticket-granting service for future use. * * Options are: * * -i[instance] * -r[realm] * -v[erbose] * -l[ifetime] * -p */ #include "kuser_locl.h" -RCSID("$Id$"); +RCSID("$Id: kinit.c,v 1.17 1997/12/12 04:48:44 assar Exp $"); #define LIFE DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */ #define CHPASSLIFE 2 static void get_input(char *s, int size, FILE *stream) { char *p; if (fgets(s, size, stream) == NULL) exit(1); if ( (p = strchr(s, '\n')) != NULL) *p = '\0'; } static void usage(void) { fprintf(stderr, "Usage: %s [-irvlp] [name]\n", __progname); exit(1); } int main(int argc, char **argv) { char aname[ANAME_SZ]; char inst[INST_SZ]; char realm[REALM_SZ]; char buf[MaxHostNameLen]; char name[MAX_K_NAME_SZ]; char *username = NULL; int iflag, rflag, vflag, lflag, pflag, lifetime, k_errno; int i; set_progname (argv[0]); *inst = *realm = '\0'; iflag = rflag = vflag = lflag = pflag = 0; lifetime = LIFE; - set_progname(argv[0]); while (--argc) { if ((*++argv)[0] != '-') { if (username) usage(); username = *argv; continue; } for (i = 1; (*argv)[i] != '\0'; i++) switch ((*argv)[i]) { case 'i': /* Instance */ ++iflag; continue; case 'r': /* Realm */ ++rflag; continue; case 'v': /* Verbose */ ++vflag; continue; case 'l': ++lflag; continue; case 'p': ++pflag; /* chpass-tickets */ lifetime = CHPASSLIFE; break; default: usage(); } } if (username && (k_errno = kname_parse(aname, inst, realm, username)) != KSUCCESS) { warnx("%s", krb_get_err_text(k_errno)); iflag = rflag = 1; username = NULL; } - if (k_gethostname(buf, MaxHostNameLen)) - err(1, "k_gethostname failed"); + if (gethostname(buf, MaxHostNameLen)) + err(1, "gethostname failed"); printf("%s (%s)\n", ORGANIZATION, buf); if (username) { printf("Kerberos Initialization for \"%s", aname); if (*inst) printf(".%s", inst); if (*realm) printf("@%s", realm); printf("\"\n"); } else { if (iflag) { printf("Kerberos Initialization\n"); printf("Kerberos name: "); get_input(name, sizeof(name), stdin); if (!*name) return 0; if ((k_errno = kname_parse(aname, inst, realm, name)) != KSUCCESS ) errx(1, "%s", krb_get_err_text(k_errno)); } else { int uid = getuid(); char *getenv(); struct passwd *pwd; /* default to current user name unless running as root */ if (uid == 0 && (username = getenv("USER")) && strcmp(username, "root") != 0) { strncpy(aname, username, sizeof(aname)); strncpy(inst, "root", sizeof(inst)); } else { pwd = getpwuid(uid); if (pwd == (struct passwd *) NULL) { fprintf(stderr, "Unknown name for your uid\n"); printf("Kerberos name: "); get_input(aname, sizeof(aname), stdin); } else strncpy(aname, pwd->pw_name, sizeof(aname)); } if (!*aname) return 0; if (!k_isname(aname)) { errx(1, "%s", "bad Kerberos name format"); } } } /* optional instance */ if (iflag) { printf("Kerberos instance: "); get_input(inst, sizeof(inst), stdin); if (!k_isinst(inst)) errx(1, "bad Kerberos instance format"); } if (rflag) { printf("Kerberos realm: "); get_input(realm, sizeof(realm), stdin); if (!k_isrealm(realm)) errx(1, "bad Kerberos realm format"); } if (lflag) { printf("Kerberos ticket lifetime (minutes): "); get_input(buf, sizeof(buf), stdin); lifetime = atoi(buf); if (lifetime < 5) lifetime = 1; else lifetime = krb_time_to_life(0, lifetime*60); /* This should be changed if the maximum ticket lifetime */ /* changes */ if (lifetime > 255) lifetime = 255; } if (!*realm && krb_get_lrealm(realm, 1)) errx(1, "krb_get_lrealm failed"); k_errno = krb_get_pw_in_tkt(aname, inst, realm, pflag ? PWSERV_NAME : KRB_TICKET_GRANTING_TICKET, pflag ? KADM_SINST : realm, lifetime, 0); if (vflag) { printf("Kerberos realm %s:\n", realm); printf("Ticket file: %s\n", tkt_string()); printf("%s\n", krb_get_err_text(k_errno)); } else if (k_errno) errx(1, "%s", krb_get_err_text(k_errno)); exit(0); } Index: stable/3/crypto/kerberosIV/kuser/klist.c =================================================================== --- stable/3/crypto/kerberosIV/kuser/klist.c (revision 62577) +++ stable/3/crypto/kerberosIV/kuser/klist.c (revision 62578) @@ -1,314 +1,395 @@ /* * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Lists your current Kerberos tickets. * Written by Bill Sommerfeld, MIT Project Athena. */ #include "kuser_locl.h" -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include #endif #ifdef HAVE_SYS_IOCCOM_H #include #endif #include -RCSID("$Id: klist.c,v 1.28 1997/05/26 17:33:50 bg Exp $"); +#include +RCSID("$Id: klist.c,v 1.44.2.2 1999/12/07 00:20:43 assar Exp $"); + static int option_verbose = 0; static char * short_date(int32_t dp) { char *cp; time_t t = (time_t)dp; if (t == (time_t)(-1L)) return "*** Never *** "; cp = ctime(&t) + 4; cp[15] = '\0'; return (cp); } +/* prints the approximate kdc time differential as something human + readable */ + static void +print_time_diff(void) +{ + int d = abs(krb_get_kdc_time_diff()); + char buf[80]; + + if ((option_verbose && d > 0) || d > 60) { + unparse_time_approx (d, buf, sizeof(buf)); + printf ("Time diff:\t%s\n", buf); + } +} + +static +int display_tktfile(char *file, int tgt_test, int long_form) { krb_principal pr; char buf1[20], buf2[20]; int k_errno; CREDENTIALS c; int header = 1; if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL)) file = TKT_FILE; if (long_form) printf("Ticket file: %s\n", file); /* * Since krb_get_tf_realm will return a ticket_file error, * we will call tf_init and tf_close first to filter out * things like no ticket file. Otherwise, the error that * the user would see would be * klist: can't find realm of ticket file: No ticket file (tf_util) * instead of * klist: No ticket file (tf_util) */ /* Open ticket file */ if ((k_errno = tf_init(file, R_TKT_FIL))) { if (!tgt_test) warnx("%s", krb_get_err_text(k_errno)); - exit(1); + return 1; } /* Close ticket file */ tf_close(); /* * We must find the realm of the ticket file here before calling * tf_init because since the realm of the ticket file is not * really stored in the principal section of the file, the * routine we use must itself call tf_init and tf_close. */ if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) { if (!tgt_test) warnx("can't find realm of ticket file: %s", krb_get_err_text(k_errno)); - exit(1); + return 1; } /* Open ticket file */ if ((k_errno = tf_init(file, R_TKT_FIL))) { if (!tgt_test) warnx("%s", krb_get_err_text(k_errno)); - exit(1); + return 1; } /* Get principal name and instance */ if ((k_errno = tf_get_pname(pr.name)) || (k_errno = tf_get_pinst(pr.instance))) { if (!tgt_test) warnx("%s", krb_get_err_text(k_errno)); - exit(1); + return 1; } /* * You may think that this is the obvious place to get the * realm of the ticket file, but it can't be done here as the * routine to do this must open the ticket file. This is why * it was done before tf_init. */ - if (!tgt_test && long_form) - printf("Principal:\t%s\n\n", krb_unparse_name(&pr)); + if (!tgt_test && long_form) { + printf("Principal:\t%s\n", krb_unparse_name(&pr)); + print_time_diff(); + printf("\n"); + } while ((k_errno = tf_get_cred(&c)) == KSUCCESS) { if (!tgt_test && long_form && header) { printf("%-15s %-15s %s%s\n", " Issued", " Expires", " Principal", option_verbose ? " (kvno)" : ""); header = 0; } if (tgt_test) { c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) && !strcmp(c.instance, pr.realm)) { if (time(0) < c.issue_date) - exit(0); /* tgt hasn't expired */ + return 0; /* tgt hasn't expired */ else - exit(1); /* has expired */ + return 1; /* has expired */ } continue; /* not a tgt */ } if (long_form) { - strcpy(buf1, short_date(c.issue_date)); + struct timeval tv; + strlcpy(buf1, + short_date(c.issue_date), + sizeof(buf1)); c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); - if (time(0) < (unsigned long) c.issue_date) - strcpy(buf2, short_date(c.issue_date)); + krb_kdctimeofday(&tv); + if (option_verbose || tv.tv_sec < (unsigned long) c.issue_date) + strlcpy(buf2, + short_date(c.issue_date), + sizeof(buf2)); else - strcpy(buf2, ">>> Expired <<<"); + strlcpy(buf2, + ">>> Expired <<<", + sizeof(buf2)); printf("%s %s ", buf1, buf2); } printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm)); if(long_form && option_verbose) printf(" (%d)", c.kvno); printf("\n"); } if (tgt_test) - exit(1); /* no tgt found */ + return 1; /* no tgt found */ if (header && long_form && k_errno == EOF) { printf("No tickets in file.\n"); } + tf_close(); + + if (long_form && krb_get_config_bool("nat_in_use")) { + char realm[REALM_SZ]; + struct in_addr addr; + + printf("-----\nNAT addresses\n"); + + /* Open ticket file (again) */ + if ((k_errno = tf_init(file, R_TKT_FIL))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + return 1; + } + + /* Get principal name and instance */ + if ((k_errno = tf_get_pname(pr.name)) || + (k_errno = tf_get_pinst(pr.instance))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + return 1; + } + + while ((k_errno = tf_get_cred_addr(realm, sizeof(realm), + &addr)) == KSUCCESS) { + printf("%s: %s\n", realm, inet_ntoa(addr)); + } + tf_close(); } + return 0; +} + /* adapted from getst() in librkb */ /* * ok_getst() takes a file descriptor, a string and a count. It reads * from the file until either it has read "count" characters, or until * it reads a null byte. When finished, what has been read exists in * the given string "s". If "count" characters were actually read, the * last is changed to a null, so the returned string is always null- * terminated. ok_getst() returns the number of characters read, including * the null terminator. * * If there is a read error, it returns -1 (like the read(2) system call) */ static int ok_getst(int fd, char *s, int n) { int count = n; int err; while ((err = read(fd, s, 1)) > 0 && --count) if (*s++ == '\0') return (n - count); if (err < 0) return(-1); *s = '\0'; return (n - count); } static void -display_tokens() +display_tokens(void) { u_int32_t i; unsigned char t[128]; struct ViceIoctl parms; - struct ClearToken ct; - int size_secret_tok, size_public_tok; parms.in = (void *)&i; parms.in_size = sizeof(i); parms.out = (void *)t; parms.out_size = sizeof(t); for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) { - char *cell; - memcpy(&size_secret_tok, t, 4); - memcpy(&size_public_tok, t + 4 + size_secret_tok, 4); - memcpy(&ct, t + 4 + size_secret_tok + 4, size_public_tok); - cell = t + 4 + size_secret_tok + 4 + size_public_tok + 4; + int32_t size_secret_tok, size_public_tok; + const char *cell; + struct ClearToken ct; + const unsigned char *r = t; + struct timeval tv; + char buf1[20], buf2[20]; - printf("%-15s ", short_date(ct.BeginTimestamp)); - printf("%-15s ", short_date(ct.EndTimestamp)); + memcpy(&size_secret_tok, r, sizeof(size_secret_tok)); + /* dont bother about the secret token */ + r += size_secret_tok + sizeof(size_secret_tok); + memcpy(&size_public_tok, r, sizeof(size_public_tok)); + r += sizeof(size_public_tok); + memcpy(&ct, r, size_public_tok); + r += size_public_tok; + /* there is a int32_t with length of cellname, but we dont read it */ + r += sizeof(int32_t); + cell = (const char *)r; + + krb_kdctimeofday (&tv); + strlcpy (buf1, short_date(ct.BeginTimestamp), sizeof(buf1)); + if (option_verbose || tv.tv_sec < ct.EndTimestamp) + strlcpy (buf2, short_date(ct.EndTimestamp), sizeof(buf2)); + else + strlcpy (buf2, ">>> Expired <<<", sizeof(buf2)); + + printf("%s %s ", buf1, buf2); + if ((ct.EndTimestamp - ct.BeginTimestamp) & 1) printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell); else printf("Tokens for %s", cell); if (option_verbose) printf(" (%d)", ct.AuthHandle); putchar('\n'); } } static void display_srvtab(char *file) { int stab; char serv[SNAME_SZ]; char inst[INST_SZ]; char rlm[REALM_SZ]; unsigned char key[8]; unsigned char vno; int count; printf("Server key file: %s\n", file); if ((stab = open(file, O_RDONLY, 0400)) < 0) { perror(file); exit(1); } printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm", "Key Version"); printf("------------------------------------------------------\n"); /* argh. getst doesn't return error codes, it silently fails */ while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0) && ((count = ok_getst(stab, inst, INST_SZ)) > 0) && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) { if (((count = read(stab, &vno,1)) != 1) || ((count = read(stab, key,8)) != 8)) { if (count < 0) err(1, "reading from key file"); else errx(1, "key file truncated"); } printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno); } if (count < 0) warn(file); close(stab); } static void usage(void) { fprintf(stderr, "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n", __progname); exit(1); } /* ARGSUSED */ int main(int argc, char **argv) { int long_form = 1; int tgt_test = 0; int do_srvtab = 0; int do_tokens = 0; char *tkt_file = NULL; + int eval; set_progname(argv[0]); while (*(++argv)) { if (!strcmp(*argv, "-v")) { option_verbose = 1; continue; } if (!strcmp(*argv, "-s")) { long_form = 0; continue; } if (!strcmp(*argv, "-t")) { tgt_test = 1; long_form = 0; continue; } if (strcmp(*argv, "-tokens") == 0 || strcmp(*argv, "-T") == 0) { do_tokens = k_hasafs(); continue; } if (!strcmp(*argv, "-l")) { /* now default */ continue; } if (!strncmp(*argv, "-f", 2)) { if (*(++argv)) { tkt_file = *argv; continue; } else usage(); } if (!strcmp(*argv, "-srvtab")) { if (tkt_file == NULL) /* if no other file spec'ed, set file to default srvtab */ - tkt_file = KEYFILE; + tkt_file = (char *)KEYFILE; do_srvtab = 1; continue; } usage(); } + eval = 0; if (do_srvtab) display_srvtab(tkt_file); else - display_tktfile(tkt_file, tgt_test, long_form); - if (long_form && do_tokens) + eval = display_tktfile(tkt_file, tgt_test, long_form); + if (long_form && do_tokens){ + printf("\nAFS tokens:\n"); display_tokens(); - exit(0); + } + exit(eval); } Index: stable/3/crypto/kerberosIV/kuser/kuser_locl.h =================================================================== --- stable/3/crypto/kerberosIV/kuser/kuser_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/kuser/kuser_locl.h (revision 62578) @@ -1,86 +1,81 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: kuser_locl.h,v 1.10 1997/05/20 18:40:43 bg Exp $ */ +/* $Id: kuser_locl.h,v 1.11 1999/12/02 16:58:37 joda Exp $ */ #include "config.h" #include "protos.h" #include #include #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #include #ifdef HAVE_SYS_FILE_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_PWD_H #include #endif #ifdef SOCKS #include #endif #include #include #include #include #include #include Index: stable/3/crypto/kerberosIV/lib/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/lib/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/lib/Makefile.in (revision 62578) @@ -1,46 +1,48 @@ # -# $Id: Makefile.in,v 1.21 1997/05/20 18:58:40 bg Exp $ +# $Id: Makefile.in,v 1.27 1998/04/05 10:27:59 assar Exp $ # srcdir = @srcdir@ VPATH = @srcdir@ SHELL = /bin/sh @SET_MAKE@ -SUBDIRS = des krb kdb kadm acl kafs roken otp auth sl editline +SUBDIRS = roken com_err des krb kdb kadm acl kafs auth editline sl @LIB_SUBDIRS@ all: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) all); done Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" install: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) install); done uninstall: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done check: all for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) check); done clean: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) clean); done mostlyclean: clean distclean: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done rm -f Makefile config.status *~ realclean: for i in $(SUBDIRS); \ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/lib/acl/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/lib/acl/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/lib/acl/Makefile.in (revision 62578) @@ -1,84 +1,86 @@ # -# $Id: Makefile.in,v 1.21 1997/05/06 03:46:37 assar Exp $ +# $Id: Makefile.in,v 1.29 1999/03/10 19:01:14 joda Exp $ # SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar +LN_S = @LN_S@ RANLIB = @RANLIB@ -DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +DEFS = @DEFS@ -DROKEN_RENAME +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ PICFLAGS = # @PICFLAGS@ LIBNAME = $(LIBPREFIX)acl #LIBEXT = @LIBEXT@ Always build archive library! LIBEXT = a LIBPREFIX = @LIBPREFIX@ SHLIBEXT = @SHLIBEXT@ LDSHARED = @LDSHARED@ LIB = $(LIBNAME).$(LIBEXT) SOURCES = acl_files.c OBJECTS = acl_files.o all: $(LIB) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + $(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(PICFLAGS) $(CPPFLAGS) $< install: all - $(MKINSTALLDIRS) $(libdir) - $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) uninstall: - rm -f $(libdir)/$(LIB) + rm -f $(DESTDIR)$(libdir)/$(LIB) TAGS: $(SOURCES) etags $(SOURCES) check: clean: rm -f $(LIB) *.o *.a mostlyclean: clean distclean: clean - rm -f Makefile *.tab.c *~ + rm -f Makefile *.tab.c *~ roken_rename.h realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - $(LIBNAME).a: $(OBJECTS) rm -f $@ $(AR) cr $@ $(OBJECTS) -$(RANLIB) $@ $(LIBNAME).$(SHLIBEXT): $(OBJECTS) rm -f $@ $(LDSHARED) -o $@ $(OBJECTS) -$(OBJECTS): ../../include/config.h +$(OBJECTS): ../../include/config.h roken_rename.h + +roken_rename.h: + $(LN_S) $(srcdir)/../krb/roken_rename.h . + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/lib/acl/acl.h =================================================================== --- stable/3/crypto/kerberosIV/lib/acl/acl.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/acl/acl.h (revision 62578) @@ -1,53 +1,46 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: acl.h,v 1.5 1997/04/01 08:17:52 joda Exp $ */ +/* $Id: acl.h,v 1.7 1999/12/02 16:58:37 joda Exp $ */ #ifndef __ACL_H #define __ACL_H - -#include void acl_canonicalize_principal __P((char *principal, char *canon)); int acl_initialize __P((char *acl_file, int perm)); int acl_exact_match __P((char *acl, char *principal)); int acl_check __P((char *acl, char *principal)); int acl_add __P((char *acl, char *principal)); int acl_delete __P((char *acl, char *principal)); #endif /* __ACL_H */ Index: stable/3/crypto/kerberosIV/lib/acl/acl_files.c =================================================================== --- stable/3/crypto/kerberosIV/lib/acl/acl_files.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/acl/acl_files.c (revision 62578) @@ -1,540 +1,510 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "config.h" #include "protos.h" -RCSID("$Id: acl_files.c,v 1.10 1997/05/02 14:28:56 assar Exp $"); +RCSID("$Id: acl_files.c,v 1.14 1999/09/16 20:41:43 assar Exp $"); #include #include #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #include #ifdef HAVE_FCNTL_H #include #endif #ifdef HAVE_SYS_FILE_H #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #include #include #include #include #include /*** Routines for manipulating access control list files ***/ /* "aname.inst@realm" */ #define MAX_PRINCIPAL_SIZE (ANAME_SZ + INST_SZ + REALM_SZ + 3) #define INST_SEP '.' #define REALM_SEP '@' #define LINESIZE 2048 /* Maximum line length in an acl file */ #define NEW_FILE "%s.~NEWACL~" /* Format for name of altered acl file */ #define WAIT_TIME 300 /* Maximum time allowed write acl file */ #define CACHED_ACLS 8 /* How many acls to cache */ /* Each acl costs 1 open file descriptor */ #define ACL_LEN 16 /* Twice a reasonable acl length */ #define COR(a,b) ((a!=NULL)?(a):(b)) -/* Canonicalize a principal name */ -/* If instance is missing, it becomes "" */ -/* If realm is missing, it becomes the local realm */ -/* Canonicalized form is put in canon, which must be big enough to hold - MAX_PRINCIPAL_SIZE characters */ +/* + * Canonicalize a principal name. + * If instance is missing, it becomes "" + * If realm is missing, it becomes the local realm + * Canonicalized form is put in canon, which must be big enough to + * hold MAX_PRINCIPAL_SIZE characters + * + */ + void acl_canonicalize_principal(char *principal, char *canon) { - char *dot, *atsign, *end; - int len; - - dot = strchr(principal, INST_SEP); - atsign = strchr(principal, REALM_SEP); - - /* Maybe we're done already */ - if(dot != NULL && atsign != NULL) { - if(dot < atsign) { - /* It's for real */ - /* Copy into canon */ - strncpy(canon, principal, MAX_PRINCIPAL_SIZE); - canon[MAX_PRINCIPAL_SIZE-1] = '\0'; + krb_principal princ; + int ret; + ret = krb_parse_name(principal, &princ); + if(ret) { /* ? */ + *canon = '\0'; return; - } else { - /* Nope, it's part of the realm */ - dot = NULL; - } } - - /* No such luck */ - end = principal + strlen(principal); - - /* Get the principal name */ - len = min(ANAME_SZ, COR(dot, COR(atsign, end)) - principal); - strncpy(canon, principal, len); - canon += len; - - /* Add INST_SEP */ - *canon++ = INST_SEP; - - /* Get the instance, if it exists */ - if(dot != NULL) { - ++dot; - len = min(INST_SZ, COR(atsign, end) - dot); - strncpy(canon, dot, len); - canon += len; - } - - /* Add REALM_SEP */ - *canon++ = REALM_SEP; - - /* Get the realm, if it exists */ - /* Otherwise, default to local realm */ - if(atsign != NULL) { - ++atsign; - len = min(REALM_SZ, end - atsign); - strncpy(canon, atsign, len); - canon += len; - *canon++ = '\0'; - } else if(krb_get_lrealm(canon, 1) != KSUCCESS) { - strcpy(canon, KRB_REALM); - } + if(princ.realm[0] == '\0') + krb_get_lrealm(princ.realm, 1); + krb_unparse_name_r(&princ, canon); } /* Get a lock to modify acl_file */ /* Return new FILE pointer */ /* or NULL if file cannot be modified */ /* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */ static FILE *acl_lock_file(char *acl_file) { struct stat s; char new[LINESIZE]; int nfd; FILE *nf; int mode; if(stat(acl_file, &s) < 0) return(NULL); mode = s.st_mode; snprintf(new, sizeof(new), NEW_FILE, acl_file); for(;;) { /* Open the new file */ if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) { if(errno == EEXIST) { /* Maybe somebody got here already, maybe it's just old */ if(stat(new, &s) < 0) return(NULL); if(time(0) - s.st_ctime > WAIT_TIME) { /* File is stale, kill it */ unlink(new); continue; } else { /* Wait and try again */ sleep(1); continue; } } else { /* Some other error, we lose */ return(NULL); } } /* If we got to here, the lock file is ours and ok */ /* Reopen it under stdio */ if((nf = fdopen(nfd, "w")) == NULL) { /* Oops, clean up */ unlink(new); } return(nf); } } /* Abort changes to acl_file written onto FILE *f */ /* Returns 0 if successful, < 0 otherwise */ /* Closes f */ static int acl_abort(char *acl_file, FILE *f) { char new[LINESIZE]; int ret; struct stat s; /* make sure we aren't nuking someone else's file */ if(fstat(fileno(f), &s) < 0 || s.st_nlink == 0) { fclose(f); return(-1); } else { snprintf(new, sizeof(new), NEW_FILE, acl_file); ret = unlink(new); fclose(f); return(ret); } } /* Commit changes to acl_file written onto FILE *f */ /* Returns zero if successful */ /* Returns > 0 if lock was broken */ /* Returns < 0 if some other error occurs */ /* Closes f */ static int acl_commit(char *acl_file, FILE *f) { char new[LINESIZE]; int ret; struct stat s; snprintf(new, sizeof(new), NEW_FILE, acl_file); if(fflush(f) < 0 || fstat(fileno(f), &s) < 0 || s.st_nlink == 0) { acl_abort(acl_file, f); return(-1); } ret = rename(new, acl_file); fclose(f); return(ret); } /* Initialize an acl_file */ /* Creates the file with permissions perm if it does not exist */ /* Erases it if it does */ /* Returns return value of acl_commit */ int acl_initialize(char *acl_file, int perm) { FILE *new; int fd; /* Check if the file exists already */ if((new = acl_lock_file(acl_file)) != NULL) { return(acl_commit(acl_file, new)); } else { /* File must be readable and writable by owner */ if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) { return(-1); } else { close(fd); return(0); } } } /* Eliminate all whitespace character in buf */ /* Modifies its argument */ static void nuke_whitespace(char *buf) { - char *pin, *pout; + unsigned char *pin, *pout; - for(pin = pout = buf; *pin != '\0'; pin++) - if(!isspace(*pin)) *pout++ = *pin; + for(pin = pout = (unsigned char *)buf; *pin != '\0'; pin++) + if(!isspace(*pin)) + *pout++ = *pin; *pout = '\0'; /* Terminate the string */ } /* Hash table stuff */ struct hashtbl { int size; /* Max number of entries */ int entries; /* Actual number of entries */ char **tbl; /* Pointer to start of table */ }; /* Make an empty hash table of size s */ static struct hashtbl * make_hash(int size) { struct hashtbl *h; if(size < 1) size = 1; h = (struct hashtbl *) malloc(sizeof(struct hashtbl)); + if (h == NULL) + return NULL; h->size = size; h->entries = 0; h->tbl = (char **) calloc(size, sizeof(char *)); + if (h->tbl == NULL) { + free (h); + return NULL; + } return(h); } /* Destroy a hash table */ static void destroy_hash(struct hashtbl *h) { int i; for(i = 0; i < h->size; i++) { if(h->tbl[i] != NULL) free(h->tbl[i]); } free(h->tbl); free(h); } /* Compute hash value for a string */ static unsigned int hashval(char *s) { unsigned hv; for(hv = 0; *s != '\0'; s++) { hv ^= ((hv << 3) ^ *s); } return(hv); } /* Add an element to a hash table */ static void add_hash(struct hashtbl *h, char *el) { unsigned hv; char *s; char **old; int i; /* Make space if it isn't there already */ if(h->entries + 1 > (h->size >> 1)) { old = h->tbl; h->tbl = (char **) calloc(h->size << 1, sizeof(char *)); for(i = 0; i < h->size; i++) { if(old[i] != NULL) { hv = hashval(old[i]) % (h->size << 1); while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1); h->tbl[hv] = old[i]; } } h->size = h->size << 1; free(old); } hv = hashval(el) % h->size; while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size; s = strdup(el); + if (s != NULL) { h->tbl[hv] = s; h->entries++; } +} /* Returns nonzero if el is in h */ static int check_hash(struct hashtbl *h, char *el) { unsigned hv; for(hv = hashval(el) % h->size; h->tbl[hv] != NULL; hv = (hv + 1) % h->size) { if(!strcmp(h->tbl[hv], el)) return(1); } return(0); } struct acl { char filename[LINESIZE]; /* Name of acl file */ int fd; /* File descriptor for acl file */ struct stat status; /* File status at last read */ struct hashtbl *acl; /* Acl entries */ }; static struct acl acl_cache[CACHED_ACLS]; static int acl_cache_count = 0; static int acl_cache_next = 0; /* Returns < 0 if unsuccessful in loading acl */ /* Returns index into acl_cache otherwise */ /* Note that if acl is already loaded, this is just a lookup */ static int acl_load(char *name) { int i; FILE *f; struct stat s; char buf[MAX_PRINCIPAL_SIZE]; char canon[MAX_PRINCIPAL_SIZE]; /* See if it's there already */ for(i = 0; i < acl_cache_count; i++) { if(!strcmp(acl_cache[i].filename, name) && acl_cache[i].fd >= 0) goto got_it; } /* It isn't, load it in */ /* maybe there's still room */ if(acl_cache_count < CACHED_ACLS) { i = acl_cache_count++; } else { /* No room, clean one out */ i = acl_cache_next; acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS; close(acl_cache[i].fd); if(acl_cache[i].acl) { destroy_hash(acl_cache[i].acl); acl_cache[i].acl = (struct hashtbl *) 0; } } /* Set up the acl */ - strcpy(acl_cache[i].filename, name); + strlcpy(acl_cache[i].filename, name, LINESIZE); if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); /* Force reload */ acl_cache[i].acl = (struct hashtbl *) 0; got_it: /* * See if the stat matches * * Use stat(), not fstat(), as the file may have been re-created by * acl_add or acl_delete. If this happens, the old inode will have * no changes in the mod-time and the following test will fail. */ if(stat(acl_cache[i].filename, &s) < 0) return(-1); if(acl_cache[i].acl == (struct hashtbl *) 0 || s.st_nlink != acl_cache[i].status.st_nlink || s.st_mtime != acl_cache[i].status.st_mtime || s.st_ctime != acl_cache[i].status.st_ctime) { /* Gotta reload */ if(acl_cache[i].fd >= 0) close(acl_cache[i].fd); if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1); if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl); acl_cache[i].acl = make_hash(ACL_LEN); while(fgets(buf, sizeof(buf), f) != NULL) { nuke_whitespace(buf); acl_canonicalize_principal(buf, canon); add_hash(acl_cache[i].acl, canon); } fclose(f); acl_cache[i].status = s; } return(i); } /* Returns nonzero if it can be determined that acl contains principal */ /* Principal is not canonicalized, and no wildcarding is done */ int acl_exact_match(char *acl, char *principal) { int idx; return((idx = acl_load(acl)) >= 0 && check_hash(acl_cache[idx].acl, principal)); } /* Returns nonzero if it can be determined that acl contains principal */ /* Recognizes wildcards in acl of the form name.*@realm, *.*@realm, and *.*@* */ int acl_check(char *acl, char *principal) { char buf[MAX_PRINCIPAL_SIZE]; char canon[MAX_PRINCIPAL_SIZE]; char *realm; acl_canonicalize_principal(principal, canon); /* Is it there? */ if(acl_exact_match(acl, canon)) return(1); /* Try the wildcards */ realm = strchr(canon, REALM_SEP); *strchr(canon, INST_SEP) = '\0'; /* Chuck the instance */ snprintf(buf, sizeof(buf), "%s.*%s", canon, realm); if(acl_exact_match(acl, buf)) return(1); snprintf(buf, sizeof(buf), "*.*%s", realm); if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1); return(0); } /* Adds principal to acl */ /* Wildcards are interpreted literally */ int acl_add(char *acl, char *principal) { int idx; int i; FILE *new; char canon[MAX_PRINCIPAL_SIZE]; acl_canonicalize_principal(principal, canon); if((new = acl_lock_file(acl)) == NULL) return(-1); if((acl_exact_match(acl, canon)) || (idx = acl_load(acl)) < 0) { acl_abort(acl, new); return(-1); } /* It isn't there yet, copy the file and put it in */ for(i = 0; i < acl_cache[idx].acl->size; i++) { if(acl_cache[idx].acl->tbl[i] != NULL) { if(fputs(acl_cache[idx].acl->tbl[i], new) == EOF || putc('\n', new) != '\n') { acl_abort(acl, new); return(-1); } } } fputs(canon, new); putc('\n', new); return(acl_commit(acl, new)); } /* Removes principal from acl */ /* Wildcards are interpreted literally */ int acl_delete(char *acl, char *principal) { int idx; int i; FILE *new; char canon[MAX_PRINCIPAL_SIZE]; acl_canonicalize_principal(principal, canon); if((new = acl_lock_file(acl)) == NULL) return(-1); if((!acl_exact_match(acl, canon)) || (idx = acl_load(acl)) < 0) { acl_abort(acl, new); return(-1); } /* It isn't there yet, copy the file and put it in */ for(i = 0; i < acl_cache[idx].acl->size; i++) { if(acl_cache[idx].acl->tbl[i] != NULL && strcmp(acl_cache[idx].acl->tbl[i], canon)) { fputs(acl_cache[idx].acl->tbl[i], new); putc('\n', new); } } return(acl_commit(acl, new)); } Index: stable/3/crypto/kerberosIV/lib/kadm/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/lib/kadm/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kadm/Makefile.in (revision 62578) @@ -1,92 +1,125 @@ # -# $Id: Makefile.in,v 1.30 1997/05/06 03:47:28 assar Exp $ +# $Id: Makefile.in,v 1.47 1998/10/13 16:50:44 joda Exp $ # SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ LN_S = @LN_S@ -DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +DEFS = @DEFS@ -DROKEN_RENAME +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs -COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c +COMPILE_ET = ../com_err/compile_et prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ +top_builddir = ../.. + +includedir = @includedir@ + +incdir = $(includedir) +inc_DATA = kadm_err.h +idir = $(top_builddir)/include + PICFLAGS = @PICFLAGS@ +@lib_deps_yes@LIB_DEPS = -L../krb -lkrb \ +@lib_deps_yes@ -L../des -ldes \ +@lib_deps_yes@ -lc +@lib_deps_no@LIB_DEPS = + +build_symlink_command = @build_symlink_command@ +install_symlink_command = @install_symlink_command@ + LIBNAME = $(LIBPREFIX)kadm LIBEXT = @LIBEXT@ LIBPREFIX = @LIBPREFIX@ EXECSUFFIX = @EXECSUFFIX@ SHLIBEXT = @SHLIBEXT@ LDSHARED = @LDSHARED@ LIB = $(LIBNAME).$(LIBEXT) -SOURCES = kadm_cli_wrap.c kadm_err.c kadm_stream.c kadm_supp.c +SOURCES = kadm_cli_wrap.c kadm_err.c kadm_stream.c kadm_supp.c check_password.c -OBJECTS = kadm_cli_wrap.o kadm_err.o kadm_stream.o kadm_supp.o +OBJECTS = kadm_cli_wrap.o kadm_err.o kadm_stream.o kadm_supp.o check_password.o -all: $(LIB) +all: $(LIB) all-local Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + $(CC) -c $(DEFS) -I. -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $< install: all - $(MKINSTALLDIRS) $(libdir) - $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) + @install_symlink_command@ + $(MKINSTALLDIRS) $(DESTDIR)$(includedir) + @for i in $(inc_DATA); do \ + echo " $(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i";\ + $(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i; done uninstall: - rm -f $(libdir)/$(LIB) + rm -f $(DESTDIR)$(libdir)/$(LIB) + @for i in $(inc_DATA); do \ + echo " rm -f $(DESTDIR)$(incdir)/$$i";\ + rm -f $(DESTDIR)$(incdir)/$$i; done TAGS: $(SOURCES) etags $(SOURCES) check: clean: - rm -f $(LIB) *.o *.a kadm_err.c kadm_err.h + rm -f $(LIB) *.o *.a *.so *.so.* so_locations kadm_err.c kadm_err.h mostlyclean: clean distclean: clean - rm -f Makefile *.tab.c *~ + rm -f Makefile *.tab.c *~ roken_rename.h realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - $(LIBNAME).a: $(OBJECTS) rm -f $@ $(AR) cr $@ $(OBJECTS) -$(RANLIB) $@ $(LIBNAME).$(SHLIBEXT): $(OBJECTS) rm -f $@ - $(LDSHARED) -o $@ $(OBJECTS) + $(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS) + @build_symlink_command@ -kadm_err.c kadm_err.h: kadm_err.et - test -r kadm_err.et || (rm -f kadm_err.et && $(LN_S) $(srcdir)/kadm_err.et .) - $(COMPILE_ET) kadm_err.et +kadm_err.c kadm_err.h: $(srcdir)/kadm_err.et + $(COMPILE_ET) $(srcdir)/kadm_err.et -$(OBJECTS): ../../include/config.h +$(OBJECTS): ../../include/config.h roken_rename.h $(OBJECTS): kadm_err.h kadm_locl.h + +roken_rename.h: + $(LN_S) $(srcdir)/../krb/roken_rename.h . + +all-local: $(inc_DATA) + @for i in $(inc_DATA); do \ + if cmp -s $$i $(idir)/$$i 2> /dev/null ; then :; else\ + echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \ + $(INSTALL_DATA) $$i $(idir)/$$i; \ + fi ; \ + done + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean all-local Index: stable/3/crypto/kerberosIV/lib/kadm/kadm.h =================================================================== --- stable/3/crypto/kerberosIV/lib/kadm/kadm.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kadm/kadm.h (revision 62578) @@ -1,143 +1,156 @@ /* - * $Id: kadm.h,v 1.12 1996/11/17 20:04:39 assar Exp $ + * $Id: kadm.h,v 1.17 1998/10/23 14:25:55 joda Exp $ * * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Definitions for Kerberos administration server & client */ #ifndef KADM_DEFS #define KADM_DEFS /* * kadm.h * Header file for the fourth attempt at an admin server * Doug Church, December 28, 1989, MIT Project Athena */ #include /* The global structures for the client and server */ typedef struct { struct sockaddr_in admin_addr; struct sockaddr_in my_addr; int my_addr_len; int admin_fd; /* file descriptor for link to admin server */ char sname[ANAME_SZ]; /* the service name */ char sinst[INST_SZ]; /* the services instance */ char krbrlm[REALM_SZ]; } Kadm_Client; typedef struct { /* status of the server, i.e the parameters */ int inter; /* Space for command line flags */ char *sysfile; /* filename of server */ } admin_params; /* Well... it's the admin's parameters */ /* Largest password length to be supported */ #define MAX_KPW_LEN 128 /* Minimum allowed password length */ #define MIN_KPW_LEN 6 /* Largest packet the admin server will ever allow itself to return */ #define KADM_RET_MAX 2048 /* That's right, versions are 8 byte strings */ #define KADM_VERSTR "KADM0.0A" #define KADM_ULOSE "KYOULOSE" /* sent back when server can't decrypt client's msg */ #define KADM_VERSIZE strlen(KADM_VERSTR) /* the lookups for the server instances */ #define PWSERV_NAME "changepw" #define KADM_SNAME "kerberos_master" #define KADM_PORT 751 #define KADM_SINST "kerberos" /* Attributes fields constants and macros */ #define ALLOC 2 #define RESERVED 3 #define DEALLOC 4 #define DEACTIVATED 5 #define ACTIVE 6 /* Kadm_vals structure for passing db fields into the server routines */ #define FLDSZ 4 +/* XXX enable new extended kadm fields */ +#define EXTENDED_KADM 1 + typedef struct { u_int8_t fields[FLDSZ]; /* The active fields in this struct */ char name[ANAME_SZ]; char instance[INST_SZ]; u_int32_t key_low; u_int32_t key_high; u_int32_t exp_date; u_int16_t attributes; u_int8_t max_life; +#ifdef EXTENDED_KADM + u_int32_t mod_date; + char mod_name[ANAME_SZ]; + char mod_instance[INST_SZ]; + u_int8_t key_version; +#endif } Kadm_vals; /* The basic values structure in Kadm */ -/* Kadm_vals structure for passing db fields into the server routines */ -#define FLDSZ 4 - /* Need to define fields types here */ #define KADM_NAME 31 #define KADM_INST 30 #define KADM_EXPDATE 29 #define KADM_ATTR 28 #define KADM_MAXLIFE 27 #define KADM_DESKEY 26 +#ifdef EXTENDED_KADM +#define KADM_MODDATE 25 +#define KADM_MODNAME 24 +#define KADM_MODINST 23 +#define KADM_KVNO 22 +#endif + /* To set a field entry f in a fields structure d */ #define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) /* To set a field entry f in a fields structure d */ #define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) /* Is field f in fields structure d */ #define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) /* Various return codes */ #define KADM_SUCCESS 0 #define WILDCARD_STR "*" enum acl_types { ADDACL, GETACL, MODACL, STABACL, /* not used */ DELACL }; /* Various opcodes for the admin server's functions */ #define CHANGE_PW 2 #define ADD_ENT 3 #define MOD_ENT 4 #define GET_ENT 5 #define CHECK_PW 6 /* not used */ #define CHG_STAB 7 /* not used */ #define DEL_ENT 8 void prin_vals __P((Kadm_vals *)); int stv_long __P((u_char *, u_int32_t *, int, int)); int vts_long __P((u_int32_t, u_char **, int)); int vts_string __P((char *, u_char **, int)); int stv_string __P((u_char *, char *, int, int, int)); int stream_to_vals __P((u_char *, Kadm_vals *, int)); int vals_to_stream __P((Kadm_vals *, u_char **)); int kadm_init_link __P((char *, char *, char *)); int kadm_change_pw __P((unsigned char *)); int kadm_change_pw_plain __P((unsigned char *, char *, char**)); +int kadm_change_pw2 __P((unsigned char *, char *, char**)); int kadm_mod __P((Kadm_vals *, Kadm_vals *)); int kadm_get __P((Kadm_vals *, u_char *)); int kadm_add __P((Kadm_vals *)); int kadm_del __P((Kadm_vals *)); void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *)); void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *)); - - +int kadm_check_pw __P((const char*)); #endif /* KADM_DEFS */ Index: stable/3/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c (revision 62578) @@ -1,545 +1,625 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * Kerberos administration server client-side routines */ /* * kadm_cli_wrap.c the client side wrapping of the calls to the admin server */ #include "kadm_locl.h" -RCSID("$Id: kadm_cli_wrap.c,v 1.21 1997/05/02 10:28:11 joda Exp $"); +RCSID("$Id: kadm_cli_wrap.c,v 1.27 1999/09/16 20:41:46 assar Exp $"); -#ifndef NULL -#define NULL 0 -#endif - static Kadm_Client client_parm; /* Macros for use in returning data... used in kadm_cli_send */ -#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;} +#define RET_N_FREE(r) {clear_secrets(); free(act_st); free(priv_pak); return r;} /* Keys for use in the transactions */ static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ static des_key_schedule sess_sched; static void clear_secrets(void) { memset(sess_key, 0, sizeof(sess_key)); memset(sess_sched, 0, sizeof(sess_sched)); - return; } static RETSIGTYPE (*opipe)(); static void kadm_cli_disconn(void) { close(client_parm.admin_fd); signal(SIGPIPE, opipe); - return; } /* * kadm_init_link * receives : name, inst, realm * * initializes client parm, the Kadm_Client structure which holds the * data about the connection between the server and client, the services * used, the locations and other fun things */ int kadm_init_link(char *n, char *i, char *r) { struct hostent *hop; /* host we will talk to */ char adm_hostname[MaxHostNameLen]; init_kadm_err_tbl(); init_krb_err_tbl(); - strcpy(client_parm.sname, n); - strcpy(client_parm.sinst, i); - strcpy(client_parm.krbrlm, r); + strlcpy(client_parm.sname, n, ANAME_SZ); + strlcpy(client_parm.sinst, i, INST_SZ); + strlcpy(client_parm.krbrlm, r, REALM_SZ); client_parm.admin_fd = -1; /* set up the admin_addr - fetch name of admin host */ if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS) return KADM_NO_HOST; if ((hop = gethostbyname(adm_hostname)) == NULL) return KADM_UNK_HOST; memset(&client_parm.admin_addr, 0, sizeof(client_parm.admin_addr)); client_parm.admin_addr.sin_port = k_getportbyname(KADM_SNAME, "tcp", htons(KADM_PORT)); client_parm.admin_addr.sin_family = hop->h_addrtype; memcpy(&client_parm.admin_addr.sin_addr, hop->h_addr, sizeof(client_parm.admin_addr.sin_addr)); return KADM_SUCCESS; } static int kadm_cli_conn(void) { /* this connects and sets my_addr */ - int on = 1; + client_parm.admin_fd = + socket(client_parm.admin_addr.sin_family, SOCK_STREAM, 0); - if ((client_parm.admin_fd = - socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0) - return KADM_NO_SOCK; /* couldnt create the socket */ + if (client_parm.admin_fd < 0) + return KADM_NO_SOCK; /* couldn't create the socket */ if (connect(client_parm.admin_fd, (struct sockaddr *) & client_parm.admin_addr, sizeof(client_parm.admin_addr))) { close(client_parm.admin_fd); client_parm.admin_fd = -1; - return KADM_NO_CONN; /* couldnt get the connect */ + return KADM_NO_CONN; /* couldn't get the connect */ } opipe = signal(SIGPIPE, SIG_IGN); client_parm.my_addr_len = sizeof(client_parm.my_addr); if (getsockname(client_parm.admin_fd, (struct sockaddr *) & client_parm.my_addr, &client_parm.my_addr_len) < 0) { close(client_parm.admin_fd); client_parm.admin_fd = -1; signal(SIGPIPE, opipe); - return KADM_NO_HERE; /* couldnt find out who we are */ + return KADM_NO_HERE; /* couldn't find out who we are */ } #if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + { + int on = 1; + if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0) { close(client_parm.admin_fd); client_parm.admin_fd = -1; signal(SIGPIPE, opipe); return KADM_NO_CONN; /* XXX */ } + } #endif return KADM_SUCCESS; } /* takes in the sess_key and key_schedule and sets them appropriately */ static int -kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s) - /* session key */ - /* session key schedule */ +kadm_cli_keyd(des_cblock (*s_k), /* session key */ + struct des_ks_struct *s_s) /* session key schedule */ { CREDENTIALS cred; /* to get key data */ int stat; /* want .sname and .sinst here.... */ if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst, client_parm.krbrlm, &cred))) return stat + krb_err_base; memcpy(s_k, cred.session, sizeof(des_cblock)); memset(cred.session, 0, sizeof(des_cblock)); #ifdef NOENCRYPTION memset(s_s, 0, sizeof(des_key_schedule)); #else if ((stat = des_key_sched(s_k,s_s))) - return(stat+krb_err_base); + return stat+krb_err_base; #endif return KADM_SUCCESS; } /* This code "works" */ static int kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz) { u_int16_t dlen; int retval; char tmp[4]; dlen = (u_int16_t) dat_len; if (dat_len != (int)dlen) return (KADM_NO_ROOM); tmp[0] = (dlen >> 8) & 0xff; tmp[1] = dlen & 0xff; if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2) return (errno); /* XXX */ - if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0) + if (krb_net_write(client_parm.admin_fd, dat, dat_len) < 0) return (errno); /* XXX */ if ((retval = krb_net_read(client_parm.admin_fd, tmp, 2)) != 2){ if (retval < 0) return(errno); /* XXX */ else return(EPIPE); /* short read ! */ } dlen = (tmp[0] << 8) | tmp[1]; - *ret_dat = (u_char *)malloc((unsigned)dlen); - if (!*ret_dat) + *ret_dat = malloc(dlen); + if (*ret_dat == NULL) return(KADM_NOMEM); if ((retval = krb_net_read(client_parm.admin_fd, *ret_dat, dlen) != dlen)) { if (retval < 0) return(errno); /* XXX */ else return(EPIPE); /* short read ! */ } *ret_siz = (int) dlen; return KADM_SUCCESS; } /* * kadm_cli_send * recieves : opcode, packet, packet length, serv_name, serv_inst * returns : return code from the packet build, the server, or * something else * * It assembles a packet as follows: * 8 bytes : VERSION STRING * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE * : KTEXT * : OPCODE \ * : DATA > Encrypted (with make priv) * : ...... / * * If it builds the packet and it is small enough, then it attempts to open the * connection to the admin server. If the connection is succesfully open * then it sends the data and waits for a reply. */ static int -kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz) - /* the actual data */ - /* length of said data */ - /* to give return info */ - /* length of returned info */ +kadm_cli_send(u_char *st_dat, /* the actual data */ + int st_siz, /* length of said data */ + u_char **ret_dat, /* to give return info */ + int *ret_siz) /* length of returned info */ { int act_len, retdat; /* current offset into packet, return * data */ KTEXT_ST authent; /* the authenticator we will build */ u_char *act_st; /* the pointer to the complete packet */ u_char *priv_pak; /* private version of the packet */ int priv_len; /* length of private packet */ u_int32_t cksum; /* checksum of the packet */ MSG_DAT mdat; u_char *return_dat; + int tmp; + void *tmp_ptr; - act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */ - strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); + act_st = malloc(KADM_VERSIZE); /* verstr stored first */ + if (act_st == NULL) { + clear_secrets (); + return KADM_NOMEM; + } + memcpy(act_st, KADM_VERSTR, KADM_VERSIZE); act_len = KADM_VERSIZE; if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) { free(act_st); + clear_secrets(); return retdat; /* couldnt get key working */ } - priv_pak = (u_char *) malloc((unsigned)(st_siz + 200)); + priv_pak = malloc(st_siz + 200); /* 200 bytes for extra info case */ - if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_int32_t)st_siz, + if (priv_pak == NULL) { + free(act_st); + clear_secrets (); + return KADM_NOMEM; + } + priv_len = krb_mk_priv(st_dat, priv_pak, st_siz, sess_sched, &sess_key, &client_parm.my_addr, - &client_parm.admin_addr)) < 0) + &client_parm.admin_addr); + + if (priv_len < 0) RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose * here */ /* here is the length of priv data. receiver calcs size of authenticator by subtracting vno size, priv size, and sizeof(u_int32_t) (for the size indication) from total size */ - act_len += vts_long((u_int32_t) priv_len, &act_st, act_len); + tmp = vts_long(priv_len, &act_st, act_len); + if (tmp < 0) + RET_N_FREE(KADM_NOMEM); + act_len += tmp; #ifdef NOENCRYPTION cksum = 0; #else - cksum = des_quad_cksum((des_cblock *)priv_pak, (des_cblock *)0, (long)priv_len, 0, + cksum = des_quad_cksum((des_cblock *)priv_pak, + (des_cblock *)0, priv_len, 0, &sess_key); #endif - if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst, - client_parm.krbrlm, cksum))) { + + retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst, + client_parm.krbrlm, cksum); + + if (retdat) { /* authenticator? */ RET_N_FREE(retdat + krb_err_base); } - act_st = (u_char *) realloc(act_st, + tmp_ptr = realloc(act_st, act_len + authent.length + priv_len); - if (!act_st) { + if (tmp_ptr == NULL) { clear_secrets(); free(priv_pak); - return(KADM_NOMEM); + free (act_st); + return KADM_NOMEM; } - memcpy((char *)act_st + act_len, authent.dat, authent.length); - memcpy((char *)act_st + act_len + authent.length, priv_pak, priv_len); + act_st = tmp_ptr; + memcpy(act_st + act_len, authent.dat, authent.length); + memcpy(act_st + act_len + authent.length, priv_pak, priv_len); free(priv_pak); - if ((retdat = kadm_cli_out(act_st, + retdat = kadm_cli_out(act_st, act_len + authent.length + priv_len, - ret_dat, ret_siz)) != KADM_SUCCESS) - RET_N_FREE(retdat); + ret_dat, ret_siz); free(act_st); + if (retdat != KADM_SUCCESS) { + clear_secrets(); + return retdat; + } #define RET_N_FREE2(r) {free(*ret_dat); clear_secrets(); return(r);} /* first see if it's a YOULOUSE */ if ((*ret_siz >= KADM_VERSIZE) && !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) { unsigned char *p; /* it's a youlose packet */ if (*ret_siz < KADM_VERSIZE + 4) RET_N_FREE2(KADM_BAD_VER); p = (*ret_dat)+KADM_VERSIZE; retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; RET_N_FREE2(retdat); } /* need to decode the ret_dat */ - if ((retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched, + retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched, &sess_key, &client_parm.admin_addr, - &client_parm.my_addr, &mdat))) + &client_parm.my_addr, &mdat); + if (retdat) RET_N_FREE2(retdat+krb_err_base); if (mdat.app_length < KADM_VERSIZE + 4) /* too short! */ RET_N_FREE2(KADM_BAD_VER); if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) /* bad version */ RET_N_FREE2(KADM_BAD_VER); { unsigned char *p = mdat.app_data+KADM_VERSIZE; retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; } { int s=mdat.app_length - KADM_VERSIZE - 4; - if(s<=0) s=1; - if (!(return_dat = (u_char *)malloc(s))) + + if(s <= 0) + s=1; + return_dat = malloc(s); + if (return_dat == NULL) RET_N_FREE2(KADM_NOMEM); } memcpy(return_dat, (char *) mdat.app_data + KADM_VERSIZE + 4, mdat.app_length - KADM_VERSIZE - 4); free(*ret_dat); clear_secrets(); *ret_dat = return_dat; *ret_siz = mdat.app_length - KADM_VERSIZE - 4; return retdat; } /* * kadm_change_pw_plain * * see kadm_change_pw * */ int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg) { int stsize, retc; /* stream size and return code */ u_char *send_st; /* send stream */ u_char *ret_st; int ret_sz; int status; static char msg[128]; - if ((retc = kadm_cli_conn()) != KADM_SUCCESS) - return(retc); /* possible problem with vts_long on a non-multiple of four boundary */ stsize = 0; /* start of our output packet */ - send_st = (u_char *) malloc(1);/* to make it reallocable */ + send_st = malloc(9); + if (send_st == NULL) + return KADM_NOMEM; send_st[stsize++] = (u_char) CHANGE_PW; - - /* change key to stream */ - - send_st = realloc(send_st, stsize + 8); memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */ memcpy(send_st + stsize, newkey + 4, 4); stsize += 8; - if(password && *password) - stsize += vts_string(password, &send_st, stsize); + /* change key to stream */ + if(password && *password) { + int tmp = vts_string(password, &send_st, stsize); + + if (tmp < 0) { + free(send_st); + return KADM_NOMEM; + } + stsize += tmp; + } + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) { + free(send_st); + return(retc); + } retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz); free(send_st); if(retc != KADM_SUCCESS){ status = stv_string(ret_st, msg, 0, sizeof(msg), ret_sz); if(status<0) msg[0]=0; *pw_msg=msg; } if (ret_st) free(ret_st); kadm_cli_disconn(); return(retc); } /* + * This function is here for compatibility with CNS + */ + +int kadm_change_pw2(unsigned char *newkey, char *password, char **pw_msg) +{ + return kadm_change_pw_plain (newkey, password, pw_msg); +} + + +/* * kadm_change_pw * recieves : key * * Replaces the password (i.e. des key) of the caller with that specified in * key. Returns no actual data from the master server, since this is called * by a user */ int kadm_change_pw(unsigned char *newkey) { char *pw_msg; return kadm_change_pw_plain(newkey, "", &pw_msg); } /* * kadm_add * receives : vals * returns : vals * * Adds and entry containing values to the database returns the values of the * entry, so if you leave certain fields blank you will be able to determine * the default values they are set to */ int kadm_add(Kadm_vals *vals) { u_char *st, *st2; /* st will hold the stream of values */ int st_len; /* st2 the final stream with opcode */ int retc; /* return code from call */ u_char *ret_st; int ret_sz; - if ((retc = kadm_cli_conn()) != KADM_SUCCESS) - return(retc); st_len = vals_to_stream(vals, &st); - st2 = (u_char *) malloc((unsigned)(1 + st_len)); + st2 = malloc(1 + st_len); + if (st2 == NULL) { + free(st); + return KADM_NOMEM; + } *st2 = (u_char) ADD_ENT; /* here's the opcode */ memcpy((char *) st2 + 1, st, st_len); /* append st on */ - retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); free(st); + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) { free(st2); + return(retc); + } + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free(st2); if (retc == KADM_SUCCESS) { /* ret_st has vals */ if (stream_to_vals(ret_st, vals, ret_sz) < 0) retc = KADM_LENGTH_ERROR; free(ret_st); } kadm_cli_disconn(); return(retc); } /* * kadm_mod * receives : KTEXT, {values, values} * returns : CKSUM, RETCODE, {values} * acl : su, sms (as register or dealloc) * * Modifies all entries corresponding to the first values so they match the * second values. returns the values for the changed entries in vals2 */ int kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2) { u_char *st, *st2; /* st will hold the stream of values */ int st_len, nlen; /* st2 the final stream with opcode */ u_char *ret_st; int ret_sz; + void *tmp_ptr; /* nlen is the length of second vals */ int retc; /* return code from call */ - if ((retc = kadm_cli_conn()) != KADM_SUCCESS) - return(retc); - st_len = vals_to_stream(vals1, &st); - st2 = (u_char *) malloc((unsigned)(1 + st_len)); + st2 = malloc(1 + st_len); + if (st2 == NULL) { + free(st); + return KADM_NOMEM; + } *st2 = (u_char) MOD_ENT; /* here's the opcode */ memcpy((char *)st2 + 1, st, st_len++); /* append st on */ free(st); nlen = vals_to_stream(vals2, &st); - st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen)); + tmp_ptr = realloc(st2, st_len + nlen); + if (tmp_ptr == NULL) { + free(st); + free(st2); + return KADM_NOMEM; + } + st2 = tmp_ptr; memcpy((char *) st2 + st_len, st, nlen); /* append st on */ - retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz); free(st); + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) { + free(st2); + return(retc); + } + + retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz); free(st2); if (retc == KADM_SUCCESS) { /* ret_st has vals */ if (stream_to_vals(ret_st, vals2, ret_sz) < 0) retc = KADM_LENGTH_ERROR; free(ret_st); } kadm_cli_disconn(); return(retc); } int kadm_del(Kadm_vals *vals) { unsigned char *st, *st2; /* st will hold the stream of values */ int st_len; /* st2 the final stream with opcode */ int retc; /* return code from call */ u_char *ret_st; int ret_sz; - if ((retc = kadm_cli_conn()) != KADM_SUCCESS) - return(retc); st_len = vals_to_stream(vals, &st); - st2 = (unsigned char *) malloc(st_len + 1); + st2 = malloc(st_len + 1); + if (st2 == NULL) { + free(st); + return KADM_NOMEM; + } *st2 = DEL_ENT; /* here's the opcode */ memcpy(st2 + 1, st, st_len); /* append st on */ - retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); free(st); + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) { free(st2); + return(retc); + } + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free(st2); kadm_cli_disconn(); return(retc); } /* * kadm_get * receives : KTEXT, {values, flags} * returns : CKSUM, RETCODE, {count, values, values, values} * acl : su * * gets the fields requested by flags from all entries matching values returns * this data for each matching recipient, after a count of how many such * matches there were */ int kadm_get(Kadm_vals *vals, u_char *fl) { int loop; /* for copying the fields data */ u_char *st, *st2; /* st will hold the stream of values */ int st_len; /* st2 the final stream with opcode */ int retc; /* return code from call */ u_char *ret_st; int ret_sz; - if ((retc = kadm_cli_conn()) != KADM_SUCCESS) - return(retc); st_len = vals_to_stream(vals, &st); - st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ)); + st2 = malloc(1 + st_len + FLDSZ); + if (st2 == NULL) { + free(st); + return KADM_NOMEM; + } *st2 = (u_char) GET_ENT; /* here's the opcode */ memcpy((char *)st2 + 1, st, st_len); /* append st on */ + free(st); for (loop = FLDSZ - 1; loop >= 0; loop--) *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */ + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) { + free(st2); + return(retc); + } retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz); - free(st); free(st2); if (retc == KADM_SUCCESS) { /* ret_st has vals */ if (stream_to_vals(ret_st, vals, ret_sz) < 0) retc = KADM_LENGTH_ERROR; free(ret_st); } kadm_cli_disconn(); return(retc); } Index: stable/3/crypto/kerberosIV/lib/kadm/kadm_err.et =================================================================== --- stable/3/crypto/kerberosIV/lib/kadm/kadm_err.et (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kadm/kadm_err.et (revision 62578) @@ -1,59 +1,65 @@ -# $Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $ -# $Author: bg $ +# $Id: kadm_err.et,v 1.5 1998/01/16 23:11:27 joda Exp $ # # Copyright 1988 by the Massachusetts Institute of Technology. # # For copying and distribution information, please see the file # . # # Kerberos administration server error table # et kadm # KADM_SUCCESS, as all success codes should be, is zero -ec KADM_RCSID, "$Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $" +ec KADM_RCSID, "$Id: kadm_err.et,v 1.5 1998/01/16 23:11:27 joda Exp $" # /* Building and unbuilding the packet errors */ ec KADM_NO_REALM, "Cannot fetch local realm" ec KADM_NO_CRED, "Unable to fetch credentials" ec KADM_BAD_KEY, "Bad key supplied" ec KADM_NO_ENCRYPT, "Can't encrypt data" ec KADM_NO_AUTH, "Cannot encode/decode authentication info" ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" ec KADM_NO_ROOM, "Packet is too large" ec KADM_BAD_VER, "Version number is incorrect" ec KADM_BAD_CHK, "Checksum does not match" ec KADM_NO_READ, "Unsealing private data failed" ec KADM_NO_OPCODE, "Unsupported operation" ec KADM_NO_HOST, "Could not find administrating host" ec KADM_UNK_HOST, "Administrating host name is unknown" ec KADM_NO_SERV, "Could not find service name in services database" ec KADM_NO_SOCK, "Could not create socket" ec KADM_NO_CONN, "Could not connect to server" ec KADM_NO_HERE, "Could not fetch local socket address" ec KADM_NO_MAST, "Could not fetch master key" ec KADM_NO_VERI, "Could not verify master key" # /* From the server side routines */ ec KADM_INUSE, "Entry already exists in database" ec KADM_UK_SERROR, "Database store error" ec KADM_UK_RERROR, "Database read error" ec KADM_UNAUTH, "Insufficient access to perform requested operation" # KADM_DATA isn't really an error, but... ec KADM_DATA, "Data is available for return to client" ec KADM_NOENTRY, "No such entry in the database" ec KADM_NOMEM, "Memory exhausted" ec KADM_NO_HOSTNAME, "Could not fetch system hostname" ec KADM_NO_BIND, "Could not bind port" ec KADM_LENGTH_ERROR, "Length mismatch problem" ec KADM_ILL_WILDCARD, "Illegal use of wildcard" ec KADM_DB_INUSE, "Database is locked or in use--try again later" ec KADM_INSECURE_PW, "Insecure password rejected" ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match" ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request" ec KADM_IMMUTABLE, "Attempt do delete immutable principal" +# password quality basically stolen from OV libkadm5 +index 64 +prefix KADM_PASS_Q +ec NULL, "Null passwords are not allowed" +ec TOOSHORT, "Password is too short" +ec CLASS, "Too few character classes in password" +ec DICT, "Password is in the password dictionary" end Index: stable/3/crypto/kerberosIV/lib/kadm/kadm_locl.h =================================================================== --- stable/3/crypto/kerberosIV/lib/kadm/kadm_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kadm/kadm_locl.h (revision 62578) @@ -1,90 +1,89 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: kadm_locl.h,v 1.9 1997/05/20 18:40:44 bg Exp $ */ +/* $Id: kadm_locl.h,v 1.12 1999/12/02 16:58:39 joda Exp $ */ #include "config.h" #include "protos.h" #include #include #include +#include #ifdef HAVE_UNISTD_H #include #endif #include #include #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_NETDB_H #include #endif #ifdef SOCKS #include +/* This doesn't belong here. */ +struct tm *localtime(const time_t *); +struct hostent *gethostbyname(const char *); #endif #include #include #include #include #include #include #include int vts_long __P((u_int32_t, u_char **, int)); int vals_to_stream __P((Kadm_vals *, u_char **)); int stream_to_vals __P((u_char *, Kadm_vals *, int)); int kadm_init_link __P((char n[], char i[], char r[])); int kadm_change_pw __P((des_cblock)); int kadm_add __P((Kadm_vals *)); int kadm_mod __P((Kadm_vals *, Kadm_vals *)); int kadm_get __P((Kadm_vals *, u_char fl[4])); Index: stable/3/crypto/kerberosIV/lib/kadm/kadm_stream.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kadm/kadm_stream.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kadm/kadm_stream.c (revision 62578) @@ -1,299 +1,353 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * Stream conversion functions for Kerberos administration server */ /* kadm_stream.c this holds the stream support routines for the kerberos administration server vals_to_stream: converts a vals struct to a stream for transmission internals build_field_header, vts_[string, char, long, short] stream_to_vals: converts a stream to a vals struct internals check_field_header, stv_[string, char, long, short] error: prints out a kadm error message, returns fatal: prints out a kadm fatal error message, exits */ #include "kadm_locl.h" -RCSID("$Id: kadm_stream.c,v 1.11 1997/05/02 10:28:05 joda Exp $"); +RCSID("$Id: kadm_stream.c,v 1.13 1998/10/22 15:38:01 joda Exp $"); static int -build_field_header(u_char *cont, u_char **st) - /* container for fields data */ - /* stream */ +build_field_header(u_char *cont, /* container for fields data */ + u_char **st) /* stream */ { - *st = (u_char *) malloc (4); + *st = malloc (4); + if (*st == NULL) + return -1; memcpy(*st, cont, 4); return 4; /* return pointer to current stream location */ } static int -check_field_header(u_char *st, u_char *cont, int maxlen) - /* stream */ - /* container for fields data */ - +check_field_header(u_char *st, /* stream */ + u_char *cont, /* container for fields data */ + int maxlen) { if (4 > maxlen) return(-1); memcpy(cont, st, 4); return 4; /* return pointer to current stream location */ } int -vts_string(char *dat, u_char **st, int loc) - /* a string to put on the stream */ - /* base pointer to the stream */ - /* offset into the stream for current data */ +vts_string(char *dat, /* a string to put on the stream */ + u_char **st, /* base pointer to the stream */ + int loc) /* offset into the stream for current data */ { - *st = (u_char *) realloc (*st, (unsigned) (loc + strlen(dat) + 1)); - memcpy(*st + loc, dat, strlen(dat)+1); + void *tmp; + + tmp = realloc(*st, loc + strlen(dat) + 1); + if(tmp == NULL) + return -1; + memcpy((char *)tmp + loc, dat, strlen(dat)+1); + *st = tmp; return strlen(dat)+1; } static int -vts_short(u_int16_t dat, u_char **st, int loc) - /* the attributes field */ - /* a base pointer to the stream */ - /* offset into the stream for current data */ +vts_short(u_int16_t dat, /* the attributes field */ + u_char **st, /* a base pointer to the stream */ + int loc) /* offset into the stream for current data */ { unsigned char *p; + p = realloc(*st, loc + 2); - if(p == NULL){ - abort(); - } + if(p == NULL) + return -1; p[loc] = (dat >> 8) & 0xff; p[loc+1] = dat & 0xff; *st = p; return 2; } static int -vts_char(u_char dat, u_char **st, int loc) - /* the attributes field */ - /* a base pointer to the stream */ - /* offset into the stream for current data */ +vts_char(u_char dat, /* the attributes field */ + u_char **st, /* a base pointer to the stream */ + int loc) /* offset into the stream for current data */ { - unsigned char *p = realloc(*st, loc + 1); - if(p == NULL){ - abort(); - } + unsigned char *p; + + p = realloc(*st, loc + 1); + + if(p == NULL) + return -1; p[loc] = dat; *st = p; return 1; } int -vts_long(u_int32_t dat, u_char **st, int loc) - /* the attributes field */ - /* a base pointer to the stream */ - /* offset into the stream for current data */ +vts_long(u_int32_t dat, /* the attributes field */ + u_char **st, /* a base pointer to the stream */ + int loc) /* offset into the stream for current data */ { - unsigned char *p = realloc(*st, loc + 4); - if(p == NULL){ - abort(); - } + unsigned char *p; + + p = realloc(*st, loc + 4); + if(p == NULL) + return -1; p[loc] = (dat >> 24) & 0xff; p[loc+1] = (dat >> 16) & 0xff; p[loc+2] = (dat >> 8) & 0xff; p[loc+3] = dat & 0xff; *st = p; return 4; } int stv_string(u_char *st, /* base pointer to the stream */ char *dat, /* a string to read from the stream */ int loc, /* offset into the stream for current data */ int stlen, /* max length of string to copy in */ int maxlen) /* max length of input stream */ { int maxcount; /* max count of chars to copy */ + int len; maxcount = min(maxlen - loc, stlen); if(maxcount <= 0) return -1; - strncpy(dat, (char *)st + loc, maxcount); + len = strnlen ((char *)st + loc, maxlen - loc); - if (dat[maxcount-1]) /* not null-term --> not enuf room */ - return(-1); - return strlen(dat)+1; + if (len >= stlen) + return -1; + + memcpy(dat, st + loc, len); + dat[len] = '\0'; + return len + 1; } static int -stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen) - /* a base pointer to the stream */ - /* the attributes field */ - /* offset into the stream for current data */ - +stv_short(u_char *st, /* a base pointer to the stream */ + u_int16_t *dat, /* the attributes field */ + int loc, /* offset into the stream for current data */ + int maxlen) { if (maxlen - loc < 2) return -1; *dat = (st[loc] << 8) | st[loc + 1]; return 2; } int -stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen) - /* a base pointer to the stream */ - /* the attributes field */ - /* offset into the stream for current data */ - /* maximum length of st */ +stv_long(u_char *st, /* a base pointer to the stream */ + u_int32_t *dat, /* the attributes field */ + int loc, /* offset into the stream for current data */ + int maxlen) /* maximum length of st */ { if (maxlen - loc < 4) return -1; *dat = (st[loc] << 24) | (st[loc+1] << 16) | (st[loc+2] << 8) | st[loc+3]; return 4; } static int -stv_char(u_char *st, u_char *dat, int loc, int maxlen) - /* a base pointer to the stream */ - /* the attributes field */ - /* offset into the stream for current data */ - +stv_char(u_char *st, /* a base pointer to the stream */ + u_char *dat, /* the attributes field */ + int loc, /* offset into the stream for current data */ + int maxlen) { if (maxlen - loc < 1) return -1; *dat = st[loc]; return 1; } /* vals_to_stream recieves : kadm_vals *, u_char * returns : a realloced and filled in u_char * this function creates a byte-stream representation of the kadm_vals structure */ int vals_to_stream(Kadm_vals *dt_in, u_char **dt_out) { int vsloop, stsize; /* loop counter, stream size */ stsize = build_field_header(dt_in->fields, dt_out); + if (stsize < 0) + return stsize; for (vsloop=31; vsloop>=0; vsloop--) if (IS_FIELD(vsloop,dt_in->fields)) { + int tmp = 0; + switch (vsloop) { case KADM_NAME: - stsize+=vts_string(dt_in->name, dt_out, stsize); + tmp = vts_string(dt_in->name, dt_out, stsize); break; case KADM_INST: - stsize+=vts_string(dt_in->instance, dt_out, stsize); + tmp = vts_string(dt_in->instance, dt_out, stsize); break; case KADM_EXPDATE: - stsize+=vts_long(dt_in->exp_date, dt_out, stsize); + tmp = vts_long(dt_in->exp_date, dt_out, stsize); break; case KADM_ATTR: - stsize+=vts_short(dt_in->attributes, dt_out, stsize); + tmp = vts_short(dt_in->attributes, dt_out, stsize); break; case KADM_MAXLIFE: - stsize+=vts_char(dt_in->max_life, dt_out, stsize); + tmp = vts_char(dt_in->max_life, dt_out, stsize); break; case KADM_DESKEY: - stsize+=vts_long(dt_in->key_high, dt_out, stsize); - stsize+=vts_long(dt_in->key_low, dt_out, stsize); + tmp = vts_long(dt_in->key_high, dt_out, stsize); + if(tmp > 0) + tmp += vts_long(dt_in->key_low, dt_out, stsize + tmp); break; +#ifdef EXTENDED_KADM + case KADM_MODDATE: + tmp = vts_long(dt_in->mod_date, dt_out, stsize); + break; + case KADM_MODNAME: + tmp = vts_string(dt_in->mod_name, dt_out, stsize); + break; + case KADM_MODINST: + tmp = vts_string(dt_in->mod_instance, dt_out, stsize); + break; + case KADM_KVNO: + tmp = vts_char(dt_in->key_version, dt_out, stsize); + break; +#endif default: break; } + if (tmp < 0) { + free(*dt_out); + return tmp; + } + stsize += tmp; } return(stsize); } /* stream_to_vals recieves : u_char *, kadm_vals * returns : a kadm_vals filled in according to u_char * this decodes a byte stream represntation of a vals struct into kadm_vals */ int -stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen) - - - /* max length to use */ +stream_to_vals(u_char *dt_in, + Kadm_vals *dt_out, + int maxlen) /* max length to use */ { int vsloop, stsize; /* loop counter, stream size */ int status; memset(dt_out, 0, sizeof(*dt_out)); stsize = check_field_header(dt_in, dt_out->fields, maxlen); if (stsize < 0) return(-1); for (vsloop=31; vsloop>=0; vsloop--) if (IS_FIELD(vsloop,dt_out->fields)) switch (vsloop) { case KADM_NAME: if ((status = stv_string(dt_in, dt_out->name, stsize, sizeof(dt_out->name), maxlen)) < 0) return(-1); stsize += status; break; case KADM_INST: if ((status = stv_string(dt_in, dt_out->instance, stsize, sizeof(dt_out->instance), maxlen)) < 0) return(-1); stsize += status; break; case KADM_EXPDATE: if ((status = stv_long(dt_in, &dt_out->exp_date, stsize, maxlen)) < 0) return(-1); stsize += status; break; case KADM_ATTR: if ((status = stv_short(dt_in, &dt_out->attributes, stsize, maxlen)) < 0) return(-1); stsize += status; break; case KADM_MAXLIFE: if ((status = stv_char(dt_in, &dt_out->max_life, stsize, maxlen)) < 0) return(-1); stsize += status; break; case KADM_DESKEY: if ((status = stv_long(dt_in, &dt_out->key_high, stsize, maxlen)) < 0) return(-1); stsize += status; if ((status = stv_long(dt_in, &dt_out->key_low, stsize, maxlen)) < 0) return(-1); stsize += status; break; +#ifdef EXTENDED_KADM + case KADM_MODDATE: + if ((status = stv_long(dt_in, &dt_out->mod_date, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_MODNAME: + if ((status = stv_string(dt_in, dt_out->mod_name, stsize, + sizeof(dt_out->mod_name), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_MODINST: + if ((status = stv_string(dt_in, dt_out->mod_instance, stsize, + sizeof(dt_out->mod_instance), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_KVNO: + if ((status = stv_char(dt_in, &dt_out->key_version, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; +#endif default: break; } return stsize; } Index: stable/3/crypto/kerberosIV/lib/kadm/kadm_supp.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kadm/kadm_supp.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kadm/kadm_supp.c (revision 62578) @@ -1,111 +1,188 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * Support functions for Kerberos administration server & clients */ /* kadm_supp.c this holds the support routines for the kerberos administration server error: prints out a kadm error message, returns fatal: prints out a kadm fatal error message, exits prin_vals: prints out data associated with a Principal in the vals structure */ #include "kadm_locl.h" -RCSID("$Id: kadm_supp.c,v 1.8 1997/05/02 10:27:58 joda Exp $"); +RCSID("$Id: kadm_supp.c,v 1.14 1999/09/16 20:41:46 assar Exp $"); +static void +time2str(char *buf, size_t len, time_t t) +{ + strftime(buf, len, "%Y-%m-%d %H:%M:%S", localtime(&t)); +} + /* prin_vals: recieves : a vals structure */ void prin_vals(Kadm_vals *vals) { + char date[32]; + if(IS_FIELD(KADM_NAME, vals->fields) && IS_FIELD(KADM_INST, vals->fields)) + printf("%20s: %s\n", "Principal", + krb_unparse_name_long(vals->name, vals->instance, NULL)); + else { + printf("Dump of funny entry:\n"); + if(IS_FIELD(KADM_NAME, vals->fields)) + printf("%20s: %s\n", "Name", vals->name); + if(IS_FIELD(KADM_INST, vals->fields)) + printf("%20s: %s\n", "Instance", vals->instance); + } + if(IS_FIELD(KADM_MAXLIFE, vals->fields)) + printf("%20s: %d (%s)\n", "Max ticket life", + vals->max_life, + krb_life_to_atime(vals->max_life)); + if(IS_FIELD(KADM_EXPDATE, vals->fields)) { + time2str(date, sizeof(date), vals->exp_date); + printf("%20s: %s\n", "Expiration date", date); + } + if(IS_FIELD(KADM_ATTR, vals->fields)) + printf("%20s: %d\n", "Attributes", + vals->attributes); + if(IS_FIELD(KADM_DESKEY, vals->fields)) + printf("%20s: %#lx %#lx\n", "Key", + (unsigned long)vals->key_low, + (unsigned long)vals->key_high); + +#ifdef EXTENDED_KADM + if (IS_FIELD(KADM_MODDATE,vals->fields)) { + time2str(date, sizeof(date), vals->mod_date); + printf("%20s: %s\n", "Modification date", date); + } + if (IS_FIELD(KADM_MODNAME,vals->fields) && + IS_FIELD(KADM_MODINST,vals->fields)) + printf("%20s: %s\n", "Modifier", + krb_unparse_name_long(vals->mod_name, vals->mod_instance, NULL)); + if (IS_FIELD(KADM_KVNO,vals->fields)) + printf("%20s: %d\n", "Key version", vals->key_version); +#endif + +#if 0 printf("Info in Database for %s.%s:\n", vals->name, vals->instance); printf(" Max Life: %d (%s) Exp Date: %s\n", vals->max_life, krb_life_to_atime(vals->max_life), asctime(k_localtime(&vals->exp_date))); printf(" Attribs: %.2x key: %#lx %#lx\n", vals->attributes, - (long)vals->key_low, (long)vals->key_high); + (unsigned long)vals->key_low, + (unsigned long)vals->key_high); +#endif } /* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal, it copies the fields in Principal specified by fields into Kadm_vals, i.e from old to new */ void kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old) { memset(new, 0, sizeof(*new)); if (IS_FIELD(KADM_NAME,fields)) { - strncpy(new->name, old->name, ANAME_SZ); + strlcpy(new->name, old->name, ANAME_SZ); SET_FIELD(KADM_NAME, new->fields); } if (IS_FIELD(KADM_INST,fields)) { - strncpy(new->instance, old->instance, INST_SZ); + strlcpy(new->instance, old->instance, INST_SZ); SET_FIELD(KADM_INST, new->fields); } if (IS_FIELD(KADM_EXPDATE,fields)) { new->exp_date = old->exp_date; SET_FIELD(KADM_EXPDATE, new->fields); } if (IS_FIELD(KADM_ATTR,fields)) { new->attributes = old->attributes; SET_FIELD(KADM_ATTR, new->fields); } if (IS_FIELD(KADM_MAXLIFE,fields)) { new->max_life = old->max_life; SET_FIELD(KADM_MAXLIFE, new->fields); } if (IS_FIELD(KADM_DESKEY,fields)) { new->key_low = old->key_low; new->key_high = old->key_high; SET_FIELD(KADM_DESKEY, new->fields); } +#ifdef EXTENDED_KADM + if (IS_FIELD(KADM_MODDATE,fields)) { + new->mod_date = old->mod_date; + SET_FIELD(KADM_MODDATE, new->fields); + } + if (IS_FIELD(KADM_MODNAME,fields)) { + strlcpy(new->mod_name, old->mod_name, ANAME_SZ); + SET_FIELD(KADM_MODNAME, new->fields); + } + if (IS_FIELD(KADM_MODINST,fields)) { + strlcpy(new->mod_instance, old->mod_instance, ANAME_SZ); + SET_FIELD(KADM_MODINST, new->fields); + } + if (IS_FIELD(KADM_KVNO,fields)) { + new->key_version = old->key_version; + SET_FIELD(KADM_KVNO, new->fields); + } +#endif } void kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old) { memset(new, 0, sizeof(*new)); if (IS_FIELD(KADM_NAME,fields)) - strncpy(new->name, old->name, ANAME_SZ); + strlcpy(new->name, old->name, ANAME_SZ); if (IS_FIELD(KADM_INST,fields)) - strncpy(new->instance, old->instance, INST_SZ); + strlcpy(new->instance, old->instance, INST_SZ); if (IS_FIELD(KADM_EXPDATE,fields)) new->exp_date = old->exp_date; if (IS_FIELD(KADM_ATTR,fields)) new->attributes = old->attributes; if (IS_FIELD(KADM_MAXLIFE,fields)) new->max_life = old->max_life; if (IS_FIELD(KADM_DESKEY,fields)) { new->key_low = old->key_low; new->key_high = old->key_high; } +#ifdef EXTENDED_KADM + if (IS_FIELD(KADM_MODDATE,fields)) + new->mod_date = old->mod_date; + if (IS_FIELD(KADM_MODNAME,fields)) + strlcpy(new->mod_name, old->mod_name, ANAME_SZ); + if (IS_FIELD(KADM_MODINST,fields)) + strlcpy(new->mod_instance, old->mod_instance, ANAME_SZ); + if (IS_FIELD(KADM_KVNO,fields)) + new->key_version = old->key_version; +#endif } Index: stable/3/crypto/kerberosIV/lib/kafs/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/lib/kafs/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kafs/Makefile.in (revision 62578) @@ -1,90 +1,117 @@ # -# $Id: Makefile.in,v 1.30 1997/05/06 03:47:35 assar Exp $ +# $Id: Makefile.in,v 1.50 1999/09/16 20:41:46 assar Exp $ # SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ -DEFS = @DEFS@ -DLIBDIR='"$(libdir)"' -CFLAGS = @CFLAGS@ +LN_S = @LN_S@ +DEFS = @DEFS@ -DROKEN_RENAME -DLIBDIR='"$(libdir)"' @AFS_EXTRA_DEFS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ PICFLAGS = @PICFLAGS@ +LIB_DEPS = @lib_deps_yes@ -lc +build_symlink_command = @build_symlink_command@ +install_symlink_command = @install_symlink_command@ + LIBNAME = $(LIBPREFIX)kafs LIBEXT = @LIBEXT@ SHLIBEXT = @SHLIBEXT@ LIBPREFIX = @LIBPREFIX@ LDSHARED = @LDSHARED@ +AFS_EXTRA_OBJS = @AFS_EXTRA_OBJS@ AFS_EXTRA_LIBS = @AFS_EXTRA_LIBS@ LIB = $(LIBNAME).$(LIBEXT) $(AFS_EXTRA_LIBS) -SOURCES = afssys.c afskrb.c afslib.c +SOURCES = afssys.c afskrb.c common.c afslib.c -OBJECTS = afssys.o afskrb.o +EXTRA_SOURCE = issuid.c strlcpy.c strlcat.c +EXTRA_OBJECT = issuid.o strlcpy.o strlcat.o + +OBJECTS = afssys.o afskrb.o common.o $(EXTRA_OBJECT) $(AFS_EXTRA_OBJS) + all: $(LIB) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + $(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $< install: all - $(MKINSTALLDIRS) $(libdir) - $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libdir) + @for i in $(LIB); do \ + echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i" ;\ + $(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i ; done + @install_symlink_command@ uninstall: - rm -f $(libdir)/$(LIB) + @for i in $(LIB); do \ + echo "rm -f $(DESTDIR)$(libdir)/$$i" ;\ + rm -f $(DESTDIR)$(libdir)/$$i ; done TAGS: $(SOURCES) etags $(SOURCES) check: clean: - rm -f $(LIB) *.o *.a + rm -f $(LIB) *.o *.a *.so *.so.* so_locations $(EXTRA_SOURCE) mostlyclean: clean distclean: clean - rm -f Makefile *.tab.c *~ + rm -f Makefile *.tab.c *~ roken_rename.h realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - -$(LIBNAME).a: $(OBJECTS) @AFS_EXTRA_OBJS@ +$(LIBNAME).a: $(OBJECTS) rm -f $@ - $(AR) cr $@ $(OBJECTS) @AFS_EXTRA_OBJS@ + $(AR) cr $@ $(OBJECTS) -$(RANLIB) $@ $(LIBNAME).$(SHLIBEXT): $(OBJECTS) rm -f $@ - $(LDSHARED) -o $@ $(OBJECTS) + $(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS) + @build_symlink_command@ # AIX: this almost works with gcc, but somehow it fails to use the # correct ld, use ld instead afslib.so: afslib.o - ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp -bnoentry afslib.o + ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp @AFS_EXTRA_LD@ afslib.o -lc -$(OBJECTS): ../../include/config.h +$(OBJECTS): ../../include/config.h roken_rename.h + +roken_rename.h: + $(LN_S) $(srcdir)/../krb/roken_rename.h . + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean + +issuid.c: + $(LN_S) $(srcdir)/../roken/issuid.c . + +strlcat.c: + $(LN_S) $(srcdir)/../roken/strlcat.c . + +strlcpy.c: + $(LN_S) $(srcdir)/../roken/strlcpy.c . + Index: stable/3/crypto/kerberosIV/lib/kafs/afskrb.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kafs/afskrb.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kafs/afskrb.c (revision 62578) @@ -1,373 +1,139 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kafs_locl.h" -RCSID("$Id: afskrb.c,v 1.6 1997/05/26 17:38:24 bg Exp $"); +RCSID("$Id: afskrb.c,v 1.13 1999/12/02 16:58:39 joda Exp $"); -#define AUTH_SUPERUSER "afs" +struct krb_kafs_data { + const char *realm; +}; -/* - * Here only ASCII characters are relevant. - */ - -#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z') - -#define ToAsciiUpper(c) ((c) - 'a' + 'A') - -static void -foldup(char *a, const char *b) -{ - for (; *b; a++, b++) - if (IsAsciiLower(*b)) - *a = ToAsciiUpper(*b); - else - *a = *b; - *a = '\0'; -} - static int -get_cred(const char *princ, const char *inst, const char *krealm, - CREDENTIALS *c, KTEXT_ST *tkt) +get_cred(kafs_data *data, const char *name, const char *inst, + const char *realm, CREDENTIALS *c) { - int k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); + KTEXT_ST tkt; + int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c); - if (k_errno != KSUCCESS) - { - k_errno = krb_mk_req(tkt, (char*)princ, (char*)inst, (char*)krealm, 0); - if (k_errno == KSUCCESS) - k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); + if (ret) { + ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0); + if (ret == KSUCCESS) + ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c); } - return k_errno; + return ret; } +static int +afslog_uid_int(kafs_data *data, + const char *cell, + const char *realm_hint, + uid_t uid, + const char *homedir) +{ + int ret; + CREDENTIALS c; + char realm[REALM_SZ]; -/* Convert a string to a 32 bit ip number in network byte order. - Return 0 on error - */ + if (cell == 0 || cell[0] == 0) + return _kafs_afslog_all_local_cells (data, uid, homedir); -static u_int32_t -ip_aton(char *ip) + /* Extract realm from ticket file. */ { - u_int32_t addr; - unsigned int a, b, c, d; + char name[ANAME_SZ], inst[INST_SZ]; - if(sscanf(ip, "%u.%u.%u.%u", &a, &b, &c, &d) != 4) - return 0; - if((a | b | c | d) > 255) - return 0; - addr = (a << 24) | (b << 16) | (c << 8) | d; - addr = htonl(addr); - return addr; + ret = krb_get_default_principal(name, inst, realm); + if (ret != KSUCCESS) + return ret; } -/* Try to get a db-server for an AFS cell from a AFSDB record */ + ret = _kafs_get_cred(data, cell, realm_hint, realm, &c); -static int -dns_find_cell(const char *cell, char *dbserver) -{ - struct dns_reply *r; - int ok = -1; - r = dns_lookup(cell, "afsdb"); - if(r){ - struct resource_record *rr = r->head; - while(rr){ - if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){ - strncpy(dbserver, rr->u.afsdb->domain, MaxHostNameLen); - dbserver[MaxHostNameLen - 1] = 0; - ok = 0; - break; - } - rr = rr->next; - } - dns_free_data(r); - } - return ok; + if (ret == 0) + ret = kafs_settoken(cell, uid, &c); + return ret; } - -/* Find the realm associated with cell. Do this by opening - /usr/vice/etc/CellServDB and getting the realm-of-host for the - first VL-server for the cell. - - This does not work when the VL-server is living in one cell, but - the cell it is serving is living in another cell. - */ - static char* -realm_of_cell(const char *cell) +get_realm(kafs_data *data, const char *host) { - FILE *F; - char buf[1024]; - u_int32_t addr; - struct hostent *hp; - char *realm = NULL; - - if((F = fopen(_PATH_CELLSERVDB, "r"))){ - while(fgets(buf, sizeof(buf), F)){ - if(buf[0] != '>') - continue; - if(strncmp(buf + 1, cell, strlen(cell)) == 0){ - if(fgets(buf, sizeof(buf), F) == NULL) - break; - addr = ip_aton(buf); - if(addr == 0) - break; - hp = gethostbyaddr((char*)&addr, 4, AF_INET); - if(hp == NULL) - break; - strncpy (buf, hp->h_name, sizeof(buf)); - buf[sizeof(buf) - 1] = '\0'; - realm = krb_realmofhost(buf); - break; - } - } - fclose(F); - } - if(realm == NULL){ - if(dns_find_cell(cell, buf) == 0) - realm = krb_realmofhost(buf); - } - return realm; + char *r = krb_realmofhost(host); + if(r != NULL) + return strdup(r); + else + return NULL; } -/* - * Get tokens for all cells[] - */ -static int -k_afslog_cells(char *cells[], int max, const char *krealm, uid_t uid) +int +krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid, + const char *homedir) { - int err = KSUCCESS; - int i; - for(i = 0; i < max; i++) - err = k_afsklog_uid(cells[i], krealm, uid); - return err; -} + kafs_data kd; -/* - * Try to find the cells we should try to klog to in "file". - */ -static void -k_find_cells(char *file, char *cells[], int size, int *index) -{ - FILE *f; - char cell[64]; - int i; - f = fopen(file, "r"); - if (f == NULL) - return; - while (*index < size && fgets(cell, sizeof(cell), f)) { - char *nl = strchr(cell, '\n'); - if (nl) *nl = 0; - for(i = 0; i < *index; i++) - if(strcmp(cells[i], cell) == 0) - break; - if(i == *index) - cells[(*index)++] = strdup(cell); + kd.afslog_uid = afslog_uid_int; + kd.get_cred = get_cred; + kd.get_realm = get_realm; + kd.data = 0; + return afslog_uid_int(&kd, cell, realm_hint, uid, homedir); } - fclose(f); -} -static int -k_afsklog_all_local_cells(const char *krealm, uid_t uid) +int +krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid) { - int err; - char *cells[32]; /* XXX */ - int num_cells = sizeof(cells) / sizeof(cells[0]); - int index = 0; - - char *p; - - if ((p = getenv("HOME"))) { - char home[MaxPathLen]; - - if (k_concat(home, sizeof(home), p, "/.TheseCells", NULL) == 0) - k_find_cells(home, cells, num_cells, &index); - } - k_find_cells(_PATH_THESECELLS, cells, num_cells, &index); - k_find_cells(_PATH_THISCELL, cells, num_cells, &index); - - err = k_afslog_cells(cells, index, krealm, uid); - while(index > 0) - free(cells[--index]); - return err; + return krb_afslog_uid_home(cell, realm_hint, uid, NULL); } int -k_afsklog_uid(const char *cell, const char *krealm, uid_t uid) +krb_afslog(const char *cell, const char *realm_hint) { - int k_errno; - CREDENTIALS c; - KTEXT_ST ticket; - char realm[REALM_SZ]; - char *vl_realm; /* realm of vl-server */ - char *lrealm; /* local realm */ - char CELL[64]; - - if (cell == 0 || cell[0] == 0) - return k_afsklog_all_local_cells (krealm, uid); - foldup(CELL, cell); - - k_errno = krb_get_lrealm(realm , 0); - if(k_errno == KSUCCESS && (krealm == NULL || strcmp(krealm, realm))) - lrealm = realm; - else - lrealm = NULL; - - /* We're about to find the the realm that holds the key for afs in - * the specified cell. The problem is that null-instance - * afs-principals are common and that hitting the wrong realm might - * yield the wrong afs key. The following assumptions were made. - * - * Any realm passed to us is preferred. - * - * If there is a realm with the same name as the cell, it is most - * likely the correct realm to talk to. - * - * In most (maybe even all) cases the database servers of the cell - * will live in the realm we are looking for. - * - * Try the local realm, but if the previous cases fail, this is - * really a long shot. - * - */ - - /* comments on the ordering of these tests */ - - /* If the user passes a realm, she probably knows something we don't - * know and we should try afs@krealm (otherwise we're talking with a - * blondino and she might as well have it.) - */ - - k_errno = -1; - if(krealm){ - k_errno = get_cred(AUTH_SUPERUSER, cell, krealm, &c, &ticket); - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, "", krealm, &c, &ticket); + return krb_afslog_uid(cell, realm_hint, getuid()); } - - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, cell, CELL, &c, &ticket); - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, "", CELL, &c, &ticket); - /* this might work in some conditions */ - if(k_errno && (vl_realm = realm_of_cell(cell))){ - k_errno = get_cred(AUTH_SUPERUSER, cell, vl_realm, &c, &ticket); - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, "", vl_realm, &c, &ticket); - } - - if(k_errno && lrealm){ - k_errno = get_cred(AUTH_SUPERUSER, cell, lrealm, &c, &ticket); -#if 0 - /* this is most likely never right anyway, but won't fail */ - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, "", lrealm, &c, &ticket); -#endif - } - - if (k_errno == KSUCCESS) +int +krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir) { - struct ViceIoctl parms; - struct ClearToken ct; - int32_t sizeof_x; - char buf[2048], *t; + return krb_afslog_uid_home(cell, realm_hint, getuid(), homedir); +} /* - * Build a struct ClearToken + * */ - ct.AuthHandle = c.kvno; - memcpy (ct.HandShakeKey, c.session, sizeof(c.session)); - ct.ViceId = uid; /* is this always valid? */ - ct.BeginTimestamp = 1 + c.issue_date; - ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime); -#define ODD(x) ((x) & 1) - /* If we don't know the numerical ID lifetime should be even? */ - if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp)) - ct.BeginTimestamp--; - - t = buf; - /* - * length of secret token followed by secret token - */ - sizeof_x = c.ticket_st.length; - memcpy(t, &sizeof_x, sizeof(sizeof_x)); - t += sizeof(sizeof_x); - memcpy(t, c.ticket_st.dat, sizeof_x); - t += sizeof_x; - /* - * length of clear token followed by clear token - */ - sizeof_x = sizeof(ct); - memcpy(t, &sizeof_x, sizeof(sizeof_x)); - t += sizeof(sizeof_x); - memcpy(t, &ct, sizeof_x); - t += sizeof_x; - - /* - * do *not* mark as primary cell - */ - sizeof_x = 0; - memcpy(t, &sizeof_x, sizeof(sizeof_x)); - t += sizeof(sizeof_x); - /* - * follow with cell name - */ - sizeof_x = strlen(cell) + 1; - memcpy(t, cell, sizeof_x); - t += sizeof_x; - - /* - * Build argument block - */ - parms.in = buf; - parms.in_size = t - buf; - parms.out = 0; - parms.out_size = 0; - k_pioctl(0, VIOCSETTOK, &parms, 0); - } - return k_errno; -} - int -k_afsklog(const char *cell, const char *krealm) +krb_realm_of_cell(const char *cell, char **realm) { - return k_afsklog_uid (cell, krealm, getuid()); + kafs_data kd; + + kd.get_realm = get_realm; + return _kafs_realm_of_cell(&kd, cell, realm); } Index: stable/3/crypto/kerberosIV/lib/kafs/afslib.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kafs/afslib.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kafs/afslib.c (revision 62578) @@ -1,60 +1,55 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * This file is only used with AIX */ #include "kafs_locl.h" -RCSID("$Id: afslib.c,v 1.5 1997/04/20 13:21:15 joda Exp $"); +RCSID("$Id: afslib.c,v 1.6 1999/12/02 16:58:40 joda Exp $"); int aix_pioctl(char *a_path, int o_opcode, struct ViceIoctl *a_paramsP, int a_followSymlinks) { return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); } int aix_setpag(void) { return lsetpag(); } Index: stable/3/crypto/kerberosIV/lib/kafs/afssys.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kafs/afssys.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kafs/afssys.c (revision 62578) @@ -1,293 +1,395 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kafs_locl.h" -RCSID("$Id: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $"); +RCSID("$Id: afssys.c,v 1.65 1999/12/02 16:58:40 joda Exp $"); +int _kafs_debug; /* this should be done in a better way */ + +#define NO_ENTRY_POINT 0 +#define SINGLE_ENTRY_POINT 1 +#define MULTIPLE_ENTRY_POINT 2 +#define SINGLE_ENTRY_POINT2 3 +#define SINGLE_ENTRY_POINT3 4 +#define AIX_ENTRY_POINTS 5 +#define UNKNOWN_ENTRY_POINT 6 +static int afs_entry_point = UNKNOWN_ENTRY_POINT; +static int afs_syscalls[2]; + /* Magic to get AIX syscalls to work */ #ifdef _AIX -static int (*Pioctl)(char*, int, void*, int); +static int (*Pioctl)(char*, int, struct ViceIoctl*, int); static int (*Setpag)(void); #include "dlfcn.h" -static int -isSuid() -{ - int uid = getuid(); - int gid = getgid(); - int euid = getegid(); - int egid = getegid(); - return (uid != euid) || (gid != egid); -} +/* + * + */ static int -aix_setup(void) +try_aix(void) { #ifdef STATIC_AFS_SYSCALLS Pioctl = aix_pioctl; Setpag = aix_setpag; #else void *ptr; char path[MaxPathLen], *p; /* * If we are root or running setuid don't trust AFSLIBPATH! */ - if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL) - strcpy(path, p); + if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL) + strlcpy(path, p, sizeof(path)); else snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR); - ptr = dlopen(path, 0); - if(ptr){ - Setpag = (int (*)(void))dlsym(ptr, "aix_setpag"); - Pioctl = (int (*)(char*, int, void*, int))dlsym(ptr, "aix_pioctl"); + ptr = dlopen(path, RTLD_NOW); + if(ptr == NULL) { + if(_kafs_debug) { + if(errno == ENOEXEC && (p = dlerror()) != NULL) + fprintf(stderr, "dlopen(%s): %s\n", path, p); + else if (errno != ENOENT) + fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno)); + } + return 1; } + Setpag = (int (*)(void))dlsym(ptr, "aix_setpag"); + Pioctl = (int (*)(char*, int, + struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl"); #endif + afs_entry_point = AIX_ENTRY_POINTS; + return 0; } #endif /* _AIX */ -#define NO_ENTRY_POINT 0 -#define SINGLE_ENTRY_POINT 1 -#define MULTIPLE_ENTRY_POINT 2 -#define SINGLE_ENTRY_POINT2 3 -#define SINGLE_ENTRY_POINT3 4 -#define AIX_ENTRY_POINTS 5 -#define UNKNOWN_ENTRY_POINT 6 -static int afs_entry_point = UNKNOWN_ENTRY_POINT; -static int afs_syscalls[2]; +/* + * This probably only works under Solaris and could get confused if + * there's a /etc/name_to_sysnum file. + */ +#define _PATH_ETC_NAME_TO_SYSNUM "/etc/name_to_sysnum" +static int +map_syscall_name_to_number (const char *str, int *res) +{ + FILE *f; + char buf[256]; + size_t str_len = strlen (str); + + f = fopen (_PATH_ETC_NAME_TO_SYSNUM, "r"); + if (f == NULL) + return -1; + while (fgets (buf, sizeof(buf), f) != NULL) { + if (strncmp (str, buf, str_len) == 0) { + char *begptr = buf + str_len; + char *endptr; + long val = strtol (begptr, &endptr, 0); + + if (val != 0 && endptr != begptr) { + fclose (f); + *res = val; + return 0; + } + } + } + fclose (f); + return -1; +} + int k_pioctl(char *a_path, int o_opcode, struct ViceIoctl *a_paramsP, int a_followSymlinks) { #ifndef NO_AFS switch(afs_entry_point){ #if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) case SINGLE_ENTRY_POINT: case SINGLE_ENTRY_POINT2: case SINGLE_ENTRY_POINT3: return syscall(afs_syscalls[0], AFSCALL_PIOCTL, a_path, o_opcode, a_paramsP, a_followSymlinks); #endif #if defined(AFS_PIOCTL) case MULTIPLE_ENTRY_POINT: return syscall(afs_syscalls[0], a_path, o_opcode, a_paramsP, a_followSymlinks); #endif #ifdef _AIX case AIX_ENTRY_POINTS: return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); #endif } errno = ENOSYS; #ifdef SIGSYS kill(getpid(), SIGSYS); /* You loose! */ #endif #endif /* NO_AFS */ return -1; } int k_afs_cell_of_file(const char *path, char *cell, int len) { struct ViceIoctl parms; parms.in = NULL; parms.in_size = 0; parms.out = cell; parms.out_size = len; return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1); } int k_unlog(void) { struct ViceIoctl parms; memset(&parms, 0, sizeof(parms)); return k_pioctl(0, VIOCUNLOG, &parms, 0); } int k_setpag(void) { #ifndef NO_AFS switch(afs_entry_point){ #if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) case SINGLE_ENTRY_POINT: case SINGLE_ENTRY_POINT2: case SINGLE_ENTRY_POINT3: return syscall(afs_syscalls[0], AFSCALL_SETPAG); #endif #if defined(AFS_PIOCTL) case MULTIPLE_ENTRY_POINT: return syscall(afs_syscalls[1]); #endif #ifdef _AIX case AIX_ENTRY_POINTS: return Setpag(); #endif } errno = ENOSYS; #ifdef SIGSYS kill(getpid(), SIGSYS); /* You loose! */ #endif #endif /* NO_AFS */ return -1; } static jmp_buf catch_SIGSYS; #ifdef SIGSYS static RETSIGTYPE SIGSYS_handler(int sig) { errno = 0; signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */ longjmp(catch_SIGSYS, 1); } #endif +/* + * Try to see if `syscall' is a pioctl. Return 0 iff succesful. + */ + +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) +static int +try_one (int syscall_num) +{ + struct ViceIoctl parms; + memset(&parms, 0, sizeof(parms)); + + if (setjmp(catch_SIGSYS) == 0) { + syscall(syscall_num, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) { + afs_entry_point = SINGLE_ENTRY_POINT; + afs_syscalls[0] = syscall_num; + return 0; + } + } + return 1; +} +#endif + +/* + * Try to see if `syscall_pioctl' is a pioctl syscall. Return 0 iff + * succesful. + * + */ + +#ifdef AFS_PIOCTL +static int +try_two (int syscall_pioctl, int syscall_setpag) +{ + struct ViceIoctl parms; + memset(&parms, 0, sizeof(parms)); + + if (setjmp(catch_SIGSYS) == 0) { + syscall(syscall_pioctl, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) { + afs_entry_point = MULTIPLE_ENTRY_POINT; + afs_syscalls[0] = syscall_pioctl; + afs_syscalls[1] = syscall_setpag; + return 0; + } + } + return 1; +} +#endif + int k_hasafs(void) { - int saved_errno; +#if !defined(NO_AFS) && defined(SIGSYS) RETSIGTYPE (*saved_func)(); - struct ViceIoctl parms; +#endif + int saved_errno; + char *env = getenv ("AFS_SYSCALL"); /* * Already checked presence of AFS syscalls? */ if (afs_entry_point != UNKNOWN_ENTRY_POINT) return afs_entry_point != NO_ENTRY_POINT; /* * Probe kernel for AFS specific syscalls, * they (currently) come in two flavors. * If the syscall is absent we recive a SIGSYS. */ afs_entry_point = NO_ENTRY_POINT; - memset(&parms, 0, sizeof(parms)); saved_errno = errno; #ifndef NO_AFS #ifdef SIGSYS saved_func = signal(SIGSYS, SIGSYS_handler); #endif -#ifdef AFS_SYSCALL - if (setjmp(catch_SIGSYS) == 0) - { - syscall(AFS_SYSCALL, AFSCALL_PIOCTL, - 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - if (errno == EINVAL) +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) { - afs_entry_point = SINGLE_ENTRY_POINT; - afs_syscalls[0] = AFS_SYSCALL; + int tmp; + + if (env != NULL) { + if (sscanf (env, "%d", &tmp) == 1) { + if (try_one (tmp) == 0) goto done; + } else { + char *end = NULL; + char *p; + char *s = strdup (env); + + if (s != NULL) { + for (p = strtok_r (s, ",", &end); + p != NULL; + p = strtok_r (NULL, ",", &end)) { + if (map_syscall_name_to_number (p, &tmp) == 0) + if (try_one (tmp) == 0) { + free (s); + goto done; } } + free (s); + } + } + } + } +#endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */ + +#ifdef AFS_SYSCALL + if (try_one (AFS_SYSCALL) == 0) + goto done; #endif /* AFS_SYSCALL */ #ifdef AFS_PIOCTL - if (setjmp(catch_SIGSYS) == 0) { - syscall(AFS_PIOCTL, - 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - if (errno == EINVAL) - { - afs_entry_point = MULTIPLE_ENTRY_POINT; - afs_syscalls[0] = AFS_PIOCTL; - afs_syscalls[1] = AFS_SETPAG; + int tmp[2]; + + if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2) + if (try_two (tmp[0], tmp[1]) == 2) goto done; } - } #endif /* AFS_PIOCTL */ +#ifdef AFS_PIOCTL + if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0) + goto done; +#endif /* AFS_PIOCTL */ + #ifdef AFS_SYSCALL2 - if (setjmp(catch_SIGSYS) == 0) - { - syscall(AFS_SYSCALL2, AFSCALL_PIOCTL, - 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - if (errno == EINVAL) - { - afs_entry_point = SINGLE_ENTRY_POINT2; - afs_syscalls[0] = AFS_SYSCALL2; + if (try_one (AFS_SYSCALL2) == 0) goto done; - } - } -#endif /* AFS_SYSCALL */ +#endif /* AFS_SYSCALL2 */ #ifdef AFS_SYSCALL3 - if (setjmp(catch_SIGSYS) == 0) - { - syscall(AFS_SYSCALL3, AFSCALL_PIOCTL, - 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - if (errno == EINVAL) - { - afs_entry_point = SINGLE_ENTRY_POINT3; - afs_syscalls[0] = AFS_SYSCALL3; + if (try_one (AFS_SYSCALL3) == 0) goto done; - } - } -#endif /* AFS_SYSCALL */ +#endif /* AFS_SYSCALL3 */ #ifdef _AIX - aix_setup(); - if(Pioctl != NULL && Setpag != NULL){ - afs_entry_point = AIX_ENTRY_POINTS; +#if 0 + if (env != NULL) { + char *pos = NULL; + char *pioctl_name; + char *setpag_name; + + pioctl_name = strtok_r (env, ", \t", &pos); + if (pioctl_name != NULL) { + setpag_name = strtok_r (NULL, ", \t", &pos); + if (setpag_name != NULL) + if (try_aix (pioctl_name, setpag_name) == 0) goto done; } + } +#endif + + if(try_aix() == 0) + goto done; #endif done: #ifdef SIGSYS signal(SIGSYS, saved_func); #endif #endif /* NO_AFS */ errno = saved_errno; return afs_entry_point != NO_ENTRY_POINT; } Index: stable/3/crypto/kerberosIV/lib/kafs/afssysdefs.h =================================================================== --- stable/3/crypto/kerberosIV/lib/kafs/afssysdefs.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kafs/afssysdefs.h (revision 62578) @@ -1,87 +1,87 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: afssysdefs.h,v 1.15 1997/04/01 08:18:12 joda Exp $ */ +/* $Id: afssysdefs.h,v 1.21 1999/12/02 16:58:40 joda Exp $ */ /* * This section is for machines using single entry point AFS syscalls! * and/or * This section is for machines using multiple entry point AFS syscalls! * * SunOS 4 is an example of single entry point and sgi of multiple * entry point syscalls. */ -#if SunOS == 4 +#if SunOS == 40 #define AFS_SYSCALL 31 #endif -#if SunOS == 5 +#if SunOS >= 50 && SunOS < 57 #define AFS_SYSCALL 105 #endif +#if SunOS == 57 +#define AFS_SYSCALL 73 +#endif + #if defined(__hpux) #define AFS_SYSCALL 50 #define AFS_SYSCALL2 49 +#define AFS_SYSCALL3 48 #endif #if defined(_AIX) /* _AIX is too weird */ #endif #if defined(__sgi) #define AFS_PIOCTL (64+1000) #define AFS_SETPAG (65+1000) #endif #if defined(__osf__) #define AFS_SYSCALL 232 #define AFS_SYSCALL2 258 #endif #if defined(__ultrix) #define AFS_SYSCALL 31 #endif -#if defined(__NetBSD__) +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) #define AFS_SYSCALL 210 #endif #ifdef SYS_afs_syscall #define AFS_SYSCALL3 SYS_afs_syscall #endif Index: stable/3/crypto/kerberosIV/lib/kafs/dlfcn.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kafs/dlfcn.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kafs/dlfcn.c (revision 62578) @@ -1,570 +1,581 @@ /* * @(#)dlfcn.c 1.11 revision of 96/04/10 20:12:51 * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH * 30159 Hannover, Germany */ /* * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton * to support g++ and/or use with Octave. */ /* * This makes my life easier with Octave. --jwe */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include #include #include #include "dlfcn.h" /* * We simulate dlopen() et al. through a call to load. Because AIX has * no call to find an exported symbol we read the loader section of the * loaded module and build a list of exported symbols and their virtual * address. */ typedef struct { char *name; /* the symbols's name */ void *addr; /* its relocated virtual address */ } Export, *ExportPtr; /* * xlC uses the following structure to list its constructors and * destructors. This is gleaned from the output of munch. */ typedef struct { void (*init)(void); /* call static constructors */ void (*term)(void); /* call static destructors */ } Cdtor, *CdtorPtr; typedef void (*GccCDtorPtr)(void); /* * The void * handle returned from dlopen is actually a ModulePtr. */ typedef struct Module { struct Module *next; char *name; /* module name for refcounting */ int refCnt; /* the number of references */ void *entry; /* entry point from load */ struct dl_info *info; /* optional init/terminate functions */ CdtorPtr cdtors; /* optional C++ constructors */ GccCDtorPtr gcc_ctor; /* g++ constructors --jwe */ GccCDtorPtr gcc_dtor; /* g++ destructors --jwe */ int nExports; /* the number of exports found */ ExportPtr exports; /* the array of exports */ } Module, *ModulePtr; /* * We keep a list of all loaded modules to be able to call the fini * handlers and destructors at atexit() time. */ static ModulePtr modList; /* * The last error from one of the dl* routines is kept in static * variables here. Each error is returned only once to the caller. */ static char errbuf[BUFSIZ]; static int errvalid; /* * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for * strdup(). --jwe */ #ifndef HAVE_STRDUP extern char *strdup(const char *); #endif static void caterr(char *); static int readExports(ModulePtr); static void terminate(void); static void *findMain(void); void *dlopen(const char *path, int mode) { ModulePtr mp; static void *mainModule; /* * Upon the first call register a terminate handler that will * close all libraries. Also get a reference to the main module * for use with loadbind. */ if (!mainModule) { if ((mainModule = findMain()) == NULL) return NULL; atexit(terminate); } /* * Scan the list of modules if we have the module already loaded. */ for (mp = modList; mp; mp = mp->next) if (strcmp(mp->name, path) == 0) { mp->refCnt++; return mp; } if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) { errvalid++; - strcpy(errbuf, "calloc: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, "calloc: %s", strerror(errno)); return NULL; } if ((mp->name = strdup(path)) == NULL) { errvalid++; - strcpy(errbuf, "strdup: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, "strdup: %s", strerror(errno)); free(mp); return NULL; } /* * load should be declared load(const char *...). Thus we * cast the path to a normal char *. Ugly. */ if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) { free(mp->name); free(mp); errvalid++; - strcpy(errbuf, "dlopen: "); - strcat(errbuf, path); - strcat(errbuf, ": "); + snprintf (errbuf, sizeof(errbuf), + "dlopen: %s: ", path); /* * If AIX says the file is not executable, the error * can be further described by querying the loader about * the last error. */ if (errno == ENOEXEC) { char *tmp[BUFSIZ/sizeof(char *)]; if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1) - strcpy(errbuf, strerror(errno)); + strlcpy(errbuf, + strerror(errno), + sizeof(errbuf)); else { char **p; for (p = tmp; *p; p++) caterr(*p); } } else - strcat(errbuf, strerror(errno)); + strlcat(errbuf, + strerror(errno), + sizeof(errbuf)); return NULL; } mp->refCnt = 1; mp->next = modList; modList = mp; if (loadbind(0, mainModule, mp->entry) == -1) { dlclose(mp); errvalid++; - strcpy(errbuf, "loadbind: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "loadbind: %s", strerror(errno)); return NULL; } /* * If the user wants global binding, loadbind against all other * loaded modules. */ if (mode & RTLD_GLOBAL) { ModulePtr mp1; for (mp1 = mp->next; mp1; mp1 = mp1->next) if (loadbind(0, mp1->entry, mp->entry) == -1) { dlclose(mp); errvalid++; - strcpy(errbuf, "loadbind: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "loadbind: %s", + strerror(errno)); return NULL; } } if (readExports(mp) == -1) { dlclose(mp); return NULL; } /* * If there is a dl_info structure, call the init function. */ if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) { if (mp->info->init) (*mp->info->init)(); } else errvalid = 0; /* * If the shared object was compiled using xlC we will need * to call static constructors (and later on dlclose destructors). */ if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) { CdtorPtr cp = mp->cdtors; while (cp->init || cp->term) { if (cp->init && cp->init != (void (*)(void))0xffffffff) (*cp->init)(); cp++; } /* * If the shared object was compiled using g++, we will need * to call global constructors using the _GLOBAL__DI function, * and later, global destructors using the _GLOBAL_DD * funciton. --jwe */ } else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) { (*mp->gcc_ctor)(); mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD"); } else errvalid = 0; return mp; } /* * Attempt to decipher an AIX loader error message and append it * to our static error message buffer. */ static void caterr(char *s) { char *p = s; while (*p >= '0' && *p <= '9') p++; switch(atoi(s)) { case L_ERROR_TOOMANY: - strcat(errbuf, "to many errors"); + strlcat(errbuf, "to many errors", sizeof(errbuf)); break; case L_ERROR_NOLIB: - strcat(errbuf, "can't load library"); - strcat(errbuf, p); + strlcat(errbuf, "can't load library", sizeof(errbuf)); + strlcat(errbuf, p, sizeof(errbuf)); break; case L_ERROR_UNDEF: - strcat(errbuf, "can't find symbol"); - strcat(errbuf, p); + strlcat(errbuf, "can't find symbol", sizeof(errbuf)); + strlcat(errbuf, p, sizeof(errbuf)); break; case L_ERROR_RLDBAD: - strcat(errbuf, "bad RLD"); - strcat(errbuf, p); + strlcat(errbuf, "bad RLD", sizeof(errbuf)); + strlcat(errbuf, p, sizeof(errbuf)); break; case L_ERROR_FORMAT: - strcat(errbuf, "bad exec format in"); - strcat(errbuf, p); + strlcat(errbuf, "bad exec format in", sizeof(errbuf)); + strlcat(errbuf, p, sizeof(errbuf)); break; case L_ERROR_ERRNO: - strcat(errbuf, strerror(atoi(++p))); + strlcat(errbuf, strerror(atoi(++p)), sizeof(errbuf)); break; default: - strcat(errbuf, s); + strlcat(errbuf, s, sizeof(errbuf)); break; } } void *dlsym(void *handle, const char *symbol) { ModulePtr mp = (ModulePtr)handle; ExportPtr ep; int i; /* * Could speed up the search, but I assume that one assigns * the result to function pointers anyways. */ for (ep = mp->exports, i = mp->nExports; i; i--, ep++) if (strcmp(ep->name, symbol) == 0) return ep->addr; errvalid++; - strcpy(errbuf, "dlsym: undefined symbol "); - strcat(errbuf, symbol); + snprintf (errbuf, sizeof(errbuf), + "dlsym: undefined symbol %s", symbol); return NULL; } char *dlerror(void) { if (errvalid) { errvalid = 0; return errbuf; } return NULL; } int dlclose(void *handle) { ModulePtr mp = (ModulePtr)handle; int result; ModulePtr mp1; if (--mp->refCnt > 0) return 0; if (mp->info && mp->info->fini) (*mp->info->fini)(); if (mp->cdtors) { CdtorPtr cp = mp->cdtors; while (cp->init || cp->term) { if (cp->term && cp->init != (void (*)(void))0xffffffff) (*cp->term)(); cp++; } /* * If the function to handle global destructors for g++ * exists, call it. --jwe */ } else if (mp->gcc_dtor) { (*mp->gcc_dtor)(); } result = unload(mp->entry); if (result == -1) { errvalid++; - strcpy(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "%s", strerror(errno)); } if (mp->exports) { ExportPtr ep; int i; for (ep = mp->exports, i = mp->nExports; i; i--, ep++) if (ep->name) free(ep->name); free(mp->exports); } if (mp == modList) modList = mp->next; else { for (mp1 = modList; mp1; mp1 = mp1->next) if (mp1->next == mp) { mp1->next = mp->next; break; } } free(mp->name); free(mp); return result; } static void terminate(void) { while (modList) dlclose(modList); } /* * Build the export table from the XCOFF .loader section. */ static int readExports(ModulePtr mp) { LDFILE *ldp = NULL; SCNHDR sh, shdata; LDHDR *lhp; char *ldbuf; LDSYM *ls; int i; ExportPtr ep; if ((ldp = ldopen(mp->name, ldp)) == NULL) { struct ld_info *lp; char *buf; int size = 4*1024; if (errno != ENOENT) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf(errbuf, sizeof(errbuf), + "readExports: %s", + strerror(errno)); return -1; } /* * The module might be loaded due to the LIBPATH * environment variable. Search for the loaded * module using L_GETINFO. */ if ((buf = malloc(size)) == NULL) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf(errbuf, sizeof(errbuf), + "readExports: %s", + strerror(errno)); return -1; } while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { free(buf); size += 4*1024; if ((buf = malloc(size)) == NULL) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf(errbuf, sizeof(errbuf), + "readExports: %s", + strerror(errno)); return -1; } } if (i == -1) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf(errbuf, sizeof(errbuf), + "readExports: %s", + strerror(errno)); free(buf); return -1; } /* * Traverse the list of loaded modules. The entry point * returned by load() does actually point to the data * segment origin. */ lp = (struct ld_info *)buf; while (lp) { if (lp->ldinfo_dataorg == mp->entry) { ldp = ldopen(lp->ldinfo_filename, ldp); break; } if (lp->ldinfo_next == 0) lp = NULL; else lp = (struct ld_info *)((char *)lp + lp->ldinfo_next); } free(buf); if (!ldp) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "readExports: %s", strerror(errno)); return -1; } } if (TYPE(ldp) != U802TOCMAGIC) { errvalid++; - strcpy(errbuf, "readExports: bad magic"); + snprintf(errbuf, sizeof(errbuf), "readExports: bad magic"); while(ldclose(ldp) == FAILURE) ; return -1; } /* * Get the padding for the data section. This is needed for * AIX 4.1 compilers. This is used when building the final * function pointer to the exported symbol. */ if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) { errvalid++; - strcpy(errbuf, "readExports: cannot read data section header"); + snprintf(errbuf, sizeof(errbuf), + "readExports: cannot read data section header"); while(ldclose(ldp) == FAILURE) ; return -1; } if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) { errvalid++; - strcpy(errbuf, "readExports: cannot read loader section header"); + snprintf(errbuf, sizeof(errbuf), + "readExports: cannot read loader section header"); while(ldclose(ldp) == FAILURE) ; return -1; } /* * We read the complete loader section in one chunk, this makes * finding long symbol names residing in the string table easier. */ if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "readExports: %s", strerror(errno)); while(ldclose(ldp) == FAILURE) ; return -1; } if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) { errvalid++; - strcpy(errbuf, "readExports: cannot seek to loader section"); + snprintf(errbuf, sizeof(errbuf), + "readExports: cannot seek to loader section"); free(ldbuf); while(ldclose(ldp) == FAILURE) ; return -1; } if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) { errvalid++; - strcpy(errbuf, "readExports: cannot read loader section"); + snprintf(errbuf, sizeof(errbuf), + "readExports: cannot read loader section"); free(ldbuf); while(ldclose(ldp) == FAILURE) ; return -1; } lhp = (LDHDR *)ldbuf; ls = (LDSYM *)(ldbuf+LDHDRSZ); /* * Count the number of exports to include in our export table. */ for (i = lhp->l_nsyms; i; i--, ls++) { if (!LDR_EXPORT(*ls)) continue; mp->nExports++; } if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "readExports: %s", strerror(errno)); free(ldbuf); while(ldclose(ldp) == FAILURE) ; return -1; } /* * Fill in the export table. All entries are relative to * the entry point we got from load. */ ep = mp->exports; ls = (LDSYM *)(ldbuf+LDHDRSZ); for (i = lhp->l_nsyms; i; i--, ls++) { char *symname; char tmpsym[SYMNMLEN+1]; if (!LDR_EXPORT(*ls)) continue; if (ls->l_zeroes == 0) symname = ls->l_offset+lhp->l_stoff+ldbuf; else { /* * The l_name member is not zero terminated, we * must copy the first SYMNMLEN chars and make * sure we have a zero byte at the end. */ - strncpy(tmpsym, ls->l_name, SYMNMLEN); - tmpsym[SYMNMLEN] = '\0'; + strlcpy (tmpsym, ls->l_name, + SYMNMLEN + 1); symname = tmpsym; } ep->name = strdup(symname); ep->addr = (void *)((unsigned long)mp->entry + ls->l_value - shdata.s_vaddr); ep++; } free(ldbuf); while(ldclose(ldp) == FAILURE) ; return 0; } /* * Find the main modules entry point. This is used as export pointer * for loadbind() to be able to resolve references to the main part. */ static void * findMain(void) { struct ld_info *lp; char *buf; int size = 4*1024; int i; void *ret; if ((buf = malloc(size)) == NULL) { errvalid++; - strcpy(errbuf, "findMain: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "findMail: %s", strerror(errno)); return NULL; } while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { free(buf); size += 4*1024; if ((buf = malloc(size)) == NULL) { errvalid++; - strcpy(errbuf, "findMain: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "findMail: %s", strerror(errno)); return NULL; } } if (i == -1) { errvalid++; - strcpy(errbuf, "findMain: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "findMail: %s", strerror(errno)); free(buf); return NULL; } /* * The first entry is the main module. The entry point * returned by load() does actually point to the data * segment origin. */ lp = (struct ld_info *)buf; ret = lp->ldinfo_dataorg; free(buf); return ret; } Index: stable/3/crypto/kerberosIV/lib/kafs/kafs.h =================================================================== --- stable/3/crypto/kerberosIV/lib/kafs/kafs.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kafs/kafs.h (revision 62578) @@ -1,100 +1,191 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id$ */ +/* $Id: kafs.h,v 1.32 1999/12/02 16:58:40 joda Exp $ */ #ifndef __KAFS_H #define __KAFS_H -#include -#include +/* XXX must include krb5.h or krb.h */ + /* sys/ioctl.h must be included manually before kafs.h */ /* */ #define AFSCALL_PIOCTL 20 #define AFSCALL_SETPAG 21 #ifndef _VICEIOCTL #define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) #endif /* _VICEIOCTL */ +#define VIOCSETAL _VICEIOCTL(1) +#define VIOCGETAL _VICEIOCTL(2) #define VIOCSETTOK _VICEIOCTL(3) +#define VIOCGETVOLSTAT _VICEIOCTL(4) +#define VIOCSETVOLSTAT _VICEIOCTL(5) +#define VIOCFLUSH _VICEIOCTL(6) #define VIOCGETTOK _VICEIOCTL(8) #define VIOCUNLOG _VICEIOCTL(9) +#define VIOCCKSERV _VICEIOCTL(10) +#define VIOCCKBACK _VICEIOCTL(11) +#define VIOCCKCONN _VICEIOCTL(12) +#define VIOCWHEREIS _VICEIOCTL(14) +#define VIOCACCESS _VICEIOCTL(20) +#define VIOCUNPAG _VICEIOCTL(21) +#define VIOCGETFID _VICEIOCTL(22) +#define VIOCSETCACHESIZE _VICEIOCTL(24) +#define VIOCFLUSHCB _VICEIOCTL(25) +#define VIOCNEWCELL _VICEIOCTL(26) +#define VIOCGETCELL _VICEIOCTL(27) +#define VIOC_AFS_DELETE_MT_PT _VICEIOCTL(28) +#define VIOC_AFS_STAT_MT_PT _VICEIOCTL(29) #define VIOC_FILE_CELL_NAME _VICEIOCTL(30) +#define VIOC_GET_WS_CELL _VICEIOCTL(31) +#define VIOC_AFS_MARINER_HOST _VICEIOCTL(32) +#define VIOC_GET_PRIMARY_CELL _VICEIOCTL(33) +#define VIOC_VENUSLOG _VICEIOCTL(34) +#define VIOC_GETCELLSTATUS _VICEIOCTL(35) +#define VIOC_SETCELLSTATUS _VICEIOCTL(36) +#define VIOC_FLUSHVOLUME _VICEIOCTL(37) +#define VIOC_AFS_SYSNAME _VICEIOCTL(38) +#define VIOC_EXPORTAFS _VICEIOCTL(39) +#define VIOCGETCACHEPARAMS _VICEIOCTL(40) +#define VIOC_GCPAGS _VICEIOCTL(48) struct ViceIoctl { caddr_t in, out; short in_size; short out_size; }; struct ClearToken { int32_t AuthHandle; char HandShakeKey[8]; int32_t ViceId; int32_t BeginTimestamp; int32_t EndTimestamp; }; +#ifdef __STDC__ #ifndef __P #define __P(x) x #endif +#else +#ifndef __P +#define __P(x) () +#endif +#endif /* Use k_hasafs() to probe if the machine supports AFS syscalls. The other functions will generate a SIGSYS if AFS is not supported */ int k_hasafs __P((void)); -int k_afsklog __P((const char *cell, const char *realm)); -int k_afsklog_uid __P((const char *cell, const char *realm, uid_t uid)); +int krb_afslog __P((const char *cell, const char *realm)); +int krb_afslog_uid __P((const char *cell, const char *realm, uid_t uid)); +int krb_afslog_home __P((const char *cell, const char *realm, + const char *homedir)); +int krb_afslog_uid_home __P((const char *cell, const char *realm, uid_t uid, + const char *homedir)); + +int krb_realm_of_cell __P((const char *cell, char **realm)); + +/* compat */ +#define k_afsklog krb_afslog +#define k_afsklog_uid krb_afslog_uid + int k_pioctl __P((char *a_path, int o_opcode, struct ViceIoctl *a_paramsP, int a_followSymlinks)); int k_unlog __P((void)); int k_setpag __P((void)); int k_afs_cell_of_file __P((const char *path, char *cell, int len)); + + +/* XXX */ +#ifdef KFAILURE +#define KRB_H_INCLUDED +#endif + +#ifdef KRB5_RECVAUTH_IGNORE_VERSION +#define KRB5_H_INCLUDED +#endif + +#ifdef KRB_H_INCLUDED +int kafs_settoken __P((const char*, uid_t, CREDENTIALS*)); +#endif + +#ifdef KRB5_H_INCLUDED +krb5_error_code krb5_afslog_uid __P((krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + uid_t uid)); +krb5_error_code krb5_afslog __P((krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm)); +krb5_error_code krb5_afslog_uid_home __P((krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + uid_t uid, + const char *homedir)); + +krb5_error_code krb5_afslog_home __P((krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + const char *homedir)); + +krb5_error_code krb5_realm_of_cell __P((const char *cell, char **realm)); + +#endif + + #define _PATH_VICE "/usr/vice/etc/" #define _PATH_THISCELL _PATH_VICE "ThisCell" #define _PATH_CELLSERVDB _PATH_VICE "CellServDB" #define _PATH_THESECELLS _PATH_VICE "TheseCells" + +#define _PATH_ARLA_VICE "/usr/arla/etc/" +#define _PATH_ARLA_THISCELL _PATH_ARLA_VICE "ThisCell" +#define _PATH_ARLA_CELLSERVDB _PATH_ARLA_VICE "CellServDB" +#define _PATH_ARLA_THESECELLS _PATH_ARLA_VICE "TheseCells" + +extern int _kafs_debug; #endif /* __KAFS_H */ Index: stable/3/crypto/kerberosIV/lib/kafs/kafs_locl.h =================================================================== --- stable/3/crypto/kerberosIV/lib/kafs/kafs_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kafs/kafs_locl.h (revision 62578) @@ -1,96 +1,135 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: kafs_locl.h,v 1.3 1997/05/04 23:04:44 assar Exp $ */ +/* $Id: kafs_locl.h,v 1.15 1999/12/02 16:58:40 joda Exp $ */ #ifndef __KAFS_LOCL_H__ #define __KAFS_LOCL_H__ +#ifdef HAVE_CONFIG_H #include -#include +#endif #include #include #include #include #include #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_UNISTD_H #include #endif -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include #endif #ifdef HAVE_SYS_FILIO_H #include #endif #ifdef HAVE_SYS_SYSCALL_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif + #ifdef HAVE_NETDB_H #include #endif #ifdef HAVE_ARPA_NAMESER_H #include #endif #ifdef HAVE_RESOLV_H #include #endif #include +#ifdef KRB5 +#include +#endif +#ifdef KRB4 #include +#endif #include #include #include "afssysdefs.h" +struct kafs_data; +typedef int (*afslog_uid_func_t)(struct kafs_data *, + const char *cell, + const char *realm_hint, + uid_t, + const char *homedir); + +typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, + const char*, CREDENTIALS*); + +typedef char* (*get_realm_func_t)(struct kafs_data*, const char*); + +typedef struct kafs_data { + afslog_uid_func_t afslog_uid; + get_cred_func_t get_cred; + get_realm_func_t get_realm; + void *data; +} kafs_data; + +int _kafs_afslog_all_local_cells(kafs_data*, uid_t, const char*); + +int _kafs_get_cred(kafs_data*, const char*, const char*, const char *, + CREDENTIALS*); + +int +_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm); + +#ifdef _AIX +int aix_pioctl(char*, int, struct ViceIoctl*, int); +int aix_setpag(void); +#endif #endif /* __KAFS_LOCL_H__ */ Index: stable/3/crypto/kerberosIV/lib/kdb/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/lib/kdb/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kdb/Makefile.in (revision 62578) @@ -1,83 +1,94 @@ # -# $Id: Makefile.in,v 1.25 1997/05/06 03:47:39 assar Exp $ +# $Id: Makefile.in,v 1.40 1999/03/10 19:01:15 joda Exp $ # SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ -DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +LN_S = @LN_S@ +DEFS = @DEFS@ -DROKEN_RENAME +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ PICFLAGS = @PICFLAGS@ +LIB_DBM = @LIB_DBM@ +LIB_DEPS = @lib_deps_yes@ $(LIB_DBM) -lc +build_symlink_command = @build_symlink_command@ +install_symlink_command = @install_symlink_command@ + LIBNAME = $(LIBPREFIX)kdb LIBEXT = @LIBEXT@ SHLIBEXT = @SHLIBEXT@ LIBPREFIX = @LIBPREFIX@ LDSHARED = @LDSHARED@ LIB = $(LIBNAME).$(LIBEXT) -SOURCES = krb_cache.c krb_kdb_utils.c copykey.c krb_lib.c krb_dbm.c print_princ.c base64.c +SOURCES = krb_cache.c krb_kdb_utils.c copykey.c krb_lib.c \ + krb_dbm.c print_princ.c -OBJECTS = krb_cache.o krb_kdb_utils.o copykey.o krb_lib.o krb_dbm.o print_princ.o base64.o +OBJECTS = krb_cache.o krb_kdb_utils.o copykey.o krb_lib.o \ + krb_dbm.o print_princ.o all: $(LIB) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + $(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $< install: all - $(MKINSTALLDIRS) $(libdir) - $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) + @install_symlink_command@ uninstall: - rm -f $(libdir)/$(LIB) + rm -f $(DESTDIR)$(libdir)/$(LIB) TAGS: $(SOURCES) etags $(SOURCES) check: clean: - rm -f $(LIB) *.o *.a + rm -f $(LIB) *.o *.a *.so *.so.* so_locations mostlyclean: clean distclean: clean - rm -f Makefile *.tab.c *~ + rm -f Makefile *.tab.c *~ roken_rename.h realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - $(LIBNAME).a: $(OBJECTS) rm -f $@ $(AR) cr $@ $(OBJECTS) -$(RANLIB) $@ $(LIBNAME).$(SHLIBEXT): $(OBJECTS) rm -f $@ - $(LDSHARED) -o $@ $(OBJECTS) + $(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS) + @build_symlink_command@ -$(OBJECTS): ../../include/config.h +$(OBJECTS): ../../include/config.h roken_rename.h + +roken_rename.h: + $(LN_S) $(srcdir)/../krb/roken_rename.h . + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/lib/kdb/copykey.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kdb/copykey.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kdb/copykey.c (revision 62578) @@ -1,55 +1,50 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kdb_locl.h" -RCSID("$Id: copykey.c,v 1.10 1997/04/01 08:18:17 joda Exp $"); +RCSID("$Id: copykey.c,v 1.11 1999/12/02 16:58:40 joda Exp $"); void copy_from_key(des_cblock in, u_int32_t *lo, u_int32_t *hi) { memcpy(lo, ((char *) in) + 0, 4); memcpy(hi, ((char *) in) + 4, 4); } void copy_to_key(u_int32_t *lo, u_int32_t *hi, des_cblock out) { memcpy(((char *)out) + 0, lo, 4); memcpy(((char *)out) + 4, hi, 4); } Index: stable/3/crypto/kerberosIV/lib/kdb/kdb_locl.h =================================================================== --- stable/3/crypto/kerberosIV/lib/kdb/kdb_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kdb/kdb_locl.h (revision 62578) @@ -1,98 +1,93 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */ +/* $Id: kdb_locl.h,v 1.10 1999/12/02 16:58:40 joda Exp $ */ #ifndef __kdb_locl_h #define __kdb_locl_h #include "config.h" #include "protos.h" #include "base64.h" #include #include #include #include #include #include #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #include #include #include #include #include #include #include /* --- */ /* Globals! */ /* Utils */ int kerb_db_set_lockmode __P((int)); void kerb_db_fini __P((void)); int kerb_db_init __P((void)); int kerb_db_get_principal __P((char *name, char *, Principal *, unsigned int, int *)); int kerb_db_get_dba __P((char *, char *, Dba *, unsigned int, int *)); void delta_stat __P((DB_stat *, DB_stat *, DB_stat *)); int kerb_cache_init __P((void)); int kerb_cache_get_principal __P((char *name, char *, Principal *, unsigned int)); int kerb_cache_put_principal __P((Principal *, unsigned int)); int kerb_cache_get_dba __P((char *, char *, Dba *, unsigned int)); int kerb_cache_put_dba __P((Dba *, unsigned int)); void krb_print_principal __P((Principal *)); #endif /* __kdb_locl_h */ Index: stable/3/crypto/kerberosIV/lib/kdb/krb_cache.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kdb/krb_cache.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kdb/krb_cache.c (revision 62578) @@ -1,189 +1,183 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * This is where a cache would be implemented, if it were necessary. */ #include "kdb_locl.h" -RCSID("$Id: krb_cache.c,v 1.6 1997/05/02 10:27:53 joda Exp $"); +RCSID("$Id: krb_cache.c,v 1.7 1998/06/09 19:25:14 joda Exp $"); #ifdef DEBUG extern int debug; extern long kerb_debug; #endif static int init = 0; /* * initialization routine for cache */ int kerb_cache_init(void) { init = 1; return (0); } /* * look up a principal in the cache returns number of principals found */ int -kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned int max) - /* could have wild card */ - /* could have wild card */ - - /* max number of name structs to return */ - +kerb_cache_get_principal(char *serv, /* could have wild card */ + char *inst, /* could have wild card */ + Principal *principal, + unsigned int max) /* max number of name structs to return */ { int found = 0; if (!init) kerb_cache_init(); #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "cache_get_principal for %s %s max = %d\n", serv, inst, max); #endif /* DEBUG */ #ifdef DEBUG if (kerb_debug & 2) { if (found) { fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", serv, inst, principal->name, principal->instance); } else { fprintf(stderr, "cache %s %s not found\n", serv, inst); } } #endif return (found); } /* * insert/replace a principal in the cache returns number of principals * inserted */ int -kerb_cache_put_principal(Principal *principal, unsigned int max) - +kerb_cache_put_principal(Principal *principal, + unsigned int max) /* max number of principal structs to * insert */ - { u_long i; int count = 0; if (!init) kerb_cache_init(); #ifdef DEBUG if (kerb_debug & 2) { fprintf(stderr, "kerb_cache_put_principal max = %d", max); } #endif for (i = 0; i < max; i++) { #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "\n %s %s", principal->name, principal->instance); #endif /* DO IT */ count++; principal++; } return count; } /* * look up a dba in the cache returns number of dbas found */ int -kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max) - /* could have wild card */ - /* could have wild card */ - - /* max number of name structs to return */ - +kerb_cache_get_dba(char *serv, /* could have wild card */ + char *inst, /* could have wild card */ + Dba *dba, + unsigned int max) /* max number of name structs to return */ { int found = 0; if (!init) kerb_cache_init(); #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "cache_get_dba for %s %s max = %d\n", serv, inst, max); #endif #ifdef DEBUG if (kerb_debug & 2) { if (found) { fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", serv, inst, dba->name, dba->instance); } else { fprintf(stderr, "cache %s %s not found\n", serv, inst); } } #endif return (found); } /* * insert/replace a dba in the cache returns number of dbas inserted */ int -kerb_cache_put_dba(Dba *dba, unsigned int max) - +kerb_cache_put_dba(Dba *dba, + unsigned int max) /* max number of dba structs to insert */ - { u_long i; int count = 0; if (!init) kerb_cache_init(); #ifdef DEBUG if (kerb_debug & 2) { fprintf(stderr, "kerb_cache_put_dba max = %d", max); } #endif for (i = 0; i < max; i++) { #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "\n %s %s", dba->name, dba->instance); #endif /* DO IT */ count++; dba++; } return count; } Index: stable/3/crypto/kerberosIV/lib/kdb/krb_dbm.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kdb/krb_dbm.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kdb/krb_dbm.c (revision 62578) @@ -1,823 +1,768 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "kdb_locl.h" -RCSID("$Id: krb_dbm.c,v 1.27 1997/05/02 14:29:09 assar Exp $"); +RCSID("$Id: krb_dbm.c,v 1.37 1999/09/16 20:41:49 assar Exp $"); #include #define KERB_DB_MAX_RETRY 5 #ifdef DEBUG extern int debug; extern long kerb_debug; extern char *progname; #endif static int init = 0; static char default_db_name[] = DBM_FILE; static char *current_db_name = default_db_name; static struct timeval timestamp;/* current time of request */ static int non_blocking = 0; /* * This module contains all of the code which directly interfaces to * the underlying representation of the Kerberos database; this * implementation uses a DBM or NDBM indexed "file" (actually * implemented as two separate files) to store the relations, plus a * third file as a semaphore to allow the database to be replaced out * from underneath the KDC server. */ /* * Locking: * * There are two distinct locking protocols used. One is designed to * lock against processes (the admin_server, for one) which make * incremental changes to the database; the other is designed to lock * against utilities (kdb_util, kpropd) which replace the entire * database in one fell swoop. * * The first locking protocol is implemented using flock() in the * krb_dbl_lock() and krb_dbl_unlock routines. * * The second locking protocol is necessary because DBM "files" are * actually implemented as two separate files, and it is impossible to * atomically rename two files simultaneously. It assumes that the * database is replaced only very infrequently in comparison to the time * needed to do a database read operation. * * A third file is used as a "version" semaphore; the modification * time of this file is the "version number" of the database. * At the start of a read operation, the reader checks the version * number; at the end of the read operation, it checks again. If the * version number changed, or if the semaphore was nonexistant at * either time, the reader sleeps for a second to let things * stabilize, and then tries again; if it does not succeed after * KERB_DB_MAX_RETRY attempts, it gives up. * * On update, the semaphore file is deleted (if it exists) before any * update takes place; at the end of the update, it is replaced, with * a version number strictly greater than the version number which * existed at the start of the update. * * If the system crashes in the middle of an update, the semaphore * file is not automatically created on reboot; this is a feature, not * a bug, since the database may be inconsistant. Note that the * absence of a semaphore file does not prevent another _update_ from * taking place later. Database replacements take place automatically * only on slave servers; a crash in the middle of an update will be * fixed by the next slave propagation. A crash in the middle of an * update on the master would be somewhat more serious, but this would * likely be noticed by an administrator, who could fix the problem and * retry the operation. */ /* * Utility routine: generate name of database file. */ -static char *gen_dbsuffix (char *db_name, char *sfx); - static char * gen_dbsuffix(char *db_name, char *sfx) { char *dbsuffix; if (sfx == NULL) sfx = ".ok"; asprintf (&dbsuffix, "%s%s", db_name, sfx); + if (dbsuffix == NULL) { + fprintf (stderr, "gen_dbsuffix: out of memory\n"); + exit(1); + } return dbsuffix; } static void -decode_princ_key (datum *key, char *name, char *instance); - -static void decode_princ_key(datum *key, char *name, char *instance) { - strncpy(name, key->dptr, ANAME_SZ); - strncpy(instance, (char *)key->dptr + ANAME_SZ, INST_SZ); - name[ANAME_SZ - 1] = '\0'; - instance[INST_SZ - 1] = '\0'; + strlcpy (name, key->dptr, ANAME_SZ); + strlcpy (instance, (char *)key->dptr + ANAME_SZ, INST_SZ); } static void -encode_princ_contents (datum *contents, Principal *principal); - -static void encode_princ_contents(datum *contents, Principal *principal) { contents->dsize = sizeof(*principal); contents->dptr = (char *) principal; } static void decode_princ_contents (datum *contents, Principal *principal) { memcpy(principal, contents->dptr, sizeof(*principal)); } static void encode_princ_key (datum *key, char *name, char *instance) { static char keystring[ANAME_SZ + INST_SZ]; memset(keystring, 0, ANAME_SZ + INST_SZ); strncpy(keystring, name, ANAME_SZ); strncpy(&keystring[ANAME_SZ], instance, INST_SZ); key->dptr = keystring; key->dsize = ANAME_SZ + INST_SZ; } static int dblfd = -1; /* db LOCK fd */ static int mylock = 0; static int inited = 0; static int -kerb_dbl_init (void); - -static int -kerb_dbl_init() +kerb_dbl_init(void) { if (!inited) { char *filename = gen_dbsuffix (current_db_name, ".ok"); if ((dblfd = open(filename, O_RDWR)) < 0) { fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename); fflush(stderr); perror("open"); exit(1); } free(filename); inited++; } return (0); } static void -kerb_dbl_fini (void); - -static void -kerb_dbl_fini() +kerb_dbl_fini(void) { close(dblfd); dblfd = -1; inited = 0; mylock = 0; } static int -kerb_dbl_lock (int mode); - -static int kerb_dbl_lock(int mode) { int flock_mode; if (!inited) kerb_dbl_init(); if (mylock) { /* Detect lock call when lock already * locked */ fprintf(stderr, "Kerberos locking error (mylock)\n"); fflush(stderr); exit(1); } switch (mode) { case KERB_DBL_EXCLUSIVE: - flock_mode = K_LOCK_EX; + flock_mode = LOCK_EX; break; case KERB_DBL_SHARED: - flock_mode = K_LOCK_SH; + flock_mode = LOCK_SH; break; default: fprintf(stderr, "invalid lock mode %d\n", mode); abort(); } if (non_blocking) - flock_mode |= K_LOCK_NB; + flock_mode |= LOCK_NB; - if (k_flock(dblfd, flock_mode) < 0) + if (flock(dblfd, flock_mode) < 0) return errno; mylock++; return 0; } -static void kerb_dbl_unlock (void); - static void -kerb_dbl_unlock() +kerb_dbl_unlock(void) { if (!mylock) { /* lock already unlocked */ fprintf(stderr, "Kerberos database lock not locked when unlocking.\n"); fflush(stderr); exit(1); } - if (k_flock(dblfd, K_LOCK_UN) < 0) { + if (flock(dblfd, LOCK_UN) < 0) { fprintf(stderr, "Kerberos database lock error. (unlocking)\n"); fflush(stderr); - perror("k_flock"); + perror("flock"); exit(1); } mylock = 0; } int -kerb_db_set_lockmode (int mode); - -int kerb_db_set_lockmode(int mode) { int old = non_blocking; non_blocking = mode; return old; } /* * initialization for data base routines. */ int -kerb_db_init (void); - -int -kerb_db_init() +kerb_db_init(void) { init = 1; return (0); } /* * gracefully shut down database--must be called by ANY program that does * a kerb_db_init */ void -kerb_db_fini (void); - -void -kerb_db_fini() +kerb_db_fini(void) { } /* * Set the "name" of the current database to some alternate value. * * Passing a null pointer as "name" will set back to the default. * If the alternate database doesn't exist, nothing is changed. */ int -kerb_db_set_name (char *name); - -int kerb_db_set_name(char *name) { DBM *db; if (name == NULL) name = default_db_name; db = dbm_open(name, 0, 0); if (db == NULL) return errno; dbm_close(db); kerb_dbl_fini(); current_db_name = name; return 0; } /* * Return the last modification time of the database. */ time_t -kerb_get_db_age (void); - -time_t -kerb_get_db_age() +kerb_get_db_age(void) { struct stat st; char *okname; time_t age; okname = gen_dbsuffix(current_db_name, ".ok"); if (stat (okname, &st) < 0) age = 0; else age = st.st_mtime; free (okname); return age; } /* * Remove the semaphore file; indicates that database is currently * under renovation. * * This is only for use when moving the database out from underneath * the server (for example, during slave updates). */ static time_t -kerb_start_update (char *db_name); - -static time_t kerb_start_update(char *db_name) { char *okname = gen_dbsuffix(db_name, ".ok"); time_t age = kerb_get_db_age(); if (unlink(okname) < 0 && errno != ENOENT) { age = -1; } free (okname); return age; } static int -kerb_end_update (char *db_name, time_t age); - -static int kerb_end_update(char *db_name, time_t age) { int fd; int retval = 0; char *new_okname = gen_dbsuffix(db_name, ".ok#"); char *okname = gen_dbsuffix(db_name, ".ok"); fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600); if (fd < 0) retval = errno; else { struct stat st; struct utimbuf tv; /* make sure that semaphore is "after" previous value. */ if (fstat (fd, &st) == 0 && st.st_mtime <= age) { tv.actime = st.st_atime; tv.modtime = age; /* set times.. */ utime (new_okname, &tv); fsync(fd); } close(fd); if (rename (new_okname, okname) < 0) retval = errno; } free (new_okname); free (okname); return retval; } static time_t -kerb_start_read (void); - -static time_t -kerb_start_read() +kerb_start_read(void) { return kerb_get_db_age(); } -static int kerb_end_read (time_t age); - static int kerb_end_read(time_t age) { if (kerb_get_db_age() != age || age == -1) { return -1; } return 0; } /* * Create the database, assuming it's not there. */ int kerb_db_create(char *db_name) { char *okname = gen_dbsuffix(db_name, ".ok"); int fd; int ret = 0; #ifdef NDBM DBM *db; db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600); if (db == NULL) ret = errno; else dbm_close(db); #else char *dirname = gen_dbsuffix(db_name, ".dir"); char *pagname = gen_dbsuffix(db_name, ".pag"); fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600); if (fd < 0) ret = errno; else { close(fd); fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600); if (fd < 0) ret = errno; else close(fd); } if (dbminit(db_name) < 0) ret = errno; #endif if (ret == 0) { fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600); if (fd < 0) ret = errno; close(fd); } return ret; } /* * "Atomically" rename the database in a way that locks out read * access in the middle of the rename. * * Not perfect; if we crash in the middle of an update, we don't * necessarily know to complete the transaction the rename, but... */ int kerb_db_rename(char *from, char *to) { #ifdef HAVE_NEW_DB char *fromdb = gen_dbsuffix (from, ".db"); char *todb = gen_dbsuffix (to, ".db"); #else char *fromdir = gen_dbsuffix (from, ".dir"); char *todir = gen_dbsuffix (to, ".dir"); char *frompag = gen_dbsuffix (from , ".pag"); char *topag = gen_dbsuffix (to, ".pag"); #endif char *fromok = gen_dbsuffix(from, ".ok"); long trans = kerb_start_update(to); int ok = 0; #ifdef HAVE_NEW_DB if (rename (fromdb, todb) == 0) { unlink (fromok); ok = 1; } free (fromdb); free (todb); #else if ((rename (fromdir, todir) == 0) && (rename (frompag, topag) == 0)) { unlink (fromok); ok = 1; } free (fromdir); free (todir); free (frompag); free (topag); #endif free (fromok); if (ok) return kerb_end_update(to, trans); else return -1; } int kerb_db_delete_principal (char *name, char *inst) { DBM *db; int try; int done = 0; int code; datum key; if(!init) kerb_db_init(); for(try = 0; try < KERB_DB_MAX_RETRY; try++){ - if((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + if((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0) return -1; db = dbm_open(current_db_name, O_RDWR, 0600); if(db == NULL) return -1; encode_princ_key(&key, name, inst); if(dbm_delete(db, key) == 0) done = 1; dbm_close(db); kerb_dbl_unlock(); if(done) break; if(!non_blocking) sleep(1); } if(!done) return -1; return 0; } /* * look up a principal in the data base returns number of principals * found , and whether there were more than requested. */ int kerb_db_get_principal (char *name, char *inst, Principal *principal, unsigned int max, int *more) { int found = 0, code; int wildp, wildi; datum key, contents; char testname[ANAME_SZ], testinst[INST_SZ]; u_long trans; int try; DBM *db; if (!init) kerb_db_init(); /* initialize database routines */ for (try = 0; try < KERB_DB_MAX_RETRY; try++) { trans = kerb_start_read(); if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) return -1; db = dbm_open(current_db_name, O_RDONLY, 0600); + if (db == NULL) + return -1; *more = 0; #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "%s: db_get_principal for %s %s max = %d", progname, name, inst, max); #endif wildp = !strcmp(name, "*"); wildi = !strcmp(inst, "*"); if (!wildi && !wildp) { /* nothing's wild */ encode_princ_key(&key, name, inst); contents = dbm_fetch(db, key); if (contents.dptr == NULL) { found = 0; goto done; } decode_princ_contents(&contents, principal); #ifdef DEBUG if (kerb_debug & 1) { fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n", principal->name, principal->instance, strlen(principal->name), strlen(principal->instance)); } #endif found = 1; goto done; } /* process wild cards by looping through entire database */ for (key = dbm_firstkey(db); key.dptr != NULL; key = dbm_next(db, key)) { decode_princ_key(&key, testname, testinst); if ((wildp || !strcmp(testname, name)) && (wildi || !strcmp(testinst, inst))) { /* have a match */ if (found >= max) { *more = 1; goto done; } else { found++; contents = dbm_fetch(db, key); decode_princ_contents(&contents, principal); #ifdef DEBUG if (kerb_debug & 1) { fprintf(stderr, "\tfound %s %s p_n length %d t_n length %d\n", principal->name, principal->instance, strlen(principal->name), strlen(principal->instance)); } #endif principal++; /* point to next */ } } } done: kerb_dbl_unlock(); /* unlock read lock */ dbm_close(db); if (kerb_end_read(trans) == 0) break; found = -1; if (!non_blocking) sleep(1); } return (found); } /* Use long * rather than DBM * so that the database structure is private */ long * kerb_db_begin_update(void) { int code; gettimeofday(×tamp, NULL); if (!init) kerb_db_init(); if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0) return 0; return (long *) dbm_open(current_db_name, O_RDWR, 0600); } void kerb_db_end_update(long *db) { dbm_close((DBM *)db); kerb_dbl_unlock(); /* unlock database */ } int kerb_db_update(long *db, Principal *principal, unsigned int max) { int found = 0; u_long i; datum key, contents; #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "%s: kerb_db_put_principal max = %d", progname, max); #endif /* for each one, stuff temps, and do replace/append */ for (i = 0; i < max; i++) { encode_princ_contents(&contents, principal); encode_princ_key(&key, principal->name, principal->instance); - dbm_store((DBM *)db, key, contents, DBM_REPLACE); + if(dbm_store((DBM *)db, key, contents, DBM_REPLACE) < 0) + return found; /* XXX some better mechanism to report + failure should exist */ #ifdef DEBUG if (kerb_debug & 1) { fprintf(stderr, "\n put %s %s\n", principal->name, principal->instance); } #endif found++; principal++; /* bump to next struct */ } return found; } /* * Update a name in the data base. Returns number of names * successfully updated. */ int -kerb_db_put_principal (Principal *principal, unsigned int max); - -int kerb_db_put_principal(Principal *principal, unsigned max) { int found; long *db; db = kerb_db_begin_update(); if (db == 0) return -1; found = kerb_db_update(db, principal, max); kerb_db_end_update(db); return (found); } void -kerb_db_get_stat (DB_stat *s); - -void kerb_db_get_stat(DB_stat *s) { gettimeofday(×tamp, NULL); s->cpu = 0; s->elapsed = 0; s->dio = 0; s->pfault = 0; s->t_stamp = timestamp.tv_sec; s->n_retrieve = 0; s->n_replace = 0; s->n_append = 0; s->n_get_stat = 0; s->n_put_stat = 0; /* update local copy too */ } void -kerb_db_put_stat (DB_stat *s); - -void kerb_db_put_stat(DB_stat *s) { } void -delta_stat (DB_stat *a, DB_stat *b, DB_stat *c); - -void delta_stat(DB_stat *a, DB_stat *b, DB_stat *c) { /* c = a - b then b = a for the next time */ c->cpu = a->cpu - b->cpu; c->elapsed = a->elapsed - b->elapsed; c->dio = a->dio - b->dio; c->pfault = a->pfault - b->pfault; c->t_stamp = a->t_stamp - b->t_stamp; c->n_retrieve = a->n_retrieve - b->n_retrieve; c->n_replace = a->n_replace - b->n_replace; c->n_append = a->n_append - b->n_append; c->n_get_stat = a->n_get_stat - b->n_get_stat; c->n_put_stat = a->n_put_stat - b->n_put_stat; memcpy(b, a, sizeof(DB_stat)); - return; } /* * look up a dba in the data base returns number of dbas found , and * whether there were more than requested. */ int -kerb_db_get_dba (char *dba_name, char *dba_inst, Dba *dba, unsigned int max, int *more); - -int -kerb_db_get_dba(char *dba_name, char *dba_inst, Dba *dba, - unsigned max, - int *more) - /* could have wild card */ - /* could have wild card */ - /* max number of name structs to return */ - /* where there more than 'max' tuples? */ +kerb_db_get_dba(char *dba_name, /* could have wild card */ + char *dba_inst, /* could have wild card */ + Dba *dba, + unsigned max, /* max number of name structs to return */ + int *more) /* where there more than 'max' tuples? */ { *more = 0; return (0); } int kerb_db_iterate (k_iter_proc_t func, void *arg) { datum key, contents; Principal *principal; int code; DBM *db; kerb_db_init(); /* initialize and open the database */ if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) return code; db = dbm_open(current_db_name, O_RDONLY, 0600); + if (db == NULL) + return errno; for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) { contents = dbm_fetch (db, key); /* XXX may not be properly aligned */ principal = (Principal *) contents.dptr; if ((code = (*func)(arg, principal)) != 0) return code; } dbm_close(db); kerb_dbl_unlock(); return 0; } Index: stable/3/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c (revision 62578) @@ -1,261 +1,267 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * Utility routines for Kerberos programs which directly access * the database. This code was duplicated in too many places * before I gathered it here. * * Jon Rochlis, MIT Telecom, March 1988 */ #include "kdb_locl.h" #include -RCSID("$Id: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $"); +RCSID("$Id: krb_kdb_utils.c,v 1.25 1999/03/13 21:24:21 assar Exp $"); /* always try /.k for backwards compatibility */ static char *master_key_files[] = { MKEYFILE, "/.k", NULL }; #ifdef HAVE_STRERROR #define k_strerror(e) strerror(e) #else static char * k_strerror(int eno) { extern int sys_nerr; extern char *sys_errlist[]; static char emsg[128]; if (eno < 0 || eno >= sys_nerr) snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno); else return sys_errlist[eno]; return emsg; } #endif int kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule) { - int kfile; + int kfile = -1; int i; char buf[1024]; char **mkey; for(mkey = master_key_files; *mkey; mkey++){ kfile = open(*mkey, O_RDONLY); if(kfile < 0 && errno != ENOENT) fprintf(stderr, "Failed to open master key file \"%s\": %s\n", *mkey, k_strerror(errno)); if(kfile >= 0) break; } if(*mkey){ int bytes; bytes = read(kfile, (char*)key, sizeof(des_cblock)); close(kfile); if(bytes == sizeof(des_cblock)){ des_key_sched(key, schedule); return 0; } fprintf(stderr, "Could only read %d bytes from master key file %s\n", bytes, *mkey); }else{ fprintf(stderr, "No master key file found.\n"); } i=0; while(i < 3){ if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0)) break; /* buffer now contains either an old format master key password or a * new format base64 encoded master key */ /* try to verify as old password */ des_string_to_key(buf, key); des_key_sched(key, schedule); if(kdb_verify_master_key(key, schedule, NULL) != -1){ memset(buf, 0, sizeof(buf)); return 0; } /* failed test, so must be base64 encoded */ if(base64_decode(buf, key) == 8){ des_key_sched(key, schedule); if(kdb_verify_master_key(key, schedule, NULL) != -1){ memset(buf, 0, sizeof(buf)); return 0; } } memset(buf, 0, sizeof(buf)); fprintf(stderr, "Failed to verify master key.\n"); i++; } /* life sucks */ fprintf(stderr, "You loose.\n"); exit(1); } -int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule, +int +kdb_new_get_new_master_key(des_cblock *key, + des_key_schedule schedule, int verify) { #ifndef RANDOM_MKEY des_read_password(key, "\nEnter Kerberos master password: ", verify); printf ("\n"); #else char buf[1024]; des_generate_random_block (key); des_key_sched(key, schedule); des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0); des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key); memset(buf, 0, sizeof(buf)); #endif des_key_sched(key, schedule); return 0; } -int kdb_get_master_key(int prompt, des_cblock *master_key, +int +kdb_get_master_key(int prompt, + des_cblock *master_key, des_key_schedule master_key_sched) { int ask = (prompt == KDB_GET_TWICE); #ifndef RANDOM_MKEY ask |= (prompt == KDB_GET_PROMPT); #endif if(ask) kdb_new_get_new_master_key(master_key, master_key_sched, prompt == KDB_GET_TWICE); else kdb_new_get_master_key(master_key, master_key_sched); return 0; } -int kdb_kstash(des_cblock *master_key, char *file) +int +kdb_kstash(des_cblock *master_key, char *file) { int kfile; + kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600); if (kfile < 0) { return -1; } if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) { close(kfile); return -1; } close(kfile); return 0; } /* The old algorithm used the key schedule as the initial vector which was byte order depedent ... */ void kdb_encrypt_key (des_cblock (*in), des_cblock (*out), des_cblock (*master_key), des_key_schedule master_key_sched, int e_d_flag) { #ifdef NOENCRYPTION memcpy(out, in, sizeof(des_cblock)); #else des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key, e_d_flag); #endif } /* The caller is reasponsible for cleaning up the master key and sched, even if we can't verify the master key */ /* Returns master key version if successful, otherwise -1 */ long kdb_verify_master_key (des_cblock *master_key, des_key_schedule master_key_sched, FILE *out) /* NULL -> no output */ { des_cblock key_from_db; Principal principal_data[1]; int n, more = 0; long master_key_version; /* lookup the master key version */ n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, 1 /* only one please */, &more); if ((n != 1) || more) { - if (out != (FILE *) NULL) + if (out != NULL) fprintf(out, "verify_master_key: %s, %d found.\n", "Kerberos error on master key version lookup", n); return (-1); } master_key_version = (long) principal_data[0].key_version; /* set up the master key */ - if (out != (FILE *) NULL) /* should we punt this? */ + if (out != NULL) /* should we punt this? */ fprintf(out, "Current Kerberos master key version is %d.\n", principal_data[0].kdc_key_ver); /* * now use the master key to decrypt the key in the db, had better * be the same! */ copy_to_key(&principal_data[0].key_low, &principal_data[0].key_high, key_from_db); kdb_encrypt_key (&key_from_db, &key_from_db, master_key, master_key_sched, DES_DECRYPT); /* the decrypted database key had better equal the master key */ n = memcmp(master_key, key_from_db, sizeof(master_key)); /* this used to zero the master key here! */ memset(key_from_db, 0, sizeof(key_from_db)); memset(principal_data, 0, sizeof (principal_data)); - if (n && (out != (FILE *) NULL)) { + if (n && (out != NULL)) { fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); fprintf(out, "does not match database.\n"); } if(n) return (-1); if (out != (FILE *) NULL) { fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); fflush(out); } return (master_key_version); } Index: stable/3/crypto/kerberosIV/lib/kdb/krb_lib.c =================================================================== --- stable/3/crypto/kerberosIV/lib/kdb/krb_lib.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/kdb/krb_lib.c (revision 62578) @@ -1,259 +1,252 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "kdb_locl.h" -RCSID("$Id: krb_lib.c,v 1.11 1997/05/07 01:36:08 assar Exp $"); +RCSID("$Id: krb_lib.c,v 1.13 1998/11/22 09:41:43 assar Exp $"); #ifdef DEBUG extern int debug; extern char *progname; long kerb_debug; #endif static int init = 0; /* * initialization routine for data base */ int kerb_init(void) { #ifdef DEBUG if (!init) { char *dbg = getenv("KERB_DBG"); if (dbg) sscanf(dbg, "%d", &kerb_debug); init = 1; } #endif kerb_db_init(); #ifdef CACHE kerb_cache_init(); #endif /* successful init, return 0, else errcode */ return (0); } /* * finalization routine for database -- NOTE: MUST be called by any * program using kerb_init. ALSO will have to be modified to finalize * caches, if they're ever really implemented. */ void kerb_fini(void) { kerb_db_fini(); } int kerb_delete_principal(char *name, char *inst) { int ret; if (!init) kerb_init(); ret = kerb_db_delete_principal(name, inst); #ifdef CACHE if(ret == 0){ kerb_cache_delete_principal(name, inst); } #endif return ret; } /* * look up a principal in the cache or data base returns number of * principals found */ int -kerb_get_principal(char *name, char *inst, Principal *principal, - unsigned int max, int *more) - /* could have wild card */ - /* could have wild card */ - - /* max number of name structs to return */ - /* more tuples than room for */ - +kerb_get_principal(char *name, /* could have wild card */ + char *inst, /* could have wild card */ + Principal *principal, + unsigned int max, /* max number of name structs to return */ + int *more) /* more tuples than room for */ { int found = 0; #ifdef CACHE static int wild = 0; #endif if (!init) kerb_init(); #ifdef DEBUG if (kerb_debug & 1) fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n", progname, name, inst, max); #endif /* * if this is a request including a wild card, have to go to db * since the cache may not be exhaustive. */ /* clear the principal area */ memset(principal, 0, max * sizeof(Principal)); #ifdef CACHE /* * so check to see if the name contains a wildcard "*" or "?", not * preceeded by a backslash. */ wild = 0; if (index(name, '*') || index(name, '?') || index(inst, '*') || index(inst, '?')) wild = 1; if (!wild) { /* try the cache first */ found = kerb_cache_get_principal(name, inst, principal, max, more); if (found) return (found); } #endif /* If we didn't try cache, or it wasn't there, try db */ found = kerb_db_get_principal(name, inst, principal, max, more); /* try to insert principal(s) into cache if it was found */ #ifdef CACHE - if (found) { + if (found > 0) { kerb_cache_put_principal(principal, found); } #endif return (found); } /* principals */ int -kerb_put_principal(Principal *principal, unsigned int n) - +kerb_put_principal(Principal *principal, + unsigned int n) /* number of principal structs to write */ { - struct tm *tp; - /* set mod date */ principal->mod_date = time((time_t *)0); /* and mod date string */ - tp = k_localtime(&principal->mod_date); - snprintf(principal->mod_date_txt, + strftime(principal->mod_date_txt, sizeof(principal->mod_date_txt), - "%4d-%2d-%2d", - tp->tm_year + 1900, - tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ + "%Y-%m-%d", k_localtime(&principal->mod_date)); + strftime(principal->exp_date_txt, + sizeof(principal->exp_date_txt), + "%Y-%m-%d", k_localtime(&principal->exp_date)); #ifdef DEBUG if (kerb_debug & 1) { int i; fprintf(stderr, "\nkerb_put_principal..."); for (i = 0; i < n; i++) { krb_print_principal(&principal[i]); } } #endif /* write database */ if (kerb_db_put_principal(principal, n) < 0) { #ifdef DEBUG if (kerb_debug & 1) fprintf(stderr, "\n%s: kerb_db_put_principal err", progname); /* watch out for cache */ #endif return -1; } #ifdef CACHE /* write cache */ if (!kerb_cache_put_principal(principal, n)) { #ifdef DEBUG if (kerb_debug & 1) fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname); #endif return -1; } #endif return 0; } int -kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more) - /* could have wild card */ - /* could have wild card */ - - /* max number of name structs to return */ - /* more tuples than room for */ - +kerb_get_dba(char *name, /* could have wild card */ + char *inst, /* could have wild card */ + Dba *dba, + unsigned int max, /* max number of name structs to return */ + int *more) /* more tuples than room for */ { int found = 0; #ifdef CACHE static int wild = 0; #endif if (!init) kerb_init(); #ifdef DEBUG if (kerb_debug & 1) fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n", progname, name, inst, max); #endif /* * if this is a request including a wild card, have to go to db * since the cache may not be exhaustive. */ /* clear the dba area */ memset(dba, 0, max * sizeof(Dba)); #ifdef CACHE /* * so check to see if the name contains a wildcard "*" or "?", not * preceeded by a backslash. */ wild = 0; if (index(name, '*') || index(name, '?') || index(inst, '*') || index(inst, '?')) wild = 1; if (!wild) { /* try the cache first */ found = kerb_cache_get_dba(name, inst, dba, max, more); if (found) return (found); } #endif /* If we didn't try cache, or it wasn't there, try db */ found = kerb_db_get_dba(name, inst, dba, max, more); #ifdef CACHE /* try to insert dba(s) into cache if it was found */ if (found) { kerb_cache_put_dba(dba, found); } #endif return (found); } Index: stable/3/crypto/kerberosIV/lib/krb/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/Makefile.in (revision 62578) @@ -1,269 +1,367 @@ # -# $Id: Makefile.in,v 1.74 1997/05/19 03:03:05 assar Exp $ +# $Id: Makefile.in,v 1.113 1999/11/25 05:26:26 assar Exp $ # - -# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible. -LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "-lresolv -L../des -ldes"; true` - SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ LN_S = @LN_S@ -DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +DEFS = @DEFS@ -DROKEN_RENAME +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ EXECSUFFIX=@EXECSUFFIX@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs +top_builddir = ../.. -COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c +COMPILE_ET = ../com_err/compile_et prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ +includedir = @includedir@ + +incdir = $(includedir) +inc_DATA = krb_err.h +idir = $(top_builddir)/include + PICFLAGS = @PICFLAGS@ -PROGS = sizetest$(EXEC_SUFFIX) +# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible. + +LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "@LD_FLAGS@ -L../des -ldes"; true` + +LIB_DEPS = @lib_deps_yes@ `echo @LIB_res_search@ @LIB_dn_expand@ | sort | uniq` $(LIBDES) -lc +build_symlink_command = @build_symlink_command@ +install_symlink_command = @install_symlink_command@ + +PROGS = sizetest$(EXECSUFFIX) LIBNAME = $(LIBPREFIX)krb LIBEXT = @LIBEXT@ SHLIBEXT = @SHLIBEXT@ LIBPREFIX = @LIBPREFIX@ LDSHARED = @LDSHARED@ LIB = $(LIBNAME).$(LIBEXT) -SOURCES = cr_err_reply.c \ +SOURCES = \ + check_time.c \ + cr_err_reply.c \ create_auth_reply.c \ create_ciph.c \ create_death_packet.c \ create_ticket.c \ + debug_decl.c \ + decomp_ticket.c \ + defaults.c \ dest_tkt.c \ + encrypt_ktext.c \ + extra.c \ + get_ad_tkt.c \ + getfile.c \ + get_cred.c \ + get_default_principal.c \ + get_host.c \ get_in_tkt.c \ + get_krbrlm.c \ get_svc_in_tkt.c \ + get_tf_fullname.c \ + get_tf_realm.c \ + getaddrs.c \ getrealm.c \ + getst.c \ + k_getport.c \ + k_getsockinst.c \ k_localtime.c \ + kdc_reply.c \ + kntoln.c \ + krb_check_auth.c \ + krb_equiv.c \ + krb_err.c \ krb_err_txt.c \ krb_get_in_tkt.c \ kuserok.c \ - parse_name.c \ - kntoln.c \ + lifetime.c \ + logging.c \ + lsb_addr_comp.c \ mk_auth.c \ - krb_check_auth.c \ mk_err.c \ + mk_priv.c \ + mk_req.c \ mk_safe.c \ + month_sname.c \ + name2name.c \ + krb_net_read.c \ + krb_net_write.c \ + one.c \ + parse_name.c \ rd_err.c \ - rd_safe.c \ - recvauth.c \ - mk_priv.c \ + rd_priv.c \ rd_req.c \ - decomp_ticket.c \ - lifetime.c \ - month_sname.c \ - stime.c \ + rd_safe.c \ read_service_key.c \ - getst.c \ - sendauth.c \ - netread.c \ - netwrite.c \ - rd_priv.c \ - krb_equiv.c \ - str2key.c \ - get_ad_tkt.c \ - mk_req.c \ - get_cred.c \ - get_tf_realm.c \ - get_tf_fullname.c \ - one.c \ + realm_parse.c \ + recvauth.c \ + rw.c \ save_credentials.c \ send_to_kdc.c \ - get_host.c \ - get_krbrlm.c \ - k_gethostname.c \ + sendauth.c \ + solaris_compat.c \ + stime.c \ + str2key.c \ tf_util.c \ - debug_decl.c \ - k_flock.c \ + time.c \ tkt_string.c \ - getaddrs.c \ - k_getsockinst.c \ - k_getport.c \ - lsb_addr_comp.c \ - name2name.c \ - get_default_principal.c \ - realm_parse.c \ + unparse_name.c \ verify_user.c \ - rw.c \ - kdc_reply.c \ - encrypt_ktext.c \ - swab.c \ + krb_ip_realm.c + +# these files reside in ../roken or ../com_err/ +EXTRA_SOURCE = \ + base64.c \ + concat.c \ + flock.c \ + gethostname.c \ gettimeofday.c \ - check_time.c \ - krb_err.c \ - et_list.c \ + getuid.c \ resolve.c \ - unparse_name.c \ - logging.c \ - k_concat.c + snprintf.c \ + strcasecmp.c \ + strlcat.c \ + strlcpy.c \ + strdup.c \ + strncasecmp.c \ + strnlen.c \ + strtok_r.c \ + swab.c -# these files reside in ../roken -# snprintf.c \ -# strdup.c \ -# strtok_r.c \ -# strcasecmp.c +SHLIB_EXTRA_SOURCE = \ + com_err.c \ + error.c -OBJECTS = cr_err_reply.o \ +OBJECTS = \ + check_time.o \ + cr_err_reply.o \ create_auth_reply.o \ create_ciph.o \ create_death_packet.o \ create_ticket.o \ + debug_decl.o \ + decomp_ticket.o \ + defaults.o \ dest_tkt.o \ + encrypt_ktext.o \ + extra.o \ + get_ad_tkt.o \ + getfile.o \ + get_cred.o \ + get_default_principal.o \ + get_host.o \ get_in_tkt.o \ + get_krbrlm.o \ get_svc_in_tkt.o \ + get_tf_fullname.o \ + get_tf_realm.o \ + getaddrs.o \ getrealm.o \ + getst.o \ + k_getport.o \ + k_getsockinst.o \ k_localtime.o \ + kdc_reply.o \ + kntoln.o \ + krb_check_auth.o \ + krb_equiv.o \ + krb_err.o \ krb_err_txt.o \ krb_get_in_tkt.o \ kuserok.o \ - parse_name.o \ - kntoln.o \ + lifetime.o \ + logging.o \ + lsb_addr_comp.o \ mk_auth.o \ - krb_check_auth.o \ mk_err.o \ + mk_priv.o \ + mk_req.o \ mk_safe.o \ + month_sname.o \ + name2name.o \ + krb_net_read.o \ + krb_net_write.o \ + one.o \ + parse_name.o \ rd_err.o \ - rd_safe.o \ - recvauth.o \ - mk_priv.o \ + rd_priv.o \ rd_req.o \ - decomp_ticket.o \ - lifetime.o \ - month_sname.o \ - stime.o \ + rd_safe.o \ read_service_key.o \ - getst.o \ - sendauth.o \ - netread.o \ - netwrite.o \ - rd_priv.o \ - krb_equiv.o \ - str2key.o \ - get_ad_tkt.o \ - mk_req.o \ - get_cred.o \ - get_tf_realm.o \ - get_tf_fullname.o \ - one.o \ + realm_parse.o \ + recvauth.o \ + rw.o \ save_credentials.o \ send_to_kdc.o \ - get_host.o \ - get_krbrlm.o \ - k_gethostname.o \ + sendauth.o \ + solaris_compat.o \ + stime.o \ + str2key.o \ tf_util.o \ - debug_decl.o \ - k_flock.o \ + time.o \ tkt_string.o \ - getaddrs.o \ - k_getsockinst.o \ - k_getport.o \ - lsb_addr_comp.o \ - name2name.o \ - get_default_principal.o \ - realm_parse.o \ + unparse_name.o \ verify_user.o \ - rw.o \ - kdc_reply.o \ - encrypt_ktext.o \ - swab.o \ + krb_ip_realm.o \ + $(LIBADD) + +LIBADD = \ + base64.o \ + concat.o \ + flock.o \ + gethostname.o \ gettimeofday.o \ - check_time.o \ - krb_err.o \ + getuid.o \ + net_read.o \ + net_write.o \ resolve.o \ - unparse_name.o \ - logging.o \ - k_concat.o \ snprintf.o \ + strcasecmp.o \ + strlcat.o \ + strlcpy.o \ strdup.o \ + strncasecmp.o \ + strnlen.o \ strtok_r.o \ - strcasecmp.o + swab.o -# This is only needed by some shared library implementations -LDOBJ = et_list.o +SHLIB_LIBADD = \ + com_err.o \ + error.o -all: $(LIB) $(PROGS) +all: $(LIB) $(PROGS) all-local Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + $(CC) -c $(DEFS) -I. -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $< install: all - $(MKINSTALLDIRS) $(libdir) - $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) + @install_symlink_command@ + $(MKINSTALLDIRS) $(DESTDIR)$(includedir) + @for i in $(inc_DATA); do \ + echo " $(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i";\ + $(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i; done uninstall: - rm -f $(libdir)/$(LIB) + rm -f $(DESTDIR)$(libdir)/$(LIB) + @for i in $(inc_DATA); do \ + echo " rm -f $(DESTDIR)$(incdir)/$$i";\ + rm -f $(DESTDIR)$(incdir)/$$i; done TAGS: $(SOURCES) etags $(SOURCES) sizetest.o: sizetest.c $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< sizetest$(EXECSUFFIX): sizetest.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o check: sizetest$(EXECSUFFIX) ./sizetest$(EXECSUFFIX) clean: - rm -f $(LIB) *.o *.a krb_err.c krb_err.h $(PROGS) + rm -f $(LIB) *.o *.a *.so *.so.* so_locations \ + krb_err.c krb_err.h $(PROGS) $(EXTRA_SOURCE) $(SHLIB_EXTRA_SOURCE) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - $(LIBNAME).a: $(OBJECTS) rm -f $@ $(AR) cr $@ $(OBJECTS) -$(RANLIB) $@ -$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(LDOBJ) +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(SHLIB_LIBADD) rm -f $@ - $(LDSHARED) -o $@ $(OBJECTS) $(LDOBJ) $(LIBDES) + $(LDSHARED) -o $@ $(OBJECTS) $(SHLIB_LIBADD) $(LIB_DEPS) + @build_symlink_command@ krb_err.c krb_err.h: krb_err.et - test -r krb_err.et || (rm -f krb_err.et && $(LN_S) $(srcdir)/krb_err.et .) - $(COMPILE_ET) krb_err.et + $(COMPILE_ET) $(srcdir)/krb_err.et +# this doesn't work with parallel makes +#$(EXTRA_SOURCE): +# for i in $(EXTRA_SOURCE); do \ +# test -f $$i || $(LN_S) $(srcdir)/../roken/$$i .; \ +# done + +base64.c: + $(LN_S) $(srcdir)/../roken/base64.c . +concat.c: + $(LN_S) $(srcdir)/../roken/concat.c . +flock.c: + $(LN_S) $(srcdir)/../roken/flock.c . +gethostname.c: + $(LN_S) $(srcdir)/../roken/gethostname.c . +gettimeofday.c: + $(LN_S) $(srcdir)/../roken/gettimeofday.c . +getuid.c: + $(LN_S) $(srcdir)/../roken/getuid.c . snprintf.c: $(LN_S) $(srcdir)/../roken/snprintf.c . - +strcasecmp.c: + $(LN_S) $(srcdir)/../roken/strcasecmp.c . +strlcat.c: + $(LN_S) $(srcdir)/../roken/strlcat.c . +strlcpy.c: + $(LN_S) $(srcdir)/../roken/strlcpy.c . +strncasecmp.c: + $(LN_S) $(srcdir)/../roken/strncasecmp.c . +strnlen.c: + $(LN_S) $(srcdir)/../roken/strnlen.c . strdup.c: $(LN_S) $(srcdir)/../roken/strdup.c . - strtok_r.c: $(LN_S) $(srcdir)/../roken/strtok_r.c . +swab.c: + $(LN_S) $(srcdir)/../roken/swab.c . +resolve.c: + $(LN_S) $(srcdir)/../roken/resolve.c . +net_read.c: + $(LN_S) $(srcdir)/../roken/net_read.c . +net_write.c: + $(LN_S) $(srcdir)/../roken/net_write.c . +com_err.c: + $(LN_S) $(srcdir)/../com_err/com_err.c . +error.c: + $(LN_S) $(srcdir)/../com_err/error.c . -strcasecmp.c: - $(LN_S) $(srcdir)/../roken/strcasecmp.c . $(OBJECTS): ../../include/config.h -$(OBJECTS): krb_locl.h krb.h krb_err.h -one.o: ../../include/version.h +$(OBJECTS): krb_locl.h krb.h +rw.o: ../../include/version.h + +all-local: $(inc_DATA) + @for i in $(inc_DATA); do \ + if cmp -s $$i $(idir)/$$i 2> /dev/null ; then :; else\ + echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \ + $(INSTALL_DATA) $$i $(idir)/$$i; \ + fi ; \ + done + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean all-local Index: stable/3/crypto/kerberosIV/lib/krb/check_time.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/check_time.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/check_time.c (revision 62578) @@ -1,56 +1,51 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $"); +RCSID("$Id: check_time.c,v 1.5 1999/12/02 16:58:40 joda Exp $"); int krb_check_tm (struct tm tm) { return tm.tm_mon < 0 || tm.tm_mon > 11 || tm.tm_hour < 0 || tm.tm_hour > 23 || tm.tm_min < 0 || tm.tm_min > 59 || tm.tm_sec < 0 || tm.tm_sec > 59 || tm.tm_year < 1901 || tm.tm_year > 2038; } Index: stable/3/crypto/kerberosIV/lib/krb/cr_err_reply.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/cr_err_reply.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/cr_err_reply.c (revision 62578) @@ -1,99 +1,122 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $"); +RCSID("$Id: cr_err_reply.c,v 1.11 1999/12/02 16:58:41 joda Exp $"); /* * This routine is used by the Kerberos authentication server to * create an error reply packet to send back to its client. * * It takes a pointer to the packet to be built, the name, instance, * and realm of the principal, the client's timestamp, an error code * and an error string as arguments. Its return value is undefined. * * The packet is built in the following format: * * type variable data * or constant * ---- ----------- ---- * * unsigned char req_ack_vno protocol version number * * unsigned char AUTH_MSG_ERR_REPLY protocol message type * * [least significant HOST_BYTE_ORDER sender's (server's) byte * bit of above field] order * * string pname principal's name * * string pinst principal's instance * * string prealm principal's realm * * unsigned long time_ws client's timestamp * * unsigned long e error code * * string e_string error text */ -void +int cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, u_int32_t time_ws, u_int32_t e, char *e_string) { unsigned char *p = pkt->dat; + int tmp; + size_t rem = sizeof(pkt->dat); - p += krb_put_int(KRB_PROT_VERSION, p, 1); - p += krb_put_int(AUTH_MSG_ERR_REPLY, p, 1); + tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1); + if (tmp < 0) + return -1; + p += tmp; + rem -= tmp; + tmp = krb_put_int(AUTH_MSG_ERR_REPLY, p, rem, 1); + if (tmp < 0) + return -1; + p += tmp; + rem -= tmp; + if (pname == NULL) pname = ""; if (pinst == NULL) pinst = ""; if (prealm == NULL) prealm = ""; - p += krb_put_nir(pname, pinst, prealm, p); - - p += krb_put_int(time_ws, p, 4); + tmp = krb_put_nir(pname, pinst, prealm, p, rem); + if (tmp < 0) + return -1; + p += tmp; + rem -= tmp; - p += krb_put_int(e, p, 4); + tmp = krb_put_int(time_ws, p, rem, 4); + if (tmp < 0) + return -1; + p += tmp; + rem -= tmp; - p += krb_put_string(e_string, p); + tmp = krb_put_int(e, p, rem, 4); + if (tmp < 0) + return -1; + p += tmp; + rem -= tmp; + tmp = krb_put_string(e_string, p, rem); + if (tmp < 0) + return -1; + p += tmp; + rem -= tmp; + pkt->length = p - pkt->dat; + return 0; } Index: stable/3/crypto/kerberosIV/lib/krb/create_auth_reply.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/create_auth_reply.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/create_auth_reply.c (revision 62578) @@ -1,131 +1,159 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $"); +RCSID("$Id: create_auth_reply.c,v 1.15 1999/12/02 16:58:41 joda Exp $"); /* * This routine is called by the Kerberos authentication server * to create a reply to an authentication request. The routine * takes the user's name, instance, and realm, the client's * timestamp, the number of tickets, the user's key version * number and the ciphertext containing the tickets themselves. * It constructs a packet and returns a pointer to it. * * Notes: The packet returned by this routine is static. Thus, if you * intend to keep the result beyond the next call to this routine, you * must copy it elsewhere. * * The packet is built in the following format: * * variable * type or constant data * ---- ----------- ---- * * unsigned char KRB_PROT_VERSION protocol version number * * unsigned char AUTH_MSG_KDC_REPLY protocol message type * * [least significant HOST_BYTE_ORDER sender's (server's) byte * bit of above field] order * * string pname principal's name * * string pinst principal's instance * * string prealm principal's realm * * unsigned long time_ws client's timestamp * * unsigned char n number of tickets * * unsigned long x_date expiration date * * unsigned char kvno master key version * * short w_1 cipher length * * --- cipher->dat cipher data */ KTEXT create_auth_reply(char *pname, /* Principal's name */ char *pinst, /* Principal's instance */ char *prealm, /* Principal's authentication domain */ int32_t time_ws, /* Workstation time */ int n, /* Number of tickets */ u_int32_t x_date, /* Principal's expiration date */ int kvno, /* Principal's key version number */ KTEXT cipher) /* Cipher text with tickets and session keys */ { static KTEXT_ST pkt_st; KTEXT pkt = &pkt_st; unsigned char *p = pkt->dat; + int tmp; + size_t rem = sizeof(pkt->dat); - p += krb_put_int(KRB_PROT_VERSION, p, 1); - p += krb_put_int(AUTH_MSG_KDC_REPLY, p, 1); + if(n != 0) + return NULL; - if(n != 0){ - /* barf on old code */ - krb_warning("create_auth_reply: don't give me no krb3 crap!" - " (n == %d)\n", n); + tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1); + if (tmp < 0) return NULL; - } + p += tmp; + rem -= tmp; + tmp = krb_put_int(AUTH_MSG_KDC_REPLY, p, rem, 1); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; - p += krb_put_nir(pname, pinst, prealm, p); + tmp = krb_put_nir(pname, pinst, prealm, p, rem); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; - p += krb_put_int(time_ws, p, 4); + tmp = krb_put_int(time_ws, p, rem, 4); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; - p += krb_put_int(n, p, 1); + tmp = krb_put_int(n, p, rem, 1); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; - p += krb_put_int(x_date, p, 4); + tmp = krb_put_int(x_date, p, rem, 4); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; - p += krb_put_int(kvno, p, 1); + tmp = krb_put_int(kvno, p, rem, 1); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; - p += krb_put_int(cipher->length, p, 2); + tmp = krb_put_int(cipher->length, p, rem, 2); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; + if (rem < cipher->length) + return NULL; memcpy(p, cipher->dat, cipher->length); p += cipher->length; + rem -= cipher->length; pkt->length = p - pkt->dat; return pkt; } Index: stable/3/crypto/kerberosIV/lib/krb/create_ciph.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/create_ciph.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/create_ciph.c (revision 62578) @@ -1,117 +1,142 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $"); +RCSID("$Id: create_ciph.c,v 1.13 1999/12/02 16:58:41 joda Exp $"); /* * This routine is used by the authentication server to create * a packet for its client, containing a ticket for the requested * service (given in "tkt"), and some information about the ticket, * * Returns KSUCCESS no matter what. * * The length of the cipher is stored in c->length; the format of * c->dat is as follows: * * variable * type or constant data * ---- ----------- ---- * * * 8 bytes session session key for client, service * * string service service name * * string instance service instance * * string realm KDC realm * * unsigned char life ticket lifetime * * unsigned char kvno service key version number * * unsigned char tkt->length length of following ticket * * data tkt->dat ticket for service * * 4 bytes kdc_time KDC's timestamp * * <=7 bytes null null pad to 8 byte multiple * */ int create_ciph(KTEXT c, /* Text block to hold ciphertext */ unsigned char *session, /* Session key to send to user */ char *service, /* Service name on ticket */ char *instance, /* Instance name on ticket */ char *realm, /* Realm of this KDC */ u_int32_t life, /* Lifetime of the ticket */ int kvno, /* Key version number for service */ KTEXT tkt, /* The ticket for the service */ u_int32_t kdc_time, /* KDC time */ des_cblock *key) /* Key to encrypt ciphertext with */ { unsigned char *p = c->dat; + size_t rem = sizeof(c->dat); + int tmp; memset(c, 0, sizeof(KTEXT_ST)); + if (rem < 8) + return KFAILURE; memcpy(p, session, 8); p += 8; + rem -= 8; + + tmp = krb_put_nir(service, instance, realm, p, rem); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + - p += krb_put_nir(service, instance, realm, p); - - p += krb_put_int(life, p, 1); - p += krb_put_int(kvno, p, 1); + tmp = krb_put_int(life, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - p += krb_put_int(tkt->length, p, 1); + tmp = krb_put_int(kvno, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + tmp = krb_put_int(tkt->length, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + + if (rem < tkt->length) + return KFAILURE; memcpy(p, tkt->dat, tkt->length); p += tkt->length; + rem -= tkt->length; - p += krb_put_int(kdc_time, p, 4); + tmp = krb_put_int(kdc_time, p, rem, 4); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; /* multiple of eight bytes */ c->length = (p - c->dat + 7) & ~7; encrypt_ktext(c, key, DES_ENCRYPT); return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/create_death_packet.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/create_death_packet.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/create_death_packet.c (revision 62578) @@ -1,85 +1,98 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $"); +RCSID("$Id: create_death_packet.c,v 1.10 1999/12/02 16:58:41 joda Exp $"); /* * This routine creates a packet to type AUTH_MSG_DIE which is sent to * the Kerberos server to make it shut down. It is used only in the * development environment. * * It takes a string "a_name" which is sent in the packet. A pointer * to the packet is returned. * * The format of the killer packet is: * * type variable data * or constant * ---- ----------- ---- * * unsigned char KRB_PROT_VERSION protocol version number * * unsigned char AUTH_MSG_DIE message type * * [least significant HOST_BYTE_ORDER byte order of sender * bit of above field] * * string a_name presumably, name of * principal sending killer * packet */ #ifdef DEBUG KTEXT krb_create_death_packet(char *a_name) { static KTEXT_ST pkt_st; KTEXT pkt = &pkt_st; unsigned char *p = pkt->dat; + int tmp; + int rem = sizeof(pkt->dat); + + pkt->length = 0; - p += krb_put_int(KRB_PROT_VERSION, p, 1); - p += krb_put_int(AUTH_MSG_DIE, p, 1); + tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; + + tmp = krb_put_int(AUTH_MSG_DIE, p, rem, 1); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; + + tmp = krb_put_string(a_name, p, rem); + if (tmp < 0) + return NULL; + p += tmp; + rem -= tmp; - p += krb_put_string(a_name, p); pkt->length = p - pkt->dat; return pkt; } #endif /* DEBUG */ Index: stable/3/crypto/kerberosIV/lib/krb/create_ticket.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/create_ticket.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/create_ticket.c (revision 62578) @@ -1,134 +1,160 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $"); +RCSID("$Id: create_ticket.c,v 1.14 1999/12/02 16:58:41 joda Exp $"); /* * Create ticket takes as arguments information that should be in a * ticket, and the KTEXT object in which the ticket should be * constructed. It then constructs a ticket and returns, leaving the * newly created ticket in tkt. * The length of the ticket is a multiple of * eight bytes and is in tkt->length. * * If the ticket is too long, the ticket will contain nulls. * * The corresponding routine to extract information from a ticket it * decomp_ticket. When changes are made to this routine, the * corresponding changes should also be made to that file. * * The packet is built in the following format: * * variable * type or constant data * ---- ----------- ---- * * tkt->length length of ticket (multiple of 8 bytes) * * tkt->dat: * * unsigned char flags namely, HOST_BYTE_ORDER * * string pname client's name * * string pinstance client's instance * * string prealm client's realm * * 4 bytes paddress client's address * * 8 bytes session session key * * 1 byte life ticket lifetime * * 4 bytes time_sec KDC timestamp * * string sname service's name * * string sinstance service's instance * * <=7 bytes null null pad to 8 byte multiple * */ int krb_create_ticket(KTEXT tkt, /* Gets filled in by the ticket */ unsigned char flags, /* Various Kerberos flags */ char *pname, /* Principal's name */ char *pinstance, /* Principal's instance */ char *prealm, /* Principal's authentication domain */ int32_t paddress, /* Net address of requesting entity */ void *session, /* Session key inserted in ticket */ int16_t life, /* Lifetime of the ticket */ int32_t time_sec, /* Issue time and date */ char *sname, /* Service Name */ char *sinstance, /* Instance Name */ des_cblock *key) /* Service's secret key */ { unsigned char *p = tkt->dat; + int tmp; + size_t rem = sizeof(tkt->dat); memset(tkt, 0, sizeof(KTEXT_ST)); + + tmp = krb_put_int(flags, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - p += krb_put_int(flags, p, 1); - p += krb_put_nir(pname, pinstance, prealm, p); + tmp = krb_put_nir(pname, pinstance, prealm, p, rem); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - p += krb_put_address(paddress, p); + tmp = krb_put_address(paddress, p, rem); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + if (rem < 8) + return KFAILURE; memcpy(p, session, 8); p += 8; + rem -= 8; - p += krb_put_int(life, p, 1); - p += krb_put_int(time_sec, p, 4); + tmp = krb_put_int(life, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - p += krb_put_nir(sname, sinstance, NULL, p); + tmp = krb_put_int(time_sec, p, rem, 4); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + + tmp = krb_put_nir(sname, sinstance, NULL, p, rem); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; /* multiple of eight bytes */ tkt->length = (p - tkt->dat + 7) & ~7; /* Check length of ticket */ if (tkt->length > (sizeof(KTEXT_ST) - 7)) { memset(tkt->dat, 0, tkt->length); tkt->length = 0; return KFAILURE /* XXX */; } encrypt_ktext(tkt, key, DES_ENCRYPT); return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/debug_decl.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/debug_decl.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/debug_decl.c (revision 62578) @@ -1,29 +1,44 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: debug_decl.c,v 1.6 1997/03/23 03:53:07 joda Exp $"); +RCSID("$Id: debug_decl.c,v 1.10 1999/06/16 15:10:38 joda Exp $"); /* Declare global debugging variables. */ int krb_ap_req_debug = 0; int krb_debug = 0; +int krb_dns_debug = 0; + +int +krb_enable_debug(void) +{ + krb_ap_req_debug = krb_debug = krb_dns_debug = 1; + return 0; +} + +int +krb_disable_debug(void) +{ + krb_ap_req_debug = krb_debug = krb_dns_debug = 0; + return 0; +} Index: stable/3/crypto/kerberosIV/lib/krb/decomp_ticket.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/decomp_ticket.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/decomp_ticket.c (revision 62578) @@ -1,119 +1,117 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $"); +RCSID("$Id: decomp_ticket.c,v 1.20 1999/12/02 16:58:41 joda Exp $"); /* * This routine takes a ticket and pointers to the variables that * should be filled in based on the information in the ticket. It * fills in values for its arguments. * * The routine returns KFAILURE if any of the "pname", "pinstance", * or "prealm" fields is too big, otherwise it returns KSUCCESS. * * The corresponding routine to generate tickets is create_ticket. * When changes are made to this routine, the corresponding changes * should also be made to that file. * * See create_ticket.c for the format of the ticket packet. */ int decomp_ticket(KTEXT tkt, /* The ticket to be decoded */ unsigned char *flags, /* Kerberos ticket flags */ char *pname, /* Authentication name */ char *pinstance, /* Principal's instance */ char *prealm, /* Principal's authentication domain */ u_int32_t *paddress,/* Net address of entity requesting ticket */ unsigned char *session, /* Session key inserted in ticket */ int *life, /* Lifetime of the ticket */ u_int32_t *time_sec, /* Issue time and date */ char *sname, /* Service name */ char *sinstance, /* Service instance */ des_cblock *key, /* Service's secret key (to decrypt the ticket) */ des_key_schedule schedule) /* The precomputed key schedule */ { unsigned char *p = tkt->dat; int little_endian; des_pcbc_encrypt((des_cblock *)tkt->dat, (des_cblock *)tkt->dat, tkt->length, schedule, key, DES_DECRYPT); tkt->mbz = 0; *flags = *p++; - little_endian = (*flags >> K_FLAG_ORDER) & 1; + little_endian = *flags & 1; if(strlen((char*)p) > ANAME_SZ) return KFAILURE; - p += krb_get_string(p, pname); + p += krb_get_string(p, pname, ANAME_SZ); if(strlen((char*)p) > INST_SZ) return KFAILURE; - p += krb_get_string(p, pinstance); + p += krb_get_string(p, pinstance, INST_SZ); if(strlen((char*)p) > REALM_SZ) return KFAILURE; - p += krb_get_string(p, prealm); + p += krb_get_string(p, prealm, REALM_SZ); + if (*prealm == '\0') + krb_get_lrealm (prealm, 1); + if(tkt->length - (p - tkt->dat) < 8 + 1 + 4) return KFAILURE; p += krb_get_address(p, paddress); memcpy(session, p, 8); p += 8; *life = *p++; p += krb_get_int(p, time_sec, 4, little_endian); if(strlen((char*)p) > SNAME_SZ) return KFAILURE; - p += krb_get_string(p, sname); + p += krb_get_string(p, sname, SNAME_SZ); if(strlen((char*)p) > INST_SZ) return KFAILURE; - p += krb_get_string(p, sinstance); + p += krb_get_string(p, sinstance, INST_SZ); return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/dllmain.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/dllmain.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/dllmain.c (revision 62578) @@ -1,128 +1,139 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* dllmain.c - main function to krb4.dll * Author: J Karlsson * Date: June 1996 */ #include "krb_locl.h" #include "ticket_memory.h" #include -RCSID("$Id: dllmain.c,v 1.6 1997/05/02 14:29:13 assar Exp $"); +RCSID("$Id: dllmain.c,v 1.9 1999/12/02 16:58:41 joda Exp $"); void msg(char *text, int error) { char *buf; asprintf (&buf, "%s\nAn error of type: %d", text, error); MessageBox(GetActiveWindow(), - buf ? buf : "can't tell you", + buf ? buf : "Out of memory!", "kerberos message", MB_OK|MB_APPLMODAL); free (buf); } +void +PostUpdateMessage(void) +{ + HWND hWnd; + static UINT km_message; + + if(km_message == 0) + km_message = RegisterWindowMessage("krb4-update-cache"); + + hWnd = FindWindow("KrbManagerWndClass", NULL); + if (hWnd == NULL) + hWnd = HWND_BROADCAST; + PostMessage(hWnd, km_message, 0, 0); +} + + BOOL WINAPI DllMain (HANDLE hInst, ULONG reason, LPVOID lpReserved) { WORD wVersionRequested; WSADATA wsaData; PROCESS_INFORMATION p; int err; switch(reason){ case DLL_PROCESS_ATTACH: wVersionRequested = MAKEWORD(1, 1); err = WSAStartup(wVersionRequested, &wsaData); if (err != 0) { /* Tell the user that we couldn't find a useable */ /* winsock.dll. */ msg("Cannot find winsock.dll", err); return FALSE; } if(newTktMem(0) != KSUCCESS) { /* Tell the user that we couldn't alloc shared memory. */ msg("Cannot allocate shared ticket memory", GetLastError()); return FALSE; } if(GetLastError() != ERROR_ALREADY_EXISTS) { - STARTUPINFO s = - { + STARTUPINFO s = { sizeof(s), - 0, - 0, - 0, + NULL, + NULL, + NULL, 0,0, 0,0, 0,0, 0, - 0, - 0, - 0,0, - 0,0,0}; + STARTF_USESHOWWINDOW, + SW_SHOWMINNOACTIVE, + 0, NULL, + NULL, NULL, NULL + }; - s.dwFlags = STARTF_USESHOWWINDOW; - s.wShowWindow = SW_HIDE; if(!CreateProcess(0,"krbmanager", 0,0,FALSE,0,0, - 0,&s, &p)) - { - msg("Unable to create kerberos manager process.\n" + 0,&s, &p)) { +#if 0 + msg("Unable to create Kerberos manager process.\n" "Make sure krbmanager.exe is in your PATH.", GetLastError()); return FALSE; +#endif } } break; case DLL_PROCESS_DETACH: + /* should this really be done here? */ freeTktMem(0); WSACleanup(); break; } return TRUE; } Index: stable/3/crypto/kerberosIV/lib/krb/encrypt_ktext.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/encrypt_ktext.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/encrypt_ktext.c (revision 62578) @@ -1,51 +1,46 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $"); +RCSID("$Id: encrypt_ktext.c,v 1.5 1999/12/02 16:58:41 joda Exp $"); void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt) { des_key_schedule schedule; des_set_key(key, schedule); des_pcbc_encrypt((des_cblock*)cip->dat, (des_cblock*)cip->dat, cip->length, schedule, key, encrypt); memset(schedule, 0, sizeof(des_key_schedule)); } Index: stable/3/crypto/kerberosIV/lib/krb/get_ad_tkt.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/get_ad_tkt.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/get_ad_tkt.c (revision 62578) @@ -1,190 +1,203 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: get_ad_tkt.c,v 1.16 1997/05/30 17:43:34 bg Exp $"); +RCSID("$Id: get_ad_tkt.c,v 1.22 1999/12/02 16:58:41 joda Exp $"); /* * get_ad_tkt obtains a new service ticket from Kerberos, using * the ticket-granting ticket which must be in the ticket file. * It is typically called by krb_mk_req() when the client side * of an application is creating authentication information to be * sent to the server side. * * get_ad_tkt takes four arguments: three pointers to strings which * contain the name, instance, and realm of the service for which the * ticket is to be obtained; and an integer indicating the desired * lifetime of the ticket. * * It returns an error status if the ticket couldn't be obtained, * or AD_OK if all went well. The ticket is stored in the ticket * cache. * * The request sent to the Kerberos ticket-granting service looks * like this: * * pkt->dat * * TEXT original contents of authenticator+ticket * pkt->dat built in krb_mk_req call * * 4 bytes time_ws always 0 (?) * char lifetime lifetime argument passed * string service service name argument * string sinstance service instance arg. * * See "prot.h" for the reply packet layout and definitions of the * extraction macros like pkt_version(), pkt_msg_type(), etc. */ int get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime) { static KTEXT_ST pkt_st; KTEXT pkt = & pkt_st; /* Packet to KDC */ static KTEXT_ST rpkt_st; KTEXT rpkt = &rpkt_st; /* Returned packet */ CREDENTIALS cr; char lrealm[REALM_SZ]; u_int32_t time_ws = 0; int kerror; unsigned char *p; + size_t rem; + int tmp; /* * First check if we have a "real" TGT for the corresponding * realm, if we don't, use ordinary inter-realm authentication. */ kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr); - if (kerror == KSUCCESS) - strncpy(lrealm, realm, REALM_SZ); - else + if (kerror == KSUCCESS) { + strlcpy(lrealm, realm, REALM_SZ); + } else kerror = krb_get_tf_realm(TKT_FILE, lrealm); if (kerror != KSUCCESS) return(kerror); /* * Look for the session key (and other stuff we don't need) * in the ticket file for krbtgt.realm@lrealm where "realm" * is the service's realm (passed in "realm" argument) and * lrealm is the realm of our initial ticket. If we don't * have this, we will try to get it. */ if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, lrealm, &cr)) != KSUCCESS) { /* * If realm == lrealm, we have no hope, so let's not even try. */ if ((strncmp(realm, lrealm, REALM_SZ)) == 0) return(AD_NOTGT); else{ if ((kerror = get_ad_tkt(KRB_TICKET_GRANTING_TICKET, - realm, lrealm, lifetime)) != KSUCCESS) + realm, lrealm, lifetime)) != KSUCCESS) { if (kerror == KDC_PR_UNKNOWN) return(AD_INTR_RLM_NOTGT); else return(kerror); + } if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, lrealm, &cr)) != KSUCCESS) return(kerror); } } /* * Make up a request packet to the "krbtgt.realm@lrealm". * Start by calling krb_mk_req() which puts ticket+authenticator * into "pkt". Then tack other stuff on the end. */ kerror = krb_mk_req(pkt, KRB_TICKET_GRANTING_TICKET, realm,lrealm,0L); if (kerror) return(AD_NOTGT); p = pkt->dat + pkt->length; + rem = sizeof(pkt->dat) - pkt->length; - p += krb_put_int(time_ws, p, 4); - p += krb_put_int(lifetime, p, 1); - p += krb_put_nir(service, sinstance, NULL, p); + tmp = krb_put_int(time_ws, p, rem, 4); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + + tmp = krb_put_int(lifetime, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + + tmp = krb_put_nir(service, sinstance, NULL, p, rem); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; pkt->length = p - pkt->dat; rpkt->length = 0; /* Send the request to the local ticket-granting server */ if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); /* check packet version of the returned packet */ { KTEXT_ST cip; CREDENTIALS cred; struct timeval tv; kerror = kdc_reply_cipher(rpkt, &cip); if(kerror != KSUCCESS) return kerror; encrypt_ktext(&cip, &cr.session, DES_DECRYPT); kerror = kdc_reply_cred(&cip, &cred); if(kerror != KSUCCESS) return kerror; if (strcmp(cred.service, service) || strcmp(cred.instance, sinstance) || strcmp(cred.realm, realm)) /* not what we asked for */ return INTK_ERR; /* we need a better code here XXX */ - gettimeofday(&tv, NULL); + krb_kdctimeofday(&tv); if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { return RD_AP_TIME; /* XXX should probably be better code */ } kerror = save_credentials(cred.service, cred.instance, cred.realm, cred.session, cred.lifetime, cred.kvno, &cred.ticket_st, tv.tv_sec); return kerror; } } Index: stable/3/crypto/kerberosIV/lib/krb/get_cred.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/get_cred.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/get_cred.c (revision 62578) @@ -1,70 +1,70 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: get_cred.c,v 1.6 1997/05/30 17:38:29 bg Exp $"); +RCSID("$Id: get_cred.c,v 1.7 1997/12/15 17:12:55 assar Exp $"); /* * krb_get_cred takes a service name, instance, and realm, and a * structure of type CREDENTIALS to be filled in with ticket * information. It then searches the ticket file for the appropriate * ticket and fills in the structure with the corresponding * information from the file. If successful, it returns KSUCCESS. * On failure it returns a Kerberos error code. */ int krb_get_cred(char *service, /* Service name */ char *instance, /* Instance */ char *realm, /* Auth domain */ CREDENTIALS *c) /* Credentials struct */ { int tf_status; /* return value of tf function calls */ CREDENTIALS cr; - if (c == 0) + if (c == NULL) c = &cr; /* Open ticket file and lock it for shared reading */ if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS) return(tf_status); /* Copy principal's name and instance into the CREDENTIALS struc c */ if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS || (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS ) return (tf_status); /* Search for requested service credentials and copy into c */ while ((tf_status = tf_get_cred(c)) == KSUCCESS) { if ((strcmp(c->service,service) == 0) && (strcmp(c->instance,instance) == 0) && (strcmp(c->realm,realm) == 0)) break; } tf_close(); if (tf_status == EOF) return (GC_NOTKT); return(tf_status); } Index: stable/3/crypto/kerberosIV/lib/krb/get_default_principal.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/get_default_principal.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/get_default_principal.c (revision 62578) @@ -1,94 +1,87 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $"); +RCSID("$Id: get_default_principal.c,v 1.14 1999/12/02 16:58:41 joda Exp $"); int krb_get_default_principal(char *name, char *instance, char *realm) { char *file; int ret; - char *p; if ((file = getenv("KRBTKFILE")) == NULL) file = TKT_FILE; ret = krb_get_tf_fullname(file, name, instance, realm); if(ret == KSUCCESS) return 0; p = getenv("KRB4PRINCIPAL"); if(p && kname_parse(name, instance, realm, p) == KSUCCESS) return 1; - #ifdef HAVE_PWD_H { struct passwd *pw; pw = getpwuid(getuid()); if(pw == NULL){ return -1; } - strcpy(name, pw->pw_name); - strcpy(instance, ""); + strlcpy (name, pw->pw_name, ANAME_SZ); + strlcpy (instance, "", INST_SZ); krb_get_lrealm(realm, 1); if(strcmp(name, "root") == 0){ p = NULL; #if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) p = getlogin(); #endif if(p == NULL) p = getenv("USER"); if(p == NULL) p = getenv("LOGNAME"); if(p){ - strncpy (name, p, ANAME_SZ); - name[ANAME_SZ - 1] = '\0'; - strcpy(instance, "root"); + strlcpy (name, p, ANAME_SZ); + strlcpy (instance, "root", INST_SZ); } } return 1; } -#endif +#else return -1; +#endif } Index: stable/3/crypto/kerberosIV/lib/krb/get_host.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/get_host.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/get_host.c (revision 62578) @@ -1,292 +1,387 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: get_host.c,v 1.30 1997/05/02 14:29:13 assar Exp $"); +RCSID("$Id: get_host.c,v 1.48 1999/12/02 16:58:41 joda Exp $"); static struct host_list { struct krb_host *this; struct host_list *next; } *hosts; static int krb_port = 0; static void free_hosts(struct host_list *h) { struct host_list *t; while(h){ if(h->this->realm) free(h->this->realm); if(h->this->host) free(h->this->host); t = h; h = h->next; free(t); } } static int -parse_address(char *address, int *proto, char **host, int *port) +parse_address(char *address, enum krb_host_proto *proto, + char **host, int *port) { char *p, *q; + int default_port = krb_port; + *proto = PROTO_UDP; + if(strncmp(address, "http://", 7) == 0){ + p = address + 7; + *proto = PROTO_HTTP; + default_port = 80; + }else{ p = strchr(address, '/'); - *proto = IPPROTO_UDP; if(p){ char prot[32]; - struct protoent *pp; - strncpy(prot, address, p - address); - prot[p - address] = 0; - if((pp = getprotobyname(prot))) - *proto = pp->p_proto; - else - krb_warning("Bad protocol name `%s', Using default `udp'.\n", + strlcpy (prot, address, + min(p - address + 1, sizeof(prot))); + if(strcasecmp(prot, "udp") == 0) + *proto = PROTO_UDP; + else if(strcasecmp(prot, "tcp") == 0) + *proto = PROTO_TCP; + else if(strcasecmp(prot, "http") == 0) { + *proto = PROTO_HTTP; + default_port = 80; + } else + krb_warning("Unknown protocol `%s', Using default `udp'.\n", prot); p++; }else p = address; + } q = strchr(p, ':'); if(q){ - *host = (char*)malloc(q - p + 1); - strncpy(*host, p, q - p); - (*host)[q - p] = 0; + *host = malloc(q - p + 1); + if (*host == NULL) + return -1; + strlcpy (*host, p, q - p + 1); q++; { struct servent *sp = getservbyname(q, NULL); if(sp) *port = ntohs(sp->s_port); else if(sscanf(q, "%d", port) != 1){ krb_warning("Bad port specification `%s', using port %d.", q, krb_port); *port = krb_port; } } }else{ + *port = default_port; + q = strchr(p, '/'); + if (q) { + *host = malloc(q - p + 1); + if (*host == NULL) + return -1; + strlcpy (*host, p, q - p + 1); + } else { *host = strdup(p); - *port = krb_port; + if(*host == NULL) + return -1; + } } return 0; } static int -add_host(char *realm, char *address, int admin, int validate) +add_host(const char *realm, char *address, int admin, int validate) { struct krb_host *host; struct host_list *p, **last = &hosts; + host = (struct krb_host*)malloc(sizeof(struct krb_host)); - parse_address(address, &host->proto, &host->host, &host->port); - if(validate && gethostbyname(host->host) == NULL){ + if (host == NULL) + return 1; + if(parse_address(address, &host->proto, &host->host, &host->port) < 0) { + free(host); + return 1; + } + if (validate) { + if (krb_dns_debug) + krb_warning("Getting host entry for %s...", host->host); + if (gethostbyname(host->host) == NULL) { + if (krb_dns_debug) + krb_warning("Didn't get it.\n"); free(host->host); free(host); return 1; } + else if (krb_dns_debug) + krb_warning("Got it.\n"); + } host->admin = admin; for(p = hosts; p; p = p->next){ if(strcmp(realm, p->this->realm) == 0 && strcmp(host->host, p->this->host) == 0 && host->proto == p->this->proto && host->port == p->this->port){ free(host->host); free(host); return 1; } last = &p->next; } host->realm = strdup(realm); + if (host->realm == NULL) { + free(host->host); + free(host); + return 1; + } p = (struct host_list*)malloc(sizeof(struct host_list)); + if (p == NULL) { + free(host->realm); + free(host->host); + free(host); + return 1; + } p->this = host; p->next = NULL; *last = p; return 0; } - - static int read_file(const char *filename, const char *r) { char line[1024]; - char realm[1024]; - char address[1024]; - char scratch[1024]; - int n; int nhosts = 0; - FILE *f = fopen(filename, "r"); + if(f == NULL) return -1; - while(fgets(line, sizeof(line), f)){ - n = sscanf(line, "%s %s admin %s", realm, address, scratch); - if(n == 2 || n == 3){ + while(fgets(line, sizeof(line), f) != NULL) { + char *realm, *address, *admin; + char *save; + + realm = strtok_r (line, " \t\n\r", &save); + if (realm == NULL) + continue; if(strcmp(realm, r)) continue; - if(add_host(realm, address, n == 3, 0) == 0) - nhosts++; + address = strtok_r (NULL, " \t\n\r", &save); + if (address == NULL) + continue; + admin = strtok_r (NULL, " \t\n\r", &save); + if (add_host(realm, + address, + admin != NULL && strcasecmp(admin, "admin") == 0, + 0) == 0) + ++nhosts; + } + fclose(f); + return nhosts; +} + +#if 0 +static int +read_cellservdb (const char *filename, const char *realm) +{ + char line[1024]; + FILE *f = fopen (filename, "r"); + int nhosts = 0; + + if (f == NULL) + return -1; + while (fgets (line, sizeof(line), f) != NULL) { + if (line[0] == '>' + && strncasecmp (line + 1, realm, strlen(realm)) == 0) { + while (fgets (line, sizeof(line), f) != NULL && *line != '>') { + char *hash; + + if (line [strlen(line) - 1] == '\n') + line [strlen(line) - 1] = '\0'; + + hash = strchr (line, '#'); + + if (hash != NULL + && add_host (realm, hash + 1, 0, 0) == 0) + ++nhosts; } + break; } + } fclose(f); return nhosts; } +#endif static int init_hosts(char *realm) { - static const char *files[] = KRB_CNF_FILES; - int i; - char *dir = getenv("KRBCONFDIR"); - - krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT))); - if(dir){ + int i, j, ret = 0; char file[MaxPathLen]; - if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0) - read_file(file, realm); + + /* + * proto should really be NULL, but there are libraries out there + * that don't like that so we use "udp" instead. + */ + + krb_port = ntohs(k_getportbyname (KRB_SERVICE, "udp", htons(KRB_PORT))); + for(i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++) { + j = read_file(file, realm); + if (j > 0) ret += j; } - for(i = 0; files[i]; i++) - read_file(files[i], realm); - return 0; + return ret; } static void srv_find_realm(char *realm, char *proto, char *service) { char *domain; struct dns_reply *r; struct resource_record *rr; - k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL); + roken_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL); if(domain == NULL) return; r = dns_lookup(domain, "srv"); if(r == NULL) r = dns_lookup(domain, "txt"); if(r == NULL){ free(domain); return; } for(rr = r->head; rr; rr = rr->next){ if(rr->type == T_SRV){ char buf[1024]; if (snprintf (buf, sizeof(buf), "%s/%s:%u", proto, rr->u.srv->target, rr->u.srv->port) < sizeof(buf)) add_host(realm, buf, 0, 0); }else if(rr->type == T_TXT) add_host(realm, rr->u.txt, 0, 0); } dns_free_data(r); free(domain); } struct krb_host* -krb_get_host(int nth, char *realm, int admin) +krb_get_host(int nth, const char *realm, int admin) { struct host_list *p; static char orealm[REALM_SZ]; + if(orealm[0] == 0 || strcmp(realm, orealm)){ /* quick optimization */ if(realm && realm[0]){ - strncpy(orealm, realm, sizeof(orealm) - 1); - orealm[sizeof(orealm) - 1] = 0; + strlcpy (orealm, realm, sizeof(orealm)); }else{ int ret = krb_get_lrealm(orealm, 1); if(ret != KSUCCESS) return NULL; } if(hosts){ free_hosts(hosts); hosts = NULL; } - - init_hosts(orealm); + if (init_hosts(orealm) < nth) { srv_find_realm(orealm, "udp", KRB_SERVICE); srv_find_realm(orealm, "tcp", KRB_SERVICE); + srv_find_realm(orealm, "http", KRB_SERVICE); { - /* XXX this assumes no one has more than 99999 kerberos - servers */ - char host[REALM_SZ + sizeof("kerberos-XXXXX..")]; + char *host; int i = 0; - sprintf(host, "kerberos.%s.", orealm); + + asprintf(&host, "kerberos.%s.", orealm); + if (host == NULL) { + free_hosts(hosts); + hosts = NULL; + return NULL; + } add_host(orealm, host, 1, 1); do{ i++; - sprintf(host, "kerberos-%d.%s.", i, orealm); - }while(i < 100000 && add_host(orealm, host, 0, 1) == 0); + free(host); + asprintf(&host, "kerberos-%d.%s.", i, orealm); + } while(host != NULL + && i < 100000 + && add_host(orealm, host, 0, 1) == 0); + free(host); + } } +#if 0 + read_cellservdb ("/usr/vice/etc/CellServDB", orealm); + read_cellservdb ("/usr/arla/etc/CellServDB", orealm); +#endif } for(p = hosts; p; p = p->next){ if(strcmp(orealm, p->this->realm) == 0 && - (!admin || p->this->admin)) + (!admin || p->this->admin)) { if(nth == 1) return p->this; else nth--; } + } return NULL; } int krb_get_krbhst(char *host, char *realm, int nth) { struct krb_host *p = krb_get_host(nth, realm, 0); if(p == NULL) return KFAILURE; - strcpy(host, p->host); + strlcpy (host, p->host, MaxHostNameLen); return KSUCCESS; } int krb_get_admhst(char *host, char *realm, int nth) { struct krb_host *p = krb_get_host(nth, realm, 1); if(p == NULL) return KFAILURE; - strcpy(host, p->host); + strlcpy (host, p->host, MaxHostNameLen); return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/get_in_tkt.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/get_in_tkt.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/get_in_tkt.c (revision 62578) @@ -1,99 +1,188 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.15 1997/03/23 03:53:08 joda Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.24 1999/11/25 05:22:43 assar Exp $"); /* * This file contains three routines: passwd_to_key() and * passwd_to_afskey() converts a password into a DES key, using the * normal strinttokey and the AFS one, respectively, and * krb_get_pw_in_tkt() gets an initial ticket for a user. */ /* * passwd_to_key() and passwd_to_afskey: given a password, return a DES key. */ int -passwd_to_key(char *user, char *instance, char *realm, void *passwd, +passwd_to_key(const char *user, + const char *instance, + const char *realm, + const void *passwd, des_cblock *key) { #ifndef NOENCRYPTION des_string_to_key((char *)passwd, key); #endif return 0; } +int +passwd_to_5key(const char *user, + const char *instance, + const char *realm, + const void *passwd, + des_cblock *key) +{ + char *p; + size_t len; + len = roken_mconcat (&p, 512, passwd, realm, user, instance, NULL); + if(len == 0) + return -1; + des_string_to_key(p, key); + memset(p, 0, len); + free(p); + return 0; +} + int -passwd_to_afskey(char *user, char *instance, char *realm, void *passwd, +passwd_to_afskey(const char *user, + const char *instance, + const char *realm, + const void *passwd, des_cblock *key) { #ifndef NOENCRYPTION - afs_string_to_key((char *)passwd, realm, key); + afs_string_to_key(passwd, realm, key); #endif return (0); } /* * krb_get_pw_in_tkt() takes the name of the server for which the initial * ticket is to be obtained, the name of the principal the ticket is * for, the desired lifetime of the ticket, and the user's password. * It passes its arguments on to krb_get_in_tkt(), which contacts * Kerberos to get the ticket, decrypts it using the password provided, * and stores it away for future use. * * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt(): * the name of a routine (passwd_to_key()) to be used to get the * password in case the "password" argument is null and NULL for the * decryption procedure indicating that krb_get_in_tkt should use the * default method of decrypting the response from the KDC. * * The result of the call to krb_get_in_tkt() is returned. */ +typedef int (*const_key_proc_t) __P((const char *name, + const char *instance, /* IN parameter */ + const char *realm, + const void *password, + des_cblock *key)); + int -krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service, - char *sinstance, int life, char *password) +krb_get_pw_in_tkt2(const char *user, + const char *instance, + const char *realm, + const char *service, + const char *sinstance, + int life, + const char *password, + des_cblock *key) { char pword[100]; /* storage for the password */ int code; /* Only request password once! */ if (!password) { if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){ memset(pword, 0, sizeof(pword)); return INTK_BADPW; } password = pword; } - code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, - passwd_to_key, NULL, password); - if (code == INTK_BADPW) - code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, - passwd_to_afskey, NULL, password); + { + KTEXT_ST as_rep; + CREDENTIALS cred; + int ret = 0; + const_key_proc_t key_procs[] = { passwd_to_key, + passwd_to_afskey, + passwd_to_5key, + NULL }; + const_key_proc_t *kp; + + code = krb_mk_as_req(user, instance, realm, + service, sinstance, life, &as_rep); + if(code) + return code; + for(kp = key_procs; *kp; kp++){ + KTEXT_ST tmp; + memcpy(&tmp, &as_rep, sizeof(as_rep)); + code = krb_decode_as_rep(user, + (char *)instance, /* const_key_proc_t */ + realm, + service, + sinstance, + (key_proc_t)*kp, /* const_key_proc_t */ + NULL, + password, + &tmp, + &cred); + if(code == 0){ + if(key) + (**kp)(user, instance, realm, password, key); + break; + } + if(code != INTK_BADPW) + ret = code; /* this is probably a better code than + what code gets after this loop */ + } + if(code) + return ret ? ret : code; + + code = tf_setup(&cred, user, instance); + if (code == KSUCCESS) { + if (krb_get_config_bool("nat_in_use")) + krb_add_our_ip_for_realm(user, instance, realm, password); + } + } if (password == pword) memset(pword, 0, sizeof(pword)); return(code); +} + +int +krb_get_pw_in_tkt(const char *user, + const char *instance, + const char *realm, + const char *service, + const char *sinstance, + int life, + const char *password) +{ + return krb_get_pw_in_tkt2(user, instance, realm, + service, sinstance, life, password, NULL); } Index: stable/3/crypto/kerberosIV/lib/krb/get_krbrlm.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/get_krbrlm.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/get_krbrlm.c (revision 62578) @@ -1,116 +1,137 @@ /* - Copyright (C) 1989 by the Massachusetts Institute of Technology - - Export of this software from the United States of America is assumed - to require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - -WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of M.I.T. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. M.I.T. makes no representations about the suitability of -this software for any purpose. It is provided "as is" without express -or implied warranty. - + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $"); +RCSID("$Id: get_krbrlm.c,v 1.25 1999/12/02 16:58:41 joda Exp $"); /* * krb_get_lrealm takes a pointer to a string, and a number, n. It fills * in the string, r, with the name of the nth realm specified on the * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the * config file does not exist, and if n=1, a successful return will occur * with r = KRB_REALM (also defined in "krb.h"). * - * NOTE: for archaic & compatibility reasons, this routine will only return - * valid results when n = 1. - * * For the format of the KRB_CONF file, see comments describing the routine * krb_get_krbhst(). */ static int krb_get_lrealm_f(char *r, int n, const char *fname) { + char buf[1024]; + char *p; + int nchar; FILE *f; int ret = KFAILURE; + + if (n < 0) + return KFAILURE; + if(n == 0) + n = 1; + f = fopen(fname, "r"); - if(f){ - char buf[REALM_SZ]; - if(fgets(buf, sizeof(buf), f)){ - char *p = buf + strspn(buf, " \t"); - p[strcspn(p, " \t\r\n")] = 0; - p[REALM_SZ - 1] = 0; - strcpy(r, p); - ret = KSUCCESS; - } + if (f == 0) + return KFAILURE; + + for (; n > 0; n--) + if (fgets(buf, sizeof(buf), f) == 0) + goto done; + + /* We now have the n:th line, remove initial white space. */ + p = buf + strspn(buf, " \t"); + + /* Collect realmname. */ + nchar = strcspn(p, " \t\n"); + if (nchar == 0 || nchar > REALM_SZ) + goto done; /* No realmname */ + strncpy(r, p, nchar); + r[nchar] = 0; + + /* Does more junk follow? */ + p += nchar; + nchar = strspn(p, " \t\n"); + if (p[nchar] == 0) + ret = KSUCCESS; /* This was a realm name only line. */ + + done: fclose(f); - } return ret; } +static const char *no_default_realm = "NO.DEFAULT.REALM"; + int krb_get_lrealm(char *r, int n) { - static const char *const files[] = KRB_CNF_FILES; int i; + char file[MaxPathLen]; - const char *dir = getenv("KRBCONFDIR"); - - if (n > 1) - return(KFAILURE); /* Temporary restriction */ - - /* First try user specified file */ - if (dir != 0) { - char fname[MaxPathLen]; - if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) - if (krb_get_lrealm_f(r, n, fname) == KSUCCESS) + for (i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++) + if (krb_get_lrealm_f(r, n, file) == KSUCCESS) return KSUCCESS; - } - for (i = 0; files[i] != 0; i++) - if (krb_get_lrealm_f(r, n, files[i]) == KSUCCESS) - return KSUCCESS; + /* When nothing else works try default realm */ + if (n == 1) { + char *t = krb_get_default_realm(); - /* If nothing else works try LOCALDOMAIN, if it exists */ - if (n == 1) - { - char *t, hostname[MaxHostNameLen]; - k_gethostname(hostname, sizeof(hostname)); - t = krb_realmofhost(hostname); - if (t) { + if (strcmp(t, no_default_realm) == 0) + return KFAILURE; /* Can't figure out default realm */ + strcpy (r, t); return KSUCCESS; } - t = strchr(hostname, '.'); - if (t == 0) - return KFAILURE; /* No domain part, you loose */ - - t++; /* Skip leading dot and upcase the rest */ - for (; *t; t++, r++) - *r = toupper(*t); - *r = 0; - return(KSUCCESS); - } else return(KFAILURE); } -/* For SunOS5 compat. */ +/* Returns local realm if that can be figured out else NO.DEFAULT.REALM */ char * krb_get_default_realm(void) { - static char local_realm[REALM_SZ]; /* local kerberos realm */ - if (krb_get_lrealm(local_realm, 1) != KSUCCESS) - strcpy(local_realm, "NO.DEFAULT.REALM"); + static char local_realm[REALM_SZ]; /* Local kerberos realm */ + + if (local_realm[0] == 0) { + char *t, hostname[MaxHostNameLen]; + + strlcpy(local_realm, no_default_realm, + sizeof(local_realm)); /* Provide default */ + + gethostname(hostname, sizeof(hostname)); + t = krb_realmofhost(hostname); + if (t && strcmp(t, no_default_realm) != 0) + strlcpy(local_realm, t, sizeof(local_realm)); + } return local_realm; } Index: stable/3/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c (revision 62578) @@ -1,76 +1,79 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $"); +RCSID("$Id: get_svc_in_tkt.c,v 1.9 1999/06/29 21:18:04 bg Exp $"); /* * This file contains two routines: srvtab_to_key(), which gets * a server's key from a srvtab file, and krb_get_svc_in_tkt() which * gets an initial ticket for a server. */ /* * srvtab_to_key(): given a "srvtab" file (where the keys for the * service on a host are stored), return the private key of the * given service (user.instance@realm). * * srvtab_to_key() passes its arguments on to read_service_key(), * plus one additional argument, the key version number. * (Currently, the key version number is always 0; this value * is treated as a wildcard by read_service_key().) * * If the "srvtab" argument is null, KEYFILE (defined in "krb.h") * is passed in its place. * * It returns the return value of the read_service_key() call. * The service key is placed in "key". */ int -srvtab_to_key(char *user, char *instance, char *realm, void *srvtab, +srvtab_to_key(const char *user, + char *instance, + const char *realm, + const void *srvtab, des_cblock *key) { if (!srvtab) srvtab = KEYFILE; return(read_service_key(user, instance, realm, 0, (char *)srvtab, (char *)key)); } /* * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), * plus two additional arguments: a pointer to the srvtab_to_key() * function to be used to get the key from the key file and a NULL * for the decryption procedure indicating that krb_get_in_tkt should * use the default method of decrypting the response from the KDC. * * It returns the return value of the krb_get_in_tkt() call. */ int krb_get_svc_in_tkt(char *user, char *instance, char *realm, char *service, char *sinstance, int life, char *srvtab) { return(krb_get_in_tkt(user, instance, realm, service, sinstance, life, srvtab_to_key, NULL, srvtab)); } Index: stable/3/crypto/kerberosIV/lib/krb/get_tf_fullname.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/get_tf_fullname.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/get_tf_fullname.c (revision 62578) @@ -1,70 +1,70 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $"); +RCSID("$Id: get_tf_fullname.c,v 1.8 1999/09/16 20:41:51 assar Exp $"); /* * This file contains a routine to extract the fullname of a user * from the ticket file. */ /* * krb_get_tf_fullname() takes four arguments: the name of the * ticket file, and variables for name, instance, and realm to be * returned in. Since the realm of a ticket file is not really fully * supported, the realm used will be that of the the first ticket in * the file as this is the one that was obtained with a password by * krb_get_in_tkt(). */ int krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm) { int tf_status; CREDENTIALS c; if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS) return(tf_status); if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) return (tf_status); if (name) - strcpy(name, c.pname); + strlcpy (name, c.pname, ANAME_SZ); if (instance) - strcpy(instance, c.pinst); + strlcpy (instance, c.pinst, INST_SZ); if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { if (realm) - strcpy(realm, c.realm); + strlcpy (realm, c.realm, REALM_SZ); } else { if (tf_status == EOF) return(KFAILURE); else return(tf_status); } tf_close(); return(tf_status); } Index: stable/3/crypto/kerberosIV/lib/krb/getaddrs.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/getaddrs.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/getaddrs.c (revision 62578) @@ -1,130 +1,150 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: getaddrs.c,v 1.19 1997/04/01 08:18:29 joda Exp $"); +RCSID("$Id: getaddrs.c,v 1.28 1999/12/02 16:58:42 joda Exp $"); -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include #endif #ifdef HAVE_NET_IF_H +#ifdef __osf__ +struct rtentry; +struct mbuf; +#endif +#ifdef _AIX +#undef __P /* XXX hack for AIX 4.3 */ +#endif #include #endif #ifdef HAVE_SYS_SOCKIO_H #include #endif /* HAVE_SYS_SOCKIO_H */ /* * Return number and list of all local adresses. */ int k_get_all_addrs (struct in_addr **l) { #if !defined(SIOCGIFCONF) || !defined(SIOCGIFFLAGS) || !defined(SIOCGIFADDR) char name[MaxHostNameLen]; struct hostent *he; - if (k_gethostname(name, sizeof(name)) < 0) + if (gethostname(name, sizeof(name)) < 0) return -1; he = gethostbyname (name); if (he == NULL) return -1; *l = malloc(sizeof(**l)); if (*l == NULL) return -1; memcpy (*l, he->h_addr_list[0], sizeof(*l)); return 1; #else int fd; - char buf[BUFSIZ]; + char *inbuf = NULL; + size_t in_len = 8192; struct ifreq ifreq; struct ifconf ifconf; int num, j; char *p; + size_t sz; + *l = NULL; fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) return -1; - ifconf.ifc_len = sizeof(buf); - ifconf.ifc_buf = buf; + for(;;) { + void *tmp; + + tmp = realloc (inbuf, in_len); + if (tmp == NULL) + goto fail; + inbuf = tmp; + + ifconf.ifc_len = in_len; + ifconf.ifc_buf = inbuf; + if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0) - return -1; + goto fail; + if(ifconf.ifc_len + sizeof(ifreq) < in_len) + break; + in_len *= 2; + } num = ifconf.ifc_len / sizeof(struct ifreq); *l = malloc(num * sizeof(struct in_addr)); - if(*l == NULL) { - close (fd); - return -1; - } + if(*l == NULL) + goto fail; j = 0; ifreq.ifr_name[0] = '\0'; - for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len;) { + for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len; p += sz) { struct ifreq *ifr = (struct ifreq *)p; -#ifdef SOCKADDR_HAS_SA_LEN - size_t sz = sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len; -#else - size_t sz = sizeof(*ifr); + sz = sizeof(*ifr); +#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN + sz = max(sz, sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len); #endif + if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) { - if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) { - close (fd); - free (*l); - return -1; - } + if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) + continue; if (ifr->ifr_flags & IFF_UP) { - if(ioctl(fd, SIOCGIFADDR, ifr) < 0) { - close (fd); - free (*l); - return -1; - } + if(ioctl(fd, SIOCGIFADDR, ifr) < 0) + continue; (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr; } ifreq = *ifr; } - p = p + sz; + } + if (j != num) { + void *tmp; + tmp = realloc (*l, j * sizeof(struct in_addr)); + if(tmp == NULL) + goto fail; + *l = tmp; } - if (j != num) - *l = realloc (*l, j * sizeof(struct in_addr)); close (fd); + free(inbuf); return j; +fail: + close(fd); + free(inbuf); + free(*l); + return -1; #endif /* SIOCGIFCONF */ } Index: stable/3/crypto/kerberosIV/lib/krb/getrealm.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/getrealm.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/getrealm.c (revision 62578) @@ -1,184 +1,185 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: getrealm.c,v 1.25 1997/05/02 14:29:14 assar Exp $"); +RCSID("$Id: getrealm.c,v 1.36 1999/09/16 20:41:51 assar Exp $"); +#ifndef MATCH_SUBDOMAINS #define MATCH_SUBDOMAINS 0 +#endif /* * krb_realmofhost. * Given a fully-qualified domain-style primary host name, * return the name of the Kerberos realm for the host. * If the hostname contains no discernable domain, or an error occurs, * return the local realm name, as supplied by get_krbrlm(). * If the hostname contains a domain, but no translation is found, * the hostname's domain is converted to upper-case and returned. * * The format of each line of the translation file is: * domain_name kerberos_realm * -or- * host_name kerberos_realm * * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) * host names should be in the usual form (e.g. FOO.BAR.BAZ) */ /* To automagically find the correct realm of a host (without * krb.realms) add a text record for your domain with the name of your * realm, like this: * * krb4-realm IN TXT FOO.SE * * The search is recursive, so you can also add entries for specific * hosts. To find the realm of host a.b.c, it first tries * krb4-realm.a.b.c, then krb4-realm.b.c and so on. */ static int dns_find_realm(char *hostname, char *realm) { char domain[MaxHostNameLen + sizeof("krb4-realm..")]; char *p; int level = 0; struct dns_reply *r; p = hostname; while(1){ snprintf(domain, sizeof(domain), "krb4-realm.%s.", p); + p = strchr(p, '.'); + if(p == NULL) + break; + p++; r = dns_lookup(domain, "TXT"); if(r){ struct resource_record *rr = r->head; while(rr){ if(rr->type == T_TXT){ - strncpy(realm, rr->u.txt, REALM_SZ); - realm[REALM_SZ - 1] = 0; + strlcpy(realm, rr->u.txt, REALM_SZ); dns_free_data(r); return level; } rr = rr->next; } dns_free_data(r); } level++; - p = strchr(p, '.'); - if(p == NULL) - break; - p++; } return -1; } static FILE * open_krb_realms(void) { - static const char *const files[] = KRB_RLM_FILES; - FILE *res; int i; - - const char *dir = getenv("KRBCONFDIR"); + char file[MaxPathLen]; + FILE *res; - /* First try user specified file */ - if (dir != 0) { - char fname[MaxPathLen]; - - if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0) - if ((res = fopen(fname, "r")) != NULL) - return res; - } - - for (i = 0; files[i] != 0; i++) - if ((res = fopen(files[i], "r")) != NULL) + for(i = 0; krb_get_krbrealms(i, file, sizeof(file)) == 0; i++) + if ((res = fopen(file, "r")) != NULL) return res; - return NULL; } -char * -krb_realmofhost(const char *host) +static int +file_find_realm(const char *phost, const char *domain, + char *ret_realm, size_t ret_realm_sz) { - static char ret_realm[REALM_SZ]; - char *domain; FILE *trans_file; - char trans_host[MaxHostNameLen]; - char trans_realm[REALM_SZ]; char buf[1024]; + int ret = -1; - char phost[MaxHostNameLen]; - - krb_name_to_name(host, phost, sizeof(phost)); - - domain = strchr(phost, '.'); - - /* prepare default */ - if(dns_find_realm(phost, ret_realm) < 0){ - if (domain) { - char *cp; - - strncpy(ret_realm, &domain[1], REALM_SZ); - ret_realm[REALM_SZ - 1] = 0; - /* Upper-case realm */ - for (cp = ret_realm; *cp; cp++) - *cp = toupper(*cp); - } else { - krb_get_lrealm(ret_realm, 1); - } - } - if ((trans_file = open_krb_realms()) == NULL) - return(ret_realm); /* krb_errno = KRB_NO_TRANS */ + return -1; - while (fgets(buf, sizeof(buf), trans_file)) { + while (fgets(buf, sizeof(buf), trans_file) != NULL) { char *save = NULL; - char *tok = strtok_r(buf, " \t\r\n", &save); + char *tok; + char *tmp_host; + char *tmp_realm; + + tok = strtok_r(buf, " \t\r\n", &save); if(tok == NULL) continue; - strncpy(trans_host, tok, MaxHostNameLen); - trans_host[MaxHostNameLen - 1] = 0; + tmp_host = tok; tok = strtok_r(NULL, " \t\r\n", &save); if(tok == NULL) continue; - strcpy(trans_realm, tok); - trans_realm[REALM_SZ - 1] = 0; - if (!strcasecmp(trans_host, phost)) { + tmp_realm = tok; + if (strcasecmp(tmp_host, phost) == 0) { /* exact match of hostname, so return the realm */ - strcpy(ret_realm, trans_realm); - fclose(trans_file); - return(ret_realm); + strlcpy(ret_realm, tmp_realm, ret_realm_sz); + ret = 0; + break; } - if ((trans_host[0] == '.') && domain) { - char *cp = domain; + if ((tmp_host[0] == '.') && domain) { + const char *cp = domain; do { - if(strcasecmp(trans_host, domain) == 0){ + if(strcasecmp(tmp_host, cp) == 0){ /* domain match, save for later */ - strcpy(ret_realm, trans_realm); + strlcpy(ret_realm, tmp_realm, ret_realm_sz); + ret = 0; break; } cp = strchr(cp + 1, '.'); } while(MATCH_SUBDOMAINS && cp); } + if (ret == 0) + break; } fclose(trans_file); + return ret; +} + +char * +krb_realmofhost(const char *host) +{ + static char ret_realm[REALM_SZ]; + char *domain; + char phost[MaxHostNameLen]; + + krb_name_to_name(host, phost, sizeof(phost)); + + domain = strchr(phost, '.'); + + if(file_find_realm(phost, domain, ret_realm, sizeof ret_realm) == 0) + return ret_realm; + + if(dns_find_realm(phost, ret_realm) >= 0) + return ret_realm; + + if (domain) { + char *cp; + + strlcpy(ret_realm, &domain[1], REALM_SZ); + /* Upper-case realm */ + for (cp = ret_realm; *cp; cp++) + *cp = toupper(*cp); + } else { + strncpy(ret_realm, krb_get_default_realm(), REALM_SZ); /* Wild guess */ + } return ret_realm; } Index: stable/3/crypto/kerberosIV/lib/krb/k_getport.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/k_getport.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/k_getport.c (revision 62578) @@ -1,57 +1,52 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $"); +RCSID("$Id: k_getport.c,v 1.11 1999/12/02 16:58:42 joda Exp $"); int k_getportbyname (const char *service, const char *proto, int default_port) { #ifdef HAVE_GETSERVBYNAME struct servent *sp; sp = getservbyname(service, proto); if(sp != NULL) return sp->s_port; krb_warning ("%s/%s unknown service, using default port %d\n", service, proto ? proto : "*", ntohs(default_port)); #endif return default_port; } Index: stable/3/crypto/kerberosIV/lib/krb/k_getsockinst.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/k_getsockinst.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/k_getsockinst.c (revision 62578) @@ -1,73 +1,67 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $"); +RCSID("$Id: k_getsockinst.c,v 1.13 1999/12/02 16:58:42 joda Exp $"); /* * Return in inst the name of the local interface bound to socket * fd. On Failure return the 'wildcard' instance "*". */ int k_getsockinst(int fd, char *inst, size_t inst_size) { struct sockaddr_in addr; int len = sizeof(addr); struct hostent *hnam; if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0) goto fail; hnam = gethostbyaddr((char *)&addr.sin_addr, sizeof(addr.sin_addr), addr.sin_family); if (hnam == 0) goto fail; - strncpy (inst, hnam->h_name, inst_size); - inst[inst_size - 1] = '\0'; + strlcpy (inst, hnam->h_name, inst_size); k_ricercar(inst); /* Canonicalize name */ return 0; /* Success */ fail: inst[0] = '*'; inst[1] = 0; return -1; } Index: stable/3/crypto/kerberosIV/lib/krb/k_localtime.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/k_localtime.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/k_localtime.c (revision 62578) @@ -1,48 +1,43 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $"); +RCSID("$Id: k_localtime.c,v 1.8 1999/12/02 16:58:42 joda Exp $"); struct tm *k_localtime(u_int32_t *tp) { time_t t; t = *tp; return localtime(&t); } Index: stable/3/crypto/kerberosIV/lib/krb/kdc_reply.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/kdc_reply.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/kdc_reply.c (revision 62578) @@ -1,131 +1,129 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: kdc_reply.c,v 1.9 1997/04/15 21:52:14 assar Exp $"); +RCSID("$Id: kdc_reply.c,v 1.12 1999/12/02 16:58:42 joda Exp $"); static int little_endian; /* XXX ugly */ int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred) { unsigned char *p = cip->dat; memcpy(cred->session, p, 8); p += 8; if(p + strlen((char*)p) > cip->dat + cip->length) return INTK_BADPW; - p += krb_get_string(p, cred->service); + p += krb_get_string(p, cred->service, sizeof(cred->service)); if(p + strlen((char*)p) > cip->dat + cip->length) return INTK_BADPW; - p += krb_get_string(p, cred->instance); + p += krb_get_string(p, cred->instance, sizeof(cred->instance)); if(p + strlen((char*)p) > cip->dat + cip->length) return INTK_BADPW; - p += krb_get_string(p, cred->realm); + p += krb_get_string(p, cred->realm, sizeof(cred->realm)); if(p + 3 > cip->dat + cip->length) return INTK_BADPW; cred->lifetime = *p++; cred->kvno = *p++; cred->ticket_st.length = *p++; if(p + cred->ticket_st.length + 4 > cip->dat + cip->length) return INTK_BADPW; memcpy(cred->ticket_st.dat, p, cred->ticket_st.length); p += cred->ticket_st.length; p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, little_endian); return KSUCCESS; } int kdc_reply_cipher(KTEXT reply, KTEXT cip) { unsigned char *p; unsigned char pvno; unsigned char type; char aname[ANAME_SZ]; char inst[INST_SZ]; char realm[REALM_SZ]; u_int32_t kdc_time; u_int32_t exp_date; u_int32_t clen; p = reply->dat; pvno = *p++; if (pvno != KRB_PROT_VERSION ) return INTK_PROT; type = *p++; little_endian = type & 1; type &= ~1; if(type == AUTH_MSG_ERR_REPLY){ u_int32_t code; + /* skip these fields */ p += strlen((char*)p) + 1; /* name */ p += strlen((char*)p) + 1; /* instance */ p += strlen((char*)p) + 1; /* realm */ p += 4; /* time */ p += krb_get_int(p, &code, 4, little_endian); + if(code == 0) + code = KFAILURE; /* things will go bad otherwise */ return code; } if(type != AUTH_MSG_KDC_REPLY) return INTK_PROT; p += krb_get_nir(p, aname, inst, realm); p += krb_get_int(p, &kdc_time, 4, little_endian); p++; /* number of tickets */ p += krb_get_int(p, &exp_date, 4, little_endian); p++; /* master key version number */ p += krb_get_int(p, &clen, 2, little_endian); cip->length = clen; memcpy(cip->dat, p, clen); p += clen; return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/kntoln.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/kntoln.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/kntoln.c (revision 62578) @@ -1,180 +1,177 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * krb_kntoln converts an auth name into a local name by looking up * the auth name in the /etc/aname file. The format of the aname * file is: * * +-----+-----+-----+-----+------+----------+-------+-------+ * | anl | inl | rll | lnl | name | instance | realm | lname | * +-----+-----+-----+-----+------+----------+-------+-------+ * | 1by | 1by | 1by | 1by | name | instance | realm | lname | * +-----+-----+-----+-----+------+----------+-------+-------+ * * If the /etc/aname file can not be opened it will set the * local name to the auth name. Thus, in this case it performs as * the identity function. * * The name instance and realm are passed to krb_kntoln through * the AUTH_DAT structure (ad). * * Now here's what it *really* does: * * Given a Kerberos name in an AUTH_DAT structure, check that the * instance is null, and that the realm is the same as the local * realm, and return the principal's name in "lname". Return * KSUCCESS if all goes well, otherwise KFAILURE. */ #include "krb_locl.h" -RCSID("$Id: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $"); +RCSID("$Id: kntoln.c,v 1.10 1998/06/09 19:25:21 joda Exp $"); int krb_kntoln(AUTH_DAT *ad, char *lname) { static char lrealm[REALM_SZ] = ""; if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) return(KFAILURE); if (strcmp(ad->pinst, "")) return(KFAILURE); if (strcmp(ad->prealm, lrealm)) return(KFAILURE); strcpy(lname, ad->pname); return(KSUCCESS); } #if 0 /* Posted to usenet by "Derrick J. Brashear" */ #include #include #include #include #include #include #include extern int errno; /* * antoln converts an authentication name into a local name by looking up * the authentication name in the /etc/aname dbm database. * * If the /etc/aname file can not be opened it will set the * local name to the principal name. Thus, in this case it performs as * the identity function. * * The name instance and realm are passed to antoln through * the AUTH_DAT structure (ad). */ static char lrealm[REALM_SZ] = ""; -an_to_ln(ad,lname) -AUTH_DAT *ad; -char *lname; +int +an_to_ln(AUTH_DAT *ad, char *lname) { static DBM *aname = NULL; char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2]; if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) return(KFAILURE); if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) || strcmp(ad->prealm,lrealm)) { datum val; datum key; /* * Non-local name (or) non-null and non-root instance. * Look up in dbm file. */ if (!aname) { if ((aname = dbm_open("/etc/aname", O_RDONLY, 0)) == NULL) return (KFAILURE); } /* Construct dbm lookup key. */ an_to_a(ad, keyname); key.dptr = keyname; key.dsize = strlen(keyname)+1; flock(dbm_dirfno(aname), LOCK_SH); val = dbm_fetch(aname, key); flock(dbm_dirfno(aname), LOCK_UN); if (!val.dptr) { dbm_close(aname); return(KFAILURE); } /* Got it! */ strcpy(lname,val.dptr); return(KSUCCESS); } else strcpy(lname,ad->pname); return(KSUCCESS); } -an_to_a(ad, str) - AUTH_DAT *ad; - char *str; +void +an_to_a(AUTH_DAT *ad, char *str) { strcpy(str, ad->pname); if(*ad->pinst) { strcat(str, "."); strcat(str, ad->pinst); } strcat(str, "@"); strcat(str, ad->prealm); } /* * Parse a string of the form "user[.instance][@realm]" * into a struct AUTH_DAT. */ -a_to_an(str, ad) - AUTH_DAT *ad; - char *str; +int +a_to_an(char *str, AUTH_DAT *ad) { char *buf = (char *)malloc(strlen(str)+1); char *rlm, *inst, *princ; if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) { free(buf); return(KFAILURE); } /* destructive string hacking is more fun.. */ strcpy(buf, str); if (rlm = index(buf, '@')) { *rlm++ = '\0'; } if (inst = index(buf, '.')) { *inst++ = '\0'; } strcpy(ad->pname, buf); if(inst) strcpy(ad->pinst, inst); else *ad->pinst = '\0'; if (rlm) strcpy(ad->prealm, rlm); else strcpy(ad->prealm, lrealm); free(buf); return(KSUCCESS); } #endif Index: stable/3/crypto/kerberosIV/lib/krb/krb.def =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/krb.def (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/krb.def (revision 62578) @@ -1,92 +1,96 @@ -LIBRARY "krb" BASE=0x07000000 - -DESCRIPTION "Dynamic link library for kerberos version 4" -VERSION 1.0 - +LIBRARY krb BASE=0x07000000 EXPORTS krb_get_err_text newTktMem getTktMem firstCred nextCredIndex currCredIndex nextFreeIndex - k_flock k_localtime k_getsockinst k_getportbyname k_get_all_addrs + krb_set_kdc_time_diff + krb_get_kdc_time_diff + + krb_get_config_bool + krb_get_config_string + krb_equiv afs_string_to_key krb_life_to_time krb_time_to_life krb_life_to_atime krb_atime_to_life tf_get_cred tf_get_pinst tf_get_pname tf_put_pinst tf_put_pname tf_init tf_create tf_save_cred tf_close krb_mk_priv krb_rd_priv create_auth_reply krb_get_phost krb_realmofhost tkt_string create_ciph decomp_ticket dest_tkt get_ad_tkt in_tkt k_gethostname k_isinst k_isname k_isrealm kname_parse + krb_parse_name + krb_unparse_name + krb_unparse_name_long krb_create_ticket krb_get_admhst krb_get_cred krb_get_in_tkt krb_get_krbhst krb_get_lrealm krb_get_default_realm krb_get_pw_in_tkt krb_get_svc_in_tkt krb_get_tf_fullname krb_get_tf_realm krb_kntoln krb_mk_req krb_net_read krb_net_write krb_rd_err krb_rd_req krb_recvauth krb_sendauth krb_set_key krb_set_lifetime read_service_key save_credentials send_to_kdc krb_mk_err krb_mk_safe krb_rd_safe ad_print cr_err_reply krb_set_tkt_string krb_get_default_principal krb_realm_parse krb_verify_user kset_logfile getst Index: stable/3/crypto/kerberosIV/lib/krb/krb.h =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/krb.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/krb.h (revision 62578) @@ -1,566 +1,359 @@ /* - * $Id$ + * $Id: krb.h,v 1.99 1999/11/16 14:02:47 bg Exp $ * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Include file for the Kerberos library. */ -/* Only one time, please */ -#ifndef KRB_DEFS -#define KRB_DEFS +#if !defined (__STDC__) && !defined(_MSC_VER) +#define const +#define signed +#endif -#include -#include -#include +#include #include -__BEGIN_DECLS +#ifndef __KRB_H__ +#define __KRB_H__ +/* XXX */ +#ifndef __BEGIN_DECLS +#if defined(__cplusplus) +#define __BEGIN_DECLS extern "C" { +#define __END_DECLS }; +#else +#define __BEGIN_DECLS +#define __END_DECLS +#endif +#endif + +#if defined (__STDC__) || defined (_MSC_VER) #ifndef __P #define __P(x) x #endif +#else +#ifndef __P +#define __P(x) () +#endif +#endif +__BEGIN_DECLS + /* Need some defs from des.h */ #if !defined(NOPROTO) && !defined(__STDC__) #define NOPROTO #endif #include -/* Don't use these guys, they are only for compatibility with CNS. */ +/* CNS compatibility ahead! */ #ifndef KRB_INT32 #define KRB_INT32 int32_t #endif #ifndef KRB_UINT32 #define KRB_UINT32 u_int32_t #endif /* Global library variables. */ extern int krb_ignore_ip_address; /* To turn off IP address comparison */ extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */ extern int krbONE; #define HOST_BYTE_ORDER (* (char *) &krbONE) +/* Debug variables */ +extern int krb_debug; +extern int krb_ap_req_debug; +extern int krb_dns_debug; + /* Text describing error codes */ #define MAX_KRB_ERRORS 256 extern const char *krb_err_txt[MAX_KRB_ERRORS]; -/* Use this function rather than indexing in krb_err_txt */ -const char *krb_get_err_text __P((int code)); - - /* General definitions */ #define KSUCCESS 0 #define KFAILURE 255 /* * Kerberos specific definitions * * KRBLOG is the log file for the kerberos master server. KRB_CONF is * the configuration file where different host machines running master * and slave servers can be found. KRB_MASTER is the name of the * machine with the master database. The admin_server runs on this * machine, and all changes to the db (as opposed to read-only * requests, which can go to slaves) must go to it. KRB_HOST is the * default machine * when looking for a kerberos slave server. Other * possibilities are * in the KRB_CONF file. KRB_REALM is the name of * the realm. */ /* /etc/kerberosIV is only for backwards compatibility, don't use it! */ /* FreeBSD wants to maintain backwards compatibility */ #ifndef KRB_CONF #define KRB_CONF "/etc/kerberosIV/krb.conf" #endif #ifndef KRB_RLM_TRANS #define KRB_RLM_TRANS "/etc/kerberosIV/krb.realms" #endif #ifndef KRB_CNF_FILES #define KRB_CNF_FILES { KRB_CONF, "/etc/krb.conf", 0} #endif #ifndef KRB_RLM_FILES #define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/krb.realms", 0} #endif #ifndef KRB_EQUIV #define KRB_EQUIV "/etc/kerberosIV/krb.equiv" #endif #define KRB_MASTER "kerberos" #ifndef KRB_REALM #define KRB_REALM (krb_get_default_realm()) #endif /* The maximum sizes for aname, realm, sname, and instance +1 */ #define ANAME_SZ 40 #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 /* Leave space for quoting */ #define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3) #define KKEY_SZ 100 #define VERSION_SZ 1 #define MSG_TYPE_SZ 1 #define DATE_SZ 26 /* RTI date output */ #define MAX_HSTNM 100 /* for compatibility */ typedef struct krb_principal{ char name[ANAME_SZ]; char instance[INST_SZ]; char realm[REALM_SZ]; }krb_principal; #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ /* default lifetime for krb_mk_req & co., 10 hrs */ #define DEFAULT_TKT_LIFE 120 #endif #define KRB_TICKET_GRANTING_TICKET "krbtgt" /* Definition of text structure used to pass text around */ #define MAX_KTXT_LEN 1250 struct ktext { unsigned int length; /* Length of the text */ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ u_int32_t mbz; /* zero to catch runaway strings */ }; typedef struct ktext *KTEXT; typedef struct ktext KTEXT_ST; /* Definitions for send_to_kdc */ -#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ +#define CLIENT_KRB_TIMEOUT 4 /* default time between retries */ #define CLIENT_KRB_RETRY 5 /* retry this many times */ #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ /* Definitions for ticket file utilities */ #define R_TKT_FIL 0 #define W_TKT_FIL 1 /* Parameters for rd_ap_req */ /* Maximum alloable clock skew in seconds */ #define CLOCK_SKEW 5*60 /* Filename for readservkey */ #ifndef KEYFILE -#define KEYFILE "/etc/kerberosIV/srvtab" +#define KEYFILE (krb_get_default_keyfile()) #endif /* Structure definition for rd_ap_req */ struct auth_dat { unsigned char k_flags; /* Flags from ticket */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* His Instance */ char prealm[REALM_SZ]; /* His Realm */ u_int32_t checksum; /* Data checksum (opt) */ des_cblock session; /* Session Key */ int life; /* Life of ticket */ u_int32_t time_sec; /* Time ticket issued */ u_int32_t address; /* Address in ticket */ KTEXT_ST reply; /* Auth reply (opt) */ }; typedef struct auth_dat AUTH_DAT; /* Structure definition for credentials returned by get_cred */ struct credentials { char service[ANAME_SZ]; /* Service name */ char instance[INST_SZ]; /* Instance */ char realm[REALM_SZ]; /* Auth domain */ des_cblock session; /* Session key */ int lifetime; /* Lifetime */ int kvno; /* Key version number */ KTEXT_ST ticket_st; /* The ticket itself */ int32_t issue_date; /* The issue time */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* Principal's instance */ }; typedef struct credentials CREDENTIALS; /* Structure definition for rd_private_msg and rd_safe_msg */ struct msg_dat { unsigned char *app_data; /* pointer to appl data */ u_int32_t app_length; /* length of appl data */ u_int32_t hash; /* hash to lookup replay */ int swap; /* swap bytes? */ int32_t time_sec; /* msg timestamp seconds */ unsigned char time_5ms; /* msg timestamp 5ms units */ }; typedef struct msg_dat MSG_DAT; struct krb_host { char *realm; char *host; - int proto; + enum krb_host_proto { PROTO_UDP, PROTO_TCP, PROTO_HTTP } proto; int port; int admin; }; -struct krb_host *krb_get_host __P((int, char*, int)); - - /* Location of ticket file for save_cred and get_cred */ #define TKT_FILE tkt_string() -#define TKT_ROOT "/tmp/tkt_" +#ifndef TKT_ROOT +#define TKT_ROOT (krb_get_default_tkt_root()) +#endif /* Error codes returned from the KDC */ #define KDC_OK 0 /* Request OK */ #define KDC_NAME_EXP 1 /* Principal expired */ #define KDC_SERVICE_EXP 2 /* Service expired */ #define KDC_AUTH_EXP 3 /* Auth expired */ #define KDC_PKT_VER 4 /* Protocol version unknown */ #define KDC_P_MKEY_VER 5 /* Wrong master key version */ #define KDC_S_MKEY_VER 6 /* Wrong master key version */ #define KDC_BYTE_ORDER 7 /* Byte order unknown */ #define KDC_PR_UNKNOWN 8 /* Principal unknown */ #define KDC_PR_N_UNIQUE 9 /* Principal not unique */ #define KDC_NULL_KEY 10 /* Principal has null key */ #define KDC_GEN_ERR 20 /* Generic error from KDC */ /* Values returned by get_credentials */ #define GC_OK 0 /* Retrieve OK */ #define RET_OK 0 /* Retrieve OK */ #define GC_TKFIL 21 /* Can't read ticket file */ #define RET_TKFIL 21 /* Can't read ticket file */ #define GC_NOTKT 22 /* Can't find ticket or TGT */ #define RET_NOTKT 22 /* Can't find ticket or TGT */ /* Values returned by mk_ap_req */ #define MK_AP_OK 0 /* Success */ #define MK_AP_TGTEXP 26 /* TGT Expired */ /* Values returned by rd_ap_req */ #define RD_AP_OK 0 /* Request authentic */ #define RD_AP_UNDEC 31 /* Can't decode authenticator */ #define RD_AP_EXP 32 /* Ticket expired */ #define RD_AP_NYV 33 /* Ticket not yet valid */ #define RD_AP_REPEAT 34 /* Repeated request */ #define RD_AP_NOT_US 35 /* The ticket isn't for us */ #define RD_AP_INCON 36 /* Request is inconsistent */ #define RD_AP_TIME 37 /* delta_t too big */ #define RD_AP_BADD 38 /* Incorrect net address */ #define RD_AP_VERSION 39 /* protocol version mismatch */ #define RD_AP_MSG_TYPE 40 /* invalid msg type */ #define RD_AP_MODIFIED 41 /* message stream modified */ #define RD_AP_ORDER 42 /* message out of order */ #define RD_AP_UNAUTHOR 43 /* unauthorized request */ /* Values returned by get_pw_tkt */ #define GT_PW_OK 0 /* Got password changing tkt */ #define GT_PW_NULL 51 /* Current PW is null */ #define GT_PW_BADPW 52 /* Incorrect current password */ #define GT_PW_PROT 53 /* Protocol Error */ #define GT_PW_KDCERR 54 /* Error returned by KDC */ #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ /* Values returned by send_to_kdc */ #define SKDC_OK 0 /* Response received */ #define SKDC_RETRY 56 /* Retry count exceeded */ #define SKDC_CANT 57 /* Can't send request */ /* * Values returned by get_intkt * (can also return SKDC_* and KDC errors) */ #define INTK_OK 0 /* Ticket obtained */ #define INTK_W_NOTALL 61 /* Not ALL tickets returned */ #define INTK_BADPW 62 /* Incorrect password */ #define INTK_PROT 63 /* Protocol Error */ #define INTK_ERR 70 /* Other error */ /* Values returned by get_adtkt */ #define AD_OK 0 /* Ticket Obtained */ #define AD_NOTGT 71 /* Don't have tgt */ #define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */ /* Error codes returned by ticket file utilities */ #define NO_TKT_FIL 76 /* No ticket file found */ #define TKT_FIL_ACC 77 /* Couldn't access tkt file */ #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ #define TKT_FIL_FMT 79 /* Bad ticket file format */ #define TKT_FIL_INI 80 /* tf_init not called first */ /* Error code returned by kparse_name */ #define KNAME_FMT 81 /* Bad Kerberos name format */ /* Error code returned by krb_mk_safe */ #define SAFE_PRIV_ERROR -1 /* syscall error */ -/* - * macros for byte swapping; also scratch space - * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 - * u_int32_t 0-->3, 1-->2, 2-->1, 3-->0 - * u_int16_t 0-->1, 1-->0 - */ - -#define swap_u_16(x) {\ - u_int32_t _krb_swap_tmp[4];\ - swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ - swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ - swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ - swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ - swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ - swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ - swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ - swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ - memcpy(x, _krb_swap_tmp, 16);\ - } - -#define swap_u_12(x) {\ - u_int32_t _krb_swap_tmp[4];\ - swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ - swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ - swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ - swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ - swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ - swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ - memcpy(x, _krb_swap_tmp, 12);\ - } - -#define swap_C_Block(x) {\ - u_int32_t _krb_swap_tmp[4];\ - swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ - swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ - swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ - swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ - memcpy(x, _krb_swap_tmp, 8);\ - } -#define swap_u_quad(x) {\ - u_int32_t _krb_swap_tmp[4];\ - swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ - swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ - swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ - swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ - memcpy(x, _krb_swap_tmp, 8);\ - } - -#define swap_u_long(x) {\ - u_int32_t _krb_swap_tmp[4];\ - swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ - swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ - x = _krb_swap_tmp[0]; \ - } - -#define swap_u_short(x) {\ - u_int16_t _krb_swap_sh_tmp; \ - swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ - x = (u_int16_t) _krb_swap_sh_tmp; \ - } -/* Kerberos ticket flag field bit definitions */ -#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ -#define K_FLAG_1 /* reserved */ -#define K_FLAG_2 /* reserved */ -#define K_FLAG_3 /* reserved */ -#define K_FLAG_4 /* reserved */ -#define K_FLAG_5 /* reserved */ -#define K_FLAG_6 /* reserved */ -#define K_FLAG_7 /* reserved, bit 7 --> msb */ - /* Defines for krb_sendauth and krb_recvauth */ #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ #define KOPT_DONT_CANON 0x00000004 /* * don't canonicalize inst as * a hostname */ +#define KOPT_IGNORE_PROTOCOL 0x0008 + #define KRB_SENDAUTH_VLEN 8 /* length for version strings */ -/* File locking */ -#define K_LOCK_SH 1 /* Shared lock */ -#define K_LOCK_EX 2 /* Exclusive lock */ -#define K_LOCK_NB 4 /* Don't block when locking */ -#define K_LOCK_UN 8 /* Unlock */ -int k_flock __P((int fd, int operation)); -struct tm *k_localtime __P((u_int32_t *)); -int k_getsockinst __P((int fd, char *inst, size_t)); -int k_getportbyname __P((const char *service, const char *proto, int default_port)); +/* flags for krb_verify_user() */ +#define KRB_VERIFY_NOT_SECURE 0 +#define KRB_VERIFY_SECURE 1 +#define KRB_VERIFY_SECURE_FAIL 2 extern char *krb4_version; -struct in_addr; +typedef int (*key_proc_t) __P((const char *name, + char *instance, /* INOUT parameter */ + const char *realm, + const void *password, + des_cblock *key)); -int k_get_all_addrs __P((struct in_addr **l)); +typedef int (*decrypt_proc_t) __P((const char *name, + const char *instance, + const char *realm, + const void *arg, + key_proc_t, + KTEXT *)); -/* Host address comparison */ -int krb_equiv __P((u_int32_t, u_int32_t)); +#include "krb-protos.h" -/* Password conversion */ -void mit_string_to_key __P((char *str, char *cell, des_cblock *key)); -void afs_string_to_key __P((char *str, char *cell, des_cblock *key)); - -/* Lifetime conversion */ -u_int32_t krb_life_to_time __P((u_int32_t start, int life)); -int krb_time_to_life __P((u_int32_t start, u_int32_t end)); -char *krb_life_to_atime __P((int life)); -int krb_atime_to_life __P((char *atime)); - -/* Ticket manipulation */ -int tf_get_cred __P((CREDENTIALS *)); -int tf_get_pinst __P((char *)); -int tf_get_pname __P((char *)); -int tf_put_pinst __P((char *)); -int tf_put_pname __P((char *)); -int tf_init __P((char *, int)); -int tf_create __P((char *)); -int tf_save_cred __P((char *, char *, char *, unsigned char *, int , int , KTEXT ticket, u_int32_t)); -void tf_close __P((void)); -int tf_setup __P((CREDENTIALS *cred, char *pname, char *pinst)); - -/* Private communication */ - -struct sockaddr_in; - -int32_t krb_mk_priv __P((void *, void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); -int32_t krb_rd_priv __P((void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); - -/* Misc */ -KTEXT create_auth_reply __P((char *, char *, char *, int32_t, int, u_int32_t, int, KTEXT)); - -char *krb_get_phost __P((const char *)); -char *krb_realmofhost __P((const char *)); -char *tkt_string __P((void)); - -int create_ciph __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t, int, KTEXT, u_int32_t, des_cblock *)); -int decomp_ticket __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t *, unsigned char *, int *, u_int32_t *, char *, char *, des_cblock *, struct des_ks_struct *)); -int dest_tkt __P((void)); -int get_ad_tkt __P((char *, char *, char *, int)); -int get_pw_tkt __P((char *, char *, char *, char *)); -int get_request __P((KTEXT, int, char **, char **)); -int in_tkt __P((char *, char *)); -int k_gethostname __P((char *, int )); -int k_isinst __P((char *)); -int k_isname __P((char *)); -int k_isrealm __P((char *)); -int kname_parse __P((char *, char *, char *, char *)); -int krb_parse_name __P((const char*, krb_principal*)); -char *krb_unparse_name __P((krb_principal*)); -char *krb_unparse_name_r __P((krb_principal*, char*)); -char *krb_unparse_name_long __P((char*, char*, char*)); -char *krb_unparse_name_long_r __P((char *name, char *instance, char *realm, char *fullname)); -int krb_create_ticket __P((KTEXT, unsigned char, char *, char *, char *, int32_t, void *, int16_t, int32_t, char *, char *, des_cblock *)); -int krb_get_admhst __P((char *, char *, int)); -int krb_get_cred __P((char *, char *, char *, CREDENTIALS *)); - -typedef int (*key_proc_t) __P((char*, char*, char*, void*, des_cblock*)); - -typedef int (*decrypt_proc_t) __P((char*, char*, char*, void*, - key_proc_t, KTEXT*)); - -int krb_get_in_tkt __P((char*, char*, char*, char*, char*, int, key_proc_t, - decrypt_proc_t, void*)); - -int srvtab_to_key __P((char *, char *, char *, void *, des_cblock *)); -int passwd_to_key __P((char *, char *, char *, void *, des_cblock *)); -int passwd_to_afskey __P((char *, char *, char *, void *, des_cblock *)); - -int krb_get_krbhst __P((char *, char *, int)); -int krb_get_lrealm __P((char *, int)); -char *krb_get_default_realm __P((void)); -int krb_get_pw_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); -int krb_get_svc_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); -int krb_get_tf_fullname __P((char *, char *, char *, char *)); -int krb_get_tf_realm __P((char *, char *)); -int krb_kntoln __P((AUTH_DAT *, char *)); -int krb_mk_req __P((KTEXT , char *, char *, char *, int32_t)); -int krb_net_read __P((int , void *, size_t)); -int krb_net_write __P((int , const void *, size_t)); -int krb_rd_err __P((u_char *, u_int32_t, int32_t *, MSG_DAT *)); -int krb_rd_req __P((KTEXT , char *, char *, int32_t, AUTH_DAT *, char *)); -int krb_recvauth __P((int32_t, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, struct des_ks_struct *, char *)); -int krb_sendauth __P((int32_t, int, KTEXT, char *,char *, char *, u_int32_t, MSG_DAT *, CREDENTIALS *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *, char *)); -int krb_mk_auth __P((int32_t, KTEXT, char *, char *, char *, u_int32_t, char *, KTEXT)); -int krb_check_auth __P((KTEXT, u_int32_t, MSG_DAT *, des_cblock *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *)); -int krb_set_key __P((void *, int)); -int krb_set_lifetime __P((int)); -int krb_kuserok __P((char *name, char *inst, char *realm, char *luser)); -int kuserok __P((AUTH_DAT *, char *)); -int read_service_key __P((char *, char *, char *, int , char *, char *)); -int save_credentials __P((char *, char *, char *, unsigned char *, int , int , KTEXT , int32_t)); -int send_to_kdc __P((KTEXT , KTEXT , char *)); - -int32_t krb_mk_err __P((u_char *, int32_t, char *)); -int32_t krb_mk_safe __P((void *, void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); -int32_t krb_rd_safe __P((void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); - -void ad_print __P((AUTH_DAT *)); -void cr_err_reply __P((KTEXT, char *, char *, char *, u_int32_t, u_int32_t, char *)); -void extract_ticket __P((KTEXT, int, char *, int *, int *, char *, KTEXT)); -void krb_set_tkt_string __P((char *)); - -int krb_get_default_principal __P((char *, char *, char *)); -int krb_realm_parse __P((char *, int)); -int krb_verify_user __P((char*, char*, char*, char*, int, char *)); - -/* logging.c */ - -typedef int (*krb_log_func_t)(FILE *, const char *, va_list); - -typedef krb_log_func_t krb_warnfn_t; - -struct krb_log_facility; - -int krb_vlogger __P((struct krb_log_facility*, const char *, va_list)) -#ifdef __GNUC__ -__attribute__ ((format (printf, 2, 0))) -#endif -; -int krb_logger __P((struct krb_log_facility*, const char *, ...)) -#ifdef __GNUC__ -__attribute__ ((format (printf, 2, 3))) -#endif -; -int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t)); - -void krb_set_warnfn __P((krb_warnfn_t)); -krb_warnfn_t krb_get_warnfn __P((void)); -void krb_warning __P((const char*, ...)) -#ifdef __GNUC__ -__attribute__ ((format (printf, 1, 2))) -#endif -; - -void kset_logfile __P((char*)); -void krb_log __P((const char*, ...)) -#ifdef __GNUC__ -__attribute__ ((format (printf, 1, 2))) -#endif -; -char *klog __P((int, const char*, ...)) -#ifdef __GNUC__ -__attribute__ ((format (printf, 2, 3))) -#endif -; - -int getst __P((int, char *, int)); -const char *month_sname __P((int)); -const char *krb_stime __P((time_t *)); -int krb_check_tm __P((struct tm)); - -int krb_get_int __P((void *from, u_int32_t *to, int size, int lsb)); -int krb_put_int __P((u_int32_t from, void *to, int size)); -int krb_get_address __P((void *from, u_int32_t *to)); -int krb_put_address __P((u_int32_t addr, void *to)); -int krb_put_string __P((char *from, void *to)); -int krb_get_string __P((void *from, char *to)); -int krb_get_nir __P((void *from, char *name, char *instance, char *realm)); -int krb_put_nir __P((char *name, char *instance, char *realm, void *to)); - __END_DECLS -#endif /* KRB_DEFS */ +#endif /* __KRB_H__ */ Index: stable/3/crypto/kerberosIV/lib/krb/krb.mak =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/krb.mak (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/krb.mak (revision 62578) @@ -1,3065 +1,1902 @@ -# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 - +# Microsoft Developer Studio Generated NMAKE File, Based on krb.dsp !IF "$(CFG)" == "" -CFG=krb - Win32 Debug -!MESSAGE No configuration specified. Defaulting to krb - Win32 Debug. +CFG=krb - Win32 Release +!MESSAGE No configuration specified. Defaulting to krb - Win32 Release. !ENDIF !IF "$(CFG)" != "krb - Win32 Release" && "$(CFG)" != "krb - Win32 Debug" !MESSAGE Invalid configuration "$(CFG)" specified. -!MESSAGE You can specify a configuration when running NMAKE on this makefile +!MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE -!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Debug" +!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Release" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE !MESSAGE "krb - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE "krb - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE !ERROR An invalid configuration is specified. !ENDIF !IF "$(OS)" == "Windows_NT" NULL= !ELSE NULL=nul !ENDIF -################################################################################ -# Begin Project -# PROP Target_Last_Scanned "krb - Win32 Debug" -RSC=rc.exe -MTL=mktyplib.exe -CPP=cl.exe !IF "$(CFG)" == "krb - Win32 Release" -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Target_Dir "" OUTDIR=.\Release INTDIR=.\Release +# Begin Custom Macros +OutDir=.\.\Release +# End Custom Macros -ALL : ".\Release\krb.dll" +!IF "$(RECURSE)" == "0" +ALL : "$(OUTDIR)\krb.dll" + +!ELSE + +ALL : "des - Win32 Release" "$(OUTDIR)\krb.dll" + +!ENDIF + +!IF "$(RECURSE)" == "1" +CLEAN :"des - Win32 ReleaseCLEAN" +!ELSE CLEAN : - -@erase ".\Release\cr_err_reply.obj" - -@erase ".\Release\create_auth_reply.obj" - -@erase ".\Release\create_ciph.obj" - -@erase ".\Release\create_ticket.obj" - -@erase ".\Release\debug_decl.obj" - -@erase ".\Release\decomp_ticket.obj" - -@erase ".\Release\dllmain.obj" - -@erase ".\Release\encrypt_ktext.obj" - -@erase ".\Release\et_list.obj" - -@erase ".\Release\get_ad_tkt.obj" - -@erase ".\Release\get_cred.obj" - -@erase ".\Release\get_default_principal.obj" - -@erase ".\Release\get_host.obj" - -@erase ".\Release\get_in_tkt.obj" - -@erase ".\Release\get_krbrlm.obj" - -@erase ".\Release\get_phost.obj" - -@erase ".\Release\get_svc_in_tkt.obj" - -@erase ".\Release\get_tf_fullname.obj" - -@erase ".\Release\get_tf_realm.obj" - -@erase ".\Release\getaddrs.obj" - -@erase ".\Release\getrealm.obj" - -@erase ".\Release\getst.obj" - -@erase ".\Release\k_flock.obj" - -@erase ".\Release\k_gethostname.obj" - -@erase ".\Release\k_getport.obj" - -@erase ".\Release\k_getsockinst.obj" - -@erase ".\Release\k_localtime.obj" - -@erase ".\Release\kdc_reply.obj" - -@erase ".\Release\kntoln.obj" - -@erase ".\Release\krb.dll" - -@erase ".\Release\krb.exp" - -@erase ".\Release\krb.lib" - -@erase ".\Release\krb_check_auth.obj" - -@erase ".\Release\krb_equiv.obj" - -@erase ".\Release\krb_err_txt.obj" - -@erase ".\Release\krb_get_in_tkt.obj" - -@erase ".\Release\lifetime.obj" - -@erase ".\Release\logging.obj" - -@erase ".\Release\lsb_addr_comp.obj" - -@erase ".\Release\mk_auth.obj" - -@erase ".\Release\mk_err.obj" - -@erase ".\Release\mk_priv.obj" - -@erase ".\Release\mk_req.obj" - -@erase ".\Release\mk_safe.obj" - -@erase ".\Release\month_sname.obj" - -@erase ".\Release\name2name.obj" - -@erase ".\Release\netread.obj" - -@erase ".\Release\netwrite.obj" - -@erase ".\Release\one.obj" - -@erase ".\Release\parse_name.obj" - -@erase ".\Release\rd_err.obj" - -@erase ".\Release\rd_priv.obj" - -@erase ".\Release\rd_req.obj" - -@erase ".\Release\rd_safe.obj" - -@erase ".\Release\read_service_key.obj" - -@erase ".\Release\realm_parse.obj" - -@erase ".\Release\recvauth.obj" - -@erase ".\Release\resolve.obj" - -@erase ".\Release\rw.obj" - -@erase ".\Release\save_credentials.obj" - -@erase ".\Release\send_to_kdc.obj" - -@erase ".\Release\sendauth.obj" - -@erase ".\Release\stime.obj" - -@erase ".\Release\str2key.obj" - -@erase ".\Release\swab.obj" - -@erase ".\Release\ticket_memory.obj" - -@erase ".\Release\tkt_string.obj" - -@erase ".\Release\unparse_name.obj" - -@erase ".\Release\util.obj" - -@erase ".\Release\verify_user.obj" +!ENDIF + -@erase "$(INTDIR)\cr_err_reply.obj" + -@erase "$(INTDIR)\create_auth_reply.obj" + -@erase "$(INTDIR)\create_ciph.obj" + -@erase "$(INTDIR)\create_ticket.obj" + -@erase "$(INTDIR)\debug_decl.obj" + -@erase "$(INTDIR)\decomp_ticket.obj" + -@erase "$(INTDIR)\dllmain.obj" + -@erase "$(INTDIR)\encrypt_ktext.obj" + -@erase "$(INTDIR)\get_ad_tkt.obj" + -@erase "$(INTDIR)\get_cred.obj" + -@erase "$(INTDIR)\get_default_principal.obj" + -@erase "$(INTDIR)\get_host.obj" + -@erase "$(INTDIR)\get_in_tkt.obj" + -@erase "$(INTDIR)\get_krbrlm.obj" + -@erase "$(INTDIR)\get_svc_in_tkt.obj" + -@erase "$(INTDIR)\get_tf_fullname.obj" + -@erase "$(INTDIR)\get_tf_realm.obj" + -@erase "$(INTDIR)\getaddrs.obj" + -@erase "$(INTDIR)\getfile.obj" + -@erase "$(INTDIR)\getrealm.obj" + -@erase "$(INTDIR)\getst.obj" + -@erase "$(INTDIR)\k_flock.obj" + -@erase "$(INTDIR)\k_gethostname.obj" + -@erase "$(INTDIR)\k_getport.obj" + -@erase "$(INTDIR)\k_getsockinst.obj" + -@erase "$(INTDIR)\k_localtime.obj" + -@erase "$(INTDIR)\kdc_reply.obj" + -@erase "$(INTDIR)\kntoln.obj" + -@erase "$(INTDIR)\krb.res" + -@erase "$(INTDIR)\krb_check_auth.obj" + -@erase "$(INTDIR)\krb_equiv.obj" + -@erase "$(INTDIR)\krb_err_txt.obj" + -@erase "$(INTDIR)\krb_get_in_tkt.obj" + -@erase "$(INTDIR)\lifetime.obj" + -@erase "$(INTDIR)\logging.obj" + -@erase "$(INTDIR)\lsb_addr_comp.obj" + -@erase "$(INTDIR)\mk_auth.obj" + -@erase "$(INTDIR)\mk_err.obj" + -@erase "$(INTDIR)\mk_priv.obj" + -@erase "$(INTDIR)\mk_req.obj" + -@erase "$(INTDIR)\mk_safe.obj" + -@erase "$(INTDIR)\month_sname.obj" + -@erase "$(INTDIR)\name2name.obj" + -@erase "$(INTDIR)\netread.obj" + -@erase "$(INTDIR)\netwrite.obj" + -@erase "$(INTDIR)\one.obj" + -@erase "$(INTDIR)\parse_name.obj" + -@erase "$(INTDIR)\rd_err.obj" + -@erase "$(INTDIR)\rd_priv.obj" + -@erase "$(INTDIR)\rd_req.obj" + -@erase "$(INTDIR)\rd_safe.obj" + -@erase "$(INTDIR)\read_service_key.obj" + -@erase "$(INTDIR)\realm_parse.obj" + -@erase "$(INTDIR)\recvauth.obj" + -@erase "$(INTDIR)\rw.obj" + -@erase "$(INTDIR)\save_credentials.obj" + -@erase "$(INTDIR)\send_to_kdc.obj" + -@erase "$(INTDIR)\sendauth.obj" + -@erase "$(INTDIR)\stime.obj" + -@erase "$(INTDIR)\str2key.obj" + -@erase "$(INTDIR)\ticket_memory.obj" + -@erase "$(INTDIR)\time.obj" + -@erase "$(INTDIR)\tkt_string.obj" + -@erase "$(INTDIR)\unparse_name.obj" + -@erase "$(INTDIR)\util.obj" + -@erase "$(INTDIR)\vc50.idb" + -@erase "$(INTDIR)\verify_user.obj" + -@erase "$(OUTDIR)\krb.dll" + -@erase "$(OUTDIR)\krb.exp" + -@erase "$(OUTDIR)\krb.lib" "$(OUTDIR)" : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" -# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c -# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP=cl.exe CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I\ "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D\ - "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/" /c + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\krb.pch" /YX /Fo"$(INTDIR)\\"\ + /Fd"$(INTDIR)\\" /FD /c CPP_OBJS=.\Release/ -CPP_SBRS=.\. -# ADD BASE MTL /nologo /D "NDEBUG" /win32 -# ADD MTL /nologo /D "NDEBUG" /win32 -MTL_PROJ=/nologo /D "NDEBUG" /win32 -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /d "NDEBUG" +CPP_SBRS=. + +.c{$(CPP_OBJS)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(CPP_OBJS)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(CPP_OBJS)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.c{$(CPP_SBRS)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(CPP_SBRS)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(CPP_SBRS)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +MTL=midl.exe +MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 +RSC=rc.exe +RSC_PROJ=/l 0x409 /fo"$(INTDIR)\krb.res" /d "NDEBUG" BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_FLAGS=/nologo /o"$(OUTDIR)\krb.bsc" BSC32_SBRS= \ LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 -# ADD LINK32 ..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 LINK32_FLAGS=..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib\ kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ - shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ - /subsystem:windows /dll /incremental:no /pdb:"$(OUTDIR)/krb.pdb" /machine:I386\ - /def:".\krb.def" /out:"$(OUTDIR)/krb.dll" /implib:"$(OUTDIR)/krb.lib" + shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll\ + /incremental:no /pdb:"$(OUTDIR)\krb.pdb" /machine:I386 /def:".\krb.def"\ + /out:"$(OUTDIR)\krb.dll" /implib:"$(OUTDIR)\krb.lib" DEF_FILE= \ ".\krb.def" LINK32_OBJS= \ - ".\Release\cr_err_reply.obj" \ - ".\Release\create_auth_reply.obj" \ - ".\Release\create_ciph.obj" \ - ".\Release\create_ticket.obj" \ - ".\Release\debug_decl.obj" \ - ".\Release\decomp_ticket.obj" \ - ".\Release\dllmain.obj" \ - ".\Release\encrypt_ktext.obj" \ - ".\Release\et_list.obj" \ - ".\Release\get_ad_tkt.obj" \ - ".\Release\get_cred.obj" \ - ".\Release\get_default_principal.obj" \ - ".\Release\get_host.obj" \ - ".\Release\get_in_tkt.obj" \ - ".\Release\get_krbrlm.obj" \ - ".\Release\get_phost.obj" \ - ".\Release\get_svc_in_tkt.obj" \ - ".\Release\get_tf_fullname.obj" \ - ".\Release\get_tf_realm.obj" \ - ".\Release\getaddrs.obj" \ - ".\Release\getrealm.obj" \ - ".\Release\getst.obj" \ - ".\Release\k_flock.obj" \ - ".\Release\k_gethostname.obj" \ - ".\Release\k_getport.obj" \ - ".\Release\k_getsockinst.obj" \ - ".\Release\k_localtime.obj" \ - ".\Release\kdc_reply.obj" \ - ".\Release\kntoln.obj" \ - ".\Release\krb_check_auth.obj" \ - ".\Release\krb_equiv.obj" \ - ".\Release\krb_err_txt.obj" \ - ".\Release\krb_get_in_tkt.obj" \ - ".\Release\lifetime.obj" \ - ".\Release\logging.obj" \ - ".\Release\lsb_addr_comp.obj" \ - ".\Release\mk_auth.obj" \ - ".\Release\mk_err.obj" \ - ".\Release\mk_priv.obj" \ - ".\Release\mk_req.obj" \ - ".\Release\mk_safe.obj" \ - ".\Release\month_sname.obj" \ - ".\Release\name2name.obj" \ - ".\Release\netread.obj" \ - ".\Release\netwrite.obj" \ - ".\Release\one.obj" \ - ".\Release\parse_name.obj" \ - ".\Release\rd_err.obj" \ - ".\Release\rd_priv.obj" \ - ".\Release\rd_req.obj" \ - ".\Release\rd_safe.obj" \ - ".\Release\read_service_key.obj" \ - ".\Release\realm_parse.obj" \ - ".\Release\recvauth.obj" \ - ".\Release\resolve.obj" \ - ".\Release\rw.obj" \ - ".\Release\save_credentials.obj" \ - ".\Release\send_to_kdc.obj" \ - ".\Release\sendauth.obj" \ - ".\Release\stime.obj" \ - ".\Release\str2key.obj" \ - ".\Release\swab.obj" \ - ".\Release\ticket_memory.obj" \ - ".\Release\tkt_string.obj" \ - ".\Release\unparse_name.obj" \ - ".\Release\util.obj" \ - ".\Release\verify_user.obj" + "$(INTDIR)\cr_err_reply.obj" \ + "$(INTDIR)\create_auth_reply.obj" \ + "$(INTDIR)\create_ciph.obj" \ + "$(INTDIR)\create_ticket.obj" \ + "$(INTDIR)\debug_decl.obj" \ + "$(INTDIR)\decomp_ticket.obj" \ + "$(INTDIR)\dllmain.obj" \ + "$(INTDIR)\encrypt_ktext.obj" \ + "$(INTDIR)\get_ad_tkt.obj" \ + "$(INTDIR)\get_cred.obj" \ + "$(INTDIR)\get_default_principal.obj" \ + "$(INTDIR)\get_host.obj" \ + "$(INTDIR)\get_in_tkt.obj" \ + "$(INTDIR)\get_krbrlm.obj" \ + "$(INTDIR)\get_svc_in_tkt.obj" \ + "$(INTDIR)\get_tf_fullname.obj" \ + "$(INTDIR)\get_tf_realm.obj" \ + "$(INTDIR)\getaddrs.obj" \ + "$(INTDIR)\getfile.obj" \ + "$(INTDIR)\getrealm.obj" \ + "$(INTDIR)\getst.obj" \ + "$(INTDIR)\k_flock.obj" \ + "$(INTDIR)\k_gethostname.obj" \ + "$(INTDIR)\k_getport.obj" \ + "$(INTDIR)\k_getsockinst.obj" \ + "$(INTDIR)\k_localtime.obj" \ + "$(INTDIR)\kdc_reply.obj" \ + "$(INTDIR)\kntoln.obj" \ + "$(INTDIR)\krb.res" \ + "$(INTDIR)\krb_check_auth.obj" \ + "$(INTDIR)\krb_equiv.obj" \ + "$(INTDIR)\krb_err_txt.obj" \ + "$(INTDIR)\krb_get_in_tkt.obj" \ + "$(INTDIR)\lifetime.obj" \ + "$(INTDIR)\logging.obj" \ + "$(INTDIR)\lsb_addr_comp.obj" \ + "$(INTDIR)\mk_auth.obj" \ + "$(INTDIR)\mk_err.obj" \ + "$(INTDIR)\mk_priv.obj" \ + "$(INTDIR)\mk_req.obj" \ + "$(INTDIR)\mk_safe.obj" \ + "$(INTDIR)\month_sname.obj" \ + "$(INTDIR)\name2name.obj" \ + "$(INTDIR)\netread.obj" \ + "$(INTDIR)\netwrite.obj" \ + "$(INTDIR)\one.obj" \ + "$(INTDIR)\parse_name.obj" \ + "$(INTDIR)\rd_err.obj" \ + "$(INTDIR)\rd_priv.obj" \ + "$(INTDIR)\rd_req.obj" \ + "$(INTDIR)\rd_safe.obj" \ + "$(INTDIR)\read_service_key.obj" \ + "$(INTDIR)\realm_parse.obj" \ + "$(INTDIR)\recvauth.obj" \ + "$(INTDIR)\rw.obj" \ + "$(INTDIR)\save_credentials.obj" \ + "$(INTDIR)\send_to_kdc.obj" \ + "$(INTDIR)\sendauth.obj" \ + "$(INTDIR)\stime.obj" \ + "$(INTDIR)\str2key.obj" \ + "$(INTDIR)\ticket_memory.obj" \ + "$(INTDIR)\time.obj" \ + "$(INTDIR)\tkt_string.obj" \ + "$(INTDIR)\unparse_name.obj" \ + "$(INTDIR)\util.obj" \ + "$(INTDIR)\verify_user.obj" \ + "..\des\Release\des.lib" -".\Release\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) +"$(OUTDIR)\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) $(LINK32) @<< $(LINK32_FLAGS) $(LINK32_OBJS) << !ELSEIF "$(CFG)" == "krb - Win32 Debug" -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Target_Dir "" OUTDIR=.\Debug INTDIR=.\Debug +# Begin Custom Macros +OutDir=.\.\Debug +# End Custom Macros -ALL : ".\Debug\krb.dll" +!IF "$(RECURSE)" == "0" +ALL : "$(OUTDIR)\krb.dll" + +!ELSE + +ALL : "des - Win32 Debug" "$(OUTDIR)\krb.dll" + +!ENDIF + +!IF "$(RECURSE)" == "1" +CLEAN :"des - Win32 DebugCLEAN" +!ELSE CLEAN : - -@erase ".\Debug\cr_err_reply.obj" - -@erase ".\Debug\create_auth_reply.obj" - -@erase ".\Debug\create_ciph.obj" - -@erase ".\Debug\create_ticket.obj" - -@erase ".\Debug\debug_decl.obj" - -@erase ".\Debug\decomp_ticket.obj" - -@erase ".\Debug\dllmain.obj" - -@erase ".\Debug\encrypt_ktext.obj" - -@erase ".\Debug\et_list.obj" - -@erase ".\Debug\get_ad_tkt.obj" - -@erase ".\Debug\get_cred.obj" - -@erase ".\Debug\get_default_principal.obj" - -@erase ".\Debug\get_host.obj" - -@erase ".\Debug\get_in_tkt.obj" - -@erase ".\Debug\get_krbrlm.obj" - -@erase ".\Debug\get_phost.obj" - -@erase ".\Debug\get_svc_in_tkt.obj" - -@erase ".\Debug\get_tf_fullname.obj" - -@erase ".\Debug\get_tf_realm.obj" - -@erase ".\Debug\getaddrs.obj" - -@erase ".\Debug\getrealm.obj" - -@erase ".\Debug\getst.obj" - -@erase ".\Debug\k_flock.obj" - -@erase ".\Debug\k_gethostname.obj" - -@erase ".\Debug\k_getport.obj" - -@erase ".\Debug\k_getsockinst.obj" - -@erase ".\Debug\k_localtime.obj" - -@erase ".\Debug\kdc_reply.obj" - -@erase ".\Debug\kntoln.obj" - -@erase ".\Debug\krb.dll" - -@erase ".\Debug\krb.exp" - -@erase ".\Debug\krb.ilk" - -@erase ".\Debug\krb.lib" - -@erase ".\Debug\krb.pdb" - -@erase ".\Debug\krb_check_auth.obj" - -@erase ".\Debug\krb_equiv.obj" - -@erase ".\Debug\krb_err_txt.obj" - -@erase ".\Debug\krb_get_in_tkt.obj" - -@erase ".\Debug\lifetime.obj" - -@erase ".\Debug\logging.obj" - -@erase ".\Debug\lsb_addr_comp.obj" - -@erase ".\Debug\mk_auth.obj" - -@erase ".\Debug\mk_err.obj" - -@erase ".\Debug\mk_priv.obj" - -@erase ".\Debug\mk_req.obj" - -@erase ".\Debug\mk_safe.obj" - -@erase ".\Debug\month_sname.obj" - -@erase ".\Debug\name2name.obj" - -@erase ".\Debug\netread.obj" - -@erase ".\Debug\netwrite.obj" - -@erase ".\Debug\one.obj" - -@erase ".\Debug\parse_name.obj" - -@erase ".\Debug\rd_err.obj" - -@erase ".\Debug\rd_priv.obj" - -@erase ".\Debug\rd_req.obj" - -@erase ".\Debug\rd_safe.obj" - -@erase ".\Debug\read_service_key.obj" - -@erase ".\Debug\realm_parse.obj" - -@erase ".\Debug\recvauth.obj" - -@erase ".\Debug\resolve.obj" - -@erase ".\Debug\rw.obj" - -@erase ".\Debug\save_credentials.obj" - -@erase ".\Debug\send_to_kdc.obj" - -@erase ".\Debug\sendauth.obj" - -@erase ".\Debug\stime.obj" - -@erase ".\Debug\str2key.obj" - -@erase ".\Debug\swab.obj" - -@erase ".\Debug\ticket_memory.obj" - -@erase ".\Debug\tkt_string.obj" - -@erase ".\Debug\unparse_name.obj" - -@erase ".\Debug\util.obj" - -@erase ".\Debug\vc40.idb" - -@erase ".\Debug\vc40.pdb" - -@erase ".\Debug\verify_user.obj" +!ENDIF + -@erase "$(INTDIR)\cr_err_reply.obj" + -@erase "$(INTDIR)\create_auth_reply.obj" + -@erase "$(INTDIR)\create_ciph.obj" + -@erase "$(INTDIR)\create_ticket.obj" + -@erase "$(INTDIR)\debug_decl.obj" + -@erase "$(INTDIR)\decomp_ticket.obj" + -@erase "$(INTDIR)\dllmain.obj" + -@erase "$(INTDIR)\encrypt_ktext.obj" + -@erase "$(INTDIR)\get_ad_tkt.obj" + -@erase "$(INTDIR)\get_cred.obj" + -@erase "$(INTDIR)\get_default_principal.obj" + -@erase "$(INTDIR)\get_host.obj" + -@erase "$(INTDIR)\get_in_tkt.obj" + -@erase "$(INTDIR)\get_krbrlm.obj" + -@erase "$(INTDIR)\get_svc_in_tkt.obj" + -@erase "$(INTDIR)\get_tf_fullname.obj" + -@erase "$(INTDIR)\get_tf_realm.obj" + -@erase "$(INTDIR)\getaddrs.obj" + -@erase "$(INTDIR)\getfile.obj" + -@erase "$(INTDIR)\getrealm.obj" + -@erase "$(INTDIR)\getst.obj" + -@erase "$(INTDIR)\k_flock.obj" + -@erase "$(INTDIR)\k_gethostname.obj" + -@erase "$(INTDIR)\k_getport.obj" + -@erase "$(INTDIR)\k_getsockinst.obj" + -@erase "$(INTDIR)\k_localtime.obj" + -@erase "$(INTDIR)\kdc_reply.obj" + -@erase "$(INTDIR)\kntoln.obj" + -@erase "$(INTDIR)\krb.res" + -@erase "$(INTDIR)\krb_check_auth.obj" + -@erase "$(INTDIR)\krb_equiv.obj" + -@erase "$(INTDIR)\krb_err_txt.obj" + -@erase "$(INTDIR)\krb_get_in_tkt.obj" + -@erase "$(INTDIR)\lifetime.obj" + -@erase "$(INTDIR)\logging.obj" + -@erase "$(INTDIR)\lsb_addr_comp.obj" + -@erase "$(INTDIR)\mk_auth.obj" + -@erase "$(INTDIR)\mk_err.obj" + -@erase "$(INTDIR)\mk_priv.obj" + -@erase "$(INTDIR)\mk_req.obj" + -@erase "$(INTDIR)\mk_safe.obj" + -@erase "$(INTDIR)\month_sname.obj" + -@erase "$(INTDIR)\name2name.obj" + -@erase "$(INTDIR)\netread.obj" + -@erase "$(INTDIR)\netwrite.obj" + -@erase "$(INTDIR)\one.obj" + -@erase "$(INTDIR)\parse_name.obj" + -@erase "$(INTDIR)\rd_err.obj" + -@erase "$(INTDIR)\rd_priv.obj" + -@erase "$(INTDIR)\rd_req.obj" + -@erase "$(INTDIR)\rd_safe.obj" + -@erase "$(INTDIR)\read_service_key.obj" + -@erase "$(INTDIR)\realm_parse.obj" + -@erase "$(INTDIR)\recvauth.obj" + -@erase "$(INTDIR)\rw.obj" + -@erase "$(INTDIR)\save_credentials.obj" + -@erase "$(INTDIR)\send_to_kdc.obj" + -@erase "$(INTDIR)\sendauth.obj" + -@erase "$(INTDIR)\stime.obj" + -@erase "$(INTDIR)\str2key.obj" + -@erase "$(INTDIR)\ticket_memory.obj" + -@erase "$(INTDIR)\time.obj" + -@erase "$(INTDIR)\tkt_string.obj" + -@erase "$(INTDIR)\unparse_name.obj" + -@erase "$(INTDIR)\util.obj" + -@erase "$(INTDIR)\vc50.idb" + -@erase "$(INTDIR)\vc50.pdb" + -@erase "$(INTDIR)\verify_user.obj" + -@erase "$(OUTDIR)\krb.dll" + -@erase "$(OUTDIR)\krb.exp" + -@erase "$(OUTDIR)\krb.ilk" + -@erase "$(OUTDIR)\krb.lib" + -@erase "$(OUTDIR)\krb.pdb" "$(OUTDIR)" : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" -# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c -# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c -CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\ +CPP=cl.exe +CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\ "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D\ - "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/"\ - /Fd"$(INTDIR)/" /c + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\krb.pch" /YX /Fo"$(INTDIR)\\"\ + /Fd"$(INTDIR)\\" /FD /c CPP_OBJS=.\Debug/ -CPP_SBRS=.\. -# ADD BASE MTL /nologo /D "_DEBUG" /win32 -# ADD MTL /nologo /D "_DEBUG" /win32 -MTL_PROJ=/nologo /D "_DEBUG" /win32 -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /d "_DEBUG" +CPP_SBRS=. + +.c{$(CPP_OBJS)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(CPP_OBJS)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(CPP_OBJS)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.c{$(CPP_SBRS)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(CPP_SBRS)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(CPP_SBRS)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +MTL=midl.exe +MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 +RSC=rc.exe +RSC_PROJ=/l 0x409 /fo"$(INTDIR)\krb.res" /d "_DEBUG" BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_FLAGS=/nologo /o"$(OUTDIR)\krb.bsc" BSC32_SBRS= \ LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 -# ADD LINK32 ..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 LINK32_FLAGS=..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib\ kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ - shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ - /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)/krb.pdb" /debug\ - /machine:I386 /def:".\krb.def" /out:"$(OUTDIR)/krb.dll"\ - /implib:"$(OUTDIR)/krb.lib" + shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll\ + /incremental:yes /pdb:"$(OUTDIR)\krb.pdb" /debug /machine:I386 /def:".\krb.def"\ + /out:"$(OUTDIR)\krb.dll" /implib:"$(OUTDIR)\krb.lib" DEF_FILE= \ ".\krb.def" LINK32_OBJS= \ - ".\Debug\cr_err_reply.obj" \ - ".\Debug\create_auth_reply.obj" \ - ".\Debug\create_ciph.obj" \ - ".\Debug\create_ticket.obj" \ - ".\Debug\debug_decl.obj" \ - ".\Debug\decomp_ticket.obj" \ - ".\Debug\dllmain.obj" \ - ".\Debug\encrypt_ktext.obj" \ - ".\Debug\et_list.obj" \ - ".\Debug\get_ad_tkt.obj" \ - ".\Debug\get_cred.obj" \ - ".\Debug\get_default_principal.obj" \ - ".\Debug\get_host.obj" \ - ".\Debug\get_in_tkt.obj" \ - ".\Debug\get_krbrlm.obj" \ - ".\Debug\get_phost.obj" \ - ".\Debug\get_svc_in_tkt.obj" \ - ".\Debug\get_tf_fullname.obj" \ - ".\Debug\get_tf_realm.obj" \ - ".\Debug\getaddrs.obj" \ - ".\Debug\getrealm.obj" \ - ".\Debug\getst.obj" \ - ".\Debug\k_flock.obj" \ - ".\Debug\k_gethostname.obj" \ - ".\Debug\k_getport.obj" \ - ".\Debug\k_getsockinst.obj" \ - ".\Debug\k_localtime.obj" \ - ".\Debug\kdc_reply.obj" \ - ".\Debug\kntoln.obj" \ - ".\Debug\krb_check_auth.obj" \ - ".\Debug\krb_equiv.obj" \ - ".\Debug\krb_err_txt.obj" \ - ".\Debug\krb_get_in_tkt.obj" \ - ".\Debug\lifetime.obj" \ - ".\Debug\logging.obj" \ - ".\Debug\lsb_addr_comp.obj" \ - ".\Debug\mk_auth.obj" \ - ".\Debug\mk_err.obj" \ - ".\Debug\mk_priv.obj" \ - ".\Debug\mk_req.obj" \ - ".\Debug\mk_safe.obj" \ - ".\Debug\month_sname.obj" \ - ".\Debug\name2name.obj" \ - ".\Debug\netread.obj" \ - ".\Debug\netwrite.obj" \ - ".\Debug\one.obj" \ - ".\Debug\parse_name.obj" \ - ".\Debug\rd_err.obj" \ - ".\Debug\rd_priv.obj" \ - ".\Debug\rd_req.obj" \ - ".\Debug\rd_safe.obj" \ - ".\Debug\read_service_key.obj" \ - ".\Debug\realm_parse.obj" \ - ".\Debug\recvauth.obj" \ - ".\Debug\resolve.obj" \ - ".\Debug\rw.obj" \ - ".\Debug\save_credentials.obj" \ - ".\Debug\send_to_kdc.obj" \ - ".\Debug\sendauth.obj" \ - ".\Debug\stime.obj" \ - ".\Debug\str2key.obj" \ - ".\Debug\swab.obj" \ - ".\Debug\ticket_memory.obj" \ - ".\Debug\tkt_string.obj" \ - ".\Debug\unparse_name.obj" \ - ".\Debug\util.obj" \ - ".\Debug\verify_user.obj" + "$(INTDIR)\cr_err_reply.obj" \ + "$(INTDIR)\create_auth_reply.obj" \ + "$(INTDIR)\create_ciph.obj" \ + "$(INTDIR)\create_ticket.obj" \ + "$(INTDIR)\debug_decl.obj" \ + "$(INTDIR)\decomp_ticket.obj" \ + "$(INTDIR)\dllmain.obj" \ + "$(INTDIR)\encrypt_ktext.obj" \ + "$(INTDIR)\get_ad_tkt.obj" \ + "$(INTDIR)\get_cred.obj" \ + "$(INTDIR)\get_default_principal.obj" \ + "$(INTDIR)\get_host.obj" \ + "$(INTDIR)\get_in_tkt.obj" \ + "$(INTDIR)\get_krbrlm.obj" \ + "$(INTDIR)\get_svc_in_tkt.obj" \ + "$(INTDIR)\get_tf_fullname.obj" \ + "$(INTDIR)\get_tf_realm.obj" \ + "$(INTDIR)\getaddrs.obj" \ + "$(INTDIR)\getfile.obj" \ + "$(INTDIR)\getrealm.obj" \ + "$(INTDIR)\getst.obj" \ + "$(INTDIR)\k_flock.obj" \ + "$(INTDIR)\k_gethostname.obj" \ + "$(INTDIR)\k_getport.obj" \ + "$(INTDIR)\k_getsockinst.obj" \ + "$(INTDIR)\k_localtime.obj" \ + "$(INTDIR)\kdc_reply.obj" \ + "$(INTDIR)\kntoln.obj" \ + "$(INTDIR)\krb.res" \ + "$(INTDIR)\krb_check_auth.obj" \ + "$(INTDIR)\krb_equiv.obj" \ + "$(INTDIR)\krb_err_txt.obj" \ + "$(INTDIR)\krb_get_in_tkt.obj" \ + "$(INTDIR)\lifetime.obj" \ + "$(INTDIR)\logging.obj" \ + "$(INTDIR)\lsb_addr_comp.obj" \ + "$(INTDIR)\mk_auth.obj" \ + "$(INTDIR)\mk_err.obj" \ + "$(INTDIR)\mk_priv.obj" \ + "$(INTDIR)\mk_req.obj" \ + "$(INTDIR)\mk_safe.obj" \ + "$(INTDIR)\month_sname.obj" \ + "$(INTDIR)\name2name.obj" \ + "$(INTDIR)\netread.obj" \ + "$(INTDIR)\netwrite.obj" \ + "$(INTDIR)\one.obj" \ + "$(INTDIR)\parse_name.obj" \ + "$(INTDIR)\rd_err.obj" \ + "$(INTDIR)\rd_priv.obj" \ + "$(INTDIR)\rd_req.obj" \ + "$(INTDIR)\rd_safe.obj" \ + "$(INTDIR)\read_service_key.obj" \ + "$(INTDIR)\realm_parse.obj" \ + "$(INTDIR)\recvauth.obj" \ + "$(INTDIR)\rw.obj" \ + "$(INTDIR)\save_credentials.obj" \ + "$(INTDIR)\send_to_kdc.obj" \ + "$(INTDIR)\sendauth.obj" \ + "$(INTDIR)\stime.obj" \ + "$(INTDIR)\str2key.obj" \ + "$(INTDIR)\ticket_memory.obj" \ + "$(INTDIR)\time.obj" \ + "$(INTDIR)\tkt_string.obj" \ + "$(INTDIR)\unparse_name.obj" \ + "$(INTDIR)\util.obj" \ + "$(INTDIR)\verify_user.obj" \ + "..\des\Debug\des.lib" -".\Debug\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) +"$(OUTDIR)\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) $(LINK32) @<< $(LINK32_FLAGS) $(LINK32_OBJS) << !ENDIF -.c{$(CPP_OBJS)}.obj: - $(CPP) $(CPP_PROJ) $< -.cpp{$(CPP_OBJS)}.obj: - $(CPP) $(CPP_PROJ) $< - -.cxx{$(CPP_OBJS)}.obj: - $(CPP) $(CPP_PROJ) $< - -.c{$(CPP_SBRS)}.sbr: - $(CPP) $(CPP_PROJ) $< - -.cpp{$(CPP_SBRS)}.sbr: - $(CPP) $(CPP_PROJ) $< - -.cxx{$(CPP_SBRS)}.sbr: - $(CPP) $(CPP_PROJ) $< - -################################################################################ -# Begin Target - -# Name "krb - Win32 Release" -# Name "krb - Win32 Debug" - -!IF "$(CFG)" == "krb - Win32 Release" - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -!ENDIF - -################################################################################ -# Begin Source File - -SOURCE=.\krb.def - -!IF "$(CFG)" == "krb - Win32 Release" - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\get_tf_fullname.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_GET_T=\ - "..\..\include\protos.h"\ - "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_T=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ - "..\des\des.h"\ - "..\roken\roken.h"\ - ".\krb.h"\ - ".\krb_locl.h"\ - ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - - -".\Debug\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" - - -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - +!IF "$(CFG)" == "krb - Win32 Release" || "$(CFG)" == "krb - Win32 Debug" SOURCE=.\cr_err_reply.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_CR_ER=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_CR_ER=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" +"$(INTDIR)\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\create_auth_reply.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_CREAT=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_CREAT=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" +"$(INTDIR)\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\create_ciph.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_CREATE=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_CREATE=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" +"$(INTDIR)\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\create_ticket.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_CREATE_=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ + "..\des\des.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ + ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ + ".\prot.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Release\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" +"$(INTDIR)\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_CREATE_=\ +SOURCE=.\debug_decl.c +DEP_CPP_DEBUG=\ "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" +"$(INTDIR)\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\decomp_ticket.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_DECOM=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_DECOM=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" +"$(INTDIR)\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\dllmain.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_DLLMA=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - ".\ticket_memory.h"\ - - -".\Release\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_DLLMA=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ ".\ticket_memory.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" +"$(INTDIR)\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\encrypt_ktext.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_ENCRY=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_ENCRY=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" +"$(INTDIR)\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\et_list.c -DEP_CPP_ET_LI=\ - "..\..\include\win32\config.h"\ - - -!IF "$(CFG)" == "krb - Win32 Release" - - -".\Release\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - - -".\Debug\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" - - -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\get_ad_tkt.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GET_A=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_A=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" +"$(INTDIR)\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\get_cred.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GET_C=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_C=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" +"$(INTDIR)\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\get_default_principal.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GET_D=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_D=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" +"$(INTDIR)\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\get_host.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GET_H=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_H=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" +"$(INTDIR)\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\get_in_tkt.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GET_I=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_I=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" +"$(INTDIR)\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\get_krbrlm.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GET_K=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_K=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" +"$(INTDIR)\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\get_phos - -!IF "$(CFG)" == "krb - Win32 Release" - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\get_svc_in_tkt.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GET_S=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_S=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" +"$(INTDIR)\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\get_phost.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_GET_P=\ +SOURCE=.\get_tf_fullname.c +DEP_CPP_GET_T=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_P=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" +"$(INTDIR)\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\krb_equiv.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_KRB_E=\ +SOURCE=.\get_tf_realm.c +DEP_CPP_GET_TF=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_KRB_E=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" +"$(INTDIR)\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\getaddrs.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GETAD=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ + "..\des\des.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ + ".\krb.h"\ ".\krb_locl.h"\ - + ".\krb_log.h"\ + ".\prot.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Release\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" +"$(INTDIR)\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" -!ELSEIF "$(CFG)" == "krb - Win32 Debug" -DEP_CPP_GETAD=\ +SOURCE=.\getfile.c +DEP_CPP_GETFI=\ "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" +"$(INTDIR)\getfile.obj" : $(SOURCE) $(DEP_CPP_GETFI) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\getrealm.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GETRE=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GETRE=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" +"$(INTDIR)\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\getst.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_GETST=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GETST=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" +"$(INTDIR)\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\k_flock.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_K_FLO=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_K_FLO=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" +"$(INTDIR)\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\k_gethostname.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_K_GET=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_K_GET=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" +"$(INTDIR)\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\k_getport.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_K_GETP=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_K_GETP=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" +"$(INTDIR)\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\k_getsockinst.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_K_GETS=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_K_GETS=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" +"$(INTDIR)\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\k_localtime.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_K_LOC=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_K_LOC=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" +"$(INTDIR)\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\kdc_reply.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_KDC_R=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_KDC_R=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" +"$(INTDIR)\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\kntoln.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_KNTOL=\ "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - - -".\Release\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_KNTOL=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ - "..\des\des.h"\ - "..\roken\roken.h"\ - ".\krb.h"\ - ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" +"$(INTDIR)\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\krb_check_auth.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_KRB_C=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_KRB_C=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" +"$(INTDIR)\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\get_tf_realm.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_GET_TF=\ +SOURCE=.\krb_equiv.c +DEP_CPP_KRB_E=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_GET_TF=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" +"$(INTDIR)\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\rd_safe.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_RD_SA=\ +SOURCE=.\krb_err_txt.c +DEP_CPP_KRB_ER=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ - - -".\Release\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_RD_SA=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" +"$(INTDIR)\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\krb_get_in_tkt.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_KRB_G=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_KRB_G=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" +"$(INTDIR)\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\lifetime.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_LIFET=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ + "..\des\des.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ + ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ + ".\prot.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Release\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" +"$(INTDIR)\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_LIFET=\ +SOURCE=.\logging.c +DEP_CPP_LOGGI=\ "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\klog.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" +"$(INTDIR)\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\lsb_addr_comp.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_LSB_A=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ - - -".\Release\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_LSB_A=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-archaeology.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" +"$(INTDIR)\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\mk_auth.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_MK_AU=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_MK_AU=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" +"$(INTDIR)\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\mk_err.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_MK_ER=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_MK_ER=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" +"$(INTDIR)\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\mk_priv.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_MK_PR=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ - - -".\Release\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_MK_PR=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-archaeology.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" +"$(INTDIR)\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\mk_req.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_MK_RE=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_MK_RE=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" +"$(INTDIR)\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\mk_safe.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_MK_SA=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ - - -".\Release\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_MK_SA=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-archaeology.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" +"$(INTDIR)\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\month_sname.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_MONTH=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_MONTH=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" +"$(INTDIR)\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\name2name.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_NAME2=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_NAME2=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" +"$(INTDIR)\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\netread.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_NETRE=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_NETRE=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" +"$(INTDIR)\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\netwrite.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_NETWR=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_NETWR=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" +"$(INTDIR)\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\one.c -!IF "$(CFG)" == "krb - Win32 Release" +"$(INTDIR)\one.obj" : $(SOURCE) "$(INTDIR)" -".\Release\one.obj" : $(SOURCE) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - - -".\Debug\one.obj" : $(SOURCE) "$(INTDIR)" - - -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\parse_name.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_PARSE=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_PARSE=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" +"$(INTDIR)\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\rd_err.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_RD_ER=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_RD_ER=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" +"$(INTDIR)\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\rd_priv.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_RD_PR=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ - - -".\Release\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_RD_PR=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-archaeology.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ - ".\lsb_addr_comp.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" +"$(INTDIR)\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\rd_req.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_RD_RE=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_RD_RE=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" +"$(INTDIR)\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\krb_err_txt.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_KRB_ER=\ +SOURCE=.\rd_safe.c +DEP_CPP_RD_SA=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_KRB_ER=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-archaeology.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" +"$(INTDIR)\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\send_to_kdc.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_SEND_=\ +SOURCE=.\read_service_key.c +DEP_CPP_READ_=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_SEND_=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" +"$(INTDIR)\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\realm_parse.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_REALM=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_REALM=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" +"$(INTDIR)\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\recvauth.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_RECVA=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_RECVA=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" +"$(INTDIR)\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\resolve.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_RESOL=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - ".\resolve.h"\ - - -".\Release\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_RESOL=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" +"$(INTDIR)\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\rw.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_RW_C68=\ +DEP_CPP_RW_C6a=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - "..\des\version.h"\ - ".\krb_locl.h"\ - - -".\Release\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_RW_C68=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ + "..\..\include\win32\version.h"\ "..\des\des.h"\ - "..\des\version.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" +"$(INTDIR)\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C6a) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\save_credentials.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_SAVE_=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_SAVE_=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" +"$(INTDIR)\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\read_service_key.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_READ_=\ +SOURCE=.\send_to_kdc.c +DEP_CPP_SEND_=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_READ_=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\base64.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" - - -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\verify_user.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_VERIF=\ - "..\..\include\protos.h"\ - "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ +"$(INTDIR)\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" -".\Release\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_VERIF=\ +SOURCE=.\sendauth.c +DEP_CPP_SENDA=\ "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" +"$(INTDIR)\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\stime.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_STIME=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ + "..\des\des.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ + ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ + ".\prot.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Release\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" +"$(INTDIR)\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_STIME=\ +SOURCE=.\str2key.c +DEP_CPP_STR2K=\ "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" +"$(INTDIR)\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\swab.c -DEP_CPP_SWAB_=\ - "..\..\include\win32\config.h"\ - - -!IF "$(CFG)" == "krb - Win32 Release" - - -".\Release\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - - -".\Debug\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" - - -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\ticket_memory.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_TICKE=\ - ".\krb_locl.h"\ - ".\ticket_memory.h"\ - - -".\Release\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_TICKE=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ + "..\des\des.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ + ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ + ".\prot.h"\ ".\ticket_memory.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" +"$(INTDIR)\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\tkt_string.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_TKT_S=\ +SOURCE=.\time.c +DEP_CPP_TIME_=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ + "..\des\des.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ + ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ + ".\prot.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Release\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" +"$(INTDIR)\time.obj" : $(SOURCE) $(DEP_CPP_TIME_) "$(INTDIR)" -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - +SOURCE=.\tkt_string.c DEP_CPP_TKT_S=\ "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" +"$(INTDIR)\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\unparse_name.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_UNPAR=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_UNPAR=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" +"$(INTDIR)\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\util.c - -!IF "$(CFG)" == "krb - Win32 Release" - DEP_CPP_UTIL_=\ "..\..\include\protos.h"\ "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_UTIL_=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" - -!ENDIF - -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\sendauth.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_SENDA=\ - "..\..\include\protos.h"\ - "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ +"$(INTDIR)\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" -".\Release\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_SENDA=\ +SOURCE=.\verify_user.c +DEP_CPP_VERIF=\ "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ + "..\..\include\win32\ktypes.h"\ + "..\..\include\win32\roken.h"\ "..\des\des.h"\ - "..\roken\roken.h"\ + "..\roken\err.h"\ + "..\roken\roken-common.h"\ + ".\krb-protos.h"\ ".\krb.h"\ ".\krb_locl.h"\ + ".\krb_log.h"\ ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -".\Debug\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" +"$(INTDIR)\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" -!ENDIF +SOURCE=.\krb.rc -# End Source File -################################################################################ -# Begin Source File +"$(INTDIR)\krb.res" : $(SOURCE) "$(INTDIR)" + $(RSC) $(RSC_PROJ) $(SOURCE) -SOURCE=.\logging.c !IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_LOGGI=\ - "..\..\include\protos.h"\ - "..\..\include\win32\config.h"\ - ".\klog.h"\ - ".\krb_locl.h"\ +"des - Win32 Release" : + cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des" + $(MAKE) /$(MAKEFLAGS) /F ".\des.mak" CFG="des - Win32 Release" + cd "..\krb" -".\Release\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" +"des - Win32 ReleaseCLEAN" : + cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des" + $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\des.mak" CFG="des - Win32 Release"\ + RECURSE=1 + cd "..\krb" - !ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_LOGGI=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ - "..\des\des.h"\ - "..\roken\roken.h"\ - ".\klog.h"\ - ".\krb.h"\ - ".\krb_locl.h"\ - ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ +"des - Win32 Debug" : + cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des" + $(MAKE) /$(MAKEFLAGS) /F ".\des.mak" CFG="des - Win32 Debug" + cd "..\krb" -".\Debug\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" +"des - Win32 DebugCLEAN" : + cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des" + $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\des.mak" CFG="des - Win32 Debug" RECURSE=1\ + cd "..\krb" !ENDIF -# End Source File -################################################################################ -# Begin Source File -SOURCE=.\str2key.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_STR2K=\ - "..\..\include\protos.h"\ - "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_STR2K=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ - "..\des\des.h"\ - "..\roken\roken.h"\ - ".\krb.h"\ - ".\krb_locl.h"\ - ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - - -".\Debug\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" - - !ENDIF -# End Source File -################################################################################ -# Begin Source File - -SOURCE=.\debug_decl.c - -!IF "$(CFG)" == "krb - Win32 Release" - -DEP_CPP_DEBUG=\ - "..\..\include\protos.h"\ - "..\..\include\win32\config.h"\ - ".\krb_locl.h"\ - - -".\Release\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" - - -!ELSEIF "$(CFG)" == "krb - Win32 Debug" - -DEP_CPP_DEBUG=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ - "..\..\include\win32\config.h"\ - "..\des\des.h"\ - "..\roken\roken.h"\ - ".\krb.h"\ - ".\krb_locl.h"\ - ".\prot.h"\ - ".\resolve.h"\ - {$(INCLUDE)}"\sys\STAT.H"\ - {$(INCLUDE)}"\sys\TYPES.H"\ - - -".\Debug\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" - - -!ENDIF - -# End Source File -# End Target -# End Project -################################################################################ Index: stable/3/crypto/kerberosIV/lib/krb/krb_check_auth.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/krb_check_auth.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/krb_check_auth.c (revision 62578) @@ -1,76 +1,71 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $"); +RCSID("$Id: krb_check_auth.c,v 1.5 1999/12/02 16:58:42 joda Exp $"); /* * * Receive an mutual-authenticator for a server in `packet', with * `checksum', `session', and `schedule' having the appropriate values * and return the data in `msg_data'. * * Return KSUCCESS if the received checksum is correct. * */ int krb_check_auth(KTEXT packet, u_int32_t checksum, MSG_DAT *msg_data, des_cblock *session, struct des_ks_struct *schedule, struct sockaddr_in *laddr, struct sockaddr_in *faddr) { int ret; u_int32_t checksum2; ret = krb_rd_priv (packet->dat, packet->length, schedule, session, faddr, laddr, msg_data); if (ret != RD_AP_OK) return ret; if (msg_data->app_length != 4) return KFAILURE; krb_get_int (msg_data->app_data, &checksum2, 4, 0); if (checksum2 == checksum + 1) return KSUCCESS; else return KFAILURE; } Index: stable/3/crypto/kerberosIV/lib/krb/krb_equiv.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/krb_equiv.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/krb_equiv.c (revision 62578) @@ -1,144 +1,140 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b); * * Given two IP adresses return true if they match * or are considered to belong to the same host. * * For example if /etc/krb.equiv looks like * * 130.237.223.3 192.16.126.3 # alv alv1 * 130.237.223.4 192.16.126.4 # byse byse1 * 130.237.228.152 192.16.126.9 # topsy topsy1 * * krb_equiv(alv, alv1) would return true but * krb_equiv(alv, byse1) would not. * * A comment starts with an '#' and ends with '\n'. * */ #include "krb_locl.h" -RCSID("$Id: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $"); +RCSID("$Id: krb_equiv.c,v 1.15 1999/12/02 16:58:42 joda Exp $"); int krb_ignore_ip_address = 0; int krb_equiv(u_int32_t a, u_int32_t b) { FILE *fil; char line[256]; int hit_a, hit_b; int iscomment; if (a == b) /* trivial match, also the common case */ return 1; if (krb_ignore_ip_address) return 1; /* if we have decided not to compare */ a = ntohl(a); b = ntohl(b); fil = fopen(KRB_EQUIV, "r"); if (fil == NULL) /* open failed */ return 0; hit_a = hit_b = 0; iscomment = 0; while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */ { char *t = line; int len = strlen(t); /* for each item on this line */ while (*t != 0) /* more addresses on this line? */ if (*t == '\n') { iscomment = hit_a = hit_b = 0; break; } else if (iscomment) t = line + len - 1; else if (*t == '#') { /* rest is comment */ iscomment = 1; ++t; } else if (*t == '\\' ) /* continuation */ break; - else if (isspace(*t)) /* skip space */ + else if (isspace((unsigned char)*t)) /* skip space */ t++; - else if (isdigit(*t)) /* an address? */ + else if (isdigit((unsigned char)*t)) /* an address? */ { u_int32_t tmp; u_int32_t tmpa, tmpb, tmpc, tmpd; sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd); tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd; - while (*t == '.' || isdigit(*t)) /* done with this address */ + /* done with this address */ + while (*t == '.' || isdigit((unsigned char)*t)) t++; if (tmp != -1) { /* an address (and not broadcast) */ u_int32_t mask = (u_int32_t)~0; if (*t == '/') { ++t; mask <<= 32 - atoi(t); - while(isdigit(*t)) + while(isdigit((unsigned char)*t)) ++t; } if ((tmp & mask) == (a & mask)) hit_a = 1; if ((tmp & mask) == (b & mask)) hit_b = 1; if (hit_a && hit_b) { fclose(fil); return 1; } } } else ++t; /* garbage on this line, skip it */ } fclose(fil); return 0; } Index: stable/3/crypto/kerberosIV/lib/krb/krb_err.et =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/krb_err.et (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/krb_err.et (revision 62578) @@ -1,257 +1,65 @@ # Copyright 1987,1988 Massachusetts Institute of Technology # # For copying and distribution information, see the file # "mit-copyright.h". # -# $Id: krb_err.et,v 1.4 1996/10/27 13:30:28 bg Exp $ +# This might look like a com_err file, but is not # - error_table krb +id "$Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $" - ec KRBET_KSUCCESS, - "Kerberos successful" +error_table krb - ec KRBET_KDC_NAME_EXP, - "Kerberos principal expired" - - ec KRBET_KDC_SERVICE_EXP, - "Kerberos service expired" - - ec KRBET_KDC_AUTH_EXP, - "Kerberos auth expired" - - ec KRBET_KDC_PKT_VER, - "Incorrect kerberos master key version" - - ec KRBET_KDC_P_MKEY_VER, - "Incorrect kerberos master key version" - - ec KRBET_KDC_S_MKEY_VER, - "Incorrect kerberos master key version" - - ec KRBET_KDC_BYTE_ORDER, - "Kerberos error: byte order unknown" - - ec KRBET_KDC_PR_UNKNOWN, - "Kerberos principal unknown" - - ec KRBET_KDC_PR_N_UNIQUE, - "Kerberos principal not unique" - - ec KRBET_KDC_NULL_KEY, - "Kerberos principal has null key" - - ec KRBET_KRB_RES11, - "Reserved 11" - - ec KRBET_KRB_RES12, - "Reserved 12" - - ec KRBET_KRB_RES13, - "Reserved 13" - - ec KRBET_KRB_RES14, - "Reserved 14" - - ec KRBET_KRB_RES15, - "Reserved 15" - - ec KRBET_KRB_RES16, - "Reserved 16" - - ec KRBET_KRB_RES17, - "Reserved 17" - - ec KRBET_KRB_RES18, - "Reserved 18" - - ec KRBET_KRB_RES19, - "Reserved 19" - - ec KRBET_KDC_GEN_ERR, - "Generic error from Kerberos KDC" - - ec KRBET_GC_TKFIL, - "Can't read Kerberos ticket file" - - ec KRBET_GC_NOTKT, - "Can't find Kerberos ticket or TGT" - - ec KRBET_KRB_RES23, - "Reserved 23" - - ec KRBET_KRB_RES24, - "Reserved 24" - - ec KRBET_KRB_RES25, - "Reserved 25" - - ec KRBET_MK_AP_TGTEXP, - "Kerberos TGT Expired" - - ec KRBET_KRB_RES27, - "Reserved 27" - - ec KRBET_KRB_RES28, - "Reserved 28" - - ec KRBET_KRB_RES29, - "Reserved 29" - - ec KRBET_KRB_RES30, - "Reserved 30" - - ec KRBET_RD_AP_UNDEC, - "Kerberos error: Can't decode authenticator" - - ec KRBET_RD_AP_EXP, - "Kerberos ticket expired" - - ec KRBET_RD_AP_NYV, - "Kerberos ticket not yet valid" - - ec KRBET_RD_AP_REPEAT, - "Kerberos error: Repeated request" - - ec KRBET_RD_AP_NOT_US, - "The kerberos ticket isn't for us" - - ec KRBET_RD_AP_INCON, - "Kerberos request inconsistent" - - ec KRBET_RD_AP_TIME, - "Kerberos error: delta_t too big" - - ec KRBET_RD_AP_BADD, - "Kerberos error: incorrect net address" - - ec KRBET_RD_AP_VERSION, - "Kerberos protocol version mismatch" - - ec KRBET_RD_AP_MSG_TYPE, - "Kerberos error: invalid msg type" - - ec KRBET_RD_AP_MODIFIED, - "Kerberos error: message stream modified" - - ec KRBET_RD_AP_ORDER, - "Kerberos error: message out of order" - - ec KRBET_RD_AP_UNAUTHOR, - "Kerberos error: unauthorized request" - - ec KRBET_KRB_RES44, - "Reserved 44" - - ec KRBET_KRB_RES45, - "Reserved 45" - - ec KRBET_KRB_RES46, - "Reserved 46" - - ec KRBET_KRB_RES47, - "Reserved 47" - - ec KRBET_KRB_RES48, - "Reserved 48" - - ec KRBET_KRB_RES49, - "Reserved 49" - - ec KRBET_KRB_RES50, - "Reserved 50" - - ec KRBET_GT_PW_NULL, - "Kerberos error: current PW is null" - - ec KRBET_GT_PW_BADPW, - "Kerberos error: Incorrect current password" - - ec KRBET_GT_PW_PROT, - "Kerberos protocol error" - - ec KRBET_GT_PW_KDCERR, - "Error returned by Kerberos KDC" - - ec KRBET_GT_PW_NULLTKT, - "Null Kerberos ticket returned by KDC" - - ec KRBET_SKDC_RETRY, - "Kerberos error: Retry count exceeded" - - ec KRBET_SKDC_CANT, - "Kerberos error: Can't send request" - - ec KRBET_KRB_RES58, - "Reserved 58" - - ec KRBET_KRB_RES59, - "Reserved 59" - - ec KRBET_KRB_RES60, - "Reserved 60" - - ec KRBET_INTK_W_NOTALL, - "Kerberos error: not all tickets returned" - - ec KRBET_INTK_BADPW, - "Kerberos error: incorrect password" - - ec KRBET_INTK_PROT, - "Kerberos error: Protocol Error" - - ec KRBET_KRB_RES64, - "Reserved 64" - - ec KRBET_KRB_RES65, - "Reserved 65" - - ec KRBET_KRB_RES66, - "Reserved 66" - - ec KRBET_KRB_RES67, - "Reserved 67" - - ec KRBET_KRB_RES68, - "Reserved 68" - - ec KRBET_KRB_RES69, - "Reserved 69" - - ec KRBET_INTK_ERR, - "Other error" - - ec KRBET_AD_NOTGT, - "Don't have Kerberos ticket-granting ticket" - - ec KRBET_KRB_RES72, - "Can't get Kerberos inter-realm ticket-granting ticket" - - ec KRBET_KRB_RES73, - "Reserved 73" - - ec KRBET_KRB_RES74, - "Reserved 74" - - ec KRBET_KRB_RES75, - "Reserved 75" - - ec KRBET_NO_TKT_FIL, - "No ticket file found" - - ec KRBET_TKT_FIL_ACC, - "Couldn't access ticket file" - - ec KRBET_TKT_FIL_LCK, - "Couldn't lock ticket file" - - ec KRBET_TKT_FIL_FMT, - "Bad ticket file format" - - ec KRBET_TKT_FIL_INI, - "tf_init not called first" - - ec KRBET_KNAME_FMT, - "Bad Kerberos name format" - - end - +prefix KRBET +ec KSUCCESS, "Kerberos successful" +ec KDC_NAME_EXP, "Kerberos principal expired" +ec KDC_SERVICE_EXP, "Kerberos service expired" +ec KDC_AUTH_EXP, "Kerberos auth expired" +ec KDC_PKT_VER, "Incorrect kerberos master key version" +ec KDC_P_MKEY_VER, "Incorrect kerberos master key version" +ec KDC_S_MKEY_VER, "Incorrect kerberos master key version" +ec KDC_BYTE_ORDER, "Kerberos error: byte order unknown" +ec KDC_PR_UNKNOWN, "Kerberos principal unknown" +ec KDC_PR_N_UNIQUE, "Kerberos principal not unique" +ec KDC_NULL_KEY, "Kerberos principal has null key" +index 20 +ec KDC_GEN_ERR, "Generic error from Kerberos KDC" +ec GC_TKFIL, "Can't read Kerberos ticket file" +ec GC_NOTKT, "Can't find Kerberos ticket or TGT" +index 26 +ec MK_AP_TGTEXP, "Kerberos TGT Expired" +index 31 +ec RD_AP_UNDEC, "Kerberos error: Can't decode authenticator" +ec RD_AP_EXP, "Kerberos ticket expired" +ec RD_AP_NYV, "Kerberos ticket not yet valid" +ec RD_AP_REPEAT, "Kerberos error: Repeated request" +ec RD_AP_NOT_US, "The kerberos ticket isn't for us" +ec RD_AP_INCON, "Kerberos request inconsistent" +ec RD_AP_TIME, "Kerberos error: delta_t too big" +ec RD_AP_BADD, "Kerberos error: incorrect net address" +ec RD_AP_VERSION, "Kerberos protocol version mismatch" +ec RD_AP_MSG_TYPE, "Kerberos error: invalid msg type" +ec RD_AP_MODIFIED, "Kerberos error: message stream modified" +ec RD_AP_ORDER, "Kerberos error: message out of order" +ec RD_AP_UNAUTHOR, "Kerberos error: unauthorized request" +index 51 +ec GT_PW_NULL, "Kerberos error: current PW is null" +ec GT_PW_BADPW, "Kerberos error: Incorrect current password" +ec GT_PW_PROT, "Kerberos protocol error" +ec GT_PW_KDCERR, "Error returned by Kerberos KDC" +ec GT_PW_NULLTKT, "Null Kerberos ticket returned by KDC" +ec SKDC_RETRY, "Kerberos error: Retry count exceeded" +ec SKDC_CANT, "Kerberos error: Can't send request" +index 61 +ec INTK_W_NOTALL, "Kerberos error: not all tickets returned" +ec INTK_BADPW, "Kerberos error: incorrect password" +ec INTK_PROT, "Kerberos error: Protocol Error" +index 70 +ec INTK_ERR, "Other error" +ec AD_NOTGT, "Don't have Kerberos ticket-granting ticket" +index 76 +ec NO_TKT_FIL, "No ticket file found" +ec TKT_FIL_ACC, "Couldn't access ticket file" +ec TKT_FIL_LCK, "Couldn't lock ticket file" +ec TKT_FIL_FMT, "Bad ticket file format" +ec TKT_FIL_INI, "tf_init not called first" +ec KNAME_FMT, "Bad Kerberos name format" Index: stable/3/crypto/kerberosIV/lib/krb/krb_err_txt.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/krb_err_txt.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/krb_err_txt.c (revision 62578) @@ -1,299 +1,299 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: krb_err_txt.c,v 1.12 1997/04/02 05:37:10 joda Exp $"); +RCSID("$Id: krb_err_txt.c,v 1.13 1998/01/31 08:11:52 joda Exp $"); /* * This file contains an array of error text strings. * The associated error codes (which are defined in "krb.h") * follow the string in the comments at the end of each line. */ const char *krb_err_txt[256] = { "OK", /* 000 */ "Principal expired (kerberos)", /* 001 */ "Service expired (kerberos)", /* 002 */ "Authentication expired (kerberos)", /* 003 */ "Unknown protocol version number (kerberos)", /* 004 */ "Principal: Incorrect master key version (kerberos)", /* 005 */ "Service: Incorrect master key version (kerberos)", /* 006 */ "Bad byte order (kerberos)", /* 007 */ "Principal unknown (kerberos)", /* 008 */ "Principal not unique (kerberos)", /* 009 */ "Principal has null key (kerberos)", /* 010 */ "Timeout in request (kerberos)", /* 011 */ "Reserved error message 12 (kerberos)", /* 012 */ "Reserved error message 13 (kerberos)", /* 013 */ "Reserved error message 14 (kerberos)", /* 014 */ "Reserved error message 15 (kerberos)", /* 015 */ "Reserved error message 16 (kerberos)", /* 016 */ "Reserved error message 17 (kerberos)", /* 017 */ "Reserved error message 18 (kerberos)", /* 018 */ "Reserved error message 19 (kerberos)", /* 019 */ "Permission Denied (kerberos)", /* 020 */ "Can't read ticket file (krb_get_cred)", /* 021 */ "Can't find ticket (krb_get_cred)", /* 022 */ "Reserved error message 23 (krb_get_cred)", /* 023 */ "Reserved error message 24 (krb_get_cred)", /* 024 */ "Reserved error message 25 (krb_get_cred)", /* 025 */ "Ticket granting ticket expired (krb_mk_req)", /* 026 */ "Reserved error message 27 (krb_mk_req)", /* 027 */ "Reserved error message 28 (krb_mk_req)", /* 028 */ "Reserved error message 29 (krb_mk_req)", /* 029 */ "Reserved error message 30 (krb_mk_req)", /* 030 */ "Can't decode authenticator (krb_rd_req)", /* 031 */ "Ticket expired (krb_rd_req)", /* 032 */ "Ticket issue date too far in the future (krb_rd_req)",/* 033 */ "Repeat request (krb_rd_req)", /* 034 */ "Ticket for wrong server (krb_rd_req)", /* 035 */ "Request inconsistent (krb_rd_req)", /* 036 */ "Time is out of bounds (krb_rd_req)", /* 037 */ "Incorrect network address (krb_rd_req)", /* 038 */ "Protocol version mismatch (krb_rd_req)", /* 039 */ - "Illegal message type (krb_rd_req)", /* 040 */ + "Invalid message type (krb_rd_req)", /* 040 */ "Message integrity error (krb_rd_req)", /* 041 */ "Message duplicate or out of order (krb_rd_req)", /* 042 */ "Unauthorized request (krb_rd_req)", /* 043 */ "Reserved error message 44 (krb_rd_req)", /* 044 */ "Reserved error message 45 (krb_rd_req)", /* 045 */ "Reserved error message 46 (krb_rd_req)", /* 046 */ "Reserved error message 47 (krb_rd_req)", /* 047 */ "Reserved error message 48 (krb_rd_req)", /* 048 */ "Reserved error message 49 (krb_rd_req)", /* 049 */ "Reserved error message 50 (krb_rd_req)", /* 050 */ "Current password is NULL (get_pw_tkt)", /* 051 */ "Current password incorrect (get_pw_tkt)", /* 052 */ "Protocol error (gt_pw_tkt)", /* 053 */ "Error returned by KDC (gt_pw_tkt)", /* 054 */ "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */ "Retry count exceeded (send_to_kdc)", /* 056 */ "Can't send request (send_to_kdc)", /* 057 */ "Reserved error message 58 (send_to_kdc)", /* 058 */ "Reserved error message 59 (send_to_kdc)", /* 059 */ "Reserved error message 60 (send_to_kdc)", /* 060 */ "Warning: Not ALL tickets returned", /* 061 */ "Password incorrect", /* 062 */ "Protocol error (get_in_tkt)", /* 063 */ "Reserved error message 64 (get_in_tkt)", /* 064 */ "Reserved error message 65 (get_in_tkt)", /* 065 */ "Reserved error message 66 (get_in_tkt)", /* 066 */ "Reserved error message 67 (get_in_tkt)", /* 067 */ "Reserved error message 68 (get_in_tkt)", /* 068 */ "Reserved error message 69 (get_in_tkt)", /* 069 */ "Generic error (get_in_tkt)(can't write ticket file)", /* 070 */ "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */ "Can't get inter-realm ticket granting ticket (get_ad_tkt)", /* 072 */ "Reserved error message 73 (get_ad_tkt)", /* 073 */ "Reserved error message 74 (get_ad_tkt)", /* 074 */ "Reserved error message 75 (get_ad_tkt)", /* 075 */ "No ticket file (tf_util)", /* 076 */ "Can't access ticket file (tf_util)", /* 077 */ "Can't lock ticket file; try later (tf_util)", /* 078 */ "Bad ticket file format (tf_util)", /* 079 */ "Read ticket file before tf_init (tf_util)", /* 080 */ "Bad Kerberos name format (kname_parse)", /* 081 */ "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "(reserved)", "Generic kerberos error (kfailure)", /* 255 */ }; -static const char err_failure[] = "Illegal error code passed (krb_get_err_text)"; +static const char err_failure[] = "Unknown error code passed (krb_get_err_text)"; const char * krb_get_err_text(int code) { if(code < 0 || code >= MAX_KRB_ERRORS) return err_failure; return krb_err_txt[code]; } Index: stable/3/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c (revision 62578) @@ -1,175 +1,235 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: krb_get_in_tkt.c,v 1.20 1997/04/01 08:18:34 joda Exp $"); +RCSID("$Id: krb_get_in_tkt.c,v 1.30 1999/12/02 16:58:42 joda Exp $"); /* * decrypt_tkt(): Given user, instance, realm, passwd, key_proc * and the cipher text sent from the KDC, decrypt the cipher text * using the key returned by key_proc. */ static int -decrypt_tkt(char *user, char *instance, char *realm, - void *arg, key_proc_t key_proc, KTEXT *cip) +decrypt_tkt(const char *user, + char *instance, + const char *realm, + const void *arg, + key_proc_t key_proc, + KTEXT *cip) { des_cblock key; /* Key for decrypting cipher */ int ret; ret = key_proc(user, instance, realm, arg, &key); if (ret != 0) return ret; encrypt_ktext(*cip, &key, DES_DECRYPT); memset(&key, 0, sizeof(key)); return 0; } /* * krb_get_in_tkt() gets a ticket for a given principal to use a given * service and stores the returned ticket and session key for future * use. * * The "user", "instance", and "realm" arguments give the identity of * the client who will use the ticket. The "service" and "sinstance" * arguments give the identity of the server that the client wishes * to use. (The realm of the server is the same as the Kerberos server * to whom the request is sent.) The "life" argument indicates the * desired lifetime of the ticket; the "key_proc" argument is a pointer * to the routine used for getting the client's private key to decrypt * the reply from Kerberos. The "decrypt_proc" argument is a pointer * to the routine used to decrypt the reply from Kerberos; and "arg" * is an argument to be passed on to the "key_proc" routine. * * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned * by Kerberos, then the error code it contains is returned. Other * error codes returned by this routine include INTK_PROT to indicate * wrong protocol version, INTK_BADPW to indicate bad password (if * decrypted ticket didn't make sense), INTK_ERR if the ticket was for * the wrong server or the ticket store couldn't be initialized. * * The format of the message sent to Kerberos is as follows: * * Size Variable Field * ---- -------- ----- * * 1 byte KRB_PROT_VERSION protocol version number * 1 byte AUTH_MSG_KDC_REQUEST | message type * HOST_BYTE_ORDER local byte order in lsb * string user client's name * string instance client's instance * string realm client's realm * 4 bytes tlocal.tv_sec timestamp in seconds * 1 byte life desired lifetime * string service service's name * string sinstance service's instance */ int -krb_get_in_tkt(char *user, char *instance, char *realm, - char *service, char *sinstance, int life, - key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg) +krb_mk_as_req(const char *user, + const char *instance, + const char *realm, + const char *service, + const char *sinstance, + int life, + KTEXT cip) { KTEXT_ST pkt_st; KTEXT pkt = &pkt_st; /* Packet to KDC */ KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; /* Returned packet */ + KTEXT rpkt = &rpkt_st; /* Reply from KDC */ int kerror; struct timeval tv; /* BUILD REQUEST PACKET */ unsigned char *p = pkt->dat; + int tmp; + size_t rem = sizeof(pkt->dat); - p += krb_put_int(KRB_PROT_VERSION, p, 1); - p += krb_put_int(AUTH_MSG_KDC_REQUEST, p, 1); + tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - p += krb_put_nir(user, instance, realm, p); + tmp = krb_put_int(AUTH_MSG_KDC_REQUEST, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + tmp = krb_put_nir(user, instance, realm, p, rem); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + gettimeofday(&tv, NULL); - p += krb_put_int(tv.tv_sec, p, 4); - p += krb_put_int(life, p, 1); + tmp = krb_put_int(tv.tv_sec, p, rem, 4); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - p += krb_put_nir(service, sinstance, NULL, p); + tmp = krb_put_int(life, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + tmp = krb_put_nir(service, sinstance, NULL, p, rem); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + pkt->length = p - pkt->dat; rpkt->length = 0; /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ - - if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); - p = rpkt->dat; + kerror = send_to_kdc(pkt, rpkt, realm); + if(kerror) return kerror; + kerror = kdc_reply_cipher(rpkt, cip); + return kerror; +} +int +krb_decode_as_rep(const char *user, + char *instance, + const char *realm, + const char *service, + const char *sinstance, + key_proc_t key_proc, + decrypt_proc_t decrypt_proc, + const void *arg, + KTEXT as_rep, + CREDENTIALS *cred) { - CREDENTIALS cred; - KTEXT_ST cip; - KTEXT foo = &cip; /* braindamage */ - - kerror = kdc_reply_cipher(rpkt, &cip); - if(kerror != KSUCCESS) - return kerror; + int kerror; + time_t now; if (decrypt_proc == NULL) - decrypt_proc = decrypt_tkt; - (*decrypt_proc)(user, instance, realm, arg, key_proc, &foo); + decrypt_tkt(user, instance, realm, arg, key_proc, &as_rep); + else + (*decrypt_proc)(user, instance, realm, arg, key_proc, &as_rep); - kerror = kdc_reply_cred(&cip, &cred); + kerror = kdc_reply_cred(as_rep, cred); if(kerror != KSUCCESS) return kerror; - if (strcmp(cred.service, service) || - strcmp(cred.instance, sinstance) || - strcmp(cred.realm, realm)) /* not what we asked for */ + if (strcmp(cred->service, service) || + strcmp(cred->instance, sinstance) || + strcmp(cred->realm, realm)) /* not what we asked for */ return INTK_ERR; /* we need a better code here XXX */ - if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { + now = time(NULL); + if(krb_get_config_bool("kdc_timesync")) + krb_set_kdc_time_diff(cred->issue_date - now); + else if (abs((int)(now - cred->issue_date)) > CLOCK_SKEW) return RD_AP_TIME; /* XXX should probably be better code */ + + return 0; } - /* initialize ticket cache */ +int +krb_get_in_tkt(char *user, char *instance, char *realm, + char *service, char *sinstance, int life, + key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg) +{ + KTEXT_ST as_rep; + CREDENTIALS cred; + int ret; + ret = krb_mk_as_req(user, instance, realm, + service, sinstance, life, &as_rep); + if(ret) + return ret; + ret = krb_decode_as_rep(user, instance, realm, service, sinstance, + key_proc, decrypt_proc, arg, &as_rep, &cred); + if(ret) + return ret; + return tf_setup(&cred, user, instance); - } } Index: stable/3/crypto/kerberosIV/lib/krb/krb_locl.h =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/krb_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/krb_locl.h (revision 62578) @@ -1,163 +1,175 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: krb_locl.h,v 1.42 1997/05/20 18:40:45 bg Exp $ */ +/* $Id: krb_locl.h,v 1.50 1999/12/02 16:58:42 joda Exp $ */ #ifndef __krb_locl_h #define __krb_locl_h #ifdef HAVE_CONFIG_H #include #endif #include "protos.h" #include #include #include #include #include #include #include #ifdef HAVE_PWD_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_IO_H #include #endif #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #ifdef HAVE_SYS_FILE_H #include #endif #ifdef HAVE_SYS_SELECT_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_WINSOCK_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_NETDB_H #include #endif #ifdef HAVE_ARPA_NAMESER_H #include #endif #ifdef HAVE_RESOLV_H #include #endif #ifdef SOCKS #include + +/* This doesn't belong here. */ +struct tm *localtime(const time_t *); +struct hostent *gethostbyname(const char *); + #endif #include #include #include #include "resolve.h" +#include "krb_log.h" /* --- */ -/* Globals! */ -extern int krb_debug; -extern int krb_ap_req_debug; - /* Utils */ -int krb_name_to_name(const char *, char *, size_t); +int +krb_name_to_name __P(( + const char *host, + char *phost, + size_t phost_size)); -void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt); -int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred); -int kdc_reply_cipher(KTEXT reply, KTEXT cip); +void +encrypt_ktext __P(( + KTEXT cip, + des_cblock *key, + int encrypt)); -#ifndef HAVE_GETTIMEOFDAY -int gettimeofday (struct timeval *, void *); -#endif +int +kdc_reply_cipher __P(( + KTEXT reply, + KTEXT cip)); -void k_ricercar(char*); +int +kdc_reply_cred __P(( + KTEXT cip, + CREDENTIALS *cred)); -/* safe multiple strcat */ -int k_concat(char*, size_t, ...); -int k_vconcat(char*, size_t, va_list); +void +k_ricercar __P((char *name)); -/* mallocing versions of the above */ -size_t k_vmconcat (char**, size_t, va_list); -size_t k_mconcat (char**, size_t, ...); /* used in rd_safe.c and mk_safe.c */ -void fixup_quad_cksum(void *start, size_t len, des_cblock *key, - void *new_checksum, void *old_checksum, int little); +void +fixup_quad_cksum __P(( + void *start, + size_t len, + des_cblock *key, + void *new_checksum, + void *old_checksum, + int little)); + +void +krb_kdctimeofday __P((struct timeval *tv)); #endif /* __krb_locl_h */ Index: stable/3/crypto/kerberosIV/lib/krb/kuserok.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/kuserok.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/kuserok.c (revision 62578) @@ -1,156 +1,169 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $"); +RCSID("$Id: kuserok.c,v 1.25 1999/12/02 16:58:42 joda Exp $"); #define OK 0 #define NOTOK 1 #define MAX_USERNAME 10 /* + * Return OK if `r' is one of the local realms, else NOTOK + */ + +static int +is_local_realm (const char *r) +{ + char lrealm[REALM_SZ]; + int n; + + for (n = 1; krb_get_lrealm(lrealm, n) == KSUCCESS; ++n) { + if (strcmp (r, lrealm) == 0) + return OK; + } + return NOTOK; +} + +/* * Given a Kerberos principal and a local username, determine whether * user is authorized to login according to the authorization file * ("~luser/.klogin" by default). Returns OK if authorized, NOTOK if * not authorized. * * IMPORTANT CHANGE: To eliminate the need of making a distinction * between the 3 cases: * * 1. We can't verify that a .klogin file doesn't exist (no home dir). * 2. It's there but we aren't allowed to read it. * 3. We can read it and ~luser@LOCALREALM is (not) included. * * We instead make the assumption that luser@LOCALREALM is *always* * included. Thus it is impossible to have an empty .klogin file and * also to exclude luser@LOCALREALM from it. Root is treated differently * since it's home should always be available. * * OLD STRATEGY: * If there is no account for "luser" on the local machine, returns * NOTOK. If there is no authorization file, and the given Kerberos * name "kdata" translates to the same name as "luser" (using * krb_kntoln()), returns OK. Otherwise, if the authorization file * can't be accessed, returns NOTOK. Otherwise, the file is read for * a matching principal name, instance, and realm. If one is found, * returns OK, if none is found, returns NOTOK. * * The file entries are in the format: * * name.instance@realm * * one entry per line. * */ int krb_kuserok(char *name, char *instance, char *realm, char *luser) { struct passwd *pwd; - char lrealm[REALM_SZ]; FILE *f; char line[1024]; char file[MaxPathLen]; struct stat st; pwd = getpwnam(luser); if(pwd == NULL) return NOTOK; - if(krb_get_lrealm(lrealm, 1)) - return NOTOK; - if(pwd->pw_uid != 0 && - strcmp(name, luser) == 0 && - strcmp(instance, "") == 0 && - strcmp(realm, lrealm) == 0) + if (pwd->pw_uid != 0 + && strcmp (name, luser) == 0 + && strcmp (instance, "") == 0 + && is_local_realm (realm) == OK) return OK; - strcpy(file, pwd->pw_dir); - strcat(file, "/.klogin"); + snprintf(file, sizeof(file), "%s/.klogin", pwd->pw_dir); + f = fopen(file, "r"); if(f == NULL) return NOTOK; /* this is not a working test in filesystems like AFS and DFS */ if(fstat(fileno(f), &st) < 0){ fclose(f); return NOTOK; } if(st.st_uid != pwd->pw_uid){ fclose(f); return NOTOK; } while(fgets(line, sizeof(line), f)){ char fname[ANAME_SZ], finst[INST_SZ], frealm[REALM_SZ]; if(line[strlen(line) - 1] != '\n') /* read till end of line */ while(1){ int c = fgetc(f); if(c == '\n' || c == EOF) break; } else line[strlen(line) - 1] = 0; if(kname_parse(fname, finst, frealm, line)) continue; if(strcmp(name, fname)) continue; if(strcmp(instance, finst)) continue; - if(frealm[0] == 0) - strcpy(frealm, lrealm); +#if 0 /* don't support principals without realm any longer */ + if(frealm[0] == 0) { + if (is_local_realm (realm) != OK) + continue; + } else +#endif if(strcmp(realm, frealm)) continue; + fclose(f); return OK; } fclose(f); return NOTOK; } /* compatibility interface */ int kuserok(AUTH_DAT *auth, char *luser) { return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser); } - Index: stable/3/crypto/kerberosIV/lib/krb/logging.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/logging.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/logging.c (revision 62578) @@ -1,240 +1,235 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" #include -RCSID("$Id: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $"); +RCSID("$Id: logging.c,v 1.18 1999/12/02 16:58:42 joda Exp $"); struct krb_log_facility { char filename[MaxPathLen]; FILE *file; krb_log_func_t func; }; int krb_vlogger(struct krb_log_facility *f, const char *format, va_list args) { FILE *file = NULL; int ret; if (f->file != NULL) file = f->file; else if (f->filename && f->filename[0]) file = fopen(f->filename, "a"); ret = f->func(file, format, args); if (file != f->file) fclose(file); return ret; } int krb_logger(struct krb_log_facility *f, const char *format, ...) { va_list args; int ret; va_start(args, format); ret = krb_vlogger(f, format, args); va_end(args); return ret; } /* * If FILE * is given log to it, otherwise, log to filename. When * given a file name the file is opened and closed for each log * record. */ int krb_openlog(struct krb_log_facility *f, char *filename, FILE *file, krb_log_func_t func) { - strcpy(f->filename, filename); + strlcpy(f->filename, filename, MaxPathLen); f->file = file; f->func = func; return KSUCCESS; } /* ------------------------------------------------------------ Compatibility functions from warning.c ------------------------------------------------------------ */ static int log_tty(FILE *f, const char *format, va_list args) { if (f != NULL && isatty(fileno(f))) vfprintf(f, format, args); return KSUCCESS; } /* stderr */ static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty }; static void -init_std_log () +init_std_log (void) { static int done = 0; if (!done) { std_log.file = stderr; done = 1; } } /* * */ void krb_set_warnfn (krb_warnfn_t newfunc) { init_std_log (); std_log.func = newfunc; } /* * */ krb_warnfn_t krb_get_warnfn (void) { init_std_log (); return std_log.func; } /* * Log warnings to stderr if it's a tty. */ void krb_warning (const char *format, ...) { va_list args; init_std_log (); va_start(args, format); krb_vlogger(&std_log, format, args); va_end(args); } /* ------------------------------------------------------------ Compatibility functions from klog.c and log.c ------------------------------------------------------------ */ /* * Used by kerberos and kadmind daemons and in libkrb (rd_req.c). * * By default they log to the kerberos server log-file (KRBLOG) to be * backwards compatible. */ static int log_with_timestamp_and_nl(FILE *file, const char *format, va_list args) { time_t now; if(file == NULL) return KFAILURE; time(&now); fputs(krb_stime(&now), file); fputs(": ", file); vfprintf(file, format, args); fputs("\n", file); fflush(file); return KSUCCESS; } static struct krb_log_facility file_log = { KRBLOG, NULL, log_with_timestamp_and_nl }; /* * kset_logfile() changes the name of the file to which * messages are logged. If kset_logfile() is not called, * the logfile defaults to KRBLOG, defined in "krb.h". */ void kset_logfile(char *filename) { krb_openlog(&file_log, filename, NULL, log_with_timestamp_and_nl); } /* * krb_log() and klog() is used to add entries to the logfile. * * The log entry consists of a timestamp and the given arguments * printed according to the given "format" string. * * The log file is opened and closed for each log entry. * * If the given log type "type" is unknown, or if the log file * cannot be opened, no entry is made to the log file. * * CHANGE: the type is always ignored * * The return value of klog() is always a pointer to the formatted log * text string "logtxt". */ /* Used in kerberos.c only. */ char * klog(int type, const char *format, ...) { static char logtxt[1024]; va_list ap; va_start(ap, format); vsnprintf(logtxt, sizeof(logtxt), format, ap); va_end(ap); krb_logger(&file_log, "%s", logtxt); return logtxt; } /* Used in kadmind and rd_req.c */ void krb_log(const char *format, ...) { va_list args; va_start(args, format); krb_vlogger(&file_log, format, args); va_end(args); } Index: stable/3/crypto/kerberosIV/lib/krb/lsb_addr_comp.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/lsb_addr_comp.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/lsb_addr_comp.c (revision 62578) @@ -1,105 +1,134 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: lsb_addr_comp.c,v 1.9 1997/04/01 08:18:37 joda Exp $"); +RCSID("$Id: lsb_addr_comp.c,v 1.16 1999/12/02 16:58:42 joda Exp $"); -#include "lsb_addr_comp.h" +#include "krb-archaeology.h" int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y) { int i; u_int32_t a = 0, b = 0; u_int8_t *p = (u_int8_t*) &x; u_int8_t *q = (u_int8_t*) &y; for(i = sizeof(u_int32_t) - 1; i >= 0; i--){ a = (a << 8) | p[i]; b = (b << 8) | q[i]; } if(a > b) return 1; if(a < b) return -1; return 0; } int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y) { int i; u_int16_t a = 0, b = 0; u_int8_t *p = (u_int8_t*) &x; u_int8_t *q = (u_int8_t*) &y; for(i = sizeof(u_int16_t) - 1; i >= 0; i--){ a = (a << 8) | p[i]; b = (b << 8) | q[i]; } if(a > b) return 1; if(a < b) return -1; return 0; } u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst) { + int dir = 1; + const char *fw; + /* * direction bit is the sign bit of the timestamp. Ok until * 2038?? */ + if(krb_debug) { + krb_warning("lsb_time: src = %s:%u\n", + inet_ntoa(src->sin_addr), ntohs(src->sin_port)); + krb_warning("lsb_time: dst = %s:%u\n", + inet_ntoa(dst->sin_addr), ntohs(dst->sin_port)); + } + /* For compatibility with broken old code, compares are done in VAX byte order (LSBFIRST) */ if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */ dst->sin_addr.s_addr) < 0) - t = -t; + dir = -1; else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, dst->sin_addr.s_addr)==0) if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0) - t = -t; + dir = -1; /* * all that for one tiny bit! Heaven help those that talk to * themselves. */ + if(krb_get_config_bool("reverse_lsb_test")) { + if(krb_debug) + krb_warning("lsb_time: reversing direction: %d -> %d\n", dir, -dir); + dir = -dir; + }else if((fw = krb_get_config_string("firewall_address"))) { + struct in_addr fw_addr; + fw_addr.s_addr = inet_addr(fw); + if(fw_addr.s_addr != INADDR_NONE) { + int s_lt_d, d_lt_f; + krb_warning("lsb_time: fw = %s\n", inet_ntoa(fw_addr)); + /* negate if src < dst < fw || fw < dst < src */ + s_lt_d = (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, + dst->sin_addr.s_addr) == -1); + d_lt_f = (krb_lsb_antinet_ulong_less(fw_addr.s_addr, + dst->sin_addr.s_addr) == 1); + if((s_lt_d ^ d_lt_f) == 0) { + if(krb_debug) + krb_warning("lsb_time: reversing direction: %d -> %d\n", + dir, -dir); + dir = -dir; + } + } + } + t = t * dir; t = t & 0xffffffff; return t; } Index: stable/3/crypto/kerberosIV/lib/krb/mk_auth.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/mk_auth.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/mk_auth.c (revision 62578) @@ -1,96 +1,113 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $"); +RCSID("$Id: mk_auth.c,v 1.8 1999/12/02 16:58:43 joda Exp $"); /* * Generate an authenticator for service.instance@realm. * instance is canonicalized by `krb_get_phost' * realm is set to the local realm if realm == NULL * The ticket acquired by `krb_mk_req' is returned in `ticket' and the * authenticator in `buf'. * Options control the behaviour (see krb_sendauth). */ int krb_mk_auth(int32_t options, KTEXT ticket, char *service, char *instance, char *realm, u_int32_t checksum, char *version, KTEXT buf) { char realinst[INST_SZ]; char realrealm[REALM_SZ]; int ret; - unsigned char *p; + char *tmp; if (options & KOPT_DONT_CANON) - strncpy(realinst, instance, sizeof(realinst)); + tmp = instance; else - strncpy(realinst, krb_get_phost (instance), sizeof(realinst)); + tmp = krb_get_phost (instance); + strlcpy(realinst, tmp, sizeof(realinst)); + if (realm == NULL) { ret = krb_get_lrealm (realrealm, 1); if (ret != KSUCCESS) return ret; realm = realrealm; } if(!(options & KOPT_DONT_MK_REQ)) { ret = krb_mk_req (ticket, service, realinst, realm, checksum); if (ret != KSUCCESS) return ret; } + { + int tmp; + size_t rem = sizeof(buf->dat); + unsigned char *p = buf->dat; + p = buf->dat; + if (rem < 2 * KRB_SENDAUTH_VLEN) + return KFAILURE; memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); p += KRB_SENDAUTH_VLEN; + rem -= KRB_SENDAUTH_VLEN; + memcpy (p, version, KRB_SENDAUTH_VLEN); p += KRB_SENDAUTH_VLEN; - p += krb_put_int(ticket->length, p, 4); + rem -= KRB_SENDAUTH_VLEN; + + tmp = krb_put_int(ticket->length, p, rem, 4); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + + if (rem < ticket->length) + return KFAILURE; memcpy(p, ticket->dat, ticket->length); p += ticket->length; + rem -= ticket->length; buf->length = p - buf->dat; + } return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/mk_err.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/mk_err.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/mk_err.c (revision 62578) @@ -1,56 +1,57 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $"); +RCSID("$Id: mk_err.c,v 1.7 1998/06/09 19:25:22 joda Exp $"); /* * This routine creates a general purpose error reply message. It * doesn't use KTEXT because application protocol may have long * messages, and may want this part of buffer contiguous to other * stuff. * * The error reply is built in "p", using the error code "e" and * error text "e_string" given. The length of the error reply is * returned. * * The error reply is in the following format: * * unsigned char KRB_PROT_VERSION protocol version no. * unsigned char AUTH_MSG_APPL_ERR message type * (least significant * bit of above) HOST_BYTE_ORDER local byte order * 4 bytes e given error code * string e_string given error text */ int32_t krb_mk_err(u_char *p, int32_t e, char *e_string) { unsigned char *start = p; - p += krb_put_int(KRB_PROT_VERSION, p, 1); - p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1); - p += krb_put_int(e, p, 4); - p += krb_put_string(e_string, p); + p += krb_put_int(KRB_PROT_VERSION, p, 1, 1); + p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1, 1); + + p += krb_put_int(e, p, 4, 4); + p += krb_put_string(e_string, p, strlen(e_string) + 1); return p - start; } Index: stable/3/crypto/kerberosIV/lib/krb/mk_priv.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/mk_priv.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/mk_priv.c (revision 62578) @@ -1,125 +1,120 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: mk_priv.c,v 1.18 1997/04/01 08:18:37 joda Exp $"); +RCSID("$Id: mk_priv.c,v 1.22 1999/12/02 16:58:43 joda Exp $"); /* application include files */ -#include "lsb_addr_comp.h" +#include "krb-archaeology.h" /* * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes * some user data "in" of "length" bytes and creates a packet in "out" * consisting of the user data, a timestamp, and the sender's network * address. * The packet is encrypted by pcbc_encrypt(), using the given * "key" and "schedule". * The length of the resulting packet "out" is * returned. * * It is similar to krb_mk_safe() except for the additional key * schedule argument "schedule" and the fact that the data is encrypted * rather than appended with a checksum. The protocol version is * KRB_PROT_VERSION, defined in "krb.h". * * The "out" packet consists of: * * Size Variable Field * ---- -------- ----- * * 1 byte KRB_PROT_VERSION protocol version number * 1 byte AUTH_MSG_PRIVATE | message type plus local * HOST_BYTE_ORDER byte order in low bit * * 4 bytes c_length length of data * we encrypt from here with pcbc_encrypt * * 4 bytes length length of user data * length in user data * 1 byte msg_time_5ms timestamp milliseconds * 4 bytes sender->sin.addr.s_addr sender's IP address * * 4 bytes msg_time_sec or timestamp seconds with * -msg_time_sec direction in sign bit * * 0<=n<=7 bytes pad to 8 byte multiple zeroes */ int32_t krb_mk_priv(void *in, void *out, u_int32_t length, struct des_ks_struct *schedule, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver) { unsigned char *p = (unsigned char*)out; unsigned char *cipher; struct timeval tv; u_int32_t src_addr; u_int32_t len; - p += krb_put_int(KRB_PROT_VERSION, p, 1); - p += krb_put_int(AUTH_MSG_PRIVATE, p, 1); + p += krb_put_int(KRB_PROT_VERSION, p, 1, 1); + p += krb_put_int(AUTH_MSG_PRIVATE, p, 1, 1); len = 4 + length + 1 + 4 + 4; len = (len + 7) & ~7; - p += krb_put_int(len, p, 4); + p += krb_put_int(len, p, 4, 4); cipher = p; - p += krb_put_int(length, p, 4); + p += krb_put_int(length, p, 4, 4); memcpy(p, in, length); p += length; - gettimeofday(&tv, NULL); + krb_kdctimeofday(&tv); *p++ =tv.tv_usec / 5000; src_addr = sender->sin_addr.s_addr; - p += krb_put_address(src_addr, p); + p += krb_put_address(src_addr, p, 4); - p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4, 4); memset(p, 0, 7); des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher, len, schedule, key, DES_ENCRYPT); return (cipher - (unsigned char*)out) + len; } Index: stable/3/crypto/kerberosIV/lib/krb/mk_req.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/mk_req.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/mk_req.c (revision 62578) @@ -1,215 +1,258 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: mk_req.c,v 1.17 1997/05/30 17:42:38 bg Exp $"); +RCSID("$Id: mk_req.c,v 1.22 1999/12/02 16:58:43 joda Exp $"); static int lifetime = 255; /* But no longer than TGT says. */ -static void +static int build_request(KTEXT req, char *name, char *inst, char *realm, u_int32_t checksum) { struct timeval tv; unsigned char *p = req->dat; + int tmp; + size_t rem = sizeof(req->dat); - p += krb_put_nir(name, inst, realm, p); - - p += krb_put_int(checksum, p, 4); + tmp = krb_put_nir(name, inst, realm, p, rem); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + tmp = krb_put_int(checksum, p, rem, 4); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; /* Fill in the times on the request id */ - gettimeofday(&tv, NULL); + krb_kdctimeofday(&tv); + if (rem < 1) + return KFAILURE; + *p++ = tv.tv_usec / 5000; /* 5ms */ + --rem; - p += krb_put_int(tv.tv_sec, p, 4); + tmp = krb_put_int(tv.tv_sec, p, rem, 4); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; /* Fill to a multiple of 8 bytes for DES */ req->length = ((p - req->dat + 7)/8) * 8; + return 0; } /* * krb_mk_req takes a text structure in which an authenticator is to * be built, the name of a service, an instance, a realm, * and a checksum. It then retrieves a ticket for * the desired service and creates an authenticator in the text * structure passed as the first argument. krb_mk_req returns * KSUCCESS on success and a Kerberos error code on failure. * * The peer procedure on the other end is krb_rd_req. When making * any changes to this routine it is important to make corresponding * changes to krb_rd_req. * * The authenticator consists of the following: * * authent->dat * * unsigned char KRB_PROT_VERSION protocol version no. * unsigned char AUTH_MSG_APPL_REQUEST message type * (least significant * bit of above) HOST_BYTE_ORDER local byte ordering * unsigned char kvno from ticket server's key version * string realm server's realm * unsigned char tl ticket length * unsigned char idl request id length * text ticket->dat ticket for server * text req_id->dat request id * * The ticket information is retrieved from the ticket cache or * fetched from Kerberos. The request id (called the "authenticator" * in the papers on Kerberos) contains the following: * * req_id->dat * * string cr.pname {name, instance, and * string cr.pinst realm of principal * string myrealm making this request} * 4 bytes checksum checksum argument given * unsigned char tv_local.tf_usec time (milliseconds) * 4 bytes tv_local.tv_sec time (seconds) * * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time, * all rounded up to multiple of 8. */ int krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, int32_t checksum) { KTEXT_ST req_st; KTEXT req_id = &req_st; CREDENTIALS cr; /* Credentials used by retr */ KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ int retval; /* Returned by krb_get_cred */ char myrealm[REALM_SZ]; unsigned char *p = authent->dat; + int rem = sizeof(authent->dat); + int tmp; - p += krb_put_int(KRB_PROT_VERSION, p, 1); + tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; + + tmp = krb_put_int(AUTH_MSG_APPL_REQUEST, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - p += krb_put_int(AUTH_MSG_APPL_REQUEST, p, 1); - /* Get the ticket and move it into the authenticator */ if (krb_ap_req_debug) krb_warning("Realm: %s\n", realm); retval = krb_get_cred(service,instance,realm,&cr); if (retval == RET_NOTKT) { retval = get_ad_tkt(service, instance, realm, lifetime); if (retval == KSUCCESS) retval = krb_get_cred(service, instance, realm, &cr); } if (retval != KSUCCESS) return retval; /* * With multi realm ticket files either find a matching TGT or * else use the first TGT for inter-realm authentication. * * In myrealm hold the realm of the principal "owning" the * corresponding ticket-granting-ticket. */ retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0); - if (retval == KSUCCESS) - strncpy(myrealm, realm, REALM_SZ); - else + if (retval == KSUCCESS) { + strlcpy(myrealm, realm, REALM_SZ); + } else retval = krb_get_tf_realm(TKT_FILE, myrealm); if (retval != KSUCCESS) return retval; if (krb_ap_req_debug) krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm, cr.pname, cr.pinst, myrealm); - p += krb_put_int(cr.kvno, p, 1); + tmp = krb_put_int(cr.kvno, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - p += krb_put_string(realm, p); + tmp = krb_put_string(realm, p, rem); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - p += krb_put_int(ticket->length, p, 1); + tmp = krb_put_int(ticket->length, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - build_request(req_id, cr.pname, cr.pinst, myrealm, checksum); + retval = build_request(req_id, cr.pname, cr.pinst, myrealm, checksum); + if (retval != KSUCCESS) + return retval; encrypt_ktext(req_id, &cr.session, DES_ENCRYPT); - p += krb_put_int(req_id->length, p, 1); + tmp = krb_put_int(req_id->length, p, rem, 1); + if (tmp < 0) + return KFAILURE; + p += tmp; + rem -= tmp; - memcpy(p, ticket->dat, ticket->length); + if (rem < ticket->length + req_id->length) + return KFAILURE; + memcpy(p, ticket->dat, ticket->length); p += ticket->length; - + rem -= ticket->length; memcpy(p, req_id->dat, req_id->length); - p += req_id->length; + rem -= req_id->length; authent->length = p - authent->dat; memset(&cr, 0, sizeof(cr)); memset(&req_st, 0, sizeof(req_st)); if (krb_ap_req_debug) krb_warning("Authent->length = %d\n", authent->length); return KSUCCESS; } /* * krb_set_lifetime sets the default lifetime for additional tickets * obtained via krb_mk_req(). * * It returns the previous value of the default lifetime. */ int krb_set_lifetime(int newval) { int olife = lifetime; lifetime = newval; return(olife); } Index: stable/3/crypto/kerberosIV/lib/krb/mk_safe.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/mk_safe.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/mk_safe.c (revision 62578) @@ -1,131 +1,126 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: mk_safe.c,v 1.21 1997/04/19 23:18:03 joda Exp $"); +RCSID("$Id: mk_safe.c,v 1.25 1999/12/02 16:58:43 joda Exp $"); /* application include files */ -#include "lsb_addr_comp.h" +#include "krb-archaeology.h" /* from rd_safe.c */ extern int dqc_type; void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int); /* * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some * user data "in" of "length" bytes and creates a packet in "out" * consisting of the user data, a timestamp, and the sender's network * address, followed by a checksum computed on the above, using the * given "key". The length of the resulting packet is returned. * * The "out" packet consists of: * * Size Variable Field * ---- -------- ----- * * 1 byte KRB_PROT_VERSION protocol version number * 1 byte AUTH_MSG_SAFE | message type plus local * HOST_BYTE_ORDER byte order in low bit * * ===================== begin checksum ================================ * * 4 bytes length length of user data * length in user data * 1 byte msg_time_5ms timestamp milliseconds * 4 bytes sender->sin.addr.s_addr sender's IP address * * 4 bytes msg_time_sec or timestamp seconds with * -msg_time_sec direction in sign bit * * ======================= end checksum ================================ * * 16 bytes big_cksum quadratic checksum of * above using "key" */ int32_t krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver) { unsigned char * p = (unsigned char*)out; struct timeval tv; unsigned char *start; u_int32_t src_addr; - p += krb_put_int(KRB_PROT_VERSION, p, 1); - p += krb_put_int(AUTH_MSG_SAFE, p, 1); + p += krb_put_int(KRB_PROT_VERSION, p, 1, 1); + p += krb_put_int(AUTH_MSG_SAFE, p, 1, 1); start = p; - p += krb_put_int(length, p, 4); + p += krb_put_int(length, p, 4, 4); memcpy(p, in, length); p += length; - gettimeofday(&tv, NULL); + krb_kdctimeofday(&tv); *p++ = tv.tv_usec/5000; /* 5ms */ src_addr = sender->sin_addr.s_addr; - p += krb_put_address(src_addr, p); + p += krb_put_address(src_addr, p, 4); - p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4, 4); { /* We are faking big endian mode, so we need to fix the * checksum (that is byte order dependent). We always send a * checksum of the new type, unless we know that we are * talking to an old client (this requires a call to * krb_rd_safe first). */ unsigned char new_checksum[16]; unsigned char old_checksum[16]; fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0); if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) || dqc_type == DES_QUAD_OLD) memcpy(p, old_checksum, 16); else memcpy(p, new_checksum, 16); } p += 16; return p - (unsigned char*)out; } Index: stable/3/crypto/kerberosIV/lib/krb/name2name.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/name2name.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/name2name.c (revision 62578) @@ -1,102 +1,108 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: name2name.c,v 1.15 1997/04/30 04:30:36 assar Exp $"); +RCSID("$Id: name2name.c,v 1.22 1999/12/02 16:58:43 joda Exp $"); /* convert host to a more fully qualified domain name, returns 0 if * phost is the same as host, 1 otherwise. phost should be * phost_size bytes long. */ int krb_name_to_name(const char *host, char *phost, size_t phost_size) { struct hostent *hp; struct in_addr adr; const char *tmp; adr.s_addr = inet_addr(host); - hp = gethostbyname(host); - if (hp == NULL && adr.s_addr != INADDR_NONE) + if (adr.s_addr != INADDR_NONE) hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET); + else + hp = gethostbyname(host); if (hp == NULL) tmp = host; - else + else { tmp = hp->h_name; - strncpy (phost, tmp, phost_size); - phost[phost_size - 1] = '\0'; + /* + * Broken SunOS 5.4 sometimes keeps the official name as the + * 1:st alias. + */ + if (strchr(tmp, '.') == NULL + && hp->h_aliases != NULL + && hp->h_aliases[0] != NULL + && strchr (hp->h_aliases[0], '.') != NULL) + tmp = hp->h_aliases[0]; + } + strlcpy (phost, tmp, phost_size); if (strcmp(phost, host) == 0) return 0; else return 1; } /* lowercase and truncate */ void k_ricercar(char *name) { - char *p = name; + unsigned char *p = (unsigned char *)name; + while(*p && *p != '.'){ if(isupper(*p)) *p = tolower(*p); p++; } if(*p == '.') *p = 0; } /* * This routine takes an alias for a host name and returns the first * field, in lower case, of its domain name. * * Example: "fOo.BAR.com" -> "foo" */ char * krb_get_phost(const char *alias) { - static char phost[MaxHostNameLen+1]; + static char phost[MaxHostNameLen]; krb_name_to_name(alias, phost, sizeof(phost)); k_ricercar(phost); return phost; } Index: stable/3/crypto/kerberosIV/lib/krb/parse_name.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/parse_name.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/parse_name.c (revision 62578) @@ -1,199 +1,194 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $"); +RCSID("$Id: parse_name.c,v 1.7 1999/12/02 16:58:43 joda Exp $"); int krb_parse_name(const char *fullname, krb_principal *principal) { const char *p; char *ns, *np; enum {n, i, r} pos = n; int quote = 0; ns = np = principal->name; principal->name[0] = 0; principal->instance[0] = 0; principal->realm[0] = 0; for(p = fullname; *p; p++){ if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */ return KNAME_FMT; if(quote){ *np++ = *p; quote = 0; continue; } if(*p == '\\') quote = 1; else if(*p == '.' && pos == n){ *np = 0; ns = np = principal->instance; pos = i; }else if(*p == '@' && (pos == n || pos == i)){ *np = 0; ns = np = principal->realm; pos = r; }else *np++ = *p; } *np = 0; if(quote || principal->name[0] == 0) return KNAME_FMT; return KSUCCESS; } int kname_parse(char *np, char *ip, char *rp, char *fullname) { krb_principal p; int ret; if((ret = krb_parse_name(fullname, &p)) == 0){ - strcpy(np, p.name); - strcpy(ip, p.instance); + strlcpy (np, p.name, ANAME_SZ); + strlcpy (ip, p.instance, INST_SZ); if(p.realm[0]) - strcpy(rp, p.realm); + strlcpy (rp, p.realm, REALM_SZ); } return ret; } /* * k_isname() returns 1 if the given name is a syntactically legitimate * Kerberos name; returns 0 if it's not. */ int k_isname(char *s) { char c; int backslash = 0; if (!*s) return 0; if (strlen(s) > ANAME_SZ - 1) return 0; while ((c = *s++)) { if (backslash) { backslash = 0; continue; } switch(c) { case '\\': backslash = 1; break; case '.': return 0; /* break; */ case '@': return 0; /* break; */ } } return 1; } /* * k_isinst() returns 1 if the given name is a syntactically legitimate * Kerberos instance; returns 0 if it's not. */ int k_isinst(char *s) { char c; int backslash = 0; if (strlen(s) > INST_SZ - 1) return 0; while ((c = *s++)) { if (backslash) { backslash = 0; continue; } switch(c) { case '\\': backslash = 1; break; case '.': #if INSTANCE_DOTS_OK break; #else /* INSTANCE_DOTS_OK */ return 0; #endif /* INSTANCE_DOTS_OK */ /* break; */ case '@': return 0; /* break; */ } } return 1; } /* * k_isrealm() returns 1 if the given name is a syntactically legitimate * Kerberos realm; returns 0 if it's not. */ int k_isrealm(char *s) { char c; int backslash = 0; if (!*s) return 0; if (strlen(s) > REALM_SZ - 1) return 0; while ((c = *s++)) { if (backslash) { backslash = 0; continue; } switch(c) { case '\\': backslash = 1; break; case '@': return 0; /* break; */ } } return 1; } Index: stable/3/crypto/kerberosIV/lib/krb/prot.h =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/prot.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/prot.h (revision 62578) @@ -1,105 +1,72 @@ /* - * $Id: prot.h,v 1.7 1997/03/23 03:52:27 joda Exp $ + * $Id: prot.h,v 1.9 1999/11/30 18:57:46 bg Exp $ * * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. * * For copying and distribution information, please see the file * . * * Include file with authentication protocol information. */ #ifndef PROT_DEFS #define PROT_DEFS +#include + #define KRB_SERVICE "kerberos-iv" #define KRB_PORT 750 /* PC's don't have * /etc/services */ #define KRB_PROT_VERSION 4 #define MAX_PKT_LEN 1000 #define MAX_TXT_LEN 1000 -/* Macro's to obtain various fields from a packet */ - -#define pkt_version(packet) (unsigned int) *(packet->dat) -#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) -#define pkt_a_name(packet) (packet->dat+2) -#define pkt_a_inst(packet) \ - (packet->dat+3+strlen((char *)pkt_a_name(packet))) -#define pkt_a_realm(packet) \ - (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) - -/* Macro to obtain realm from application request */ -#define apreq_realm(auth) (auth->dat + 3) - -#define pkt_time_ws(packet) (char *) \ - (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) - -#define pkt_no_req(packet) (unsigned short) \ - *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) -#define pkt_x_date(packet) (char *) \ - (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) -#define pkt_err_code(packet) ( (char *) \ - (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet)))) -#define pkt_err_text(packet) \ - (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) - /* Routines to create and read packets may be found in prot.c */ KTEXT create_auth_reply(char *pname, char *pinst, char *prealm, int32_t time_ws, int n, u_int32_t x_date, int kvno, KTEXT cipher); #ifdef DEBUG KTEXT krb_create_death_packet(char *a_name); #endif /* Message types , always leave lsb for byte order */ -#define AUTH_MSG_KDC_REQUEST 1<<1 -#define AUTH_MSG_KDC_REPLY 2<<1 -#define AUTH_MSG_APPL_REQUEST 3<<1 -#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 -#define AUTH_MSG_ERR_REPLY 5<<1 -#define AUTH_MSG_PRIVATE 6<<1 -#define AUTH_MSG_SAFE 7<<1 -#define AUTH_MSG_APPL_ERR 8<<1 -#define AUTH_MSG_KDC_FORWARD 9<<1 -#define AUTH_MSG_KDC_RENEW 10<<1 -#define AUTH_MSG_DIE 63<<1 +#define AUTH_MSG_KDC_REQUEST (1<<1) +#define AUTH_MSG_KDC_REPLY (2<<1) +#define AUTH_MSG_APPL_REQUEST (3<<1) +#define AUTH_MSG_APPL_REQUEST_MUTUAL (4<<1) +#define AUTH_MSG_ERR_REPLY (5<<1) +#define AUTH_MSG_PRIVATE (6<<1) +#define AUTH_MSG_SAFE (7<<1) +#define AUTH_MSG_APPL_ERR (8<<1) +#define AUTH_MSG_KDC_FORWARD (9<<1) +#define AUTH_MSG_KDC_RENEW (10<<1) +#define AUTH_MSG_DIE (63<<1) /* values for kerb error codes */ #define KERB_ERR_OK 0 #define KERB_ERR_NAME_EXP 1 #define KERB_ERR_SERVICE_EXP 2 #define KERB_ERR_AUTH_EXP 3 #define KERB_ERR_PKT_VER 4 #define KERB_ERR_NAME_MAST_KEY_VER 5 #define KERB_ERR_SERV_MAST_KEY_VER 6 #define KERB_ERR_BYTE_ORDER 7 #define KERB_ERR_PRINCIPAL_UNKNOWN 8 #define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 #define KERB_ERR_NULL_KEY 10 #define KERB_ERR_TIMEOUT 11 /* sendauth - recvauth */ /* * If the protocol changes, you will need to change the version string * be sure to support old versions of krb_sendauth! */ #define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ #endif /* PROT_DEFS */ Index: stable/3/crypto/kerberosIV/lib/krb/rd_err.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/rd_err.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/rd_err.c (revision 62578) @@ -1,82 +1,77 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $"); +RCSID("$Id: rd_err.c,v 1.9 1999/12/02 16:58:43 joda Exp $"); /* * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length", * return the error code from the message in "code" and the text in * "m_data" as follows: * * m_data->app_data points to the error text * m_data->app_length points to the length of the error text * * If all goes well, return RD_AP_OK. If the version number * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR * type message, return RD_AP_MSG_TYPE. * * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c */ int krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data) { unsigned char *p = (unsigned char*)in; unsigned char pvno, type; int little_endian; pvno = *p++; if(pvno != KRB_PROT_VERSION) return RD_AP_VERSION; type = *p++; little_endian = type & 1; type &= ~1; if(type != AUTH_MSG_APPL_ERR) return RD_AP_MSG_TYPE; p += krb_get_int(p, (u_int32_t *)&code, 4, little_endian); m_data->app_data = p; m_data->app_length = in_length; /* XXX is this correct? */ return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/rd_priv.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/rd_priv.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/rd_priv.c (revision 62578) @@ -1,129 +1,124 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $"); +RCSID("$Id: rd_priv.c,v 1.27 1999/12/02 16:58:43 joda Exp $"); /* application include files */ -#include "lsb_addr_comp.h" +#include "krb-archaeology.h" /* * krb_rd_priv() decrypts and checks the integrity of an * AUTH_MSG_PRIVATE message. Given the message received, "in", * the length of that message, "in_length", the key "schedule" * and "key", and the network addresses of the * "sender" and "receiver" of the message, krb_rd_safe() returns * RD_AP_OK if the message is okay, otherwise some error code. * * The message data retrieved from "in" are returned in the structure * "m_data". The pointer to the application data * (m_data->app_data) refers back to the appropriate place in "in". * * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE * message. The structure containing the extracted message * information, MSG_DAT, is defined in "krb.h". */ int32_t krb_rd_priv(void *in, u_int32_t in_length, struct des_ks_struct *schedule, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver, MSG_DAT *m_data) { unsigned char *p = (unsigned char*)in; int little_endian; u_int32_t clen; struct timeval tv; u_int32_t src_addr; int delta_t; unsigned char pvno, type; pvno = *p++; if(pvno != KRB_PROT_VERSION) return RD_AP_VERSION; type = *p++; little_endian = type & 1; type &= ~1; p += krb_get_int(p, &clen, 4, little_endian); if(clen + 2 > in_length) return RD_AP_MODIFIED; des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen, schedule, key, DES_DECRYPT); p += krb_get_int(p, &m_data->app_length, 4, little_endian); if(m_data->app_length + 17 > in_length) return RD_AP_MODIFIED; m_data->app_data = p; p += m_data->app_length; m_data->time_5ms = *p++; p += krb_get_address(p, &src_addr); if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) return RD_AP_BADD; p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); gettimeofday(&tv, NULL); /* check the time integrity of the msg */ delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); if (delta_t > CLOCK_SKEW) return RD_AP_TIME; if (krb_debug) - krb_warning("\ndelta_t = %d", (int) delta_t); + krb_warning("delta_t = %d\n", (int) delta_t); /* * caller must check timestamps for proper order and * replays, since server might have multiple clients * each with its own timestamps and we don't assume * tightly synchronized clocks. */ return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/rd_req.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/rd_req.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/rd_req.c (revision 62578) @@ -1,324 +1,319 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $"); +RCSID("$Id: rd_req.c,v 1.27.2.1 1999/12/06 22:04:36 assar Exp $"); static struct timeval t_local = { 0, 0 }; /* * Keep the following information around for subsequent calls * to this routine by the same server using the same key. */ static des_key_schedule serv_key; /* Key sched to decrypt ticket */ static des_cblock ky; /* Initialization vector */ static int st_kvno; /* version number for this key */ static char st_rlm[REALM_SZ]; /* server's realm */ static char st_nam[ANAME_SZ]; /* service name */ static char st_inst[INST_SZ]; /* server's instance */ /* * This file contains two functions. krb_set_key() takes a DES * key or password string and returns a DES key (either the original * key, or the password converted into a DES key) and a key schedule * for it. * * krb_rd_req() reads an authentication request and returns information * about the identity of the requestor, or an indication that the * identity information was not authentic. */ /* * krb_set_key() takes as its first argument either a DES key or a * password string. The "cvt" argument indicates how the first * argument "key" is to be interpreted: if "cvt" is null, "key" is * taken to be a DES key; if "cvt" is non-null, "key" is taken to * be a password string, and is converted into a DES key using * string_to_key(). In either case, the resulting key is returned * in the external static variable "ky". A key schedule is * generated for "ky" and returned in the external static variable * "serv_key". * * This routine returns the return value of des_key_sched. * * krb_set_key() needs to be in the same .o file as krb_rd_req() so that * the key set by krb_set_key() is available in private storage for * krb_rd_req(). */ int krb_set_key(void *key, int cvt) { #ifdef NOENCRYPTION memset(ky, 0, sizeof(ky)); return KSUCCESS; #else /* Encrypt */ if (cvt) des_string_to_key((char*)key, &ky); else memcpy((char*)ky, key, 8); return(des_key_sched(&ky, serv_key)); #endif /* NOENCRYPTION */ } /* * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(), * checks its integrity and returns a judgement as to the requestor's * identity. * * The "authent" argument is a pointer to the received message. * The "service" and "instance" arguments name the receiving server, * and are used to get the service's ticket to decrypt the ticket * in the message, and to compare against the server name inside the * ticket. "from_addr" is the network address of the host from which * the message was received; this is checked against the network * address in the ticket. If "from_addr" is zero, the check is not * performed. "ad" is an AUTH_DAT structure which is * filled in with information about the sender's identity according * to the authenticator and ticket sent in the message. Finally, * "fn" contains the name of the file containing the server's key. * (If "fn" is NULL, the server's key is assumed to have been set * by krb_set_key(). If "fn" is the null string ("") the default * file KEYFILE, defined in "krb.h", is used.) * * krb_rd_req() returns RD_AP_OK if the authentication information * was genuine, or one of the following error codes (defined in * "krb.h"): * * RD_AP_VERSION - wrong protocol version number * RD_AP_MSG_TYPE - wrong message type * RD_AP_UNDEC - couldn't decipher the message * RD_AP_INCON - inconsistencies found * RD_AP_BADD - wrong network address * RD_AP_TIME - client time (in authenticator) * too far off server time * RD_AP_NYV - Kerberos time (in ticket) too * far off server time * RD_AP_EXP - ticket expired * * For the message format, see krb_mk_req(). * * Mutual authentication is not implemented. */ int krb_rd_req(KTEXT authent, /* The received message */ char *service, /* Service name */ char *instance, /* Service instance */ int32_t from_addr, /* Net address of originating host */ AUTH_DAT *ad, /* Structure to be filled in */ char *fn) /* Filename to get keys from */ { static KTEXT_ST ticket; /* Temp storage for ticket */ static KTEXT tkt = &ticket; static KTEXT_ST req_id_st; /* Temp storage for authenticator */ KTEXT req_id = &req_id_st; char realm[REALM_SZ]; /* Realm of issuing kerberos */ unsigned char skey[KKEY_SZ]; /* Session key from ticket */ char sname[SNAME_SZ]; /* Service name from ticket */ char iname[INST_SZ]; /* Instance name from ticket */ char r_aname[ANAME_SZ]; /* Client name from authenticator */ char r_inst[INST_SZ]; /* Client instance from authenticator */ char r_realm[REALM_SZ]; /* Client realm from authenticator */ u_int32_t r_time_sec; /* Coarse time from authenticator */ unsigned long delta_t; /* Time in authenticator - local time */ long tkt_age; /* Age of ticket */ static unsigned char s_kvno;/* Version number of the server's key * Kerberos used to encrypt ticket */ struct timeval tv; int status; int pvno; int type; int little_endian; unsigned char *p; if (authent->length <= 0) return(RD_AP_MODIFIED); p = authent->dat; /* get msg version, type and byte order, and server key version */ pvno = *p++; if(pvno != KRB_PROT_VERSION) return RD_AP_VERSION; type = *p++; little_endian = type & 1; type &= ~1; if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) return RD_AP_MSG_TYPE; s_kvno = *p++; - p += krb_get_string(p, realm); + p += krb_get_string(p, realm, sizeof(realm)); /* * If "fn" is NULL, key info should already be set; don't * bother with ticket file. Otherwise, check to see if we * already have key info for the given server and key version * (saved in the static st_* variables). If not, go get it * from the ticket file. If "fn" is the null string, use the * default ticket file. */ if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { - if (*fn == 0) fn = KEYFILE; + if (*fn == 0) fn = (char *)KEYFILE; st_kvno = s_kvno; if (read_service_key(service, instance, realm, s_kvno, fn, (char *)skey)) return(RD_AP_UNDEC); if ((status = krb_set_key((char*)skey, 0))) return(status); - strcpy(st_rlm, realm); - strcpy(st_nam, service); - strcpy(st_inst, instance); + strlcpy (st_rlm, realm, REALM_SZ); + strlcpy (st_nam, service, SNAME_SZ); + strlcpy (st_inst, instance, INST_SZ); } tkt->length = *p++; req_id->length = *p++; if(tkt->length + (p - authent->dat) > authent->length) return RD_AP_MODIFIED; memcpy(tkt->dat, p, tkt->length); p += tkt->length; if (krb_ap_req_debug) krb_log("ticket->length: %d",tkt->length); /* Decrypt and take apart ticket */ if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm, &ad->address, ad->session, &ad->life, &ad->time_sec, sname, iname, &ky, serv_key)) return RD_AP_UNDEC; if (krb_ap_req_debug) { krb_log("Ticket Contents."); krb_log(" Aname: %s.%s",ad->pname, ad->prealm); krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL)); } /* Extract the authenticator */ if(req_id->length + (p - authent->dat) > authent->length) return RD_AP_MODIFIED; memcpy(req_id->dat, p, req_id->length); p = req_id->dat; #ifndef NOENCRYPTION /* And decrypt it with the session key from the ticket */ if (krb_ap_req_debug) krb_log("About to decrypt authenticator"); encrypt_ktext(req_id, &ad->session, DES_DECRYPT); if (krb_ap_req_debug) krb_log("Done."); #endif /* NOENCRYPTION */ /* cast req_id->length to int? */ #define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED); p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */ p += krb_get_int(p, &ad->checksum, 4, little_endian); p++; /* time_5ms is not used */ p += krb_get_int(p, &r_time_sec, 4, little_endian); /* Check for authenticity of the request */ if (krb_ap_req_debug) krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm, r_aname, r_inst, r_realm); if (strcmp(ad->pname, r_aname) != 0 || strcmp(ad->pinst, r_inst) != 0 || strcmp(ad->prealm, r_realm) != 0) return RD_AP_INCON; if (krb_ap_req_debug) krb_log("Address: %x %x", ad->address, from_addr); if (from_addr && (!krb_equiv(ad->address, from_addr))) return RD_AP_BADD; gettimeofday(&tv, NULL); delta_t = abs((int)(tv.tv_sec - r_time_sec)); if (delta_t > CLOCK_SKEW) { if (krb_ap_req_debug) krb_log("Time out of range: %lu - %lu = %lu", (unsigned long)t_local.tv_sec, (unsigned long)r_time_sec, (unsigned long)delta_t); return RD_AP_TIME; } /* Now check for expiration of ticket */ tkt_age = tv.tv_sec - ad->time_sec; if (krb_ap_req_debug) krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x", (long)tv.tv_sec, (unsigned long)ad->time_sec, tkt_age, ad->life); if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) return RD_AP_NYV; if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life)) return RD_AP_EXP; /* All seems OK */ ad->reply.length = 0; return(RD_AP_OK); } Index: stable/3/crypto/kerberosIV/lib/krb/rd_safe.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/rd_safe.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/rd_safe.c (revision 62578) @@ -1,178 +1,173 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $"); +RCSID("$Id: rd_safe.c,v 1.26 1999/12/02 16:58:43 joda Exp $"); /* application include files */ -#include "lsb_addr_comp.h" +#include "krb-archaeology.h" /* Generate two checksums in the given byteorder of the data, one * new-form and one old-form. It has to be done this way to be * compatible with the old version of des_quad_cksum. */ /* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */ int dqc_type = DES_QUAD_DEFAULT; void fixup_quad_cksum(void *start, size_t len, des_cblock *key, void *new_checksum, void *old_checksum, int little) { des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key); if(HOST_BYTE_ORDER){ if(little){ memcpy(old_checksum, new_checksum, 16); }else{ u_int32_t *tmp = (u_int32_t*)new_checksum; memcpy(old_checksum, new_checksum, 16); swap_u_16(old_checksum); swap_u_long(tmp[0]); swap_u_long(tmp[1]); swap_u_long(tmp[2]); swap_u_long(tmp[3]); } }else{ if(little){ u_int32_t *tmp = (u_int32_t*)new_checksum; swap_u_long(tmp[0]); swap_u_long(tmp[1]); swap_u_long(tmp[2]); swap_u_long(tmp[3]); memcpy(old_checksum, new_checksum, 16); }else{ u_int32_t tmp[4]; tmp[0] = ((u_int32_t*)new_checksum)[3]; tmp[1] = ((u_int32_t*)new_checksum)[2]; tmp[2] = ((u_int32_t*)new_checksum)[1]; tmp[3] = ((u_int32_t*)new_checksum)[0]; memcpy(old_checksum, tmp, 16); } } } /* * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message. * Given the message received, "in", the length of that message, * "in_length", the "key" to compute the checksum with, and the * network addresses of the "sender" and "receiver" of the message, * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise * some error code. * * The message data retrieved from "in" is returned in the structure * "m_data". The pointer to the application data (m_data->app_data) * refers back to the appropriate place in "in". * * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE * message. The structure containing the extracted message * information, MSG_DAT, is defined in "krb.h". */ int32_t krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver, MSG_DAT *m_data) { unsigned char *p = (unsigned char*)in, *start; unsigned char pvno, type; int little_endian; struct timeval tv; u_int32_t src_addr; int delta_t; pvno = *p++; if(pvno != KRB_PROT_VERSION) return RD_AP_VERSION; type = *p++; little_endian = type & 1; type &= ~1; if(type != AUTH_MSG_SAFE) return RD_AP_MSG_TYPE; start = p; p += krb_get_int(p, &m_data->app_length, 4, little_endian); if(m_data->app_length + 31 > in_length) return RD_AP_MODIFIED; m_data->app_data = p; p += m_data->app_length; m_data->time_5ms = *p++; p += krb_get_address(p, &src_addr); if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) return RD_AP_BADD; p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); gettimeofday(&tv, NULL); delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); if (delta_t > CLOCK_SKEW) return RD_AP_TIME; /* * caller must check timestamps for proper order and replays, since * server might have multiple clients each with its own timestamps * and we don't assume tightly synchronized clocks. */ { unsigned char new_checksum[16]; unsigned char old_checksum[16]; fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, little_endian); if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) && memcmp(new_checksum, p, 16) == 0) dqc_type = DES_QUAD_NEW; else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) && memcmp(old_checksum, p, 16) == 0) dqc_type = DES_QUAD_OLD; else return RD_AP_MODIFIED; } return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/read_service_key.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/read_service_key.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/read_service_key.c (revision 62578) @@ -1,116 +1,117 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $"); +RCSID("$Id: read_service_key.c,v 1.12 1999/09/16 20:41:54 assar Exp $"); /* * The private keys for servers on a given host are stored in a * "srvtab" file (typically "/etc/srvtab"). This routine extracts * a given server's key from the file. * * read_service_key() takes the server's name ("service"), "instance", * and "realm" and a key version number "kvno", and looks in the given * "file" for the corresponding entry, and if found, returns the entry's * key field in "key". * * If "instance" contains the string "*", then it will match * any instance, and the chosen instance will be copied to that * string. For this reason it is important that the there is enough * space beyond the "*" to receive the entry. * * If "kvno" is 0, it is treated as a wild card and the first * matching entry regardless of the "vno" field is returned. * * This routine returns KSUCCESS on success, otherwise KFAILURE. * * The format of each "srvtab" entry is as follows: * * Size Variable Field in file * ---- -------- ------------- * string serv server name * string inst server instance * string realm server realm * 1 byte vno server key version # * 8 bytes key server's key * ... ... ... */ int -read_service_key(char *service, /* Service Name */ +read_service_key(const char *service, /* Service Name */ char *instance, /* Instance name or "*" */ - char *realm, /* Realm */ + const char *realm, /* Realm */ int kvno, /* Key version number */ - char *file, /* Filename */ - char *key) /* Pointer to key to be filled in */ + const char *file, /* Filename */ + void *key) /* Pointer to key to be filled in */ { char serv[SNAME_SZ]; char inst[INST_SZ]; char rlm[REALM_SZ]; unsigned char vno; /* Key version number */ int wcard; int stab; if ((stab = open(file, O_RDONLY, 0)) < 0) return(KFAILURE); wcard = (instance[0] == '*') && (instance[1] == '\0'); while (getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */ getst(stab,inst,INST_SZ); /* Instance */ getst(stab,rlm,REALM_SZ); /* Realm */ /* Vers number */ if (read(stab, &vno, 1) != 1) { close(stab); return(KFAILURE); } /* Key */ if (read(stab,key,8) != 8) { close(stab); return(KFAILURE); } /* Is this the right service */ if (strcmp(serv,service)) continue; /* How about instance */ if (!wcard && strcmp(inst,instance)) continue; - if (wcard) - strncpy(instance,inst,INST_SZ); + if (wcard) { + strlcpy (instance, inst, INST_SZ); + } /* Is this the right realm */ if (strcmp(rlm,realm)) continue; /* How about the key version number */ if (kvno && kvno != (int) vno) continue; close(stab); return(KSUCCESS); } /* Can't find the requested service */ close(stab); return(KFAILURE); } Index: stable/3/crypto/kerberosIV/lib/krb/realm_parse.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/realm_parse.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/realm_parse.c (revision 62578) @@ -1,88 +1,71 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: realm_parse.c,v 1.10 1997/06/01 03:14:50 assar Exp $"); +RCSID("$Id: realm_parse.c,v 1.17 1999/12/02 16:58:43 joda Exp $"); static int realm_parse(char *realm, int length, const char *file) { FILE *F; char tr[128]; char *p; if ((F = fopen(file,"r")) == NULL) return -1; while(fgets(tr, sizeof(tr), F)){ char *unused = NULL; p = strtok_r(tr, " \t\n\r", &unused); if(p && strcasecmp(p, realm) == 0){ fclose(F); - strncpy(realm, p, length); + strlcpy (realm, p, length); return 0; } } fclose(F); return -1; } -static const char *const files[] = KRB_CNF_FILES; - int krb_realm_parse(char *realm, int length) { int i; - - const char *dir = getenv("KRBCONFDIR"); + char file[MaxPathLen]; - /* First try user specified file */ - if (dir != 0) { - char fname[MaxPathLen]; - - if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) - if (realm_parse(realm, length, fname) == 0) - return 0; - } - - for (i = 0; files[i] != NULL; i++) - if (realm_parse(realm, length, files[i]) == 0) + for(i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++) + if (realm_parse(realm, length, file) == 0) return 0; return -1; } Index: stable/3/crypto/kerberosIV/lib/krb/recvauth.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/recvauth.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/recvauth.c (revision 62578) @@ -1,190 +1,192 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: recvauth.c,v 1.17 1997/03/23 03:53:16 joda Exp $"); +RCSID("$Id: recvauth.c,v 1.19 1998/06/09 19:25:25 joda Exp $"); /* * krb_recvauth() reads (and optionally responds to) a message sent * using krb_sendauth(). The "options" argument is a bit-field of * selected options (see "sendauth.c" for options description). * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL * (mutual authentication requested). The "fd" argument supplies * a file descriptor to read from (and write to, if mutual authenti- * cation is requested). * * Part of the received message will be a Kerberos ticket sent by the * client; this is read into the "ticket" argument. The "service" and * "instance" arguments supply the server's Kerberos name. If the * "instance" argument is the string "*", it is treated as a wild card * and filled in during the krb_rd_req() call (see read_service_key()). * * The "faddr" and "laddr" give the sending (client) and receiving * (local server) network addresses. ("laddr" may be left NULL unless * mutual authentication is requested, in which case it must be set.) * * The authentication information extracted from the message is returned * in "kdata". The "filename" argument indicates the file where the * server's key can be found. (It is passed on to krb_rd_req().) If * left null, the default "/etc/srvtab" will be used. * * If mutual authentication is requested, the session key schedule must * be computed in order to reply; this schedule is returned in the * "schedule" argument. A string containing the application version * number from the received message is returned in "version", which * should be large enough to hold a KRB_SENDAUTH_VLEN-character string. * * See krb_sendauth() for the format of the received client message. * * krb_recvauth() first reads the protocol version string from the * given file descriptor. If it doesn't match the current protocol * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In * that case, the string of characters up to the first space is read * and interpreted as the ticket length, then the ticket is read. * * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth() * next reads the application protocol version string. Then the * ticket length and ticket itself are read. * * The ticket is decrypted and checked by the call to krb_rd_req(). * If no mutual authentication is required, the result of the * krb_rd_req() call is retured by this routine. If mutual authenti- * cation is required, a message in the following format is returned * on "fd": * * Size Variable Field * ---- -------- ----- * * 4 bytes tkt_len length of ticket or -1 * if error occurred * * priv_len tmp_buf "private" message created * by krb_mk_priv() which * contains the incremented * checksum sent by the client * encrypted in the session * key. (This field is not * present in case of error.) * * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some * other error code is returned. */ static int send_error_reply(int fd) { unsigned char tmp[4] = { 255, 255, 255, 255 }; if(krb_net_write(fd, tmp, sizeof(tmp)) != sizeof(tmp)) return -1; return 0; } int krb_recvauth(int32_t options, /* bit-pattern of options */ int fd, /* file descr. to read from */ KTEXT ticket, /* storage for client's ticket */ char *service, /* service expected */ char *instance, /* inst expected (may be filled in) */ struct sockaddr_in *faddr, /* address of foreign host on fd */ struct sockaddr_in *laddr, /* local address */ AUTH_DAT *kdata, /* kerberos data (returned) */ char *filename, /* name of file with service keys */ struct des_ks_struct *schedule, /* key schedule (return) */ char *version) /* version string (filled in) */ { int cc; char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */ int rem; int32_t priv_len; u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)]; + if (!(options & KOPT_IGNORE_PROTOCOL)) { /* read the protocol version number */ if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) return(errno); krb_vers[KRB_SENDAUTH_VLEN] = '\0'; + } /* read the application version string */ if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) return(errno); version[KRB_SENDAUTH_VLEN] = '\0'; /* get the length of the ticket */ { char tmp[4]; if (krb_net_read(fd, tmp, 4) != 4) return -1; krb_get_int(tmp, &ticket->length, 4, 0); } /* sanity check */ if (ticket->length <= 0 || ticket->length > MAX_KTXT_LEN) { if (options & KOPT_DO_MUTUAL) { if(send_error_reply(fd)) return -1; return KFAILURE; } else return KFAILURE; /* XXX there may still be junk on the fd? */ } /* read the ticket */ if (krb_net_read(fd, ticket->dat, ticket->length) != ticket->length) return -1; /* * now have the ticket. decrypt it to get the authenticated * data. */ rem = krb_rd_req(ticket, service, instance, faddr->sin_addr.s_addr, kdata, filename); /* if we are doing mutual auth, compose a response */ if (options & KOPT_DO_MUTUAL) { if (rem != KSUCCESS){ /* the krb_rd_req failed */ if(send_error_reply(fd)) return -1; return rem; } /* add one to the (formerly) sealed checksum, and re-seal it for return to the client */ { unsigned char cs[4]; - krb_put_int(kdata->checksum + 1, cs, 4); + krb_put_int(kdata->checksum + 1, cs, sizeof(cs), 4); #ifndef NOENCRYPTION des_key_sched(&kdata->session,schedule); #endif priv_len = krb_mk_priv(cs, tmp_buf+4, 4, schedule, &kdata->session, laddr, faddr); } /* mk_priv will never fail */ - priv_len += krb_put_int(priv_len, tmp_buf, 4); + priv_len += krb_put_int(priv_len, tmp_buf, 4, 4); if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len) return -1; } return rem; } Index: stable/3/crypto/kerberosIV/lib/krb/rw.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/rw.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/rw.c (revision 62578) @@ -1,128 +1,153 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* Almost all programs use these routines (implicitly) so it's a good * place to put the version string. */ #include "version.h" #include "krb_locl.h" -RCSID("$Id: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $"); +RCSID("$Id: rw.c,v 1.12 1999/12/02 16:58:44 joda Exp $"); int krb_get_int(void *f, u_int32_t *to, int size, int lsb) { int i; unsigned char *from = (unsigned char *)f; *to = 0; if(lsb){ for(i = size-1; i >= 0; i--) *to = (*to << 8) | from[i]; }else{ for(i = 0; i < size; i++) *to = (*to << 8) | from[i]; } return size; } int -krb_put_int(u_int32_t from, void *to, int size) +krb_put_int(u_int32_t from, void *to, size_t rem, int size) { int i; unsigned char *p = (unsigned char *)to; + + if (rem < size) + return -1; + for(i = size - 1; i >= 0; i--){ p[i] = from & 0xff; from >>= 8; } return size; } /* addresses are always sent in network byte order */ int krb_get_address(void *from, u_int32_t *to) { unsigned char *p = (unsigned char*)from; *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); return 4; } int -krb_put_address(u_int32_t addr, void *to) +krb_put_address(u_int32_t addr, void *to, size_t rem) { - return krb_put_int(ntohl(addr), to, 4); + return krb_put_int(ntohl(addr), to, rem, 4); } int -krb_put_string(char *from, void *to) +krb_put_string(const char *from, void *to, size_t rem) { - strcpy((char *)to, from); - return strlen(from) + 1; + size_t len = strlen(from) + 1; + + if (rem < len) + return -1; + memcpy(to, from, len); + return len; } int -krb_get_string(void *from, char *to) +krb_get_string(void *from, char *to, size_t to_size) { - return krb_put_string(from, to); + strlcpy (to, (char *)from, to_size); + return strlen((char *)from) + 1; } int krb_get_nir(void *from, char *name, char *instance, char *realm) { char *p = (char *)from; - p += krb_get_string(p, name); - p += krb_get_string(p, instance); + p += krb_get_string(p, name, ANAME_SZ); + p += krb_get_string(p, instance, INST_SZ); if(realm) - p += krb_get_string(p, realm); + p += krb_get_string(p, realm, REALM_SZ); return p - (char *)from; } int -krb_put_nir(char *name, char *instance, char *realm, void *to) +krb_put_nir(const char *name, + const char *instance, + const char *realm, + void *to, + size_t rem) { char *p = (char *)to; - p += krb_put_string(name, p); - p += krb_put_string(instance, p); - if(realm) - p += krb_put_string(realm, p); + int tmp; + + tmp = krb_put_string(name, p, rem); + if (tmp < 0) + return tmp; + p += tmp; + rem -= tmp; + + tmp = krb_put_string(instance, p, rem); + if (tmp < 0) + return tmp; + p += tmp; + rem -= tmp; + + if (realm) { + tmp = krb_put_string(realm, p, rem); + if (tmp < 0) + return tmp; + p += tmp; + rem -= tmp; + } return p - (char *)to; } Index: stable/3/crypto/kerberosIV/lib/krb/send_to_kdc.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/send_to_kdc.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/send_to_kdc.c (revision 62578) @@ -1,251 +1,527 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" +#include -RCSID("$Id: send_to_kdc.c,v 1.39 1997/05/15 21:02:31 joda Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.71 1999/11/25 02:20:53 assar Exp $"); struct host { struct sockaddr_in addr; - int proto; + const char *hostname; + enum krb_host_proto proto; }; -static const char *prog = "send_to_kdc"; -static send_recv(KTEXT pkt, KTEXT rpkt, int f, - struct sockaddr_in *_to, struct host *addrs, - int h_hosts); +static int send_recv(KTEXT pkt, KTEXT rpkt, struct host *host); /* - * This file contains two routines, send_to_kdc() and send_recv(). - * send_recv() is a static routine used by send_to_kdc(). - */ - -/* * send_to_kdc() sends a message to the Kerberos authentication * server(s) in the given realm and returns the reply message. * The "pkt" argument points to the message to be sent to Kerberos; * the "rpkt" argument will be filled in with Kerberos' reply. * The "realm" argument indicates the realm of the Kerberos server(s) * to transact with. If the realm is null, the local realm is used. * * If more than one Kerberos server is known for a given realm, * different servers will be queried until one of them replies. * Several attempts (retries) are made for each server before * giving up entirely. * * If an answer was received from a Kerberos host, KSUCCESS is * returned. The following errors can be returned: * * SKDC_CANT - can't get local realm * - can't find "kerberos" in /etc/services database * - can't open socket * - can't bind socket * - all ports in use * - couldn't find any Kerberos host * * SKDC_RETRY - couldn't get an answer from any Kerberos server, * after several retries */ +/* always use the admin server */ +static int krb_use_admin_server_flag = 0; + +static int client_timeout = -1; + int -send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm) +krb_use_admin_server(int flag) { + int old = krb_use_admin_server_flag; + krb_use_admin_server_flag = flag; + return old; +} + +#define PROXY_VAR "krb4_proxy" + +static int +expand (struct host **ptr, size_t sz) +{ + void *tmp; + + tmp = realloc (*ptr, sz) ; + if (tmp == NULL) + return SKDC_CANT; + *ptr = tmp; + return 0; +} + +int +send_to_kdc(KTEXT pkt, KTEXT rpkt, const char *realm) +{ int i; int no_host; /* was a kerberos host found? */ int retry; int n_hosts; int retval; struct hostent *host; char lrealm[REALM_SZ]; struct krb_host *k_host; struct host *hosts = malloc(sizeof(*hosts)); + const char *proxy = krb_get_config_string (PROXY_VAR); if (hosts == NULL) return SKDC_CANT; + if (client_timeout == -1) { + const char *to; + + client_timeout = CLIENT_KRB_TIMEOUT; + to = krb_get_config_string ("kdc_timeout"); + if (to != NULL) { + int tmp; + char *end; + + tmp = strtol (to, &end, 0); + if (end != to) + client_timeout = tmp; + } + } + /* * If "realm" is non-null, use that, otherwise get the * local realm. */ - if (realm) - strcpy(lrealm, realm); - else + if (realm == NULL) { if (krb_get_lrealm(lrealm,1)) { if (krb_debug) - krb_warning("%s: can't get local realm\n", prog); + krb_warning("send_to_kdc: can't get local realm\n"); return(SKDC_CANT); } + realm = lrealm; + } if (krb_debug) - krb_warning("lrealm is %s\n", lrealm); + krb_warning("lrealm is %s\n", realm); no_host = 1; /* get an initial allocation */ n_hosts = 0; - for (i = 1; (k_host = krb_get_host(i, lrealm, 0)); ++i) { + for (i = 1; + (k_host = krb_get_host(i, realm, krb_use_admin_server_flag)); + ++i) { char *p; + char **addr_list; + int j; + int n_addrs; + struct host *tmp; + if (k_host->proto == PROTO_HTTP && proxy != NULL) { + n_addrs = 1; + no_host = 0; + + retval = expand (&hosts, (n_hosts + n_addrs) * sizeof(*hosts)); + if (retval) + goto rtn; + + memset (&hosts[n_hosts].addr, 0, sizeof(struct sockaddr_in)); + hosts[n_hosts].addr.sin_port = htons(k_host->port); + hosts[n_hosts].proto = k_host->proto; + hosts[n_hosts].hostname = k_host->host; + } else { if (krb_debug) krb_warning("Getting host entry for %s...", k_host->host); host = gethostbyname(k_host->host); if (krb_debug) { krb_warning("%s.\n", host ? "Got it" : "Didn't get it"); } - if (!host) + if (host == NULL) continue; no_host = 0; /* found at least one */ - while ((p = *(host->h_addr_list)++)) { - hosts = realloc(hosts, sizeof(*hosts) * (n_hosts + 1)); - if (hosts == NULL) - return SKDC_CANT; - memset (&hosts[n_hosts].addr, 0, sizeof(hosts[n_hosts].addr)); - hosts[n_hosts].addr.sin_family = host->h_addrtype; - hosts[n_hosts].addr.sin_port = htons(k_host->port); - hosts[n_hosts].proto = k_host->proto; - memcpy(&hosts[n_hosts].addr.sin_addr, p, - sizeof(hosts[n_hosts].addr.sin_addr)); - ++n_hosts; - if (send_recv(pkt, rpkt, hosts[n_hosts-1].proto, - &hosts[n_hosts-1].addr, hosts, n_hosts)) { + + n_addrs = 0; + for (addr_list = host->h_addr_list; + *addr_list != NULL; + ++addr_list) + ++n_addrs; + + retval = expand (&hosts, (n_hosts + n_addrs) * sizeof(*hosts)); + if (retval) + goto rtn; + + for (addr_list = host->h_addr_list, j = 0; + (p = *addr_list) != NULL; + ++addr_list, ++j) { + memset (&hosts[n_hosts + j].addr, 0, + sizeof(struct sockaddr_in)); + hosts[n_hosts + j].addr.sin_family = host->h_addrtype; + hosts[n_hosts + j].addr.sin_port = htons(k_host->port); + hosts[n_hosts + j].proto = k_host->proto; + hosts[n_hosts + j].hostname = k_host->host; + memcpy(&hosts[n_hosts + j].addr.sin_addr, p, + sizeof(struct in_addr)); + } + } + + for (j = 0; j < n_addrs; ++j) { + if (send_recv(pkt, rpkt, &hosts[n_hosts + j])) { retval = KSUCCESS; goto rtn; } if (krb_debug) { krb_warning("Timeout, error, or wrong descriptor\n"); } } + n_hosts += j; } if (no_host) { if (krb_debug) - krb_warning("%s: can't find any Kerberos host.\n", - prog); + krb_warning("send_to_kdc: can't find any Kerberos host.\n"); retval = SKDC_CANT; goto rtn; } /* retry each host in sequence */ for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) { for (i = 0; i < n_hosts; ++i) { - if (send_recv(pkt, rpkt, - hosts[i].proto, - &hosts[i].addr, - hosts, - n_hosts)) { + if (send_recv(pkt, rpkt, &hosts[i])) { retval = KSUCCESS; goto rtn; } } } retval = SKDC_RETRY; rtn: free(hosts); return(retval); } -/* - * try to send out and receive message. - * return 1 on success, 0 on failure - */ +static int +udp_socket(void) +{ + return socket(AF_INET, SOCK_DGRAM, 0); +} static int -send_recv_it(KTEXT pkt, KTEXT rpkt, int stream, int f, - struct sockaddr_in *_to, struct host *addrs, int n_hosts) +udp_connect(int s, struct host *host) { - fd_set readfds; - int numsent; + if(krb_debug) { + krb_warning("connecting to %s (%s) udp, port %d\n", + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); + } + return connect(s, (struct sockaddr*)&host->addr, sizeof(host->addr)); +} - /* CLIENT_KRB_TIMEOUT indicates the time to wait before - * retrying a server. It's defined in "krb.h". - */ - struct timeval timeout; - timeout.tv_sec = CLIENT_KRB_TIMEOUT; - timeout.tv_usec = 0; +static int +udp_send(int s, struct host *host, KTEXT pkt) +{ + if(krb_debug) { + krb_warning("sending %d bytes to %s (%s), udp port %d\n", + pkt->length, + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); + } + return send(s, pkt->dat, pkt->length, 0); +} +static int +tcp_socket(void) +{ + return socket(AF_INET, SOCK_STREAM, 0); +} + +static int +tcp_connect(int s, struct host *host) +{ if (krb_debug) { - if (_to->sin_family == AF_INET) - krb_warning("Sending message to %s...", - inet_ntoa(_to->sin_addr)); - else - krb_warning("Sending message..."); + krb_warning("connecting to %s (%s), tcp port %d\n", + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); } - if(stream){ - unsigned char tmp[4]; - krb_put_int(pkt->length, tmp, 4); - if((numsent = send(f, tmp, 4, 0)) != 4){ + return connect(s, (struct sockaddr*)&host->addr, sizeof(host->addr)); +} + +static int +tcp_send(int s, struct host *host, KTEXT pkt) +{ + unsigned char len[4]; + + if(krb_debug) { + krb_warning("sending %d bytes to %s (%s), tcp port %d\n", + pkt->length, + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); + } + krb_put_int(pkt->length, len, sizeof(len), 4); + if(send(s, len, sizeof(len), 0) != sizeof(len)) + return -1; + return send(s, pkt->dat, pkt->length, 0); + } + +static int +udptcp_recv(void *buf, size_t len, KTEXT rpkt) +{ + int pktlen = min(len, MAX_KTXT_LEN); + if (krb_debug) - krb_warning("sent only %d/%d\n", numsent, 4); + krb_warning("recieved %lu bytes on udp/tcp socket\n", + (unsigned long)len); + memcpy(rpkt->dat, buf, pktlen); + rpkt->length = pktlen; return 0; } + +static int +url_parse(const char *url, char *host, size_t len, short *port) +{ + const char *p; + size_t n; + + if(strncmp(url, "http://", 7)) + return -1; + url += 7; + p = strchr(url, ':'); + if(p) { + char *end; + + *port = htons(strtol(p + 1, &end, 0)); + if (end == p + 1) + return -1; + n = p - url; + } else { + *port = k_getportbyname ("http", "tcp", htons(80)); + p = strchr(url, '/'); + if (p) + n = p - url; + else + n = strlen(url); } - if ((numsent = send(f, pkt->dat, pkt->length, 0)) != pkt->length) { - if (krb_debug) - krb_warning("sent only %d/%d\n",numsent, pkt->length); + if (n >= len) + return -1; + memcpy(host, url, n); + host[n] = '\0'; return 0; } - if (krb_debug) - krb_warning("Sent\nWaiting for reply..."); - FD_ZERO(&readfds); - FD_SET(f, &readfds); - /* select - either recv is ready, or timeout */ - /* see if timeout or error or wrong descriptor */ - if (select(f + 1, &readfds, 0, 0, &timeout) < 1 - || !FD_ISSET(f, &readfds)) { + +static int +http_connect(int s, struct host *host) +{ + const char *proxy = krb_get_config_string(PROXY_VAR); + char proxy_host[MaxHostNameLen]; + short port; + struct hostent *hp; + struct sockaddr_in sin; + + if(proxy == NULL) { if (krb_debug) - krb_warning("select failed: errno = %d", errno); - return 0; + krb_warning("Not using proxy.\n"); + return tcp_connect(s, host); } - if(stream){ - if(krb_net_read(f, rpkt->dat, sizeof(rpkt->dat)) <= 0) - return 0; + if(url_parse(proxy, proxy_host, sizeof(proxy_host), &port) < 0) + return -1; + hp = gethostbyname(proxy_host); + if(hp == NULL) + return -1; + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + memcpy(&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr)); + sin.sin_port = port; + if(krb_debug) { + krb_warning("connecting to proxy on %s (%s) port %d\n", + proxy_host, inet_ntoa(sin.sin_addr), ntohs(port)); + } + return connect(s, (struct sockaddr*)&sin, sizeof(sin)); +} + +static int +http_send(int s, struct host *host, KTEXT pkt) +{ + const char *proxy = krb_get_config_string (PROXY_VAR); + char *str; + char *msg; + + if(base64_encode(pkt->dat, pkt->length, &str) < 0) + return -1; + if(proxy != NULL) { + if(krb_debug) { + krb_warning("sending %d bytes to %s, tcp port %d (via proxy)\n", + pkt->length, + host->hostname, + ntohs(host->addr.sin_port)); + } + asprintf(&msg, "GET http://%s:%d/%s HTTP/1.0\r\n\r\n", + host->hostname, + ntohs(host->addr.sin_port), + str); }else{ - if (recv (f, rpkt->dat, sizeof(rpkt->dat), 0) < 0) { - if (krb_debug) - krb_warning("recvfrom: errno = %d\n", errno); - return 0; + if(krb_debug) { + krb_warning("sending %d bytes to %s (%s), http port %d\n", + pkt->length, + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); } + asprintf(&msg, "GET %s HTTP/1.0\r\n\r\n", str); } - return 1; + free(str); + + if (msg == NULL) + return -1; + + if(send(s, msg, strlen(msg), 0) != strlen(msg)){ + free(msg); + return -1; + } + free(msg); + return 0; } static int -send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *_to, - struct host *addrs, int n_hosts) +http_recv(void *buf, size_t len, KTEXT rpkt) { - int f; - int ret = 0; - if(proto == IPPROTO_UDP) - f = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); - else if(proto == IPPROTO_TCP) - f = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - else{ - krb_warning("Unknown protocol `%d'.\n", proto); + char *p; + char *tmp = malloc(len + 1); + + if (tmp == NULL) + return -1; + memcpy(tmp, buf, len); + tmp[len] = 0; + p = strstr(tmp, "\r\n\r\n"); + if(p == NULL){ + free(tmp); + return -1; + } + p += 4; + if(krb_debug) + krb_warning("recieved %lu bytes on http socket\n", + (unsigned long)((tmp + len) - p)); + if((tmp + len) - p > MAX_KTXT_LEN) { + free(tmp); + return -1; + } + if (strncasecmp (tmp, "HTTP/1.0 2", 10) != 0 + && strncasecmp (tmp, "HTTP/1.1 2", 10) != 0) { + free (tmp); + return -1; + } + memcpy(rpkt->dat, p, (tmp + len) - p); + rpkt->length = (tmp + len) - p; + free(tmp); return 0; } - if(connect(f, (struct sockaddr*)_to, sizeof(*_to)) < 0) - krb_warning("Connecting socket: errno = %d\n", errno); - else - ret = send_recv_it(pkt, rpkt, proto == IPPROTO_TCP, f, - _to, addrs, n_hosts); +static struct proto_descr { + int proto; + int stream_flag; + int (*socket)(void); + int (*connect)(int, struct host *host); + int (*send)(int, struct host *host, KTEXT); + int (*recv)(void*, size_t, KTEXT); +} protos[] = { + { PROTO_UDP, 0, udp_socket, udp_connect, udp_send, udptcp_recv }, + { PROTO_TCP, 1, tcp_socket, tcp_connect, tcp_send, udptcp_recv }, + { PROTO_HTTP, 1, tcp_socket, http_connect, http_send, http_recv } +}; - close(f); - return ret; +static int +send_recv(KTEXT pkt, KTEXT rpkt, struct host *host) +{ + int i; + int s; + unsigned char buf[MAX_KTXT_LEN]; + int offset = 0; + + for(i = 0; i < sizeof(protos) / sizeof(protos[0]); i++){ + if(protos[i].proto == host->proto) + break; + } + if(i == sizeof(protos) / sizeof(protos[0])) + return FALSE; + if((s = (*protos[i].socket)()) < 0) + return FALSE; + if((*protos[i].connect)(s, host) < 0) { + close(s); + return FALSE; + } + if((*protos[i].send)(s, host, pkt) < 0) { + close(s); + return FALSE; } + do{ + fd_set readfds; + struct timeval timeout; + int len; + timeout.tv_sec = client_timeout; + timeout.tv_usec = 0; + FD_ZERO(&readfds); + FD_SET(s, &readfds); + /* select - either recv is ready, or timeout */ + /* see if timeout or error or wrong descriptor */ + if(select(s + 1, &readfds, 0, 0, &timeout) < 1 + || !FD_ISSET(s, &readfds)) { + if (krb_debug) + krb_warning("select failed: errno = %d\n", errno); + close(s); + return FALSE; + } + len = recv(s, buf + offset, sizeof(buf) - offset, 0); + if (len < 0) { + close(s); + return FALSE; + } + if(len == 0) + break; + offset += len; + } while(protos[i].stream_flag); + close(s); + if((*protos[i].recv)(buf, offset, rpkt) < 0) + return FALSE; + return TRUE; +} + +/* The configuration line "hosts: dns files" in /etc/nsswitch.conf is + * rumored to avoid triggering this bug. */ +#if defined(linux) && defined(HAVE__DNS_GETHOSTBYNAME) && 0 +/* Linux libc 5.3 is broken probably somewhere in nsw_hosts.o, + * for now keep this kludge. */ +static +struct hostent *gethostbyname(const char *name) +{ + return (void *)_dns_gethostbyname(name); +} +#endif Index: stable/3/crypto/kerberosIV/lib/krb/sendauth.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/sendauth.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/sendauth.c (revision 62578) @@ -1,163 +1,165 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $"); +RCSID("$Id: sendauth.c,v 1.18 1999/09/16 20:41:55 assar Exp $"); /* * krb_sendauth() transmits a ticket over a file descriptor for a * desired service, instance, and realm, doing mutual authentication * with the server if desired. */ /* * The first argument to krb_sendauth() contains a bitfield of * options (the options are defined in "krb.h"): * * KOPT_DONT_CANON Don't canonicalize instance as a hostname. * (If this option is not chosen, krb_get_phost() * is called to canonicalize it.) * * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. * A ticket must be supplied in the "ticket" * argument. * (If this option is not chosen, and there * is no ticket for the given server in the * ticket cache, one will be fetched using * krb_mk_req() and returned in "ticket".) * * KOPT_DO_MUTUAL Do mutual authentication, requiring that the * receiving server return the checksum+1 encrypted * in the session key. The mutual authentication * is done using krb_mk_priv() on the other side * (see "recvauth.c") and krb_rd_priv() on this * side. * * The "fd" argument is a file descriptor to write to the remote * server on. The "ticket" argument is used to store the new ticket * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is * chosen, the ticket must be supplied in the "ticket" argument. * The "service", "inst", and "realm" arguments identify the ticket. * If "realm" is null, the local realm is used. * * The following arguments are only needed if the KOPT_DO_MUTUAL option * is chosen: * * The "checksum" argument is a number that the server will add 1 to * to authenticate itself back to the client; the "msg_data" argument * holds the returned mutual-authentication message from the server * (i.e., the checksum+1); the "cred" structure is used to hold the * session key of the server, extracted from the ticket file, for use * in decrypting the mutual authentication message from the server; * and "schedule" holds the key schedule for that decryption. The * the local and server addresses are given in "laddr" and "faddr". * * The application protocol version number (of up to KRB_SENDAUTH_VLEN * characters) is passed in "version". * * If all goes well, KSUCCESS is returned, otherwise some error code. * * The format of the message sent to the server is: * * Size Variable Field * ---- -------- ----- * * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol * bytes version number * * KRB_SENDAUTH_VLEN version application protocol * bytes version number * * 4 bytes ticket->length length of ticket * * ticket->length ticket->dat ticket itself */ int krb_sendauth(int32_t options, /* bit-pattern of options */ int fd, /* file descriptor to write onto */ KTEXT ticket, /* where to put ticket (return); or * supplied in case of KOPT_DONT_MK_REQ */ char *service, /* service name, instance, realm */ char *instance, char *realm, u_int32_t checksum, /* checksum to include in request */ MSG_DAT *msg_data, /* mutual auth MSG_DAT (return) */ CREDENTIALS *cred, /* credentials (return) */ struct des_ks_struct *schedule, /* key schedule (return) */ struct sockaddr_in *laddr, /* local address */ struct sockaddr_in *faddr, /* address of foreign host on fd */ char *version) /* version string */ { int ret; KTEXT_ST buf; char realrealm[REALM_SZ]; if (realm == NULL) { ret = krb_get_lrealm (realrealm, 1); if (ret != KSUCCESS) return ret; realm = realrealm; } ret = krb_mk_auth (options, ticket, service, instance, realm, checksum, version, &buf); if (ret != KSUCCESS) return ret; ret = krb_net_write(fd, buf.dat, buf.length); if(ret < 0) return -1; if (options & KOPT_DO_MUTUAL) { char tmp[4]; u_int32_t len; char inst[INST_SZ]; + char *i; ret = krb_net_read (fd, tmp, 4); if (ret < 0) return -1; krb_get_int (tmp, &len, 4, 0); if (len == 0xFFFFFFFF || len > sizeof(buf.dat)) return KFAILURE; buf.length = len; ret = krb_net_read (fd, buf.dat, len); if (ret < 0) return -1; if (options & KOPT_DONT_CANON) - strncpy (inst, instance, sizeof(inst)); + i = instance; else - strncpy (inst, krb_get_phost(instance), sizeof(inst)); + i = krb_get_phost(instance); + strlcpy (inst, i, sizeof(inst)); ret = krb_get_cred (service, inst, realm, cred); if (ret != KSUCCESS) return ret; des_key_sched(&cred->session, schedule); ret = krb_check_auth (&buf, checksum, msg_data, &cred->session, schedule, laddr, faddr); if (ret != KSUCCESS) return ret; } return KSUCCESS; } Index: stable/3/crypto/kerberosIV/lib/krb/sizetest.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/sizetest.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/sizetest.c (revision 62578) @@ -1,41 +1,40 @@ #include "krb_locl.h" -RCSID("$Id: sizetest.c,v 1.5 1996/11/15 18:39:19 bg Exp $"); +RCSID("$Id: sizetest.c,v 1.6 1998/01/01 22:29:04 assar Exp $"); -static -void -err(const char *msg) +static void +fatal(const char *msg) { fputs(msg, stderr); exit(1); } int -main() +main(void) { if (sizeof(u_int8_t) < 1) - err("sizeof(u_int8_t) is smaller than 1 byte\n"); + fatal("sizeof(u_int8_t) is smaller than 1 byte\n"); if (sizeof(u_int16_t) < 2) - err("sizeof(u_int16_t) is smaller than 2 bytes\n"); + fatal("sizeof(u_int16_t) is smaller than 2 bytes\n"); if (sizeof(u_int32_t) < 4) - err("sizeof(u_int32_t) is smaller than 4 bytes\n"); + fatal("sizeof(u_int32_t) is smaller than 4 bytes\n"); if (sizeof(u_int8_t) > 1) fputs("warning: sizeof(u_int8_t) is larger than 1 byte, " "some stuff may not work properly!\n", stderr); { u_int8_t u = 1; int i; for (i = 0; u != 0 && i < 100; i++) u <<= 1; if (i < 8) - err("u_int8_t is smaller than 8 bits\n"); + fatal("u_int8_t is smaller than 8 bits\n"); else if (i > 8) fputs("warning: u_int8_t is larger than 8 bits, " "some stuff may not work properly!\n", stderr); } exit(0); } Index: stable/3/crypto/kerberosIV/lib/krb/str2key.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/str2key.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/str2key.c (revision 62578) @@ -1,103 +1,105 @@ -/* This defines the Andrew string_to_key function. It accepts a password - * string as input and converts its via a one-way encryption algorithm to a DES - * encryption key. It is compatible with the original Andrew authentication - * service password database. +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $"); +RCSID("$Id: str2key.c,v 1.17 1999/12/02 16:58:44 joda Exp $"); -static void -mklower(char *s) -{ - for (; *s; s++) - if ('A' <= *s && *s <= 'Z') - *s = *s - 'A' + 'a'; -} +#define lowcase(c) (('A' <= (c) && (c) <= 'Z') ? ((c) - 'A' + 'a') : (c)) /* - * Short passwords, i.e 8 characters or less. + * The string to key function used by Transarc AFS. */ -static void -afs_cmu_StringToKey (char *str, char *cell, des_cblock *key) +void +afs_string_to_key(const char *pass, const char *cell, des_cblock *key) { - char password[8+1]; /* crypt is limited to 8 chars anyway */ + if (strlen(pass) <= 8) /* Short passwords. */ + { + char buf[8 + 1], *s; int i; - int passlen; - memset (key, 0, sizeof(key)); - memset(password, 0, sizeof(password)); - - strncpy (password, cell, 8); - passlen = strlen (str); - if (passlen > 8) passlen = 8; - - for (i=0; i sizeof(password)) passlen = sizeof(password); + /* + * Concatenate password with cell name, + * then checksum twice to create DES key. + */ + plen = strlen(pass); + clen = strlen(cell); + buf = malloc(plen + clen + 1); + memcpy(buf, pass, plen); + for (t = buf + plen; *cell != 0; t++, cell++) + *t = lowcase(*cell); memcpy(&ivec, "kerberos", 8); - memcpy(&temp_key, "kerberos", 8); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); - des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); + memcpy(key, "kdsbdsns", 8); + des_key_sched(key, sched); + /* Beware, ivec is passed twice */ + des_cbc_cksum((des_cblock *)buf, &ivec, plen + clen, sched, &ivec); - memcpy(&temp_key, &ivec, 8); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); - des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); - + memcpy(key, &ivec, 8); + des_fixup_key_parity(key); + des_key_sched(key, sched); + /* Beware, ivec is passed twice */ + des_cbc_cksum((des_cblock *)buf, key, plen + clen, sched, &ivec); + free(buf); des_fixup_key_parity (key); } - -void -afs_string_to_key(char *str, char *cell, des_cblock *key) -{ - char realm[REALM_SZ+1]; - strncpy(realm, cell, REALM_SZ); - realm[REALM_SZ] = 0; - mklower(realm); - - if (strlen(str) > 8) - afs_transarc_StringToKey (str, realm, key); - else - afs_cmu_StringToKey (str, realm, key); } Index: stable/3/crypto/kerberosIV/lib/krb/tf_util.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/tf_util.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/tf_util.c (revision 62578) @@ -1,645 +1,805 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: tf_util.c,v 1.24 1997/04/20 06:24:32 assar Exp $"); +RCSID("$Id: tf_util.c,v 1.39 1999/12/02 18:03:16 assar Exp $"); #define TOO_BIG -1 #define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before * retry if ticket file is * locked */ #define TF_LCK_RETRY_COUNT (50) /* number of retries */ #ifndef O_BINARY #define O_BINARY 0 #endif +#define MAGIC_TICKET_NAME "magic" +#define MAGIC_TICKET_TIME_DIFF_INST "time-diff" +#define MAGIC_TICKET_ADDR_INST "our-address" + /* * fd must be initialized to something that won't ever occur as a real * file descriptor. Since open(2) returns only non-negative numbers as * valid file descriptors, and tf_init always stuffs the return value * from open in here even if it is an error flag, we must * a. Initialize fd to a negative number, to indicate that it is * not initially valid. * b. When checking for a valid fd, assume that negative values * are invalid (ie. when deciding whether tf_init has been * called.) * c. In tf_close, be sure it gets reinitialized to a negative * number. */ static int fd = -1; static int curpos; /* Position in tfbfr */ static int lastpos; /* End of tfbfr */ static char tfbfr[BUFSIZ]; /* Buffer for ticket data */ static int tf_gets(char *s, int n); static int tf_read(void *s, int n); /* * This file contains routines for manipulating the ticket cache file. * * The ticket file is in the following format: * * principal's name (null-terminated string) * principal's instance (null-terminated string) * CREDENTIAL_1 * CREDENTIAL_2 * ... * CREDENTIAL_n * EOF * * Where "CREDENTIAL_x" consists of the following fixed-length * fields from the CREDENTIALS structure (see "krb.h"): * * char service[ANAME_SZ] * char instance[INST_SZ] * char realm[REALM_SZ] * C_Block session * int lifetime * int kvno * KTEXT_ST ticket_st * u_int32_t issue_date * * Short description of routines: * * tf_init() opens the ticket file and locks it. * * tf_get_pname() returns the principal's name. * * tf_put_pname() writes the principal's name to the ticket file. * * tf_get_pinst() returns the principal's instance (may be null). * * tf_put_pinst() writes the instance. * * tf_get_cred() returns the next CREDENTIALS record. * * tf_save_cred() appends a new CREDENTIAL record to the ticket file. * * tf_close() closes the ticket file and releases the lock. * * tf_gets() returns the next null-terminated string. It's an internal * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). * * tf_read() reads a given number of bytes. It's an internal routine * used by tf_get_cred(). */ /* * tf_init() should be called before the other ticket file routines. * It takes the name of the ticket file to use, "tf_name", and a * read/write flag "rw" as arguments. * * It tries to open the ticket file, checks the mode, and if everything * is okay, locks the file. If it's opened for reading, the lock is * shared. If it's opened for writing, the lock is exclusive. * * Returns KSUCCESS if all went well, otherwise one of the following: * * NO_TKT_FIL - file wasn't there * TKT_FIL_ACC - file was in wrong mode, etc. * TKT_FIL_LCK - couldn't lock the file, even after a retry */ +#ifdef _NO_LOCKING +#undef flock +#define flock(F, M) 0 +#endif + int tf_init(char *tf_name, int rw) { /* Unix implementation */ int wflag; struct stat stat_buf; int i_retry; switch (rw) { case R_TKT_FIL: wflag = 0; break; case W_TKT_FIL: wflag = 1; break; default: if (krb_debug) krb_warning("tf_init: illegal parameter\n"); return TKT_FIL_ACC; } if (lstat(tf_name, &stat_buf) < 0) switch (errno) { case ENOENT: return NO_TKT_FIL; default: return TKT_FIL_ACC; } - /* The old code tried to guess when the calling program was - * running set-uid, this is now removed - the kerberos library - * does not (or shouldn't) know anything about user-ids. - - * All library functions now assume that the right userids are set - * upon entry, therefore there is no need to test permissions like - * before. If the file is openable, just open it. - */ - if(!S_ISREG(stat_buf.st_mode)) return TKT_FIL_ACC; + /* The code tries to guess when the calling program is running + * set-uid and prevent unauthorized access. + * + * All library functions now assume that the right set of userids + * are set upon entry, therefore it's not strictly necessary to + * perform these test for programs adhering to these assumptions. + * + * This doesn't work on cygwin because getuid() returns a different + * uid than the owner of files that are created. + */ +#ifndef __CYGWIN__ + { + uid_t me = getuid(); + if (stat_buf.st_uid != me && me != 0) + return TKT_FIL_ACC; + } +#endif /* * If "wflag" is set, open the ticket file in append-writeonly mode * and lock the ticket file in exclusive mode. If unable to lock * the file, sleep and try again. If we fail again, return with the * proper error message. */ curpos = sizeof(tfbfr); if (wflag) { fd = open(tf_name, O_RDWR | O_BINARY, 0600); if (fd < 0) { return TKT_FIL_ACC; } for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { - if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + if (flock(fd, LOCK_EX | LOCK_NB) < 0) { if (krb_debug) krb_warning("tf_init: retry %d of write lock of `%s'.\n", i_retry, tf_name); sleep (TF_LCK_RETRY); } else { return KSUCCESS; /* all done */ } } close (fd); fd = -1; return TKT_FIL_LCK; } /* * Otherwise "wflag" is not set and the ticket file should be opened * for read-only operations and locked for shared access. */ fd = open(tf_name, O_RDONLY | O_BINARY, 0600); if (fd < 0) { return TKT_FIL_ACC; } for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { - if (k_flock(fd, K_LOCK_SH | K_LOCK_NB) < 0) { + if (flock(fd, LOCK_SH | LOCK_NB) < 0) { if (krb_debug) krb_warning("tf_init: retry %d of read lock of `%s'.\n", i_retry, tf_name); sleep (TF_LCK_RETRY); } else { return KSUCCESS; /* all done */ } } /* failure */ close(fd); fd = -1; return TKT_FIL_LCK; } /* * tf_create() should be called when creating a new ticket file. * The only argument is the name of the ticket file. * After calling this, it should be possible to use other tf_* functions. * * New algoritm for creating ticket file: * 1. try to erase contents of existing file. * 2. try to remove old file. * 3. try to open with O_CREAT and O_EXCL * 4. if this fails, someone has created a file in between 1 and 2 and * we should fail. Otherwise, all is wonderful. */ int tf_create(char *tf_name) { struct stat statbuf; char garbage[BUFSIZ]; fd = open(tf_name, O_RDWR | O_BINARY, 0); if (fd >= 0) { if (fstat (fd, &statbuf) == 0) { int i; for (i = 0; i < statbuf.st_size; i += sizeof(garbage)) write (fd, garbage, sizeof(garbage)); } close (fd); } if (unlink (tf_name) && errno != ENOENT) return TKT_FIL_ACC; fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); if (fd < 0) return TKT_FIL_ACC; - if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + if (flock(fd, LOCK_EX | LOCK_NB) < 0) { sleep(TF_LCK_RETRY); - if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + if (flock(fd, LOCK_EX | LOCK_NB) < 0) { close(fd); fd = -1; return TKT_FIL_LCK; } } return KSUCCESS; } /* * tf_get_pname() reads the principal's name from the ticket file. It * should only be called after tf_init() has been called. The * principal's name is filled into the "p" parameter. If all goes well, * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is * returned. If the name was null, or EOF was encountered, or the name * was longer than ANAME_SZ, TKT_FIL_FMT is returned. */ int tf_get_pname(char *p) { if (fd < 0) { if (krb_debug) krb_warning("tf_get_pname called before tf_init.\n"); return TKT_FIL_INI; } if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */ { if (krb_debug) krb_warning ("tf_get_pname: pname < 2.\n"); return TKT_FIL_FMT; } return KSUCCESS; } /* * tf_put_pname() sets the principal's name in the ticket file. Call * after tf_create(). */ int -tf_put_pname(char *p) +tf_put_pname(const char *p) { unsigned count; if (fd < 0) { if (krb_debug) krb_warning("tf_put_pname called before tf_create.\n"); return TKT_FIL_INI; } count = strlen(p)+1; if (write(fd,p,count) != count) return(KFAILURE); return KSUCCESS; } /* * tf_get_pinst() reads the principal's instance from a ticket file. * It should only be called after tf_init() and tf_get_pname() have been * called. The instance is filled into the "inst" parameter. If all * goes well, KSUCCESS is returned. If tf_init() wasn't called, * TKT_FIL_INI is returned. If EOF was encountered, or the instance * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the * instance may be null. */ int tf_get_pinst(char *inst) { if (fd < 0) { if (krb_debug) krb_warning("tf_get_pinst called before tf_init.\n"); return TKT_FIL_INI; } if (tf_gets(inst, INST_SZ) < 1) { if (krb_debug) krb_warning("tf_get_pinst: inst_sz < 1.\n"); return TKT_FIL_FMT; } return KSUCCESS; } /* * tf_put_pinst writes the principal's instance to the ticket file. * Call after tf_create. */ int -tf_put_pinst(char *inst) +tf_put_pinst(const char *inst) { unsigned count; if (fd < 0) { if (krb_debug) krb_warning("tf_put_pinst called before tf_create.\n"); return TKT_FIL_INI; } count = strlen(inst)+1; if (write(fd,inst,count) != count) return(KFAILURE); return KSUCCESS; } /* * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills * in the given structure "c". It should only be called after tf_init(), * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, * KSUCCESS is returned. Possible error codes are: * * TKT_FIL_INI - tf_init wasn't called first * TKT_FIL_FMT - bad format * EOF - end of file encountered */ -int -tf_get_cred(CREDENTIALS *c) +static int +real_tf_get_cred(CREDENTIALS *c) { KTEXT ticket = &c->ticket_st; /* pointer to ticket */ int k_errno; if (fd < 0) { if (krb_debug) krb_warning ("tf_get_cred called before tf_init.\n"); return TKT_FIL_INI; } if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) switch (k_errno) { case TOO_BIG: if (krb_debug) krb_warning("tf_get_cred: too big service cred.\n"); case 1: /* can't be just a null */ tf_close(); if (krb_debug) krb_warning("tf_get_cred: null service cred.\n"); return TKT_FIL_FMT; case 0: return EOF; } if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1) switch (k_errno) { case TOO_BIG: if (krb_debug) krb_warning ("tf_get_cred: too big instance cred.\n"); return TKT_FIL_FMT; case 0: return EOF; } if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) switch (k_errno) { case TOO_BIG: if (krb_debug) krb_warning ("tf_get_cred: too big realm cred.\n"); case 1: /* can't be just a null */ tf_close(); if (krb_debug) krb_warning ("tf_get_cred: null realm cred.\n"); return TKT_FIL_FMT; case 0: return EOF; } if ( tf_read((c->session), DES_KEY_SZ) < 1 || tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 || tf_read(&(c->kvno), sizeof(c->kvno)) < 1 || tf_read(&(ticket->length), sizeof(ticket->length)) < 1 || /* don't try to read a silly amount into ticket->dat */ ticket->length > MAX_KTXT_LEN || tf_read((ticket->dat), ticket->length) < 1 || tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1 ) { tf_close(); if (krb_debug) krb_warning ("tf_get_cred: failed tf_read.\n"); return TKT_FIL_FMT; } return KSUCCESS; } +int +tf_get_cred(CREDENTIALS *c) +{ + int ret; + int fake; + + do { + fake = 0; + + ret = real_tf_get_cred (c); + if (ret) + return ret; + + if(strcmp(c->service, MAGIC_TICKET_NAME) == 0) { + if(strcmp(c->instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) { + /* we found the magic `time diff' ticket; update the kdc time + differential, and then get the next ticket */ + u_int32_t d; + + krb_get_int(c->ticket_st.dat, &d, 4, 0); + krb_set_kdc_time_diff(d); + fake = 1; + } else if (strcmp(c->instance, MAGIC_TICKET_ADDR_INST) == 0) { + fake = 1; + } + } + } while (fake); + return ret; +} + +int +tf_get_cred_addr(char *realm, size_t realm_sz, struct in_addr *addr) +{ + int ret; + int fake; + CREDENTIALS cred; + + do { + fake = 1; + + ret = real_tf_get_cred (&cred); + if (ret) + return ret; + + if(strcmp(cred.service, MAGIC_TICKET_NAME) == 0) { + if(strcmp(cred.instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) { + /* we found the magic `time diff' ticket; update the kdc time + differential, and then get the next ticket */ + u_int32_t d; + + krb_get_int(cred.ticket_st.dat, &d, 4, 0); + krb_set_kdc_time_diff(d); + } else if (strcmp(cred.instance, MAGIC_TICKET_ADDR_INST) == 0) { + strlcpy(realm, cred.realm, realm_sz); + memcpy (addr, cred.ticket_st.dat, sizeof(*addr)); + fake = 0; + } + } + } while (fake); + return ret; +} + /* * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is * not a valid file descriptor, it just returns. It also clears the * buffer used to read tickets. * * The return value is not defined. */ void tf_close(void) { if (!(fd < 0)) { - k_flock(fd, K_LOCK_UN); + flock(fd, LOCK_UN); close(fd); fd = -1; /* see declaration of fd above */ } memset(tfbfr, 0, sizeof(tfbfr)); } /* * tf_gets() is an internal routine. It takes a string "s" and a count * "n", and reads from the file until either it has read "n" characters, * or until it reads a null byte. When finished, what has been read exists * in "s". If it encounters EOF or an error, it closes the ticket file. * * Possible return values are: * * n the number of bytes read (including null terminator) * when all goes well * * 0 end of file or read error * * TOO_BIG if "count" characters are read and no null is * encountered. This is an indication that the ticket * file is seriously ill. */ static int tf_gets(char *s, int n) { int count; if (fd < 0) { if (krb_debug) krb_warning ("tf_gets called before tf_init.\n"); return TKT_FIL_INI; } for (count = n - 1; count > 0; --count) { if (curpos >= sizeof(tfbfr)) { lastpos = read(fd, tfbfr, sizeof(tfbfr)); curpos = 0; } if (curpos == lastpos) { tf_close(); return 0; } *s = tfbfr[curpos++]; if (*s++ == '\0') return (n - count); } tf_close(); return TOO_BIG; } /* * tf_read() is an internal routine. It takes a string "s" and a count * "n", and reads from the file until "n" bytes have been read. When * finished, what has been read exists in "s". If it encounters EOF or * an error, it closes the ticket file. * * Possible return values are: * * n the number of bytes read when all goes well * * 0 on end of file or read error */ static int tf_read(void *v, int n) { char *s = (char *)v; int count; for (count = n; count > 0; --count) { if (curpos >= sizeof(tfbfr)) { lastpos = read(fd, tfbfr, sizeof(tfbfr)); curpos = 0; } if (curpos == lastpos) { tf_close(); return 0; } *s++ = tfbfr[curpos++]; } return n; } /* * tf_save_cred() appends an incoming ticket to the end of the ticket * file. You must call tf_init() before calling tf_save_cred(). * * The "service", "instance", and "realm" arguments specify the * server's name; "session" contains the session key to be used with * the ticket; "kvno" is the server key version number in which the * ticket is encrypted, "ticket" contains the actual ticket, and * "issue_date" is the time the ticket was requested (local host's time). * * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't * called previously, and KFAILURE for anything else that went wrong. */ int tf_save_cred(char *service, /* Service name */ char *instance, /* Instance */ char *realm, /* Auth domain */ unsigned char *session, /* Session key */ int lifetime, /* Lifetime */ int kvno, /* Key version number */ KTEXT ticket, /* The ticket itself */ u_int32_t issue_date) /* The issue time */ { int count; /* count for write */ if (fd < 0) { /* fd is ticket file as set by tf_init */ if (krb_debug) krb_warning ("tf_save_cred called before tf_init.\n"); return TKT_FIL_INI; } /* Find the end of the ticket file */ lseek(fd, 0L, SEEK_END); /* Write the ticket and associated data */ /* Service */ count = strlen(service) + 1; if (write(fd, service, count) != count) goto bad; /* Instance */ count = strlen(instance) + 1; if (write(fd, instance, count) != count) goto bad; /* Realm */ count = strlen(realm) + 1; if (write(fd, realm, count) != count) goto bad; /* Session key */ if (write(fd, session, 8) != 8) goto bad; /* Lifetime */ if (write(fd, &lifetime, sizeof(int)) != sizeof(int)) goto bad; /* Key vno */ if (write(fd, &kvno, sizeof(int)) != sizeof(int)) goto bad; /* Tkt length */ if (write(fd, &(ticket->length), sizeof(int)) != sizeof(int)) goto bad; /* Ticket */ count = ticket->length; if (write(fd, ticket->dat, count) != count) goto bad; /* Issue date */ if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date)) goto bad; return (KSUCCESS); bad: return (KFAILURE); } int -tf_setup(CREDENTIALS *cred, char *pname, char *pinst) +tf_setup(CREDENTIALS *cred, const char *pname, const char *pinst) { int ret; ret = tf_create(tkt_string()); if (ret != KSUCCESS) return ret; if (tf_put_pname(pname) != KSUCCESS || tf_put_pinst(pinst) != KSUCCESS) { tf_close(); return INTK_ERR; } + if(krb_get_kdc_time_diff() != 0) { + /* Add an extra magic ticket containing the time differential + to the kdc. The first ticket defines which realm we belong + to, but since this ticket gets the same realm as the tgt, + this shouldn't be a problem */ + des_cblock s = { 0, 0, 0, 0, 0, 0, 0, 0 }; + KTEXT_ST t; + int d = krb_get_kdc_time_diff(); + krb_put_int(d, t.dat, sizeof(t.dat), 4); + t.length = 4; + tf_save_cred(MAGIC_TICKET_NAME, MAGIC_TICKET_TIME_DIFF_INST, + cred->realm, s, + cred->lifetime, 0, &t, cred->issue_date); + } ret = tf_save_cred(cred->service, cred->instance, cred->realm, cred->session, cred->lifetime, cred->kvno, &cred->ticket_st, cred->issue_date); tf_close(); return ret; } int in_tkt(char *pname, char *pinst) { int ret; ret = tf_create (tkt_string()); if (ret != KSUCCESS) return ret; if (tf_put_pname(pname) != KSUCCESS || tf_put_pinst(pinst) != KSUCCESS) { tf_close(); return INTK_ERR; } tf_close(); return KSUCCESS; +} + +/* + * If there's a magic ticket with an address for realm `realm' in + * ticket file, return it in `addr'. + * realm == NULL means any realm. + */ + +int +tf_get_addr (const char *realm, struct in_addr *addr) +{ + CREDENTIALS cred; + krb_principal princ; + int ret; + + ret = tf_init (tkt_string (), R_TKT_FIL); + if (ret) + return ret; + + ret = tf_get_pname (princ.name); + if (ret) + goto out; + ret = tf_get_pinst (princ.name); + if (ret) + goto out; + while ((ret = real_tf_get_cred (&cred)) == KSUCCESS) { + if (strcmp (cred.service, MAGIC_TICKET_NAME) == 0 + && strcmp (cred.instance, MAGIC_TICKET_ADDR_INST) == 0 + && (realm == NULL + || strcmp (cred.realm, realm) == 0)) { + memcpy (addr, cred.ticket_st.dat, sizeof(*addr)); + goto out; + } + } + ret = KFAILURE; + +out: + tf_close (); + return ret; +} + +/* + * Store `realm, addr' as a magic ticket. + */ + +int +tf_store_addr (const char *realm, struct in_addr *addr) +{ + CREDENTIALS c; + krb_principal princ; + int ret; + des_cblock s = { 0, 0, 0, 0, 0, 0, 0, 0 }; + KTEXT_ST t; + + ret = tf_init (tkt_string (), W_TKT_FIL); + if (ret) + return ret; + + t.length = sizeof(*addr); + memcpy (t.dat, addr, sizeof(*addr)); + + ret = tf_save_cred (MAGIC_TICKET_NAME, MAGIC_TICKET_ADDR_INST, + (char *)realm, s, 0, /* lifetime */ + 0, /* kvno */ + &t, time(NULL)); + tf_close (); + return ret; } Index: stable/3/crypto/kerberosIV/lib/krb/ticket_memory.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/ticket_memory.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/ticket_memory.c (revision 62578) @@ -1,438 +1,435 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* ticket_memory.c - Storage for tickets in memory * Author: d93-jka@nada.kth.se - June 1996 */ #define WIN32_LEAN_AND_MEAN #include #include "krb_locl.h" #include "ticket_memory.h" -RCSID("$Id: ticket_memory.c,v 1.9 1997/04/20 18:07:36 assar Exp $"); +RCSID("$Id: ticket_memory.c,v 1.15 1999/12/02 16:58:44 joda Exp $"); void msg(char *text, int error); /* Global variables for memory mapping. */ HANDLE SharedMemoryHandle; tktmem *SharedMemory; static int CredIndex = -1; +void PostUpdateMessage(void); + int newTktMem(const char *tf_name) -{ - if(!SharedMemory) { - unsigned int MemorySize = sizeof(tktmem); - unsigned int MemorySizeHi = sizeof(tktmem)>>16; - unsigned int MemorySizeLo = MemorySize&0xFFFF; - SharedMemoryHandle = CreateFileMapping((HANDLE)(int)-1, 0, + if(!SharedMemory){ + SharedMemoryHandle = CreateFileMapping((HANDLE)-1, 0, PAGE_READWRITE, - MemorySizeHi, MemorySizeLo, + sizeof(tktmem) >> 16, + sizeof(tktmem) & 0xffff, "krb_memory"); - if(!SharedMemoryHandle) - { + if(!SharedMemoryHandle){ msg("Could not create shared memory.", GetLastError()); return KFAILURE; } SharedMemory = MapViewOfFile(SharedMemoryHandle, FILE_MAP_WRITE, 0, 0, 0); - if(!SharedMemory) - { + if(!SharedMemory){ msg("Unable to alloc shared memory.", GetLastError()); return KFAILURE; } - if(GetLastError() != ERROR_ALREADY_EXISTS) - { + if(GetLastError() != ERROR_ALREADY_EXISTS) { + memset(SharedMemory, 0, sizeof(*SharedMemory)); if(tf_name) - strcpy(SharedMemory->tmname, tf_name); - SharedMemory->last_cred_no = 0; + strlcpy(SharedMemory->tmname, + tf_name, sizeof(SharedMemory->tmname)); } } - CredIndex = 0; return KSUCCESS; } int freeTktMem(const char *tf_name) { - if(SharedMemory) - { + if(SharedMemory) { UnmapViewOfFile(SharedMemory); CloseHandle(SharedMemoryHandle); } return KSUCCESS; } tktmem * getTktMem(const char *tf_name) { return SharedMemory; } void firstCred(void) { if(getTktMem(0)->last_cred_no > 0) CredIndex = 0; else CredIndex = -1; } int nextCredIndex(void) { const tktmem *mem; int last; mem = getTktMem(0); last = mem->last_cred_no; if(CredIndex >= 0 && CredIndex < last ) return CredIndex++; else return CredIndex = -1; } int currCredIndex(void) { const tktmem *mem; int last; mem = getTktMem(0); last = mem->last_cred_no; if(CredIndex >= 0 && CredIndex < last) return CredIndex; else return CredIndex = -1; } int nextFreeIndex(void) { tktmem *mem = getTktMem(0); if(mem->last_cred_no > CRED_VEC_SZ) return -1; else return mem->last_cred_no++; } /* * in_tkt() is used to initialize the ticket store. It creates the * file to contain the tickets and writes the given user's name "pname" * and instance "pinst" in the file. in_tkt() returns KSUCCESS on * success, or KFAILURE if something goes wrong. */ int in_tkt(char *pname, char *pinst) { /* Here goes code to initialize shared memory, to store tickets in. */ /* Implemented somewhere else. */ return KFAILURE; } /* * dest_tkt() is used to destroy the ticket store upon logout. * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. * Otherwise the function returns RET_OK on success, KFAILURE on * failure. * * The ticket file (TKT_FILE) is defined in "krb.h". */ int dest_tkt(void) { - /* Here goes code to destroy tickets in shared memory. */ - /* Not implemented yet. */ - return KFAILURE; + memset(getTktMem(0), 0, sizeof(tktmem)); + return 0; } /* Short description of routines: * * tf_init() opens the ticket file and locks it. * * tf_get_pname() returns the principal's name. * * tf_put_pname() writes the principal's name to the ticket file. * * tf_get_pinst() returns the principal's instance (may be null). * * tf_put_pinst() writes the instance. * * tf_get_cred() returns the next CREDENTIALS record. * * tf_save_cred() appends a new CREDENTIAL record to the ticket file. * * tf_close() closes the ticket file and releases the lock. * * tf_gets() returns the next null-terminated string. It's an internal * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). * * tf_read() reads a given number of bytes. It's an internal routine * used by tf_get_cred(). */ /* * tf_init() should be called before the other ticket file routines. * It takes the name of the ticket file to use, "tf_name", and a * read/write flag "rw" as arguments. * * Returns KSUCCESS if all went well, otherwise one of the following: * * NO_TKT_FIL - file wasn't there * TKT_FIL_ACC - file was in wrong mode, etc. * TKT_FIL_LCK - couldn't lock the file, even after a retry */ int tf_init(char *tf_name, int rw) { if(!getTktMem(tf_name)) return NO_TKT_FIL; firstCred(); return KSUCCESS; } /* * tf_create() should be called when creating a new ticket file. * The only argument is the name of the ticket file. * After calling this, it should be possible to use other tf_* functions. */ int tf_create(char *tf_name) { if(newTktMem(tf_name) != KSUCCESS) return NO_TKT_FIL; return KSUCCESS; } /* * tf_get_pname() reads the principal's name from the ticket file. It * should only be called after tf_init() has been called. The * principal's name is filled into the "p" parameter. If all goes well, * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is * returned. If the name was null, or EOF was encountered, or the name * was longer than ANAME_SZ, TKT_FIL_FMT is returned. */ int tf_get_pname(char *p) { tktmem *TktStore; if(!(TktStore = getTktMem(0))) return KFAILURE; - if(!TktStore->pname) + if(!TktStore->pname[0]) return KFAILURE; - strcpy(p, TktStore->pname); + strlcpy(p, TktStore->pname, ANAME_SZ); return KSUCCESS; } /* * tf_put_pname() sets the principal's name in the ticket file. Call * after tf_create(). */ int tf_put_pname(char *p) { tktmem *TktStore; if(!(TktStore = getTktMem(0))) return KFAILURE; - if(!TktStore->pname) - return KFAILURE; - strcpy(TktStore->pname, p); + strlcpy(TktStore->pname, p, sizeof(TktStore->pname)); return KSUCCESS; } /* * tf_get_pinst() reads the principal's instance from a ticket file. * It should only be called after tf_init() and tf_get_pname() have been * called. The instance is filled into the "inst" parameter. If all * goes well, KSUCCESS is returned. If tf_init() wasn't called, * TKT_FIL_INI is returned. If EOF was encountered, or the instance * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the * instance may be null. */ int tf_get_pinst(char *inst) { tktmem *TktStore; if(!(TktStore = getTktMem(0))) return KFAILURE; - if(!TktStore->pinst) - return KFAILURE; - strcpy(inst, TktStore->pinst); + strlcpy(inst, TktStore->pinst, INST_SZ); return KSUCCESS; } /* * tf_put_pinst writes the principal's instance to the ticket file. * Call after tf_create. */ int tf_put_pinst(char *inst) { tktmem *TktStore; if(!(TktStore = getTktMem(0))) return KFAILURE; - if(!TktStore->pinst) - return KFAILURE; - strcpy(TktStore->pinst, inst); + strlcpy(TktStore->pinst, inst, sizeof(TktStore->pinst)); return KSUCCESS; } /* * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills * in the given structure "c". It should only be called after tf_init(), * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, * KSUCCESS is returned. Possible error codes are: * * TKT_FIL_INI - tf_init wasn't called first * TKT_FIL_FMT - bad format * EOF - end of file encountered */ int tf_get_cred(CREDENTIALS *c) { int index; CREDENTIALS *cred; tktmem *TktStore; if(!(TktStore = getTktMem(0))) return KFAILURE; + krb_set_kdc_time_diff(TktStore->kdc_diff); if((index = nextCredIndex()) == -1) return EOF; if(!(cred = TktStore->cred_vec+index)) return KFAILURE; if(!c) return KFAILURE; memcpy(c, cred, sizeof(*c)); return KSUCCESS; } /* * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is * not a valid file descriptor, it just returns. It also clears the * buffer used to read tickets. */ void tf_close(void) { } /* * tf_save_cred() appends an incoming ticket to the end of the ticket * file. You must call tf_init() before calling tf_save_cred(). * * The "service", "instance", and "realm" arguments specify the * server's name; "session" contains the session key to be used with * the ticket; "kvno" is the server key version number in which the * ticket is encrypted, "ticket" contains the actual ticket, and * "issue_date" is the time the ticket was requested (local host's time). * * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't * called previously, and KFAILURE for anything else that went wrong. */ int tf_save_cred(char *service, /* Service name */ char *instance, /* Instance */ char *realm, /* Auth domain */ unsigned char *session, /* Session key */ int lifetime, /* Lifetime */ int kvno, /* Key version number */ KTEXT ticket, /* The ticket itself */ u_int32_t issue_date) /* The issue time */ { CREDENTIALS *cred; tktmem *mem = getTktMem(0); int last = nextFreeIndex(); if(last == -1) return KFAILURE; cred = mem->cred_vec+last; - strcpy(cred->service, service); - strcpy(cred->instance, instance); - strcpy(cred->realm, realm); - strcpy(cred->session, session); + strlcpy(cred->service, service, sizeof(cred->service)); + strlcpy(cred->instance, instance, sizeof(cred->instance)); + strlcpy(cred->realm, realm, sizeof(cred->realm)); + memcpy(cred->session, session, sizeof(cred->session)); cred->lifetime = lifetime; cred->kvno = kvno; memcpy(&(cred->ticket_st), ticket, sizeof(*ticket)); cred->issue_date = issue_date; - strcpy(cred->pname, mem->pname); - strcpy(cred->pinst, mem->pinst); + strlcpy(cred->pname, mem->pname, sizeof(cred->pname)); + strlcpy(cred->pinst, mem->pinst, sizeof(cred->pinst)); + PostUpdateMessage(); return KSUCCESS; } +static void +set_time_diff(time_t diff) +{ + tktmem *TktStore = getTktMem(0); + if(TktStore == NULL) + return; + TktStore->kdc_diff = diff; +} + + int tf_setup(CREDENTIALS *cred, char *pname, char *pinst) { int ret; ret = tf_create(tkt_string()); if (ret != KSUCCESS) return ret; if (tf_put_pname(pname) != KSUCCESS || tf_put_pinst(pinst) != KSUCCESS) { tf_close(); return INTK_ERR; } + + set_time_diff(krb_get_kdc_time_diff()); ret = tf_save_cred(cred->service, cred->instance, cred->realm, cred->session, cred->lifetime, cred->kvno, &cred->ticket_st, cred->issue_date); tf_close(); return ret; } Index: stable/3/crypto/kerberosIV/lib/krb/ticket_memory.h =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/ticket_memory.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/ticket_memory.h (revision 62578) @@ -1,69 +1,65 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* ticket_memory.h - Storage for tickets in memory * Author: d93-jka@nada.kth.se - June 1996 */ -/* $Id: ticket_memory.h,v 1.6 1997/04/20 06:25:12 assar Exp $ */ +/* $Id: ticket_memory.h,v 1.8 1999/12/02 16:58:44 joda Exp $ */ #ifndef TICKET_MEMORY_H #define TICKET_MEMORY_H #include "krb_locl.h" #define CRED_VEC_SZ 20 typedef struct _tktmem { char tmname[64]; char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* Principal's instance */ int last_cred_no; CREDENTIALS cred_vec[CRED_VEC_SZ]; + time_t kdc_diff; } tktmem; int newTktMem(const char *tf_name); int freeTktMem(const char *tf_name); tktmem *getTktMem(const char *tf_name); void firstCred(void); int nextCredIndex(void); int currCredIndex(void); int nextFreeIndex(void); #endif /* TICKET_MEMORY_H */ Index: stable/3/crypto/kerberosIV/lib/krb/tkt_string.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/tkt_string.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/tkt_string.c (revision 62578) @@ -1,85 +1,75 @@ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" -RCSID("$Id: tkt_string.c,v 1.10 1997/05/02 14:54:26 assar Exp $"); +RCSID("$Id: tkt_string.c,v 1.15 1999/09/16 20:41:55 assar Exp $"); /* * This routine is used to generate the name of the file that holds * the user's cache of server tickets and associated session keys. * * If it is set, krb_ticket_string contains the ticket file name. * Otherwise, the filename is constructed as follows: * * If it is set, the environment variable "KRBTKFILE" will be used as * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and * the user's uid are concatenated to produce the ticket file name * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket * file name is returned. */ static char krb_ticket_string[MaxPathLen] = ""; -#ifndef HAVE_GETUID -int getuid(void) +char * +tkt_string(void) { - return 27; -} -#endif - -char *tkt_string(void) -{ char *env; if (!*krb_ticket_string) { if ((env = getenv("KRBTKFILE"))) { - strncpy(krb_ticket_string, env, - sizeof(krb_ticket_string)-1); - krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; + strlcpy (krb_ticket_string, + env, + sizeof(krb_ticket_string)); } else { snprintf(krb_ticket_string, sizeof(krb_ticket_string), "%s%u",TKT_ROOT,(unsigned)getuid()); } } return krb_ticket_string; } /* * This routine is used to set the name of the file that holds the user's * cache of server tickets and associated session keys. * * The value passed in is copied into local storage. * * NOTE: This routine should be called during initialization, before other * Kerberos routines are called; otherwise tkt_string() above may be called * and return an undesired ticket file name until this routine is called. */ void -krb_set_tkt_string(char *val) +krb_set_tkt_string(const char *val) { - - strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1); - krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; - - return; + strlcpy (krb_ticket_string, val, sizeof(krb_ticket_string)); } Index: stable/3/crypto/kerberosIV/lib/krb/unparse_name.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/unparse_name.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/unparse_name.c (revision 62578) @@ -1,105 +1,102 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $"); +RCSID("$Id: unparse_name.c,v 1.10 1999/12/02 16:58:44 joda Exp $"); static void quote_string(char *quote, char *from, char *to) { while(*from){ if(strchr(quote, *from)) *to++ = '\\'; *to++ = *from++; } *to = 0; } /* To be compatible with old functions, we quote differently in each part of the principal*/ char * krb_unparse_name_r(krb_principal *pr, char *fullname) { quote_string("'@\\", pr->name, fullname); if(pr->instance[0]){ strcat(fullname, "."); quote_string("@\\", pr->instance, fullname + strlen(fullname)); } if(pr->realm[0]){ strcat(fullname, "@"); quote_string("\\", pr->realm, fullname + strlen(fullname)); } return fullname; } char * krb_unparse_name_long_r(char *name, char *instance, char *realm, char *fullname) { krb_principal pr; + memset(&pr, 0, sizeof(pr)); - strcpy(pr.name, name); + strlcpy(pr.name, name, sizeof(pr.name)); if(instance) - strcpy(pr.instance, instance); + strlcpy(pr.instance, instance, sizeof(pr.instance)); if(realm) - strcpy(pr.realm, realm); + strlcpy(pr.realm, realm, sizeof(pr.realm)); return krb_unparse_name_r(&pr, fullname); } char * krb_unparse_name(krb_principal *pr) { static char principal[MAX_K_NAME_SZ]; krb_unparse_name_r(pr, principal); return principal; } char * krb_unparse_name_long(char *name, char *instance, char *realm) { krb_principal pr; + memset(&pr, 0, sizeof(pr)); - strcpy(pr.name, name); + strlcpy(pr.name, name, sizeof(pr.name)); if(instance) - strcpy(pr.instance, instance); + strlcpy(pr.instance, instance, sizeof(pr.instance)); if(realm) - strcpy(pr.realm, realm); + strlcpy(pr.realm, realm, sizeof(pr.realm)); return krb_unparse_name(&pr); } Index: stable/3/crypto/kerberosIV/lib/krb/verify_user.c =================================================================== --- stable/3/crypto/kerberosIV/lib/krb/verify_user.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/krb/verify_user.c (revision 62578) @@ -1,111 +1,185 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: verify_user.c,v 1.8 1997/04/01 08:18:46 joda Exp $"); +RCSID("$Id: verify_user.c,v 1.17.2.1 1999/12/06 22:57:17 assar Exp $"); -/* Verify user with password. If secure, also verify against local - * service key, this can (usually) only be done by root. +/* + * Verify user (name.instance@realm) with `password'. * + * If secure, also verify against local + * service key (`linstance'.hostname) (or rcmd if linstance == NULL), + * this can (usually) only be done by root. + * + * If secure == KRB_VERIFY_SECURE, fail if there's no key. + * If secure == KRB_VERIFY_SECURE_FAIL, don't fail if there's no such + * key in the srvtab. + * * As a side effect, fresh tickets are obtained. * + * srvtab is where the key is found. + * * Returns zero if ok, a positive kerberos error or -1 for system * errors. */ -int -krb_verify_user(char *name, char *instance, char *realm, char *password, - int secure, char *linstance) +static int +krb_verify_user_srvtab_exact(char *name, + char *instance, + char *realm, + char *password, + int secure, + char *linstance, + char *srvtab) { int ret; + ret = krb_get_pw_in_tkt(name, instance, realm, KRB_TICKET_GRANTING_TICKET, realm, DEFAULT_TKT_LIFE, password); if(ret != KSUCCESS) return ret; - if(secure){ + if(secure == KRB_VERIFY_SECURE || secure == KRB_VERIFY_SECURE_FAIL){ struct hostent *hp; int32_t addr; KTEXT_ST ticket; AUTH_DAT auth; char lrealm[REALM_SZ]; char hostname[MaxHostNameLen]; char *phost; - if (k_gethostname(hostname, sizeof(hostname)) == -1) { + if (gethostname(hostname, sizeof(hostname)) == -1) { dest_tkt(); return -1; } hp = gethostbyname(hostname); if(hp == NULL){ dest_tkt(); return -1; } memcpy(&addr, hp->h_addr, sizeof(addr)); ret = krb_get_lrealm(lrealm, 1); if(ret != KSUCCESS){ dest_tkt(); return ret; } phost = krb_get_phost(hostname); if (linstance == NULL) linstance = "rcmd"; + if(secure == KRB_VERIFY_SECURE_FAIL) { + des_cblock key; + ret = read_service_key(linstance, phost, lrealm, 0, srvtab, &key); + memset(key, 0, sizeof(key)); + if(ret == KFAILURE) + return 0; + } + ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33); if(ret != KSUCCESS){ dest_tkt(); return ret; } - ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, ""); + ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, srvtab); if(ret != KSUCCESS){ dest_tkt(); return ret; } } return 0; } +/* + * Try to verify the user and password against all the local realms. + */ + +int +krb_verify_user_srvtab(char *name, + char *instance, + char *realm, + char *password, + int secure, + char *linstance, + char *srvtab) +{ + int ret; + int n; + char rlm[256]; + + /* First try to verify against the supplied realm. */ + ret = krb_verify_user_srvtab_exact(name, instance, realm, password, + secure, linstance, srvtab); + if (ret == KSUCCESS) + return KSUCCESS; + + /* Verify all local realms, except the supplied realm. */ + for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++) + if (strcmp(rlm, realm) != 0) { + ret = krb_verify_user_srvtab_exact(name, instance, rlm, password, + secure, linstance, srvtab); + if (ret == KSUCCESS) + return KSUCCESS; + } + + return ret; +} + +/* + * Compat function without srvtab. + */ + +int +krb_verify_user(char *name, + char *instance, + char *realm, + char *password, + int secure, + char *linstance) +{ + return krb_verify_user_srvtab (name, + instance, + realm, + password, + secure, + linstance, + (char *)KEYFILE); +} Index: stable/3/crypto/kerberosIV/lib/roken/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/Makefile.in (revision 62578) @@ -1,94 +1,221 @@ # -# $Id: Makefile.in,v 1.34 1997/05/28 05:23:39 assar Exp $ +# $Id: Makefile.in,v 1.73 1999/11/30 19:22:59 bg Exp $ # SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ CPP = @CPP@ AR = ar RANLIB = @RANLIB@ DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ +AWK = @AWK@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ - +EXECSUFFIX = @EXECSUFFIX@ PICFLAGS = # @PICFLAGS@ LIBNAME = $(LIBPREFIX)roken #LIBEXT = @LIBEXT@ Always build archive library and don't install! LIBEXT = a LIBPREFIX = @LIBPREFIX@ SHLIBEXT = @SHLIBEXT@ LDSHARED = @LDSHARED@ LIB = $(LIBNAME).$(LIBEXT) SOURCES = \ - chown.c daemon.c err.c errx.c fchown.c get_window_size.c \ - getcwd.c getdtablesize.c getopt.c getusershell.c \ - hstrerror.c inaddr2str.c inet_aton.c \ - initgroups.c k_getpwnam.c k_getpwuid.c lstat.c \ - memmove.c mini_inetd.c mkstemp.c putenv.c rcmd.c setegid.c \ - setenv.c seteuid.c signal.c snprintf.c \ - strcasecmp.c strdup.c strerror.c strftime.c \ - strlwr.c strnlen.c strtok_r.c strupr.c tm2time.c \ - unsetenv.c verify.c verr.c verrx.c vwarn.c \ - vwarnx.c warn.c warnerr.c warnx.c + base64.c \ + chown.c \ + concat.c \ + copyhostent.c \ + daemon.c \ + emalloc.c \ + erealloc.c \ + estrdup.c \ + eread.c \ + err.c \ + errx.c \ + ewrite.c \ + fchown.c \ + flock.c \ + fnmatch.c \ + freehostent.c \ + get_window_size.c \ + getarg.c \ + getcwd.c \ + get_default_username.c \ + getdtablesize.c \ + gethostname.c \ + getipnodebyaddr.c \ + getipnodebyname.c \ + getopt.c \ + getusershell.c \ + glob.c \ + hstrerror.c \ + inaddr2str.c \ + inet_aton.c \ + inet_ntop.c \ + initgroups.c \ + iruserok.c \ + issuid.c \ + k_getpwnam.c \ + k_getpwuid.c \ + lstat.c \ + memmove.c \ + mini_inetd.c \ + mkstemp.c \ + net_read.c \ + net_write.c \ + parse_time.c \ + parse_units.c \ + print_version.c \ + putenv.c \ + resolve.c \ + rcmd.c \ + roken_gethostby.c \ + readv.c \ + setegid.c \ + setenv.c \ + seteuid.c \ + signal.c \ + simple_exec.c \ + snprintf.c \ + socket.c \ + strcasecmp.c \ + strdup.c \ + strerror.c \ + strftime.c \ + strlcat.c \ + strlcpy.c \ + strlwr.c \ + strncasecmp.c \ + strndup.c \ + strnlen.c \ + strsep.c \ + strtok_r.c \ + strupr.c \ + tm2time.c \ + unsetenv.c \ + verify.c \ + verr.c \ + verrx.c \ + vsyslog.c \ + vwarn.c \ + vwarnx.c \ + warn.c \ + warnerr.c \ + warnx.c -OBJECTS = k_getpwuid.o k_getpwnam.o signal.o tm2time.o \ - verify.o inaddr2str.o mini_inetd.o get_window_size.o \ - warnerr.o snprintf.o @LIBOBJS@ +EXTRA_SOURCES = \ + make-print-version.c -all: $(LIB) +OBJECTS = \ + base64.o \ + concat.o \ + emalloc.o \ + eread.o \ + erealloc.o \ + estrdup.o \ + ewrite.o \ + get_default_username.o \ + get_window_size.o \ + getarg.o \ + inaddr2str.o \ + issuid.o \ + k_getpwnam.o \ + k_getpwuid.o \ + mini_inetd.o \ + net_read.o \ + net_write.o \ + parse_time.o \ + parse_units.o \ + print_version.o \ + resolve.o \ + roken_gethostby.o \ + signal.o \ + simple_exec.o \ + snprintf.o \ + socket.o \ + tm2time.o \ + verify.o \ + warnerr.o \ + @LIBOBJS@ +all: $(LIB) install-roken-h + Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + $(CC) -c $(DEFS) -I. -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $< install: all uninstall: -TAGS: $(SOURCES) - etags $(SOURCES) +TAGS: $(SOURCES) $(EXTRA_SOURCES) + etags $(SOURCES) $(EXTRA_SOURCES) check: clean: - rm -f $(LIB) *.o *.a + rm -f $(LIB) *.o *.a roken.h make-roken$(EXECSUFFIX) make-roken.c \ + make-print-version$(EXECSUFFIX) print_version.h mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - $(LIBNAME).a: $(OBJECTS) rm -f $@ $(AR) cr $@ $(OBJECTS) -$(RANLIB) $@ $(LIBNAME).$(SHLIBEXT): $(OBJECTS) rm -f $@ $(LDSHARED) -o $@ $(OBJECTS) -$(OBJECTS): ../../include/config.h +roken.h: make-roken$(EXECSUFFIX) + @./make-roken > tmp.h ;\ + if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \ + else rm -f roken.h; mv tmp.h roken.h; fi + +make-roken$(EXECSUFFIX): make-roken.o + $(LINK) $(CFLAGS) -o $@ make-roken.o + +make-roken.c: roken.h.in roken.awk + $(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c + +print_version.o: print_version.h + +print_version.h: make-print-version$(EXECSUFFIX) + @./make-print-version$(EXECSUFFIX) print_version.h + +make-print-version$(EXECSUFFIX): make-print-version.o + $(LINK) $(CFLAGS) -o $@ make-print-version.o + +install-roken-h: roken.h + @if [ -f ../../include/roken.h ] && cmp -s ../../include/roken.h roken.h ; \ + then :; else \ + echo " $(INSTALL) roken.h ../../include/roken.h"; \ + $(INSTALL) roken.h ../../include/roken.h; fi + +$(OBJECTS): ../../include/config.h roken.h + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean install-roken-h Index: stable/3/crypto/kerberosIV/lib/roken/chown.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/chown.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/chown.c (revision 62578) @@ -1,50 +1,45 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: chown.c,v 1.2 1997/04/01 08:18:58 joda Exp $"); +RCSID("$Id: chown.c,v 1.3 1999/12/02 16:58:45 joda Exp $"); #endif #include "roken.h" int chown(const char *path, uid_t owner, gid_t group) { return 0; } Index: stable/3/crypto/kerberosIV/lib/roken/daemon.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/daemon.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/daemon.c (revision 62578) @@ -1,89 +1,88 @@ /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)daemon.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ #ifdef HAVE_CONFIG_H #include #endif -RCSID("$Id: daemon.c,v 1.2 1997/05/28 05:38:09 assar Exp $"); +RCSID("$Id: daemon.c,v 1.3 1997/10/04 21:55:48 joda Exp $"); #ifndef HAVE_DAEMON #ifdef HAVE_FCNTL_H #include #endif #ifdef HAVE_PATHS_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "roken.h" int -daemon(nochdir, noclose) - int nochdir, noclose; +daemon(int nochdir, int noclose) { int fd; switch (fork()) { case -1: return (-1); case 0: break; default: _exit(0); } if (setsid() == -1) return (-1); if (!nochdir) - (void)chdir("/"); + chdir("/"); if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { - (void)dup2(fd, STDIN_FILENO); - (void)dup2(fd, STDOUT_FILENO); - (void)dup2(fd, STDERR_FILENO); + dup2(fd, STDIN_FILENO); + dup2(fd, STDOUT_FILENO); + dup2(fd, STDERR_FILENO); if (fd > 2) - (void)close (fd); + close (fd); } return (0); } #endif /* HAVE_DAEMON */ Index: stable/3/crypto/kerberosIV/lib/roken/err.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/err.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/err.c (revision 62578) @@ -1,53 +1,48 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: err.c,v 1.5 1997/03/30 08:05:37 joda Exp $"); +RCSID("$Id: err.c,v 1.6 1999/12/02 16:58:45 joda Exp $"); #endif #include "err.h" void err(int eval, const char *fmt, ...) { va_list ap; va_start(ap, fmt); verr(eval, fmt, ap); va_end(ap); } Index: stable/3/crypto/kerberosIV/lib/roken/err.h =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/err.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/err.h (revision 62578) @@ -1,76 +1,71 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: err.h,v 1.13 1997/05/02 14:29:30 assar Exp $ */ +/* $Id: err.h,v 1.15 1999/12/02 16:58:45 joda Exp $ */ #ifndef __ERR_H__ #define __ERR_H__ #include #include #include #include #include extern const char *__progname; #if !defined(__GNUC__) && !defined(__attribute__) #define __attribute__(x) #endif -void warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap) - __attribute__ ((format (printf, 4, 0))); +void warnerr(int doerrno, const char *fmt, va_list ap) + __attribute__ ((format (printf, 2, 0))); void verr(int eval, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 2, 0))); void err(int eval, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 2, 3))); void verrx(int eval, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 2, 0))); void errx(int eval, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 2, 3))); void vwarn(const char *fmt, va_list ap) __attribute__ ((format (printf, 1, 0))); void warn(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); void vwarnx(const char *fmt, va_list ap) __attribute__ ((format (printf, 1, 0))); void warnx(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); #endif /* __ERR_H__ */ Index: stable/3/crypto/kerberosIV/lib/roken/errx.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/errx.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/errx.c (revision 62578) @@ -1,53 +1,48 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: errx.c,v 1.5 1997/03/30 08:05:38 joda Exp $"); +RCSID("$Id: errx.c,v 1.6 1999/12/02 16:58:45 joda Exp $"); #endif #include "err.h" void errx(int eval, const char *fmt, ...) { va_list ap; va_start(ap, fmt); verrx(eval, fmt, ap); va_end(ap); } Index: stable/3/crypto/kerberosIV/lib/roken/fchown.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/fchown.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/fchown.c (revision 62578) @@ -1,50 +1,45 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: fchown.c,v 1.2 1997/04/01 08:18:58 joda Exp $"); +RCSID("$Id: fchown.c,v 1.3 1999/12/02 16:58:46 joda Exp $"); #endif #include "roken.h" int fchown(int fd, uid_t owner, gid_t group) { return 0; } Index: stable/3/crypto/kerberosIV/lib/roken/get_window_size.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/get_window_size.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/get_window_size.c (revision 62578) @@ -1,96 +1,102 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: get_window_size.c,v 1.4 1997/04/01 08:18:59 joda Exp $"); +RCSID("$Id: get_window_size.c,v 1.9 1999/12/02 16:58:46 joda Exp $"); #endif #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #if 0 /* Where were those needed? /confused */ #ifdef HAVE_SYS_PROC_H #include #endif #ifdef HAVE_SYS_TTY_H #include #endif #endif #ifdef HAVE_TERMIOS_H #include #endif #include int get_window_size(int fd, struct winsize *wp) { + int ret = -1; + + memset(wp, 0, sizeof(*wp)); + #if defined(TIOCGWINSZ) - return ioctl(fd, TIOCGWINSZ, wp); + ret = ioctl(fd, TIOCGWINSZ, wp); #elif defined(TIOCGSIZE) + { struct ttysize ts; - int error; - if ((error = ioctl(0, TIOCGSIZE, &ts)) != 0) - return (error); + ret = ioctl(fd, TIOCGSIZE, &ts); + if(ret == 0) { wp->ws_row = ts.ts_lines; wp->ws_col = ts.ts_cols; - wp->ws_xpixel = 0; - wp->ws_ypixel = 0; - return 0; + } + } #elif defined(HAVE__SCRSIZE) + { int dst[2]; _scrsize(dst); wp->ws_row = dst[1]; wp->ws_col = dst[0]; - wp->ws_xpixel = 0; - wp->ws_ypixel = 0; - return 0; -#else - return -1; + ret = 0; + } #endif + if (ret != 0) { + char *s; + if((s = getenv("COLUMNS"))) + wp->ws_col = atoi(s); + if((s = getenv("LINES"))) + wp->ws_row = atoi(s); + if(wp->ws_col > 0 && wp->ws_row > 0) + ret = 0; + } + return ret; } Index: stable/3/crypto/kerberosIV/lib/roken/getcwd.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/getcwd.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/getcwd.c (revision 62578) @@ -1,59 +1,57 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getcwd.c,v 1.7 1997/04/01 08:19:00 joda Exp $"); +RCSID("$Id: getcwd.c,v 1.12 1999/12/02 16:58:46 joda Exp $"); #endif +#ifdef HAVE_UNISTD_H #include +#endif +#ifdef HAVE_SYS_PARAM_H #include +#endif -#include "protos.h" #include "roken.h" char* getcwd(char *path, size_t size) { char xxx[MaxPathLen]; char *ret; ret = getwd(xxx); if(ret) - strncpy(path, xxx, size); + strlcpy(path, xxx, size); return ret; } Index: stable/3/crypto/kerberosIV/lib/roken/getdtablesize.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/getdtablesize.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/getdtablesize.c (revision 62578) @@ -1,102 +1,101 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getdtablesize.c,v 1.8 1997/04/20 05:51:06 assar Exp $"); +RCSID("$Id: getdtablesize.c,v 1.10 1999/12/02 16:58:46 joda Exp $"); #endif #include "roken.h" +#ifdef HAVE_SYS_TYPES_H #include +#endif #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_PARAM_H #include #endif +#ifdef HAVE_UNISTD_H #include +#endif #ifdef HAVE_SYS_RESOURCE_H #include #endif #ifdef HAVE_SYS_SYSCTL_H #include #endif int getdtablesize(void) { int files = -1; #if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX) files = sysconf(_SC_OPEN_MAX); #else /* !defined(HAVE_SYSCONF) */ #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) struct rlimit res; if (getrlimit(RLIMIT_NOFILE, &res) == 0) files = res.rlim_cur; #else /* !definded(HAVE_GETRLIMIT) */ #if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES) int mib[2]; size_t len; mib[0] = CTL_KERN; mib[1] = KERN_MAXFILES; len = sizeof(files); sysctl(&mib, 2, &files, sizeof(nfil), NULL, 0); #endif /* defined(HAVE_SYSCTL) */ #endif /* !definded(HAVE_GETRLIMIT) */ #endif /* !defined(HAVE_SYSCONF) */ #ifdef OPEN_MAX if (files < 0) files = OPEN_MAX; #endif #ifdef NOFILE if (files < 0) files = NOFILE; #endif return files; } Index: stable/3/crypto/kerberosIV/lib/roken/getopt.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/getopt.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/getopt.c (revision 62578) @@ -1,128 +1,128 @@ /* * Copyright (c) 1987, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)getopt.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ #ifndef __STDC__ #define const #endif #include #include #include /* * get option letter from argument vector */ int opterr = 1, /* if error message should be printed */ optind = 1, /* index into parent argv vector */ optopt, /* character checked for validity */ optreset; /* reset getopt */ char *optarg; /* argument associated with option */ #define BADCH (int)'?' #define BADARG (int)':' #define EMSG "" int getopt(nargc, nargv, ostr) int nargc; char * const *nargv; const char *ostr; { static char *place = EMSG; /* option letter processing */ char *oli; /* option letter list index */ char *p; if (optreset || !*place) { /* update scanning pointer */ optreset = 0; if (optind >= nargc || *(place = nargv[optind]) != '-') { place = EMSG; - return(EOF); + return(-1); } if (place[1] && *++place == '-') { /* found "--" */ ++optind; place = EMSG; - return(EOF); + return(-1); } } /* option letter okay? */ if ((optopt = (int)*place++) == (int)':' || !(oli = strchr(ostr, optopt))) { /* * if the user didn't specify '-' as an option, - * assume it means EOF. + * assume it means -1 (EOF). */ if (optopt == (int)'-') - return(EOF); + return(-1); if (!*place) ++optind; if (opterr && *ostr != ':') { if (!(p = strrchr(*nargv, '/'))) p = *nargv; else ++p; fprintf(stderr, "%s: illegal option -- %c\n", p, optopt); } return(BADCH); } if (*++oli != ':') { /* don't need argument */ optarg = NULL; if (!*place) ++optind; } else { /* need an argument */ if (*place) /* no white space */ optarg = place; else if (nargc <= ++optind) { /* no arg */ place = EMSG; if (!(p = strrchr(*nargv, '/'))) p = *nargv; else ++p; if (*ostr == ':') return(BADARG); if (opterr) fprintf(stderr, "%s: option requires an argument -- %c\n", p, optopt); return(BADCH); } else /* white space */ optarg = nargv[optind]; place = EMSG; ++optind; } return(optopt); /* dump back option letter */ } Index: stable/3/crypto/kerberosIV/lib/roken/hstrerror.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/hstrerror.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/hstrerror.c (revision 62578) @@ -1,87 +1,89 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: hstrerror.c,v 1.17 1997/06/01 03:37:25 assar Exp $"); +RCSID("$Id: hstrerror.c,v 1.22 1999/12/02 16:58:46 joda Exp $"); #endif -#include "roken.h" - #ifndef HAVE_HSTRERROR +#include "roken.h" + #include + +#ifdef HAVE_NETDB_H +#if (defined(SunOS) && (SunOS >= 50)) +#define hstrerror broken_proto +#endif #include +#undef hstrerror +#endif #ifndef HAVE_H_ERRNO int h_errno = -17; /* Some magic number */ #endif #if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR)) static const char *const h_errlist[] = { "Resolver Error 0 (no error)", "Unknown host", /* 1 HOST_NOT_FOUND */ "Host name lookup failure", /* 2 TRY_AGAIN */ "Unknown server error", /* 3 NO_RECOVERY */ "No address associated with name", /* 4 NO_ADDRESS */ }; static const int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] }; #else #ifndef HAVE_H_ERRLIST_DECLARATION extern const char *h_errlist[]; extern int h_nerr; #endif #endif -char * +const char * hstrerror(int herr) { if (0 <= herr && herr < h_nerr) - return (char *) h_errlist[herr]; + return h_errlist[herr]; else if(herr == -17) return "unknown error"; else return "Error number out of range (hstrerror)"; } #endif Index: stable/3/crypto/kerberosIV/lib/roken/inaddr2str.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/inaddr2str.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/inaddr2str.c (revision 62578) @@ -1,88 +1,90 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inaddr2str.c,v 1.6 1997/04/01 08:19:02 joda Exp $"); +RCSID("$Id: inaddr2str.c,v 1.12 1999/12/02 16:58:46 joda Exp $"); #endif #include #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif + #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_NETDB_H #include #endif #include "roken.h" /* * Get a verified name for `addr'. * If unable to find it in the DNS, return x.y.z.a */ void inaddr2str(struct in_addr addr, char *s, size_t len) { struct hostent *h; - char *p; + char **p; - h = gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET); + h = roken_gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET); if (h) { - h = gethostbyname (h->h_name); + h = roken_gethostbyname (h->h_name); if(h) - while ((p = *(h->h_addr_list)++)) - if (memcmp (p, &addr, sizeof(addr)) == 0) { - strncpy (s, h->h_name, len); - s[len - 1] = '\0'; + for(p = h->h_addr_list; + *p; + ++p) + if (memcmp (*p, &addr, sizeof(addr)) == 0) { + strlcpy (s, h->h_name, len); return; } } - strncpy (s, inet_ntoa (addr), len); - s[len - 1] = '\0'; + strlcpy (s, inet_ntoa (addr), len); return; } Index: stable/3/crypto/kerberosIV/lib/roken/inet_aton.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/inet_aton.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/inet_aton.c (revision 62578) @@ -1,68 +1,70 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_aton.c,v 1.10 1997/05/20 19:57:03 bg Exp $"); +RCSID("$Id: inet_aton.c,v 1.12 1999/12/02 16:58:47 joda Exp $"); #endif #include "roken.h" #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif + #ifdef HAVE_NETDB_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif /* Minimal implementation of inet_aton. * Cannot distinguish between failure and a local broadcast address. */ int inet_aton(const char *cp, struct in_addr *addr) { addr->s_addr = inet_addr(cp); return (addr->s_addr == INADDR_NONE) ? 0 : 1; } Index: stable/3/crypto/kerberosIV/lib/roken/initgroups.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/initgroups.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/initgroups.c (revision 62578) @@ -1,50 +1,45 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: initgroups.c,v 1.2 1997/04/01 08:19:03 joda Exp $"); +RCSID("$Id: initgroups.c,v 1.3 1999/12/02 16:58:47 joda Exp $"); #endif #include "roken.h" int initgroups(const char *name, gid_t basegid) { return 0; } Index: stable/3/crypto/kerberosIV/lib/roken/k_getpwnam.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/k_getpwnam.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/k_getpwnam.c (revision 62578) @@ -1,69 +1,64 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: k_getpwnam.c,v 1.6 1997/04/01 08:19:03 joda Exp $"); +RCSID("$Id: k_getpwnam.c,v 1.9 1999/12/02 16:58:47 joda Exp $"); #endif /* HAVE_CONFIG_H */ #include "roken.h" #ifdef HAVE_SHADOW_H #include #endif struct passwd * -k_getpwnam (char *user) +k_getpwnam (const char *user) { struct passwd *p; p = getpwnam (user); -#ifdef HAVE_GETSPNAM +#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD) if(p) { struct spwd *spwd; spwd = getspnam (user); if (spwd) p->pw_passwd = spwd->sp_pwdp; endspent (); } #else endpwent (); #endif return p; } Index: stable/3/crypto/kerberosIV/lib/roken/k_getpwuid.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/k_getpwuid.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/k_getpwuid.c (revision 62578) @@ -1,69 +1,64 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: k_getpwuid.c,v 1.6 1997/04/01 08:19:04 joda Exp $"); +RCSID("$Id: k_getpwuid.c,v 1.9 1999/12/02 16:58:47 joda Exp $"); #endif /* HAVE_CONFIG_H */ #include "roken.h" #ifdef HAVE_SHADOW_H #include #endif struct passwd * k_getpwuid (uid_t uid) { struct passwd *p; p = getpwuid (uid); -#ifdef HAVE_GETSPUID +#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD) if (p) { struct spwd *spwd; - spwd = getspuid (uid); + spwd = getspnam (p->pw_name); if (spwd) p->pw_passwd = spwd->sp_pwdp; endspent (); } #else endpwent (); #endif return p; } Index: stable/3/crypto/kerberosIV/lib/roken/lstat.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/lstat.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/lstat.c (revision 62578) @@ -1,50 +1,45 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: lstat.c,v 1.3 1997/04/01 08:19:04 joda Exp $"); +RCSID("$Id: lstat.c,v 1.4 1999/12/02 16:58:51 joda Exp $"); #endif #include "roken.h" int lstat(const char *path, struct stat *buf) { return stat(path, buf); } Index: stable/3/crypto/kerberosIV/lib/roken/memmove.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/memmove.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/memmove.c (revision 62578) @@ -1,67 +1,64 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: memmove.c,v 1.5 1997/04/01 08:19:05 joda Exp $"); +RCSID("$Id: memmove.c,v 1.7 1999/12/02 16:58:51 joda Exp $"); #endif /* * memmove for systems that doesn't have it */ +#ifdef HAVE_SYS_TYPES_H #include +#endif void* memmove(void *s1, const void *s2, size_t n) { char *s=(char*)s2, *d=(char*)s1; if(d > s){ s+=n-1; d+=n-1; while(n){ *d--=*s--; n--; } }else if(d < s) while(n){ *d++=*s++; n--; } return s1; } Index: stable/3/crypto/kerberosIV/lib/roken/mini_inetd.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/mini_inetd.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/mini_inetd.c (revision 62578) @@ -1,99 +1,194 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: mini_inetd.c,v 1.10 1997/05/02 14:30:07 assar Exp $"); +RCSID("$Id: mini_inetd.c,v 1.18 1999/12/02 16:58:51 joda Exp $"); #endif +#include + #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif +#ifdef HAVE_SYS_TIME_H +#include +#endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif + #include -void -mini_inetd (int port) +static int +listen_v4 (int port) { struct sockaddr_in sa; - int s = socket(AF_INET, SOCK_STREAM, 0); - int s2; - int one = 1; + int s; + + s = socket(AF_INET, SOCK_STREAM, 0); if(s < 0){ + if (errno == ENOSYS) + return -1; perror("socket"); exit(1); } -#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) - if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, - sizeof(one)) < 0){ - perror("setsockopt"); - exit(1); - } -#endif + socket_set_reuseaddr (s, 1); memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_port = port; sa.sin_addr.s_addr = INADDR_ANY; if(bind(s, (struct sockaddr*)&sa, sizeof(sa)) < 0){ perror("bind"); exit(1); } if(listen(s, SOMAXCONN) < 0){ perror("listen"); exit(1); } + return s; +} + +#ifdef HAVE_IPV6 +static int +listen_v6 (int port) +{ + struct sockaddr_in6 sa; + int s; + + s = socket(AF_INET6, SOCK_STREAM, 0); + if(s < 0) { + if (errno == ENOSYS) + return -1; + perror("socket"); + exit(1); + } + socket_set_reuseaddr (s, 1); + memset(&sa, 0, sizeof(sa)); + sa.sin6_family = AF_INET6; + sa.sin6_port = port; + sa.sin6_addr = in6addr_any; + if(bind(s, (struct sockaddr*)&sa, sizeof(sa)) < 0){ + perror("bind"); + exit(1); + } + if(listen(s, SOMAXCONN) < 0){ + perror("listen"); + exit(1); + } + return s; +} +#endif /* HAVE_IPV6 */ + +/* + * accept a connection on `s' and pretend it's served by inetd. + */ + +static void +accept_it (int s) +{ + int s2; + s2 = accept(s, NULL, 0); if(s2 < 0){ perror("accept"); exit(1); } close(s); dup2(s2, STDIN_FILENO); dup2(s2, STDOUT_FILENO); /* dup2(s2, STDERR_FILENO); */ close(s2); +} + +/* + * Listen on `port' emulating inetd. + */ + +void +mini_inetd (int port) +{ + int ret; + int max_fd = -1; + int sock_v4 = -1; + int sock_v6 = -1; + fd_set orig_read_set, read_set; + + FD_ZERO(&orig_read_set); + + sock_v4 = listen_v4 (port); + if (sock_v4 >= 0) { + max_fd = max(max_fd, sock_v4); + FD_SET(sock_v4, &orig_read_set); + } +#ifdef HAVE_IPV6 + sock_v6 = listen_v6 (port); + if (sock_v6 >= 0) { + max_fd = max(max_fd, sock_v6); + FD_SET(sock_v6, &orig_read_set); + } +#endif + + do { + read_set = orig_read_set; + + ret = select (max_fd + 1, &read_set, NULL, NULL, NULL); + if (ret < 0 && ret != EINTR) { + perror ("select"); + exit (1); + } + } while (ret <= 0); + + if (sock_v4 > 0 && FD_ISSET (sock_v4, &read_set)) { + accept_it (sock_v4); + return; + } + if (sock_v6 > 0 && FD_ISSET (sock_v6, &read_set)) { + accept_it (sock_v6); + return; + } + abort (); } Index: stable/3/crypto/kerberosIV/lib/roken/mkstemp.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/mkstemp.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/mkstemp.c (revision 62578) @@ -1,89 +1,84 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include #endif #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #include -RCSID("$Id: mkstemp.c,v 1.2 1997/05/25 02:36:43 joda Exp $"); +RCSID("$Id: mkstemp.c,v 1.3 1999/12/02 16:58:51 joda Exp $"); #ifndef HAVE_MKSTEMP int mkstemp(char *template) { int start, i; pid_t val; val = getpid(); start = strlen(template) - 1; while(template[start] == 'X') { template[start] = '0' + val % 10; val /= 10; start--; } do{ int fd; fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); if(fd >= 0 || errno != EEXIST) return fd; i = start + 1; do{ if(template[i] == 0) return -1; template[i]++; if(template[i] == '9' + 1) template[i] = 'a'; if(template[i] <= 'z') break; template[i] = 'a'; i++; }while(1); }while(1); } #endif Index: stable/3/crypto/kerberosIV/lib/roken/putenv.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/putenv.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/putenv.c (revision 62578) @@ -1,81 +1,76 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: putenv.c,v 1.5 1997/04/01 08:19:06 joda Exp $"); +RCSID("$Id: putenv.c,v 1.6 1999/12/02 16:58:51 joda Exp $"); #endif #include extern char **environ; /* * putenv -- * String points to a string of the form name=value. * * Makes the value of the environment variable name equal to * value by altering an existing variable or creating a new one. */ int putenv(const char *string) { int i; int len; len = string - strchr(string, '=') + 1; if(environ == NULL){ environ = malloc(sizeof(char*)); if(environ == NULL) return 1; environ[0] = NULL; } for(i = 0; environ[i]; i++) if(strncmp(string, environ[i], len)){ environ[len] = string; return 0; } environ = realloc(environ, sizeof(char*) * (i + 1)); if(environ == NULL) return 1; environ[i] = string; environ[i+1] = NULL; return 0; } Index: stable/3/crypto/kerberosIV/lib/roken/rcmd.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/rcmd.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/rcmd.c (revision 62578) @@ -1,57 +1,52 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: rcmd.c,v 1.2 1997/04/01 08:19:06 joda Exp $"); +RCSID("$Id: rcmd.c,v 1.3 1999/12/02 16:58:51 joda Exp $"); #endif #include "roken.h" #include int rcmd(char **ahost, unsigned short inport, const char *locuser, const char *remuser, const char *cmd, int *fd2p) { fprintf(stderr, "Only kerberized services are implemented\n"); return -1; } Index: stable/3/crypto/kerberosIV/lib/roken/roken.def =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/roken.def (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/roken.def (revision 62578) @@ -1,4 +1,17 @@ -LIBRARY roken +LIBRARY roken BASE=0x68f0000 EXPORTS gettimeofday strcasecmp + strtok_r + snprintf + asprintf + vsnprintf + base64_decode + base64_encode + roken_concat + roken_vconcat + roken_vmconcat + roken_mconcat + getuid + dns_free_data + dns_lookup Index: stable/3/crypto/kerberosIV/lib/roken/roken.mak =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/roken.mak (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/roken.mak (revision 62578) @@ -1,278 +1,316 @@ -# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 - +# Microsoft Developer Studio Generated NMAKE File, Based on roken.dsp !IF "$(CFG)" == "" -CFG=roken - Win32 Debug -!MESSAGE No configuration specified. Defaulting to roken - Win32 Debug. +CFG=roken - Win32 Release +!MESSAGE No configuration specified. Defaulting to roken - Win32 Release. !ENDIF !IF "$(CFG)" != "roken - Win32 Release" && "$(CFG)" != "roken - Win32 Debug" !MESSAGE Invalid configuration "$(CFG)" specified. -!MESSAGE You can specify a configuration when running NMAKE on this makefile +!MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE -!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Debug" +!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Release" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE !MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE !ERROR An invalid configuration is specified. !ENDIF !IF "$(OS)" == "Windows_NT" NULL= !ELSE NULL=nul !ENDIF -################################################################################ -# Begin Project -# PROP Target_Last_Scanned "roken - Win32 Debug" -RSC=rc.exe -MTL=mktyplib.exe + CPP=cl.exe +MTL=midl.exe +RSC=rc.exe !IF "$(CFG)" == "roken - Win32 Release" -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Target_Dir "" OUTDIR=.\Release INTDIR=.\Release +# Begin Custom Macros +OutDir=.\.\Release +# End Custom Macros -ALL : ".\Release\roken.dll" +!IF "$(RECURSE)" == "0" +ALL : "$(OUTDIR)\roken.dll" + +!ELSE + +ALL : "$(OUTDIR)\roken.dll" + +!ENDIF + CLEAN : - -@erase ".\Release\gettimeofday.obj" - -@erase ".\Release\roken.dll" - -@erase ".\Release\roken.exp" - -@erase ".\Release\roken.lib" - -@erase ".\Release\strcasecmp.obj" + -@erase "$(INTDIR)\base64.obj" + -@erase "$(INTDIR)\concat.obj" + -@erase "$(INTDIR)\gettimeofday.obj" + -@erase "$(INTDIR)\getuid.obj" + -@erase "$(INTDIR)\resolve.obj" + -@erase "$(INTDIR)\roken.res" + -@erase "$(INTDIR)\snprintf.obj" + -@erase "$(INTDIR)\strcasecmp.obj" + -@erase "$(INTDIR)\strtok_r.obj" + -@erase "$(INTDIR)\vc50.idb" + -@erase "$(OUTDIR)\roken.dll" + -@erase "$(OUTDIR)\roken.exp" + -@erase "$(OUTDIR)\roken.lib" "$(OUTDIR)" : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" -# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c -# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c -CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\ +CPP_PROJ=/nologo /MT /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\ "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D\ - "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/" /c + "HAVE_CONFIG_H" /Fp"$(INTDIR)\roken.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\"\ + /FD /c CPP_OBJS=.\Release/ -CPP_SBRS=.\. -# ADD BASE MTL /nologo /D "NDEBUG" /win32 -# ADD MTL /nologo /D "NDEBUG" /win32 -MTL_PROJ=/nologo /D "NDEBUG" /win32 -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /d "NDEBUG" +CPP_SBRS=. +MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 +RSC_PROJ=/l 0x409 /fo"$(INTDIR)\roken.res" /d "NDEBUG" BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" +BSC32_FLAGS=/nologo /o"$(OUTDIR)\roken.bsc" BSC32_SBRS= \ LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 -# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\ - advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\ - odbccp32.lib /nologo /subsystem:windows /dll /incremental:no\ - /pdb:"$(OUTDIR)/roken.pdb" /machine:I386 /def:".\roken.def"\ - /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" + advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo\ + /base:"0x68e7780" /subsystem:windows /dll /incremental:no\ + /pdb:"$(OUTDIR)\roken.pdb" /machine:I386 /def:".\roken.def"\ + /out:"$(OUTDIR)\roken.dll" /implib:"$(OUTDIR)\roken.lib" DEF_FILE= \ ".\roken.def" LINK32_OBJS= \ - ".\Release\gettimeofday.obj" \ - ".\Release\strcasecmp.obj" + "$(INTDIR)\base64.obj" \ + "$(INTDIR)\concat.obj" \ + "$(INTDIR)\gettimeofday.obj" \ + "$(INTDIR)\getuid.obj" \ + "$(INTDIR)\resolve.obj" \ + "$(INTDIR)\roken.res" \ + "$(INTDIR)\snprintf.obj" \ + "$(INTDIR)\strcasecmp.obj" \ + "$(INTDIR)\strtok_r.obj" -".\Release\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) +"$(OUTDIR)\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) $(LINK32) @<< $(LINK32_FLAGS) $(LINK32_OBJS) << !ELSEIF "$(CFG)" == "roken - Win32 Debug" -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Target_Dir "" OUTDIR=.\Debug INTDIR=.\Debug +# Begin Custom Macros +OutDir=.\.\Debug +# End Custom Macros -ALL : ".\Debug\roken.dll" +!IF "$(RECURSE)" == "0" +ALL : "$(OUTDIR)\roken.dll" + +!ELSE + +ALL : "$(OUTDIR)\roken.dll" + +!ENDIF + CLEAN : - -@erase ".\Debug\gettimeofday.obj" - -@erase ".\Debug\roken.dll" - -@erase ".\Debug\roken.exp" - -@erase ".\Debug\roken.ilk" - -@erase ".\Debug\roken.lib" - -@erase ".\Debug\roken.pdb" - -@erase ".\Debug\strcasecmp.obj" - -@erase ".\Debug\vc40.idb" - -@erase ".\Debug\vc40.pdb" + -@erase "$(INTDIR)\base64.obj" + -@erase "$(INTDIR)\concat.obj" + -@erase "$(INTDIR)\gettimeofday.obj" + -@erase "$(INTDIR)\getuid.obj" + -@erase "$(INTDIR)\resolve.obj" + -@erase "$(INTDIR)\roken.res" + -@erase "$(INTDIR)\snprintf.obj" + -@erase "$(INTDIR)\strcasecmp.obj" + -@erase "$(INTDIR)\strtok_r.obj" + -@erase "$(INTDIR)\vc50.idb" + -@erase "$(INTDIR)\vc50.pdb" + -@erase "$(OUTDIR)\roken.dll" + -@erase "$(OUTDIR)\roken.exp" + -@erase "$(OUTDIR)\roken.ilk" + -@erase "$(OUTDIR)\roken.lib" + -@erase "$(OUTDIR)\roken.pdb" "$(OUTDIR)" : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" -# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c -# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c -CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\ +CPP_PROJ=/nologo /MDd /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\ "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D\ - "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/"\ - /Fd"$(INTDIR)/" /c + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\roken.pch" /YX /Fo"$(INTDIR)\\"\ + /Fd"$(INTDIR)\\" /FD /c CPP_OBJS=.\Debug/ -CPP_SBRS=.\. -# ADD BASE MTL /nologo /D "_DEBUG" /win32 -# ADD MTL /nologo /D "_DEBUG" /win32 -MTL_PROJ=/nologo /D "_DEBUG" /win32 -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /d "_DEBUG" +CPP_SBRS=. +MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 +RSC_PROJ=/l 0x409 /fo"$(INTDIR)\roken.res" /d "_DEBUG" BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" +BSC32_FLAGS=/nologo /o"$(OUTDIR)\roken.bsc" BSC32_SBRS= \ LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 -# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\ - advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\ - odbccp32.lib /nologo /subsystem:windows /dll /incremental:yes\ - /pdb:"$(OUTDIR)/roken.pdb" /debug /machine:I386 /def:".\roken.def"\ - /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" -DEF_FILE= \ - ".\roken.def" + advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo\ + /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)\roken.pdb" /debug\ + /machine:I386 /def:".\roken.def" /out:"$(OUTDIR)\roken.dll"\ + /implib:"$(OUTDIR)\roken.lib" LINK32_OBJS= \ - ".\Debug\gettimeofday.obj" \ - ".\Debug\strcasecmp.obj" + "$(INTDIR)\base64.obj" \ + "$(INTDIR)\concat.obj" \ + "$(INTDIR)\gettimeofday.obj" \ + "$(INTDIR)\getuid.obj" \ + "$(INTDIR)\resolve.obj" \ + "$(INTDIR)\roken.res" \ + "$(INTDIR)\snprintf.obj" \ + "$(INTDIR)\strcasecmp.obj" \ + "$(INTDIR)\strtok_r.obj" -".\Debug\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) +"$(OUTDIR)\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) $(LINK32) @<< $(LINK32_FLAGS) $(LINK32_OBJS) << !ENDIF -.c{$(CPP_OBJS)}.obj: - $(CPP) $(CPP_PROJ) $< +.c{$(CPP_OBJS)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< -.cpp{$(CPP_OBJS)}.obj: - $(CPP) $(CPP_PROJ) $< +.cpp{$(CPP_OBJS)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< -.cxx{$(CPP_OBJS)}.obj: - $(CPP) $(CPP_PROJ) $< +.cxx{$(CPP_OBJS)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< -.c{$(CPP_SBRS)}.sbr: - $(CPP) $(CPP_PROJ) $< +.c{$(CPP_SBRS)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< -.cpp{$(CPP_SBRS)}.sbr: - $(CPP) $(CPP_PROJ) $< +.cpp{$(CPP_SBRS)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< -.cxx{$(CPP_SBRS)}.sbr: - $(CPP) $(CPP_PROJ) $< +.cxx{$(CPP_SBRS)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< -################################################################################ -# Begin Target -# Name "roken - Win32 Release" -# Name "roken - Win32 Debug" +!IF "$(CFG)" == "roken - Win32 Release" || "$(CFG)" == "roken - Win32 Debug" +SOURCE=.\base64.c +DEP_CPP_BASE6=\ + "..\..\include\win32\config.h"\ + ".\base64.h"\ -!IF "$(CFG)" == "roken - Win32 Release" -!ELSEIF "$(CFG)" == "roken - Win32 Debug" +"$(INTDIR)\base64.obj" : $(SOURCE) $(DEP_CPP_BASE6) "$(INTDIR)" -!ENDIF -################################################################################ -# Begin Source File +SOURCE=.\concat.c +DEP_CPP_CONCA=\ + "..\..\include\win32\config.h"\ + "..\..\include\win32\roken.h"\ + ".\err.h"\ + ".\roken-common.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -SOURCE=\TEMP\jimpa3\lib\krb\gettimeofday.c + +"$(INTDIR)\concat.obj" : $(SOURCE) $(DEP_CPP_CONCA) "$(INTDIR)" + + +SOURCE=.\gettimeofday.c DEP_CPP_GETTI=\ - "..\..\include\protos.h"\ - "..\..\include\sys/bitypes.h"\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ - "..\des\des.h"\ - "..\krb\krb.h"\ - "..\krb\krb_locl.h"\ - "..\krb\prot.h"\ - "..\krb\resolve.h"\ - ".\roken.h"\ - {$(INCLUDE)}"\sys\stat.h"\ - {$(INCLUDE)}"\sys\types.h"\ + "..\..\include\win32\roken.h"\ + ".\err.h"\ + ".\roken-common.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -!IF "$(CFG)" == "roken - Win32 Release" +"$(INTDIR)\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)" -".\Release\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)" - $(CPP) $(CPP_PROJ) $(SOURCE) +SOURCE=.\getuid.c +DEP_CPP_GETUI=\ + "..\..\include\win32\config.h"\ + "..\..\include\win32\roken.h"\ + ".\err.h"\ + ".\roken-common.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -!ELSEIF "$(CFG)" == "roken - Win32 Debug" +"$(INTDIR)\getuid.obj" : $(SOURCE) $(DEP_CPP_GETUI) "$(INTDIR)" -".\Debug\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)" - $(CPP) $(CPP_PROJ) $(SOURCE) +SOURCE=.\resolve.c +DEP_CPP_RESOL=\ + "..\..\include\win32\config.h"\ + "..\..\include\win32\roken.h"\ + ".\err.h"\ + ".\resolve.h"\ + ".\roken-common.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -!ENDIF +"$(INTDIR)\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" -# End Source File -################################################################################ -# Begin Source File -SOURCE=.\roken.def +SOURCE=.\snprintf.c +DEP_CPP_SNPRI=\ + "..\..\include\win32\config.h"\ + "..\..\include\win32\roken.h"\ + ".\err.h"\ + ".\roken-common.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -!IF "$(CFG)" == "roken - Win32 Release" -!ELSEIF "$(CFG)" == "roken - Win32 Debug" +"$(INTDIR)\snprintf.obj" : $(SOURCE) $(DEP_CPP_SNPRI) "$(INTDIR)" -!ENDIF -# End Source File -################################################################################ -# Begin Source File - SOURCE=.\strcasecmp.c DEP_CPP_STRCA=\ - "..\..\include\sys/cdefs.h"\ "..\..\include\win32\config.h"\ - {$(INCLUDE)}"\sys\types.h"\ + {$(INCLUDE)}"sys\types.h"\ -!IF "$(CFG)" == "roken - Win32 Release" +"$(INTDIR)\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)" -".\Release\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)" +SOURCE=.\strtok_r.c +DEP_CPP_STRTO=\ + "..\..\include\win32\config.h"\ + "..\..\include\win32\roken.h"\ + ".\err.h"\ + ".\roken-common.h"\ + {$(INCLUDE)}"sys\stat.h"\ + {$(INCLUDE)}"sys\types.h"\ -!ELSEIF "$(CFG)" == "roken - Win32 Debug" +"$(INTDIR)\strtok_r.obj" : $(SOURCE) $(DEP_CPP_STRTO) "$(INTDIR)" -".\Debug\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)" +SOURCE=.\roken.rc +"$(INTDIR)\roken.res" : $(SOURCE) "$(INTDIR)" + $(RSC) $(RSC_PROJ) $(SOURCE) + + !ENDIF -# End Source File -# End Target -# End Project -################################################################################ Index: stable/3/crypto/kerberosIV/lib/roken/setegid.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/setegid.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/setegid.c (revision 62578) @@ -1,60 +1,57 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: setegid.c,v 1.7 1997/04/01 08:19:07 joda Exp $"); +RCSID("$Id: setegid.c,v 1.9 1999/12/02 16:58:52 joda Exp $"); #endif +#ifdef HAVE_UNISTD_H #include +#endif #include "roken.h" int -setegid(int egid) +setegid(gid_t egid) { #ifdef HAVE_SETREGID return setregid(-1, egid); #endif #ifdef HAVE_SETRESGID return setresgid(-1, egid, -1); #endif return -1; } Index: stable/3/crypto/kerberosIV/lib/roken/setenv.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/setenv.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/setenv.c (revision 62578) @@ -1,71 +1,66 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: setenv.c,v 1.8 1997/05/02 14:29:32 assar Exp $"); +RCSID("$Id: setenv.c,v 1.9 1999/12/02 16:58:52 joda Exp $"); #endif #include "roken.h" #include #include /* * This is the easy way out, use putenv to implement setenv. We might * leak some memory but that is ok since we are usally about to exec * anyway. */ int setenv(const char *var, const char *val, int rewrite) { char *t; if (!rewrite && getenv(var) != 0) return 0; asprintf (&t, "%s=%s", var, val); if (t == NULL) return -1; if (putenv(t) == 0) return 0; else return -1; } Index: stable/3/crypto/kerberosIV/lib/roken/seteuid.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/seteuid.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/seteuid.c (revision 62578) @@ -1,60 +1,57 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: seteuid.c,v 1.7 1997/04/01 08:19:08 joda Exp $"); +RCSID("$Id: seteuid.c,v 1.10 1999/12/02 16:58:52 joda Exp $"); #endif +#ifdef HAVE_UNISTD_H #include +#endif #include "roken.h" int -seteuid(int euid) +seteuid(uid_t euid) { #ifdef HAVE_SETREUID return setreuid(-1, euid); #endif #ifdef HAVE_SETRESUID return setresuid(-1, euid, -1); #endif return -1; } Index: stable/3/crypto/kerberosIV/lib/roken/signal.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/signal.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/signal.c (revision 62578) @@ -1,86 +1,81 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: signal.c,v 1.8 1997/04/01 08:19:09 joda Exp $"); +RCSID("$Id: signal.c,v 1.9 1999/12/02 16:58:52 joda Exp $"); #endif #include /* * We would like to always use this signal but there is a link error * on NEXTSTEP */ #ifndef NeXT /* * Bugs: * * Do we need any extra hacks for SIGCLD and/or SIGCHLD? */ typedef RETSIGTYPE (*SigAction)(/* int??? */); SigAction signal(int iSig, SigAction pAction) { struct sigaction saNew, saOld; saNew.sa_handler = pAction; sigemptyset(&saNew.sa_mask); saNew.sa_flags = 0; if (iSig == SIGALRM) { #ifdef SA_INTERRUPT saNew.sa_flags |= SA_INTERRUPT; #endif } else { #ifdef SA_RESTART saNew.sa_flags |= SA_RESTART; #endif } if (sigaction(iSig, &saNew, &saOld) < 0) return(SIG_ERR); return(saOld.sa_handler); } #endif Index: stable/3/crypto/kerberosIV/lib/roken/snprintf.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/snprintf.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/snprintf.c (revision 62578) @@ -1,520 +1,619 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: snprintf.c,v 1.13 1997/05/25 02:00:31 assar Exp $"); +RCSID("$Id: snprintf.c,v 1.24 1999/12/02 16:58:52 joda Exp $"); #endif #include #include #include #include #include #include +enum format_flags { + minus_flag = 1, + plus_flag = 2, + space_flag = 4, + alternate_flag = 8, + zero_flag = 16 +}; + /* * Common state */ struct state { - char *str; - char *s; - char *theend; + unsigned char *str; + unsigned char *s; + unsigned char *theend; size_t sz; size_t max_sz; - int (*append_char)(struct state *, char); + int (*append_char)(struct state *, unsigned char); int (*reserve)(struct state *, size_t); /* XXX - methods */ }; +#ifndef HAVE_VSNPRINTF static int sn_reserve (struct state *state, size_t n) { return state->s + n > state->theend; } static int -sn_append_char (struct state *state, char c) +sn_append_char (struct state *state, unsigned char c) { if (sn_reserve (state, 1)) { - *state->s++ = '\0'; return 1; } else { *state->s++ = c; return 0; } } +#endif static int as_reserve (struct state *state, size_t n) { - while (state->s + n > state->theend) { + if (state->s + n > state->theend) { int off = state->s - state->str; - char *tmp; + unsigned char *tmp; if (state->max_sz && state->sz >= state->max_sz) return 1; + state->sz = max(state->sz * 2, state->sz + n); if (state->max_sz) - state->sz = min(state->max_sz, state->sz*2); - else - state->sz *= 2; + state->sz = min(state->sz, state->max_sz); tmp = realloc (state->str, state->sz); if (tmp == NULL) return 1; state->str = tmp; state->s = state->str + off; state->theend = state->str + state->sz - 1; } return 0; } static int -as_append_char (struct state *state, char c) +as_append_char (struct state *state, unsigned char c) { if(as_reserve (state, 1)) return 1; else { *state->s++ = c; return 0; } } static int append_number (struct state *state, unsigned long num, unsigned base, char *rep, - int width, int zerop, int minusp) + int width, int prec, int flags, int minusp) { - int i, len; + int len = 0; + int i; - len = 0; - if (num == 0) { - ++len; + /* given precision, ignore zero flag */ + if(prec != -1) + flags &= ~zero_flag; + else + prec = 1; + /* zero value with zero precision -> "" */ + if(prec == 0 && num == 0) + return 0; + do{ + if((*state->append_char)(state, rep[num % base])) + return 1; + len++; + num /= base; + }while(num); + prec -= len; + /* pad with prec zeros */ + while(prec-- > 0){ if((*state->append_char) (state, '0')) return 1; + len++; } - while (num > 0) { - ++len; - if ((*state->append_char) (state, rep[num % base])) + /* add length of alternate prefix (added later) to len */ + if(flags & alternate_flag && (base == 16 || base == 8)) + len += base / 8; + /* pad with zeros */ + if(flags & zero_flag){ + width -= len; + if(minusp || (flags & space_flag) || (flags & plus_flag)) + width--; + while(width-- > 0){ + if((*state->append_char)(state, '0')) return 1; - num /= base; + len++; + } } + /* add alternate prefix */ + if(flags & alternate_flag && (base == 16 || base == 8)){ + if(base == 16) + if((*state->append_char)(state, rep[10] + 23)) /* XXX */ + return 1; + if((*state->append_char)(state, '0')) + return 1; + } + /* add sign */ if (minusp) { - ++len; if ((*state->append_char) (state, '-')) return 1; + len++; + } else if(flags & plus_flag) { + if((*state->append_char)(state, '+')) + return 1; + len++; + } else if(flags & space_flag) { + if((*state->append_char)(state, ' ')) + return 1; + len++; } - - for (i = 0; i < len / 2; ++i) { - char c; - - c = state->s[-i-1]; + if(flags & minus_flag) + /* swap before padding with spaces */ + for(i = 0; i < len / 2; i++){ + char c = state->s[-i-1]; state->s[-i-1] = state->s[-len+i]; state->s[-len+i] = c; } - - if (width > len) { - if ((*state->reserve) (state, width - len)) + width -= len; + while(width-- > 0){ + if((*state->append_char)(state, ' ')) return 1; - -#ifdef HAVE_MEMMOVE - memmove (state->s + width - 2 * len, state->s - len, len); -#else - bcopy (state->s - len, state->s + width - 2 * len, len); -#endif - for (i = 0; i < width - len; ++i) - state->s[-len+i] = (zerop ? '0' : ' '); - state->s += width - len; - + len++; } + if(!(flags & minus_flag)) + /* swap after padding with spaces */ + for(i = 0; i < len / 2; i++){ + char c = state->s[-i-1]; + state->s[-i-1] = state->s[-len+i]; + state->s[-len+i] = c; + } + return 0; } static int append_string (struct state *state, - char *arg, - int prec) + unsigned char *arg, + int width, + int prec, + int flags) { - if (prec) { + if(prec != -1) + width -= prec; + else + width -= strlen((char *)arg); + if(!(flags & minus_flag)) + while(width-- > 0) + if((*state->append_char) (state, ' ')) + return 1; + if (prec != -1) { while (*arg && prec--) if ((*state->append_char) (state, *arg++)) return 1; } else { while (*arg) if ((*state->append_char) (state, *arg++)) return 1; } + if(flags & minus_flag) + while(width-- > 0) + if((*state->append_char) (state, ' ')) + return 1; return 0; } +static int +append_char(struct state *state, + unsigned char arg, + int width, + int flags) +{ + while(!(flags & minus_flag) && --width > 0) + if((*state->append_char) (state, ' ')) + return 1; + + if((*state->append_char) (state, arg)) + return 1; + while((flags & minus_flag) && --width > 0) + if((*state->append_char) (state, ' ')) + return 1; + + return 0; +} + /* * This can't be made into a function... */ #define PARSE_INT_FORMAT(res, arg, unsig) \ if (long_flag) \ - res = va_arg(arg, unsig long); \ + res = (unsig long)va_arg(arg, unsig long); \ else if (short_flag) \ - res = va_arg(arg, unsig short); \ + res = (unsig short)va_arg(arg, unsig short); \ else \ - res = va_arg(arg, unsig int) + res = (unsig int)va_arg(arg, unsig int) /* * zyxprintf - return 0 or -1 */ static int -xyzprintf (struct state *state, const char *format, va_list ap) +xyzprintf (struct state *state, const char *char_format, va_list ap) { - char c; + const unsigned char *format = (const unsigned char *)char_format; + unsigned char c; while((c = *format++)) { if (c == '%') { - int zerop = 0; + int flags = 0; int width = 0; - int prec = 0; + int prec = -1; int long_flag = 0; int short_flag = 0; - c = *format++; - /* flags */ - if (c == '0') { - zerop = 1; - c = *format++; + while((c = *format++)){ + if(c == '-') + flags |= minus_flag; + else if(c == '+') + flags |= plus_flag; + else if(c == ' ') + flags |= space_flag; + else if(c == '#') + flags |= alternate_flag; + else if(c == '0') + flags |= zero_flag; + else + break; } + if((flags & space_flag) && (flags & plus_flag)) + flags ^= space_flag; + + if((flags & minus_flag) && (flags & zero_flag)) + flags ^= zero_flag; + /* width */ if (isdigit(c)) do { width = width * 10 + c - '0'; c = *format++; } while(isdigit(c)); else if(c == '*') { width = va_arg(ap, int); c = *format++; } /* precision */ if (c == '.') { + prec = 0; c = *format++; if (isdigit(c)) do { prec = prec * 10 + c - '0'; c = *format++; } while(isdigit(c)); else if (c == '*') { prec = va_arg(ap, int); c = *format++; } } /* size */ if (c == 'h') { short_flag = 1; c = *format++; } else if (c == 'l') { long_flag = 1; c = *format++; } switch (c) { case 'c' : - if ((*state->append_char)(state, (unsigned char)va_arg(ap, int))) + if(append_char(state, va_arg(ap, int), width, flags)) return -1; break; case 's' : if (append_string(state, - va_arg(ap, char*), - prec)) + va_arg(ap, unsigned char*), + width, + prec, + flags)) return -1; break; case 'd' : case 'i' : { long arg; unsigned long num; int minusp = 0; - PARSE_INT_FORMAT(arg, ap, ); + PARSE_INT_FORMAT(arg, ap, signed); if (arg < 0) { minusp = 1; num = -arg; } else num = arg; if (append_number (state, num, 10, "0123456789", - width, zerop, minusp)) + width, prec, flags, minusp)) return -1; break; } case 'u' : { unsigned long arg; PARSE_INT_FORMAT(arg, ap, unsigned); if (append_number (state, arg, 10, "0123456789", - width, zerop, 0)) + width, prec, flags, 0)) return -1; break; } case 'o' : { unsigned long arg; PARSE_INT_FORMAT(arg, ap, unsigned); if (append_number (state, arg, 010, "01234567", - width, zerop, 0)) + width, prec, flags, 0)) return -1; break; } case 'x' : { unsigned long arg; PARSE_INT_FORMAT(arg, ap, unsigned); if (append_number (state, arg, 0x10, "0123456789abcdef", - width, zerop, 0)) + width, prec, flags, 0)) return -1; break; } case 'X' :{ unsigned long arg; PARSE_INT_FORMAT(arg, ap, unsigned); if (append_number (state, arg, 0x10, "0123456789ABCDEF", - width, zerop, 0)) + width, prec, flags, 0)) return -1; break; } case 'p' : { unsigned long arg = (unsigned long)va_arg(ap, void*); if (append_number (state, arg, 0x10, "0123456789ABCDEF", - width, zerop, 0)) + width, prec, flags, 0)) return -1; break; } + case 'n' : { + int *arg = va_arg(ap, int*); + *arg = state->s - state->str; + break; + } + case '\0' : + --format; + /* FALLTHROUGH */ case '%' : if ((*state->append_char)(state, c)) return -1; break; default : if ( (*state->append_char)(state, '%') || (*state->append_char)(state, c)) return -1; break; } } else if ((*state->append_char) (state, c)) return -1; } return 0; } #ifndef HAVE_SNPRINTF int snprintf (char *str, size_t sz, const char *format, ...) { va_list args; int ret; va_start(args, format); ret = vsnprintf (str, sz, format, args); #ifdef PARANOIA { int ret2; char *tmp; tmp = malloc (sz); if (tmp == NULL) abort (); ret2 = vsprintf (tmp, format, args); if (ret != ret2 || strcmp(str, tmp)) abort (); free (tmp); } #endif va_end(args); return ret; } #endif #ifndef HAVE_ASPRINTF int asprintf (char **ret, const char *format, ...) { va_list args; int val; va_start(args, format); val = vasprintf (ret, format, args); #ifdef PARANOIA { int ret2; char *tmp; tmp = malloc (val + 1); if (tmp == NULL) abort (); ret2 = vsprintf (tmp, format, args); if (val != ret2 || strcmp(*ret, tmp)) abort (); free (tmp); } #endif va_end(args); return val; } #endif #ifndef HAVE_ASNPRINTF int asnprintf (char **ret, size_t max_sz, const char *format, ...) { va_list args; int val; va_start(args, format); val = vasnprintf (ret, max_sz, format, args); #ifdef PARANOIA { int ret2; char *tmp; tmp = malloc (val + 1); if (tmp == NULL) abort (); ret2 = vsprintf (tmp, format, args); if (val != ret2 || strcmp(*ret, tmp)) abort (); free (tmp); } #endif va_end(args); return val; } #endif #ifndef HAVE_VASPRINTF int vasprintf (char **ret, const char *format, va_list args) { return vasnprintf (ret, 0, format, args); } #endif #ifndef HAVE_VASNPRINTF int vasnprintf (char **ret, size_t max_sz, const char *format, va_list args) { int st; size_t len; struct state state; state.max_sz = max_sz; - if (max_sz) - state.sz = min(1, max_sz); - else state.sz = 1; state.str = malloc(state.sz); if (state.str == NULL) { *ret = NULL; return -1; } state.s = state.str; state.theend = state.s + state.sz - 1; state.append_char = as_append_char; state.reserve = as_reserve; st = xyzprintf (&state, format, args); if (st) { free (state.str); *ret = NULL; return -1; } else { char *tmp; *state.s = '\0'; len = state.s - state.str; tmp = realloc (state.str, len+1); - if (state.str == NULL) { + if (tmp == NULL) { free (state.str); *ret = NULL; return -1; } *ret = tmp; return len; } } #endif #ifndef HAVE_VSNPRINTF int vsnprintf (char *str, size_t sz, const char *format, va_list args) { struct state state; int ret; + unsigned char *ustr = (unsigned char *)str; state.max_sz = 0; state.sz = sz; - state.str = str; - state.s = str; - state.theend = str + sz - 1; + state.str = ustr; + state.s = ustr; + state.theend = ustr + sz - 1; state.append_char = sn_append_char; state.reserve = sn_reserve; ret = xyzprintf (&state, format, args); *state.s = '\0'; if (ret) return sz; else return state.s - state.str; } #endif Index: stable/3/crypto/kerberosIV/lib/roken/strcasecmp.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/strcasecmp.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/strcasecmp.c (revision 62578) @@ -1,118 +1,58 @@ /* - * Copyright (c) 1987, 1993 - * The Regents of the University of California. All rights reserved. + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strcasecmp.c,v 1.3 1997/04/20 18:04:23 assar Exp $"); +RCSID("$Id: strcasecmp.c,v 1.9 1999/12/02 16:58:52 joda Exp $"); #endif #include -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#include +#include +#include +#include "roken.h" -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93"; -#endif /* LIBC_SCCS and not lint */ +#ifndef HAVE_STRCASECMP -/* - * This array is designed for mapping upper and lower case letter - * together for a case independent comparison. The mappings are - * based upon ascii character sequences. - */ -static const unsigned char charmap[] = { - '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007', - '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017', - '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027', - '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037', - '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047', - '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057', - '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067', - '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077', - '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147', - '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', - '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', - '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137', - '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147', - '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', - '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', - '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177', - '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207', - '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217', - '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227', - '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237', - '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247', - '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257', - '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267', - '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277', - '\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307', - '\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317', - '\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327', - '\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337', - '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347', - '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357', - '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367', - '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377', -}; - int strcasecmp(const char *s1, const char *s2) { - const unsigned char *cm = charmap, - *us1 = (const unsigned char *)s1, - *us2 = (const unsigned char *)s2; - - while (cm[*us1] == cm[*us2++]) - if (*us1++ == '\0') - return (0); - return (cm[*us1] - cm[*--us2]); -} - -int -strncasecmp(const char *s1, const char *s2, size_t n) -{ - if (n != 0) { - const unsigned char *cm = charmap, - *us1 = (const unsigned char *)s1, - *us2 = (const unsigned char *)s2; - - do { - if (cm[*us1] != cm[*us2++]) - return (cm[*us1] - cm[*--us2]); - if (*us1++ == '\0') - break; - } while (--n != 0); + while(toupper(*s1) == toupper(*s2)) { + if(*s1 == '\0') + return 0; + s1++; + s2++; } - return (0); + return toupper(*s1) - toupper(*s2); } + +#endif Index: stable/3/crypto/kerberosIV/lib/roken/strdup.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/strdup.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/strdup.c (revision 62578) @@ -1,55 +1,50 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strdup.c,v 1.9 1997/04/01 08:19:10 joda Exp $"); +RCSID("$Id: strdup.c,v 1.10 1999/12/02 16:58:53 joda Exp $"); #endif #include #include #ifndef HAVE_STRDUP char * strdup(const char *old) { char *t = malloc(strlen(old)+1); if (t != 0) strcpy(t, old); return t; } #endif Index: stable/3/crypto/kerberosIV/lib/roken/strerror.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/strerror.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/strerror.c (revision 62578) @@ -1,62 +1,57 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strerror.c,v 1.8 1997/05/02 14:29:33 assar Exp $"); +RCSID("$Id: strerror.c,v 1.10 1999/12/02 16:58:53 joda Exp $"); #endif #include #include #include extern int sys_nerr; extern char *sys_errlist[]; char* strerror(int eno) { static char emsg[1024]; if(eno < 0 || eno >= sys_nerr) snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno); else - strcpy(emsg, sys_errlist[eno]); + snprintf(emsg, sizeof(emsg), "%s", sys_errlist[eno]); return emsg; } Index: stable/3/crypto/kerberosIV/lib/roken/strftime.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/strftime.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/strftime.c (revision 62578) @@ -1,299 +1,396 @@ /* - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include #endif -#include -#ifdef TIME_WITH_SYS_TIME -#include -#include -#elif defined(HAVE_SYS_TIME_H) -#include -#else -#include -#endif -#define TM_YEAR_BASE 1900 /* from */ -#include +#include "roken.h" -static char *afmt[] = { - "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", +RCSID("$Id: strftime.c,v 1.10 1999/11/13 04:18:33 assar Exp $"); + +static const char *abb_weekdays[] = { + "Sun", + "Mon", + "Tue", + "Wed", + "Thu", + "Fri", + "Sat", }; -static char *Afmt[] = { - "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", + +static const char *full_weekdays[] = { + "Sunday", + "Monday", + "Tuesday", + "Wednesday", + "Thursday", + "Friday", "Saturday", }; -static char *bfmt[] = { - "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", - "Oct", "Nov", "Dec", + +static const char *abb_month[] = { + "Jan", + "Feb", + "Mar", + "Apr", + "May", + "Jun", + "Jul", + "Aug", + "Sep", + "Oct", + "Nov", + "Dec" }; -static char *Bfmt[] = { - "January", "February", "March", "April", "May", "June", "July", - "August", "September", "October", "November", "December", + +static const char *full_month[] = { + "January", + "February", + "Mars", + "April", + "May", + "June", + "July", + "August", + "September", + "October", + "November", + "December" }; -static size_t gsize; -static char *pt; +static const char *ampm[] = { + "AM", + "PM" +}; -static int _add (char *); -static int _conv (int, int, int); -#ifdef HAVE_MKTIME -static int _secs (const struct tm *); -#endif /* HAVE_MKTIME */ -static size_t _fmt (const char *, const struct tm *); +/* + * Convert hour in [0, 24] to [12 1 - 11 12 1 - 11 12] + */ -size_t -strftime(char *s, size_t maxsize, const char *format, const struct tm *t) +static int +hour_24to12 (int hour) { + int ret = hour % 12; - pt = s; - if ((gsize = maxsize) < 1) - return(0); - if (_fmt(format, t)) { - *pt = '\0'; - return(maxsize - gsize); + if (ret == 0) + ret = 12; + return ret; } - return(0); + +/* + * Return AM or PM for `hour' + */ + +static const char * +hour_to_ampm (int hour) +{ + return ampm[hour / 12]; } -static size_t -_fmt(const char *format, const struct tm *t) +/* + * Return the week number of `tm' (Sunday being the first day of the week) + * as [0, 53] + */ + +static int +week_number_sun (const struct tm *tm) { - for (; *format; ++format) { - if (*format == '%') - switch(*++format) { - case '\0': - --format; + return (tm->tm_yday + 7 - (tm->tm_yday % 7 - tm->tm_wday + 7) % 7) / 7; +} + +/* + * Return the week number of `tm' (Monday being the first day of the week) + * as [0, 53] + */ + +static int +week_number_mon (const struct tm *tm) +{ + int wday = (tm->tm_wday + 6) % 7; + + return (tm->tm_yday + 7 - (tm->tm_yday % 7 - wday + 7) % 7) / 7; +} + +/* + * Return the week number of `tm' (Monday being the first day of the + * week) as [01, 53]. Week number one is the one that has four or more + * days in that year. + */ + +static int +week_number_mon4 (const struct tm *tm) +{ + int wday = (tm->tm_wday + 6) % 7; + int w1day = (wday - tm->tm_yday % 7 + 7) % 7; + int ret; + + ret = (tm->tm_yday + w1day) / 7; + if (w1day >= 4) + --ret; + if (ret == -1) + ret = 53; + else + ++ret; + return ret; +} + +/* + * + */ + +size_t +strftime (char *buf, size_t maxsize, const char *format, + const struct tm *tm) +{ + size_t n = 0; + size_t ret; + + while (*format != '\0' && n < maxsize) { + if (*format == '%') { + ++format; + if(*format == 'E' || *format == 'O') + ++format; + switch (*format) { + case 'a' : + ret = snprintf (buf, maxsize - n, + "%s", abb_weekdays[tm->tm_wday]); break; case 'A': - if (t->tm_wday < 0 || t->tm_wday > 6) - return(0); - if (!_add(Afmt[t->tm_wday])) - return(0); - continue; - case 'a': - if (t->tm_wday < 0 || t->tm_wday > 6) - return(0); - if (!_add(afmt[t->tm_wday])) - return(0); - continue; - case 'B': - if (t->tm_mon < 0 || t->tm_mon > 11) - return(0); - if (!_add(Bfmt[t->tm_mon])) - return(0); - continue; - case 'b': + ret = snprintf (buf, maxsize - n, + "%s", full_weekdays[tm->tm_wday]); + break; case 'h': - if (t->tm_mon < 0 || t->tm_mon > 11) - return(0); - if (!_add(bfmt[t->tm_mon])) - return(0); - continue; - case 'C': - if (!_fmt("%a %b %e %H:%M:%S %Y", t)) - return(0); - continue; + case 'b' : + ret = snprintf (buf, maxsize - n, + "%s", abb_month[tm->tm_mon]); + break; + case 'B' : + ret = snprintf (buf, maxsize - n, + "%s", full_month[tm->tm_mon]); + break; case 'c': - if (!_fmt("%m/%d/%y %H:%M:%S", t)) - return(0); - continue; - case 'D': - if (!_fmt("%m/%d/%y", t)) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%d:%02d:%02d %02d:%02d:%02d", + tm->tm_year, + tm->tm_mon + 1, + tm->tm_mday, + tm->tm_hour, + tm->tm_min, + tm->tm_sec); + break; + case 'C' : + ret = snprintf (buf, maxsize - n, + "%02d", (tm->tm_year + 1900) / 100); + break; case 'd': - if (!_conv(t->tm_mday, 2, '0')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%02d", tm->tm_mday); + break; + case 'D' : + ret = snprintf (buf, maxsize - n, + "%02d/%02d/%02d", + tm->tm_mon + 1, + tm->tm_mday, + (tm->tm_year + 1900) % 100); + break; case 'e': - if (!_conv(t->tm_mday, 2, ' ')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%2d", tm->tm_mday); + break; + case 'F': + ret = snprintf (buf, maxsize - n, + "%04d-%02d-%02d", tm->tm_year + 1900, + tm->tm_mon + 1, tm->tm_mday); + break; + case 'g': + /* last two digits of week-based year */ + abort(); + case 'G': + /* week-based year */ + abort(); case 'H': - if (!_conv(t->tm_hour, 2, '0')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%02d", tm->tm_hour); + break; case 'I': - if (!_conv(t->tm_hour % 12 ? - t->tm_hour % 12 : 12, 2, '0')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%02d", + hour_24to12 (tm->tm_hour)); + break; case 'j': - if (!_conv(t->tm_yday + 1, 3, '0')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%03d", tm->tm_yday + 1); + break; case 'k': - if (!_conv(t->tm_hour, 2, ' ')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%2d", tm->tm_hour); + break; case 'l': - if (!_conv(t->tm_hour % 12 ? - t->tm_hour % 12 : 12, 2, ' ')) - return(0); - continue; - case 'M': - if (!_conv(t->tm_min, 2, '0')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%2d", + hour_24to12 (tm->tm_hour)); + break; case 'm': - if (!_conv(t->tm_mon + 1, 2, '0')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%02d", tm->tm_mon + 1); + break; + case 'M' : + ret = snprintf (buf, maxsize - n, + "%02d", tm->tm_min); + break; case 'n': - if (!_add("\n")) - return(0); - continue; + ret = snprintf (buf, maxsize - n, "\n"); + break; case 'p': - if (!_add(t->tm_hour >= 12 ? "PM" : "AM")) - return(0); - continue; - case 'R': - if (!_fmt("%H:%M", t)) - return(0); - continue; + ret = snprintf (buf, maxsize - n, "%s", + hour_to_ampm (tm->tm_hour)); + break; case 'r': - if (!_fmt("%I:%M:%S %p", t)) - return(0); - continue; - case 'S': - if (!_conv(t->tm_sec, 2, '0')) - return(0); - continue; -#ifdef HAVE_MKTIME + ret = snprintf (buf, maxsize - n, + "%02d:%02d:%02d %s", + hour_24to12 (tm->tm_hour), + tm->tm_min, + tm->tm_sec, + hour_to_ampm (tm->tm_hour)); + break; + case 'R' : + ret = snprintf (buf, maxsize - n, + "%02d:%02d", + tm->tm_hour, + tm->tm_min); + case 's': - if (!_secs(t)) - return(0); - continue; -#endif /* HAVE_MKTIME */ + ret = snprintf (buf, maxsize - n, + "%d", (int)mktime((struct tm *)tm)); + break; + case 'S' : + ret = snprintf (buf, maxsize - n, + "%02d", tm->tm_sec); + break; + case 't' : + ret = snprintf (buf, maxsize - n, "\t"); + break; case 'T': case 'X': - if (!_fmt("%H:%M:%S", t)) - return(0); - continue; - case 't': - if (!_add("\t")) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%02d:%02d:%02d", + tm->tm_hour, + tm->tm_min, + tm->tm_sec); + break; + case 'u' : + ret = snprintf (buf, maxsize - n, + "%d", (tm->tm_wday == 0) ? 7 : tm->tm_wday); + break; case 'U': - if (!_conv((t->tm_yday + 7 - t->tm_wday) / 7, - 2, '0')) - return(0); - continue; - case 'W': - if (!_conv((t->tm_yday + 7 - - (t->tm_wday ? (t->tm_wday - 1) : 6)) - / 7, 2, '0')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%02d", week_number_sun (tm)); + break; + case 'V' : + ret = snprintf (buf, maxsize - n, + "%02d", week_number_mon4 (tm)); + break; case 'w': - if (!_conv(t->tm_wday, 1, '0')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%d", tm->tm_wday); + break; + case 'W' : + ret = snprintf (buf, maxsize - n, + "%02d", week_number_mon (tm)); + break; case 'x': - if (!_fmt("%m/%d/%y", t)) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%d:%02d:%02d", + tm->tm_year, + tm->tm_mon + 1, + tm->tm_mday); + break; case 'y': - if (!_conv((t->tm_year + TM_YEAR_BASE) - % 100, 2, '0')) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%02d", (tm->tm_year + 1900) % 100); + break; case 'Y': - if (!_conv(t->tm_year + TM_YEAR_BASE, 4, '0')) - return(0); - continue; -#ifdef notdef + ret = snprintf (buf, maxsize - n, + "%d", tm->tm_year + 1900); + break; + case 'z': + ret = snprintf (buf, maxsize - n, + "%ld", +#if defined(HAVE_STRUCT_TM_TM_GMTOFF) + (long)tm->tm_gmtoff +#elif defined(HAVE_TIMEZONE) + tm->tm_isdst ? + (long)altzone : + (long)timezone +#else +#error Where in timezone chaos are you? +#endif + ); + break; case 'Z': - if (!t->tm_zone || !_add(t->tm_zone)) - return(0); - continue; + ret = snprintf (buf, maxsize - n, + "%s", + +#if defined(HAVE_STRUCT_TM_TM_ZONE) + tm->tm_zone +#elif defined(HAVE_TIMEZONE) + tzname[tm->tm_isdst] +#else +#error what? #endif + ); + break; + case '\0' : + --format; + /* FALLTHROUGH */ case '%': - /* - * X311J/88-090 (4.12.3.5): if conversion char is - * undefined, behavior is undefined. Print out the - * character itself as printf(3) does. - */ + ret = snprintf (buf, maxsize - n, + "%%"); + break; default: + ret = snprintf (buf, maxsize - n, + "%%%c", *format); break; - } - if (!gsize--) - return(0); - *pt++ = *format; - } - return(gsize); } - -#ifdef HAVE_MKTIME -static int -_secs(const struct tm *t) -{ - static char buf[15]; - time_t s; - char *p; - struct tm tmp; - - /* Make a copy, mktime(3) modifies the tm struct. */ - tmp = *t; - s = mktime(&tmp); - for (p = buf + sizeof(buf) - 2; s > 0 && p > buf; s /= 10) - *p-- = s % 10 + '0'; - return(_add(++p)); + if (ret >= maxsize - n) + return 0; + n += ret; + buf += ret; + ++format; + } else { + *buf++ = *format++; + ++n; } -#endif /* HAVE_MKTIME */ - -static int -_conv(int n, int digits, int pad) -{ - static char buf[10]; - char *p; - - for (p = buf + sizeof(buf) - 2; n > 0 && p > buf; n /= 10, --digits) - *p-- = n % 10 + '0'; - while (p > buf && digits-- > 0) - *p-- = pad; - return(_add(++p)); -} - -static int -_add(str) - char *str; -{ - for (;; ++pt, --gsize) { - if (!gsize) - return(0); - if (!(*pt = *str++)) - return(1); } + *buf++ = '\0'; + return n; } Index: stable/3/crypto/kerberosIV/lib/roken/strlwr.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/strlwr.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/strlwr.c (revision 62578) @@ -1,58 +1,53 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strlwr.c,v 1.3 1997/04/01 08:19:11 joda Exp $"); +RCSID("$Id: strlwr.c,v 1.4 1999/12/02 16:58:53 joda Exp $"); #endif #include #include #include #ifndef HAVE_STRLWR char * strlwr(char *str) { char *s; for(s = str; *s; s++) *s = tolower(*s); return str; } #endif Index: stable/3/crypto/kerberosIV/lib/roken/strnlen.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/strnlen.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/strnlen.c (revision 62578) @@ -1,53 +1,49 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strnlen.c,v 1.5 1997/04/01 08:19:11 joda Exp $"); +RCSID("$Id: strnlen.c,v 1.7 1999/12/02 16:58:53 joda Exp $"); #endif #include "roken.h" -int -strnlen(char *s, int len) +size_t +strnlen(const char *s, size_t len) { - int i; + size_t i; + for(i = 0; i < len && s[i]; i++) ; return i; } Index: stable/3/crypto/kerberosIV/lib/roken/strtok_r.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/strtok_r.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/strtok_r.c (revision 62578) @@ -1,70 +1,65 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strtok_r.c,v 1.4 1997/05/19 03:05:47 assar Exp $"); +RCSID("$Id: strtok_r.c,v 1.5 1999/12/02 16:58:53 joda Exp $"); #endif #include #include "roken.h" #ifndef HAVE_STRTOK_R char * strtok_r(char *s1, const char *s2, char **lasts) { char *ret; if (s1 == NULL) s1 = *lasts; while(*s1 && strchr(s2, *s1)) ++s1; if(*s1 == '\0') return NULL; ret = s1; while(*s1 && !strchr(s2, *s1)) ++s1; if(*s1) *s1++ = '\0'; *lasts = s1; return ret; } #endif /* HAVE_STRTOK_R */ Index: stable/3/crypto/kerberosIV/lib/roken/strupr.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/strupr.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/strupr.c (revision 62578) @@ -1,58 +1,53 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strupr.c,v 1.3 1997/04/01 08:19:13 joda Exp $"); +RCSID("$Id: strupr.c,v 1.4 1999/12/02 16:58:53 joda Exp $"); #endif #include #include #include #ifndef HAVE_STRUPR char * strupr(char *str) { char *s; for(s = str; *s; s++) *s = toupper(*s); return str; } #endif Index: stable/3/crypto/kerberosIV/lib/roken/tm2time.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/tm2time.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/tm2time.c (revision 62578) @@ -1,66 +1,61 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: tm2time.c,v 1.6 1997/04/20 05:51:30 assar Exp $"); +RCSID("$Id: tm2time.c,v 1.7 1999/12/02 16:58:53 joda Exp $"); #endif #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #include "roken.h" time_t tm2time (struct tm tm, int local) { time_t t; tm.tm_isdst = -1; t = mktime (&tm); if (!local) t += t - mktime (gmtime (&t)); return t; } Index: stable/3/crypto/kerberosIV/lib/roken/unsetenv.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/unsetenv.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/unsetenv.c (revision 62578) @@ -1,75 +1,70 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: unsetenv.c,v 1.6 1997/04/01 08:19:14 joda Exp $"); +RCSID("$Id: unsetenv.c,v 1.7 1999/12/02 16:58:53 joda Exp $"); #endif #include #include #include "roken.h" extern char **environ; /* * unsetenv -- */ void unsetenv(const char *name) { int len; const char *np; char **p; if (name == 0 || environ == 0) return; for (np = name; *np && *np != '='; np++) /* nop */; len = np - name; for (p = environ; *p != 0; p++) if (strncmp(*p, name, len) == 0 && (*p)[len] == '=') break; for (; *p != 0; p++) *p = *(p + 1); } Index: stable/3/crypto/kerberosIV/lib/roken/verify.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/verify.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/verify.c (revision 62578) @@ -1,67 +1,62 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: verify.c,v 1.12 1997/04/01 08:19:15 joda Exp $"); +RCSID("$Id: verify.c,v 1.13 1999/12/02 16:58:53 joda Exp $"); #endif #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_CRYPT_H #include #endif #include "roken.h" int unix_verify_user(char *user, char *password) { struct passwd *pw; pw = k_getpwnam(user); if(pw == NULL) return -1; if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0) return 0; if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0) return 0; return -1; } Index: stable/3/crypto/kerberosIV/lib/roken/verr.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/verr.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/verr.c (revision 62578) @@ -1,50 +1,46 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: verr.c,v 1.6 1997/03/30 08:05:38 joda Exp $"); +RCSID("$Id: verr.c,v 1.8 1999/12/02 16:58:53 joda Exp $"); #endif #include "err.h" void verr(int eval, const char *fmt, va_list ap) { - warnerr(1, eval, 1, fmt, ap); + warnerr(1, fmt, ap); + exit(eval); } Index: stable/3/crypto/kerberosIV/lib/roken/verrx.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/verrx.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/verrx.c (revision 62578) @@ -1,50 +1,46 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: verrx.c,v 1.6 1997/03/30 08:05:39 joda Exp $"); +RCSID("$Id: verrx.c,v 1.8 1999/12/02 16:58:53 joda Exp $"); #endif #include "err.h" void verrx(int eval, const char *fmt, va_list ap) { - warnerr(1, eval, 0, fmt, ap); + warnerr(0, fmt, ap); + exit(eval); } Index: stable/3/crypto/kerberosIV/lib/roken/vwarn.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/vwarn.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/vwarn.c (revision 62578) @@ -1,50 +1,45 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: vwarn.c,v 1.6 1997/03/30 08:05:39 joda Exp $"); +RCSID("$Id: vwarn.c,v 1.8 1999/12/02 16:58:54 joda Exp $"); #endif #include "err.h" void vwarn(const char *fmt, va_list ap) { - warnerr(0, 0, 1, fmt, ap); + warnerr(1, fmt, ap); } Index: stable/3/crypto/kerberosIV/lib/roken/vwarnx.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/vwarnx.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/vwarnx.c (revision 62578) @@ -1,51 +1,46 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: vwarnx.c,v 1.6 1997/03/30 08:05:40 joda Exp $"); +RCSID("$Id: vwarnx.c,v 1.8 1999/12/02 16:58:54 joda Exp $"); #endif #include "err.h" void vwarnx(const char *fmt, va_list ap) { - warnerr(0, 0, 0, fmt, ap); + warnerr(0, fmt, ap); } Index: stable/3/crypto/kerberosIV/lib/roken/warn.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/warn.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/warn.c (revision 62578) @@ -1,53 +1,48 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: warn.c,v 1.5 1997/03/30 08:05:40 joda Exp $"); +RCSID("$Id: warn.c,v 1.6 1999/12/02 16:58:54 joda Exp $"); #endif #include "err.h" void warn(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vwarn(fmt, ap); va_end(ap); } Index: stable/3/crypto/kerberosIV/lib/roken/warnerr.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/warnerr.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/warnerr.c (revision 62578) @@ -1,86 +1,79 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: warnerr.c,v 1.6 1997/04/02 14:59:54 bg Exp $"); +RCSID("$Id: warnerr.c,v 1.8 1999/12/02 16:58:54 joda Exp $"); #endif #include "roken.h" #include "err.h" #ifndef HAVE___PROGNAME const char *__progname; #endif void set_progname(char *argv0) { #ifndef HAVE___PROGNAME char *p; if(argv0 == NULL) return; p = strrchr(argv0, '/'); if(p == NULL) p = argv0; else p++; __progname = p; #endif } void -warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap) +warnerr(int doerrno, const char *fmt, va_list ap) { int sverrno = errno; if(__progname != NULL){ fprintf(stderr, "%s", __progname); if(fmt != NULL || doerrno) fprintf(stderr, ": "); } if (fmt != NULL){ vfprintf(stderr, fmt, ap); if(doerrno) fprintf(stderr, ": "); } if(doerrno) fprintf(stderr, "%s", strerror(sverrno)); fprintf(stderr, "\n"); - if(doexit) - exit(eval); } Index: stable/3/crypto/kerberosIV/lib/roken/warnx.c =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/warnx.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/warnx.c (revision 62578) @@ -1,53 +1,48 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: warnx.c,v 1.5 1997/03/30 08:05:41 joda Exp $"); +RCSID("$Id: warnx.c,v 1.6 1999/12/02 16:58:54 joda Exp $"); #endif #include "err.h" void warnx(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vwarnx(fmt, ap); va_end(ap); } Index: stable/3/crypto/kerberosIV/lib/roken/xdbm.h =================================================================== --- stable/3/crypto/kerberosIV/lib/roken/xdbm.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/roken/xdbm.h (revision 62578) @@ -1,75 +1,73 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: xdbm.h,v 1.2 1997/04/01 08:19:16 joda Exp $ */ +/* $Id: xdbm.h,v 1.6 1999/12/02 16:58:54 joda Exp $ */ /* Generic *dbm include file */ #ifndef __XDBM_H__ #define __XDBM_H__ #ifdef HAVE_NDBM_H #include #elif defined(HAVE_DBM_H) #include #elif defined(HAVE_RPCSVC_DBM_H) #include +#elif defined(HAVE_DB_H) +#define DB_DBM_HSEARCH 1 +#include #endif /* Macros to convert ndbm names to dbm names. * Note that dbm_nextkey() cannot be simply converted using a macro, since * it is invoked giving the database, and nextkey() needs the previous key. * * Instead, all routines call "dbm_next" instead. */ #ifndef NDBM typedef char DBM; #define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0)) #define dbm_fetch(db, key) fetch(key) #define dbm_store(db, key, content, flag) store(key, content) #define dbm_delete(db, key) delete(key) #define dbm_firstkey(db) firstkey() #define dbm_next(db,key) nextkey(key) #define dbm_close(db) dbmclose() #else #define dbm_next(db,key) dbm_nextkey(db) #endif #endif /* __XDBM_H__ */ Index: stable/3/crypto/kerberosIV/lib/sl/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/lib/sl/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/lib/sl/Makefile.in (revision 62578) @@ -1,84 +1,139 @@ # -# $Id: Makefile.in,v 1.8 1997/05/06 03:47:56 assar Exp $ +# $Id: Makefile.in,v 1.31 1999/03/10 19:01:17 joda Exp $ # SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ +top_builddir=../.. + CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ -DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +LN_S = @LN_S@ +DEFS = @DEFS@ -DROKEN_RENAME +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ +LD_FLAGS = @LD_FLAGS@ +YACC = @YACC@ +LEX = @LEX@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ +bindir = @bindir@ +includedir = @includedir@ +LIB_DEPS = @lib_deps_yes@ @LIB_readline@ -lc +build_symlink_command = @build_symlink_command@ +install_symlink_command = @install_symlink_command@ +install_symlink_command2 = @install_symlink_command2@ + PICFLAGS = @PICFLAGS@ +EXECSUFFIX = @EXECSUFFIX@ -LIBNAME = $(LIBPREFIX)sl LIBEXT = @LIBEXT@ SHLIBEXT = @SHLIBEXT@ LIBPREFIX = @LIBPREFIX@ +LIBNAME = $(LIBPREFIX)sl +sl_LIB = $(LIBNAME).$(LIBEXT) +LIB = $(sl_LIB) +LIBNAME2 = $(LIBPREFIX)ss +ss_LIB = $(LIBNAME2).$(LIBEXT) +LIB2 = $(ss_LIB) LDSHARED = @LDSHARED@ -LIB = $(LIBNAME).$(LIBEXT) -PROGS = +PROGS = mk_cmds$(EXECSUFFIX) -LIB_SOURCES = sl.c +LIB_SOURCES = sl.c ss.c +EXTRA_SOURCES = strtok_r.c snprintf.c -SOURCES = $(LIB_SOURCES) +SOURCES = $(LIB_SOURCES) make_cmds.c $(EXTRA_SOURCES) -LIB_OBJECTS = sl.o +LIBADD = strtok_r.o snprintf.o -OBJECTS = $(LIB_OBJECTS) +LIB_OBJECTS = sl.o ss.o $(LIBADD) -all: $(LIB) $(PROGS) +mk_cmds_OBJECTS = make_cmds.o parse.o lex.o snprintf.o +OBJECTS = $(LIB_OBJECTS) $(mk_cmds_OBJECTS) + +all: $(sl_LIB) $(PROGS) + Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) -I$(srcdir)/../des $(CFLAGS) $(PICFLAGS) $< + $(CC) -c $(DEFS) -I../../include -I. -I$(srcdir) -I$(srcdir)/../des $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $< install: all - $(MKINSTALLDIRS) $(libdir) - $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + $(MKINSTALLDIRS) $(DESTDIR)$(includedir)/ss + $(INSTALL_DATA) $(srcdir)/ss.h $(DESTDIR)$(includedir)/ss/ss.h + $(MKINSTALLDIRS) $(DESTDIR)$(libdir) + $(INSTALL) -m 555 $(sl_LIB) $(DESTDIR)$(libdir)/$(sl_LIB) + $(INSTALL) -m 555 $(sl_LIB) $(DESTDIR)$(libdir)/$(ss_LIB) + @install_symlink_command@ + @install_symlink_command2@ + $(MKINSTALLDIRS) $(DESTDIR)$(bindir) + $(INSTALL) -m 0555 $(PROGS) $(DESTDIR)$(bindir)/$(PROGS) uninstall: - rm -f $(libdir)/$(LIB) + rm -f $(DESTDIR)$(includedir)/ss/ss.h + rm -f $(DESTDIR)$(libdir)/$(sl_LIB) $(DESTDIR)$(libdir)/$(ss_LIB) + rm -f $(DESTDIR)$(bindir)/$(PROGS) TAGS: $(SOURCES) etags $(SOURCES) check: clean: - rm -f $(LIB) $(PROGS) *.o *.a + rm -f $(sl_LIB) $(PROGS) lex.c parse.c parse.h *.o *.a *.so *.so.* so_locations mostlyclean: clean distclean: clean rm -f Makefile *~ realclean: distclean rm -f TAGS $(LIBNAME).a: $(LIB_OBJECTS) rm -f $@ $(AR) cr $@ $(LIB_OBJECTS) -$(RANLIB) $@ $(LIBNAME).$(SHLIBEXT): $(LIB_OBJECTS) rm -f $@ - $(LDSHARED) -o $@ $(LIB_OBJECTS) + $(LDSHARED) -o $@ $(LIB_OBJECTS) $(LIB_DEPS) + @build_symlink_command@ $(OBJECTS): ../../include/config.h -.PHONY: all install uninstall check clean mostlyclean distclean realclean +$(mk_cmds_OBJECTS): parse.h + +mk_cmds$(EXECSUFFIX): $(mk_cmds_OBJECTS) + $(LINK) $(CFLAGS) -o $@ $(mk_cmds_OBJECTS) -L../roken -lroken + +parse.c: parse.h +parse.h: $(srcdir)/parse.y + $(YACC) -d $(srcdir)/parse.y + mv -f y.tab.h parse.h + mv -f y.tab.c parse.c + +lex.c: $(srcdir)/lex.l + $(LEX) $(srcdir)/lex.l + mv -f lex.yy.c lex.c + +strtok_r.c: + $(LN_S) $(srcdir)/../roken/strtok_r.c . +snprintf.c: + $(LN_S) $(srcdir)/../roken/snprintf.c . + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/lib/sl/sl.c =================================================================== --- stable/3/crypto/kerberosIV/lib/sl/sl.c (revision 62577) +++ stable/3/crypto/kerberosIV/lib/sl/sl.c (revision 62578) @@ -1,190 +1,223 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: sl.c,v 1.12 1997/06/01 03:15:07 assar Exp $"); +RCSID("$Id: sl.c,v 1.25 1999/12/02 16:58:55 joda Exp $"); #endif #include "sl_locl.h" static SL_cmd * sl_match (SL_cmd *cmds, char *cmd, int exactp) { SL_cmd *c, *current = NULL, *partial_cmd = NULL; int partial_match = 0; for (c = cmds; c->name; ++c) { if (c->func) current = c; if (strcmp (cmd, c->name) == 0) return current; else if (strncmp (cmd, c->name, strlen(cmd)) == 0 && partial_cmd != current) { ++partial_match; partial_cmd = current; } } if (partial_match == 1 && !exactp) return partial_cmd; else return NULL; } void sl_help (SL_cmd *cmds, int argc, char **argv) { SL_cmd *c, *prev_c; if (argc == 1) { prev_c = NULL; for (c = cmds; c->name; ++c) { if (c->func) { if(prev_c) printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "", prev_c->usage ? "\n" : ""); prev_c = c; printf ("%s", c->name); } else printf (", %s", c->name); } if(prev_c) printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "", prev_c->usage ? "\n" : ""); } else { c = sl_match (cmds, argv[1], 0); if (c == NULL) - printf ("No such command: %s. Try \"help\" for a list of all commands\n", + printf ("No such command: %s. " + "Try \"help\" for a list of all commands\n", argv[1]); else { - printf ("%s\t%s", c->name, c->usage); + printf ("%s\t%s\n", c->name, c->usage); + if(c->help && *c->help) + printf ("%s\n", c->help); if((++c)->name && c->func == NULL) { - printf ("\nSynonyms:"); + printf ("Synonyms:"); while (c->name && c->func == NULL) printf ("\t%s", (c++)->name); - } printf ("\n"); } } } +} #ifdef HAVE_READLINE char *readline(char *prompt); void add_history(char *p); #else static char * readline(char *prompt) { char buf[BUFSIZ]; printf ("%s", prompt); fflush (stdout); if(fgets(buf, sizeof(buf), stdin) == NULL) return NULL; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = '\0'; return strdup(buf); } static void add_history(char *p) { } #endif int -sl_loop (SL_cmd *cmds, char *prompt) +sl_command(SL_cmd *cmds, int argc, char **argv) { - unsigned max_count; + SL_cmd *c; + c = sl_match (cmds, argv[0], 0); + if (c == NULL) + return -1; + return (*c->func)(argc, argv); +} + +struct sl_data { + int max_count; char **ptr; +}; - max_count = 17; - ptr = malloc(max_count * sizeof(*ptr)); - if (ptr == NULL) { - printf ("sl_loop: failed to allocate %u bytes of memory\n", - (int) max_count * sizeof(*ptr)); - return -1; +int +sl_make_argv(char *line, int *ret_argc, char ***ret_argv) +{ + char *foo = NULL; + char *p; + int argc, nargv; + char **argv; + + nargv = 10; + argv = malloc(nargv * sizeof(*argv)); + if(argv == NULL) + return ENOMEM; + argc = 0; + + for(p = strtok_r (line, " \t", &foo); + p; + p = strtok_r (NULL, " \t", &foo)) { + if(argc == nargv - 1) { + char **tmp; + nargv *= 2; + tmp = realloc (argv, nargv * sizeof(*argv)); + if (tmp == NULL) { + free(argv); + return ENOMEM; + } + argv = tmp; + } + argv[argc++] = p; } + argv[argc] = NULL; + *ret_argc = argc; + *ret_argv = argv; + return 0; + } - for (;;) { +/* return values: 0 on success, -1 on fatal error, or return value of command */ +int +sl_command_loop(SL_cmd *cmds, char *prompt, void **data) +{ + int ret = 0; char *buf; - unsigned count; - SL_cmd *c; + int argc; + char **argv; + ret = 0; buf = readline(prompt); if(buf == NULL) - break; + return 1; if(*buf) add_history(buf); - count = 0; - { - char *foo = NULL; - char *p; - - for(p = strtok_r (buf, " \t", &foo); - p; - p = strtok_r (NULL, " \t", &foo)) { - if(count == max_count) { - max_count *= 2; - ptr = realloc (ptr, max_count * sizeof(*ptr)); - if (ptr == NULL) { - printf ("sl_loop: failed to allocate %u " - "bytes of memory\n", - (unsigned) max_count * sizeof(*ptr)); + ret = sl_make_argv(buf, &argc, &argv); + if(ret) { + fprintf(stderr, "sl_loop: out of memory\n"); + free(buf); return -1; - } } - ptr[count++] = p; + if (argc >= 1) { + ret = sl_command(cmds, argc, argv); + if(ret == -1) { + printf ("Unrecognized command: %s\n", argv[0]); + ret = 0; } } - if (count > 0) { - c = sl_match (cmds, ptr[0], 0); - if (c) - (*c->func)(count, ptr); - else - printf ("Unrecognized command: %s\n", ptr[0]); - } free(buf); + free(argv); + return ret; } - free (ptr); - return 0; + +int +sl_loop(SL_cmd *cmds, char *prompt) +{ + void *data = NULL; + int ret; + while((ret = sl_command_loop(cmds, prompt, &data)) == 0) + ; + return ret; } Index: stable/3/crypto/kerberosIV/lib/sl/sl.h =================================================================== --- stable/3/crypto/kerberosIV/lib/sl/sl.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/sl/sl.h (revision 62578) @@ -1,58 +1,57 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: sl.h,v 1.2 1997/04/01 08:19:18 joda Exp $ */ +/* $Id: sl.h,v 1.7 1999/12/02 16:58:55 joda Exp $ */ #ifndef _SL_H #define _SL_H -typedef void (*cmd_func)(int, char **); +typedef int (*cmd_func)(int, char **); struct sl_cmd { char *name; cmd_func func; char *usage; char *help; }; typedef struct sl_cmd SL_cmd; void sl_help (SL_cmd *, int argc, char **argv); int sl_loop (SL_cmd *, char *prompt); +int sl_command_loop (SL_cmd *cmds, char *prompt, void **data); +int sl_command (SL_cmd *cmds, int argc, char **argv); +int sl_make_argv(char*, int*, char***); + #endif /* _SL_H */ Index: stable/3/crypto/kerberosIV/lib/sl/sl_locl.h =================================================================== --- stable/3/crypto/kerberosIV/lib/sl/sl_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/lib/sl/sl_locl.h (revision 62578) @@ -1,48 +1,46 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: sl_locl.h,v 1.3 1997/04/01 08:19:18 joda Exp $ */ +/* $Id: sl_locl.h,v 1.6 1999/12/02 16:58:55 joda Exp $ */ +#ifdef HAVE_CONFIG_H +#include +#endif #include #include #include +#include #include -#include #include Index: stable/3/crypto/kerberosIV/man/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/man/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/man/Makefile.in (revision 62578) @@ -1,95 +1,153 @@ # Makefile.in,v 1.2 1994/05/13 05:02:46 assar Exp srcdir = @srcdir@ VPATH = @srcdir@ SHELL = /bin/sh INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ mandir = @mandir@ transform=@program_transform_name@ -EXECSUFFIX=@EXECSUFFIX@ -MANRX = .*\.\([0-9]\) +disable_cat_manpages = @disable_cat_manpages@ + +# You need a BSD44 system or groff to create the manpages +NROFF_MAN = groff -mandoc -Tascii +#NROFF_MAN = nroff -man +.SUFFIXES: .1 .cat1 .3 .cat3 .5 .cat5 .8 .cat8 +.1.cat1: ; $(NROFF_MAN) $< > $@ +.3.cat3: ; $(NROFF_MAN) $< > $@ +.5.cat5: ; $(NROFF_MAN) $< > $@ +.8.cat8: ; $(NROFF_MAN) $< > $@ + + +MANRX = \(.*\)\.\([0-9]\) CATRX = \(.*\)\.cat\([0-9]\) CATSUFFIX=@CATSUFFIX@ -MAN1 = afslog.1 kauth.1 ftp.1 kdestroy.1 kinit.1 kpasswd.1 \ - login.1 rlogin.1 su.1 kerberos.1 klist.1 ksrvtgt.1 pagsh.1 \ - rcp.1 rsh.1 telnet.1 kx.1 rxterm.1 rxtelnet.1 tenletxr.1 \ - des.1 movemail.1 \ - otp.1 otpprint.1 +MAN1 = afslog.1 des.1 ftp.1 kauth.1 kdestroy.1 \ + kerberos.1 kinit.1 klist.1 kpasswd.1 ksrvtgt.1 \ + kx.1 login.1 movemail.1 otp.1 otpprint.1 pagsh.1 \ + rcp.1 rlogin.1 rsh.1 rxtelnet.1 rxterm.1 su.1 \ + telnet.1 tenletxr.1 -CAT1 = afslog.cat1 kauth.cat1 ftp.cat1 login.cat1 \ - pagsh.cat1 rcp.cat1 rlogin.cat1 rsh.cat1 su.cat1 telnet.cat1 kx.cat1 \ - rxterm.cat1 rxtelnet.cat1 tenletxr.cat1 movemail.cat1 \ - otp.cat1 otpprint.cat1 +CAT1 = afslog.cat1 des.cat1 ftp.cat1 kauth.cat1 kdestroy.cat1 \ + kerberos.cat1 kinit.cat1 klist.cat1 kpasswd.cat1 ksrvtgt.cat1 \ + kx.cat1 login.cat1 movemail.cat1 otp.cat1 otpprint.cat1 pagsh.cat1 \ + rcp.cat1 rlogin.cat1 rsh.cat1 rxtelnet.cat1 rxterm.cat1 su.cat1 \ + telnet.cat1 tenletxr.cat1 -MAN3 = acl_check.3 kafs.3 kerberos.3 krb_set_tkt_string.3 des_crypt.3 \ - krb_realmofhost.3 kuserok.3 getusershell.3 krb_sendauth.3 \ - tf_util.3 +MAN3 = acl_check.3 des_crypt.3 kafs.3 \ + kerberos.3 krb_realmofhost.3 krb_sendauth.3 \ + krb_set_tkt_string.3 kuserok.3 tf_util.3 \ + ../lib/editline/editline.3 -CAT3 = getusershell.cat3 kafs.cat3 +# getusershell.3 -MAN5 = krb.conf.5 krb.realms.5 krb.equiv.5 login.access.5 ftpusers.5 +CAT3 = acl_check.cat3 des_crypt.cat3 kafs.cat3 \ + kerberos.cat3 krb_realmofhost.cat3 krb_sendauth.cat3 \ + krb_set_tkt_string.cat3 kuserok.cat3 tf_util.cat3 \ + ../lib/editline/editline.cat3 -CAT5 = login.access.cat5 krb.equiv.cat5 ftpusers.cat5 +# getusershell.cat3 -MAN8 = ext_srvtab.8 kdb_destroy.8 kdb_util.8 ksrvutil.8 telnetd.8 rlogind.8 \ - kadmin.8 kdb_edit.8 kstash.8 kadmind.8 kdb_init.8 rshd.8 kauthd.8 \ - popper.8 kxd.8 kerberos.8 +MAN5 = ftpusers.5 krb.conf.5 krb.equiv.5 krb.extra.5 \ + krb.realms.5 login.access.5 -CAT8 = ftpd.cat8 rshd.cat8 telnetd.cat8 ksrvutil.cat8 rlogind.cat8 \ - kauthd.cat8 kprop.cat8 kpropd.cat8 kxd.cat8 kerberos.cat8 +CAT5 = ftpusers.cat5 krb.conf.cat5 krb.equiv.cat5 \ + krb.realms.cat5 login.access.cat5 +MAN8 = ext_srvtab.8 ftpd.8 kadmin.8 kadmind.8 kauthd.8 \ + kdb_destroy.8 kdb_edit.8 kdb_init.8 kdb_util.8 \ + kerberos.8 kprop.8 kpropd.8 ksrvutil.8 kstash.8 \ + kxd.8 popper.8 rlogind.8 rshd.8 telnetd.8 \ + ../appl/push/push.8 + +CAT8 = ext_srvtab.cat8 ftpd.cat8 kadmin.cat8 kadmind.cat8 kauthd.cat8 \ + kdb_destroy.cat8 kdb_edit.cat8 kdb_init.cat8 kdb_util.cat8 \ + kerberos.cat8 kprop.cat8 kpropd.cat8 ksrvutil.cat8 kstash.cat8 \ + kxd.cat8 popper.cat8 rlogind.cat8 rshd.cat8 telnetd.cat8 \ + ../appl/push/push.cat8 + all: cat: $(CAT1) $(CAT3) $(CAT5) $(CAT8) -%.cat1: %.1 - `grog -Tascii $<` > $@ -%.cat3: %.3 - `grog -Tascii $<` > $@ -%.cat5: %.5 - `grog -Tascii $<` > $@ -%.cat8: %.8 - `grog -Tascii $<` > $@ - - Wall: install: all - for x in man1 man3 man5 man8 cat1 cat3 cat5 cat8; do \ - $(MKINSTALLDIRS) $(mandir)/$$x; done - (cd $(srcdir); \ - for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \ - s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \ - $(INSTALL_DATA) $$x $(mandir)/man$$s; done ;\ - for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \ + for x in man1 man3 man5 man8; do \ + $(MKINSTALLDIRS) $(DESTDIR)$(mandir)/$$x; done + if test "$(disable_cat_manpages)" != "yes"; then \ + for x in cat1 cat3 cat5 cat8; do \ + $(MKINSTALLDIRS) $(DESTDIR)$(mandir)/$$x; done \ + fi + @(cd $(srcdir); \ + for x in $(MAN1) $(MAN8); do \ + f=`basename $$x`; \ + b=`echo $$f | sed 's!$(MANRX)!\1!'`; \ + s=`echo $$x | sed 's!$(MANRX)!\2!'` ; \ + m=`echo $$b | sed '$(transform)'`.$$s; \ + echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$m";\ + $(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$m; done ;\ + for x in $(MAN3) $(MAN5); do \ + f=`basename $$x`; \ + s=`echo $$f | sed 's!$(MANRX)!\2!'` ; \ + echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$f";\ + $(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$f; done ;\ + if test "$(disable_cat_manpages)" != "yes"; then \ + for x in $(CAT1) $(CAT8); do \ + if test -f $$x; then \ + f=`basename $$x`; \ + b=`echo $$f | sed 's!$(CATRX)!\1!'`; \ s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ - b=`echo $$x | sed 's!$(CATRX)!\1!'`; \ - $(INSTALL_DATA) $$x $(mandir)/cat$$s/$$b.$(CATSUFFIX);\ - done ) + m=`echo $$b | sed '$(transform)'`; \ + echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX)";\ + $(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX);\ + fi; done ;\ + for x in $(CAT3) $(CAT5); do \ + if test -f $$x; then \ + f=`basename $$x`; \ + s=`echo $$f | sed 's!$(CATRX)!\2!'`; \ + b=`echo $$f | sed 's!$(CATRX)!\1!'`; \ + echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX);\ + fi; done; fi ) uninstall: - for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \ - s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \ - rm -f $(mandir)/man$$s/$$x; done - for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \ + for x in $(MAN1) $(MAN8); do \ + f=`basename $$x`; \ + b=`echo $$f | sed 's!$(MANRX)!\1!'`; \ + s=`echo $$x | sed 's!$(MANRX)!\2!'` ; \ + m=`echo $$b | sed '$(transform)'`.$$s; \ + rm -f $(DESTDIR)$(mandir)/man$$s/$$m; done + for x in $(MAN3) $(MAN5); do \ + f=`basename $$x`; \ + s=`echo $$f | sed 's!$(MANRX)!\2!'` ; \ + rm -f $(DESTDIR)$(mandir)/man$$s/$$f; done + for x in $(CAT1) $(CAT8); do \ + f=`basename $$x`; \ + b=`echo $$f | sed 's!$(CATRX)!\1!'`; \ s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ + m=`echo $$b | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX); done + for x in $(CAT3) $(CAT5); do \ + f=`basename $$x`; \ + s=`echo $$f | sed 's!$(CATRX)!\2!'`; \ b=`echo $$x | sed 's!$(CATRX)!\1!'`; \ - rm -f $(mandir)/cat$$s/$$b.$(CATSUFFIX); done + rm -f $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX); done clean: mostlyclean: clean distclean: rm -f Makefile *~ -realclean: +realclean: distclean +.PHONY: all cat Wall install uninstall clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/man/kadmin.8 =================================================================== --- stable/3/crypto/kerberosIV/man/kadmin.8 (revision 62577) +++ stable/3/crypto/kerberosIV/man/kadmin.8 (revision 62578) @@ -1,176 +1,140 @@ -.\" $Id: kadmin.8,v 1.4 1997/04/02 21:09:53 assar Exp $ +.\" $Id: kadmin.8,v 1.6 1998/12/18 16:56:29 assar Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, .\" please see the file . .\" -.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kadmin \- network utility for Kerberos database administration -.SH SYNOPSIS -.B kadmin [-u user] [-r default_realm] [-m] [-t] -.SH DESCRIPTION -This utility provides a unified administration interface to -the -Kerberos -master database. -Kerberos -administrators -use -.I kadmin -to register new users and services to the master database, -and to change information about existing database entries. -For instance, an administrator can use -.I kadmin -to change a user's -Kerberos -password. -A Kerberos administrator is a user with an ``admin'' instance -whose name appears on one of the Kerberos administration access control -lists. If the \-u option is used, -.I user -will be used as the administrator instead of the local user. -If the \-r option is used, -.I default_realm -will be used as the default realm for transactions. Otherwise, -the local realm will be used by default. -If the \-m option is used, multiple requests will be permitted -on only one entry of the admin password. Some sites won't -support this option. The \-t option is used to tell kadmin to use the -existing ticket file instead of creating a new one. +.Dd February 3, 1998 +.Dt KADMIN 8 +.Os "KTH-KRB" +.Sh NAME +.Nm kadmin +.Nd +network utility for Kerberos database administration +.Sh SYNOPSIS +.Nm +.Op Fl p Ar principal +.Op Fl u Ar username +.Op Fl r Ar realm +.Op Fl m +.Op Fl T Ar timeout +.Op Fl t +.Op Fl -version +.Op Fl h +.Op Fl -help +.Ar [command] +.Sh DESCRIPTION +This utility provides a unified administration interface to the +Kerberos master database. Kerberos administrators use +.Nm +to register new users and services to the master database, and to +change information about existing database entries, such as changing a +user's Kerberos password. A Kerberos administrator is a user with an +.Dq admin +instance whose name appears on one of the Kerberos administration +access control lists. +.Pp +Supported options: +.Bl -tag -width Ds +.It Fl p Ar principal +This is the adminstrator principal to use when talking to the Kadmin +server. The default is taken from the users environment. +.It Fl r Ar realm +This is the default realm to use for transactions. Default is the +local realm. +.It Fl u Ar username +This is similar to +.Fl p , +but specifies a name, that gets appended with a +.Dq admin +instance. +.It Fl T Ar timeout +To prevent someone from walking up to an unguarded terminal and doing +malicious things, administrator tickets are destroyed after a period +of inactivity. This flag changes the timeout from the default of one +minute. A timeout of zero seconds disables this functionality. +.It Fl m +Historically +.Nm +destroyed tickets after every command; this flag used to stop this +behaviour (only destroying tickets upon exit). Now it's just a synonym +for +.Fl T Ar 0 . +.It Fl t +Use existing tickets (if any are available), this also disbles +timeout, and doesn't destroy any tickets upon exit. + +These tickets have to be for the changepw.kerberos service. Use +.Nm kinit -p +to acquire them. +.El +.Pp The -.I kadmin +.Nm program communicates over the network with the -.I kadmind +.Nm kadmind program, which runs on the machine housing the Kerberos master -database. -The -.I kadmind -creates new entries and makes modifications to the database. - +database, and does the actual modifications to the database. +.Pp When you enter the -.I kadmin -command, -the program displays a message that welcomes you and explains -how to ask for help. -Then -.I kadmin -waits for you to enter commands (which are described below). -It then asks you for your -.I admin -password before accessing the database. - +.Nm +command, the program displays a message that welcomes you and explains +how to ask for help. Then +.Nm +waits for you to enter commands (which are described below). It then +asks you for your administrator's password before accessing the +database. +.Pp All commands can be abbreviated as long as they are unique. Some short versions of the commands are also recognized for backwards compatibility. - -Use the -.I add_new_key -(or -.I ank -for short) -command to register a new principal -with the master database. -The command requires one argument, -the principal's name. The name -given can be fully qualified using -the standard -.I name.instance@realm -convention. -You are asked to enter your -.I admin -password, -then prompted twice to enter the principal's -new password. If no realm is specified, -the local realm is used unless another was -given on the commandline with the \-r flag. -If no instance is -specified, a null instance is used. If -a realm other than the default realm is specified, -you will need to supply your admin password for -the other realm. - -Use the -.I change_password (cpw) -to change a principal's -Kerberos +.Pp +Recognised commands: +.Bl -tag -width Ds +.It add_new_key Ar principal +Creates a new principal in the Kerberos database. You give the name of +the new principal as an argument. You will then be asked for a maximum +ticket lifetime, attributes, the expiration date of the principal, and +finally the password of the principal. +.It change_password Ar principal +Changes a principal's password. You will be prompted for the new password. -The command requires one argument, -the principal's -name. -You are asked to enter your -.I admin -password, -then prompted twice to enter the principal's new password. -The name -given can be fully qualified using -the standard -.I name.instance@realm -convention. - -Use the -.I change_key (ckey) -if you have a need to change the raw key of a particular principal. -In other words, if you do not want to input a DES key instead of a -password that will get converted into a DES key. - -Use the -.I change_admin_password (cap) -to change your -.I admin -instance password. -This command requires no arguments. -It prompts you for your old -.I admin -password, then prompts you twice to enter the new -.I admin -password. If this is your first command, -the default realm is used. Otherwise, the realm -used in the last command is used. - -Use the -.I del_entry (del) -to remove an entry from the kerberos database. - -Use the -.I mod_entry (mod) -to modify a particular entry, for example to change the expire date. - -Use the -.I destroy_tickets (dest) -command to destroy your admin tickets explicitly. - -Use the -.I list_requests (lr) -command to get a list of possible commands. - -Use the -.I help -command to display -.IR kadmin's -various help messages. -If entered without an argument, -.I help -displays a general help message. -You can get detailed information on specific -.I kadmin -commands -by entering -.I help -.IR command_name . - -To quit the program, type -.IR quit . - -.SH BUGS -The user interface is primitive, and the command names could be better. - -.SH "SEE ALSO" -kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8) -.br -``A Subsystem Utilities Package for UNIX'' by Ken Raeburn -.SH AUTHORS +.It change_key Ar principal +This is the same as change_password, but the password is given as a +raw DES key (for the few occations when you need this). +.It change_admin_password +Changes your own admin password. It will prompt you for you old and +new passwords. +.It del_entry Ar principal +Removes principal from the database. +.It get_entry Ar principal +Show various information for the given principal. Note that the key is +shown as zeros. +.It mod_entry Ar principal +Modifies a particular entry, for instance to change the expiration +date. +.It destroy_tickets +Destroys your admin tickets explicitly. +.It quit +Obvious. +.El +.\".Sh ENVIRONMENT +.\".Sh FILES +.\".Sh EXAMPLES +.\".Sh DIAGNOSTICS +.Sh SEE ALSO +.Xr kerberos 1 , +.Xr kadmind 8 , +.Xr kpasswd 1 , +.Xr kinit 1 , +.Xr ksrvutil 8 +.\".Sh STANDARDS +.\".Sh HISTORY +.Sh AUTHORS Jeffrey I. Schiller, MIT Project Athena -.br +.Pp Emanuel Jay Berkenbilt, MIT Project Athena +.Sh BUGS +The user interface is primitive, and the command names could be +better. Index: stable/3/crypto/kerberosIV/man/kadmind.8 =================================================================== --- stable/3/crypto/kerberosIV/man/kadmind.8 (revision 62577) +++ stable/3/crypto/kerberosIV/man/kadmind.8 (revision 62578) @@ -1,125 +1,134 @@ -.\" $Id: kadmind.8,v 1.4 1997/04/02 21:09:53 assar Exp $ +.\" $Id: kadmind.8,v 1.6 1999/09/15 15:10:08 assar Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, .\" please see the file . .\" .TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME kadmind \- network daemon for Kerberos database administration .SH SYNOPSIS .B kadmind [ .B \-n ] [ .B \-m ] [ .B \-h ] [ .B \-r realm ] [ .B \-f filename ] [ .B \-d dbname ] [ .B \-a acldir +] [ +.B \-i address ] .SH DESCRIPTION .I kadmind is the network database server for the Kerberos password-changing and administration tools. .PP Upon execution, it fetches the master key from the key cache file. .PP If the .B \-m option is specified, it instead prompts the user to enter the master key string for the database. .PP The .B \-n option is a no-op and is left for compatibility reasons. .PP If the .B \-r .I realm option is specified, the admin server will pretend that its local realm is .I realm instead of the actual local realm of the host it is running on. This makes it possible to run a server for a foreign kerberos realm. .PP If the .B \-f .I filename option is specified, then that file is used to hold the log information instead of the default. .PP If the .B \-d .I dbname option is specified, then that file is used as the database name instead of the default. .PP If the .B \-a .I acldir option is specified, then .I acldir is used as the directory in which to search for access control lists instead of the default. .PP If the .B \-h option is specified, .I kadmind prints out a short summary of the permissible control arguments, and then exits. .PP +If the +.B \-i +option is specified, +.I kadmind +will only listen on that particular address and not on all configured +addresses of the host, which is the default. +.PP When performing requests on behalf of clients, .I kadmind checks access control lists (ACLs) to determine the authorization of the client to perform the requested action. Currently four distinct access types are supported: .TP 1i Addition (.add ACL file). If a principal is on this list, it may add new principals to the database. .TP Retrieval (.get ACL file). If a principal is on this list, it may retrieve database entries. NOTE: A principal's private key is never returned by the get functions. .TP Modification (.mod ACL file). If a principal is on this list, it may modify entries in the database. .TP Deletions (.del ACL file). If a principal is on this list, if may delete entries from the database. .PP A principal is always granted authorization to change its own password. .SH FILES .TP 20n -/kerberos/admin_server.syslog +/var/log/admin_server.syslog Default log file. .TP -/kerberos +/var/kerberos Default access control list directory. .TP admin_acl.{add,get,mod} Access control list files (within the directory) .TP -/kerberos/principal.pag, /kerberos/principal.dir +/var/kerberos/principal.pag, /var/kerberos/principal.dir Default DBM files containing database .TP /.k Master key cache file. .SH "SEE ALSO" kerberos(1), kpasswd(1), kadmin(8), acl_check(3) .SH AUTHORS Douglas A. Church, MIT Project Athena .br John T. Kohl, Project Athena/Digital Equipment Corporation Index: stable/3/crypto/kerberosIV/man/kafs.3 =================================================================== --- stable/3/crypto/kerberosIV/man/kafs.3 (revision 62577) +++ stable/3/crypto/kerberosIV/man/kafs.3 (revision 62578) @@ -1,122 +1,158 @@ -.\" $Id: kafs.3,v 1.1 1997/05/07 21:49:02 joda Exp $ +.\" $Id: kafs.3,v 1.3 1998/06/30 15:41:52 assar Exp $ .\" .Dd May 7, 1997 .Os KTH-KRB .Dt KAFS 3 .Sh NAME .Nm k_hasafs , -.Nm k_afsklog , -.Nm k_afsklog_uid , .Nm k_pioctl , .Nm k_unlog , .Nm k_setpag , -.Nm k_afs_cell_of_file +.Nm k_afs_cell_of_file , +.Nm krb_afslog , +.Nm krb_afslog_uid +\" .Nm krb5_afslog , +\" .Nm krb5_afslog_uid .Nd AFS library .Sh SYNOPSIS .Fd #include .Ft int -.Fn k_afsklog "char *cell" "char *realm" -.Ft int -.Fn k_afsklog_uid "char *cell" "char *realm" "uid_t uid" -.Ft int .Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" .Ft int .Fn k_hasafs .Ft int .Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" .Ft int .Fn k_setpag .Ft int .Fn k_unlog +.Ft int +.Fn krb_afslog "char *cell" "char *realm" +.Ft int +.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid" +\" .Ft krb5_error_code +\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" +\" .Ft krb5_error_code +\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" .Sh DESCRIPTION .Fn k_hasafs initializes some library internal structures, and tests for the presense of AFS in the kernel, none of the other functions should be called before .Fn k_hasafs is called, or if it fails. -.Fn k_afsklog , +.Fn krb_afslog , and -.Fn k_afsklog_uid +.Fn krb_afslog_uid obtains new tokens (and possibly tickets) for the specified .Fa cell and .Fa realm . If .Fa cell is .Dv NULL , the local cell is used. If .Fa realm is .Dv NULL , the function tries to guess what realm to use. Unless you have some good knowledge of what cell or realm to use, you should pass .Dv NULL . -.Fn k_afsklog +.Fn krb_afslog will use the real user-id for the .Dv ViceId field in the token, -.Fn k_afsklog_uid +.Fn krb_afslog_uid will use .Fa uid . +\" .Fn krb5_afslog , +\" and +\" .Fn krb5_afslog_uid +\" are the Kerberos 5 equivalents of +\" .Fn krb_afslog , +\" and +\" .Fn krb_afslog_uid . +\" The extra arguments are the ubiquitous context, and the cache id where +\" to store any obtained tickets. Since AFS servers normally can't handle +\" Kerberos 5 tickets directly, these functions will first obtain version +\" 5 tickets for the requested cells, and then convert them to version 4 +\" tickets, that can be stashed in the kernel. To convert tickets the +\" .Fn krb524_convert_creds_kdc +\" function will be used. + .Fn k_afs_cell_of_file will in .Fa cell return the cell of a specified file, no more than .Fa len characters is put in .Fa cell . .Fn k_pioctl does a .Fn pioctl syscall with the specified arguments. This function is equivalent to .Fn lpioctl . .Fn k_setpag initializes a new PAG. .Fn k_unlog removes destroys all tokens in the current PAG. +.Sh ENVIRONMENT +The following environment variable affect the mode of operation of +.Nm kafs : +.Bl -tag +.It Ev AFS_SYSCALL +Normally, +.Nm kafs +will try to figure out the correct system call(s) that are used by AFS +by itself. If it does not manage to do that, or does it incorrectly, +you can set this variable to the system call number or list of system +call numbers that should be used. +.El .Sh RETURN VALUES .Fn k_hasafs returns 1 if AFS is present in the kernel, 0 otherwise. -.Fn k_afsklog +.Fn krb_afslog and -.Fn k_afsklog_uid +.Fn krb_afslog_uid returns 0 on success, or a kerberos error number on failure. .Fn k_afs_cell_of_file , .Fn k_pioctl , .Fn k_setpag , and .Fn k_unlog all return the value of the underlaying system call, 0 on success. .Sh EXAMPLES The following code from .Nm login will obtain a new PAG and tokens for the local cell and the cell of the users home directory. .Bd -literal if (k_hasafs()) { char cell[64]; k_setpag(); if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) - k_afsklog(cell, 0); - k_afsklog(0, 0); + krb_afslog(cell, NULL); + krb_afslog(NULL, NULL); } .Ed .Sh ERRORS If any of these functions (appart from .Fn k_hasafs ) is called without AFS beeing present in the kernel, the process will usually (depending on the operating system) receive a SIGSYS signal. .Sh SEE ALSO .Rs .%A Transarc Corporation .%J AFS-3 Programmer's Reference .%T File Server/Cache Manager Interface .%D 1991 .Re +.Sh BUGS +.Ev AFS_SYSCALL +has no effect under AIX. Index: stable/3/crypto/kerberosIV/man/kauth.1 =================================================================== --- stable/3/crypto/kerberosIV/man/kauth.1 (revision 62577) +++ stable/3/crypto/kerberosIV/man/kauth.1 (revision 62578) @@ -1,65 +1,67 @@ -.\" $Id: kauth.1,v 1.1 1996/05/04 01:49:34 d91-jda Exp $ +.\" $Id: kauth.1,v 1.3 1998/06/30 15:29:17 assar Exp $ .\" .Dd May 4, 1996 .Dt KAUTH 1 .Os KTH-KRB .Sh NAME .Nm kauth .Nd overworked Kerberos login program .Sh SYNOPSIS .Nm .Op Fl n Ar name .Op Fl r Ar remote user .Op Fl t Pa remote ticket file .Op Fl h Ar hosts... .Op Fl l Ar lifetime .Op Fl f Pa srvtab .Op Fl c Ar cell .Op Ar command ... .Sh DESCRIPTION The .Nm command obtains ticket granting tickets as well as AFS ticket and tokens. It also does a whole lot of other stuff. .Pp The following flags are supported: .Bl -tag -width xxxx .It Fl n Principal to get tickets for. If no other arguments are present this can be given without the .Fl n flag. .It Fl h Remote hosts to obtain tickets for. This works similar to the MIT Athena Kerberos 4 patchlevel 10 command .Xr rkinit 1 , however not in a compatible way. It requires that the remote host runs the .Xr kauthd 8 , server. The .Fl r and .Fl t flags are useful only with this option. .It Fl r User on the remote host that should own the ticket file. .It Fl t Ticket file on remote host. .It Fl l -Lifetime of tickets i minutes +Lifetime of tickets in minutes. A value of -1 is used for maximum +ticket lifetime. .It Fl f Srvtab to get service keys from. Default is .Pa /etc/srvtab . This is mainly used with batch services that need to run authenticated. If any command is given, it will be executed in an authenticated fashion and when the program exits the tickets are destroyed. For long running jobs the tickets will be renewed. .It Fl c AFS cell to get tokens for, default is your local cell. .El .Sh SEE ALSO .Xr kinit 1 , -.Xr kauthd 8 +.Xr kauthd 8 , +.Xr kafs 3 .Sh BUGS There is no help-switch. Index: stable/3/crypto/kerberosIV/man/kdestroy.1 =================================================================== --- stable/3/crypto/kerberosIV/man/kdestroy.1 (revision 62577) +++ stable/3/crypto/kerberosIV/man/kdestroy.1 (revision 62578) @@ -1,88 +1,96 @@ -.\" $Id: kdestroy.1,v 1.3 1996/06/12 21:29:16 bg Exp $ +.\" $Id: kdestroy.1,v 1.4 1999/06/15 13:29:32 bg Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, .\" please see the file . .\" .TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME kdestroy \- destroy Kerberos tickets .SH SYNOPSIS .B kdestroy [ .B \-f ] [ .B \-q ] [ .B \-t ] .SH DESCRIPTION The .I kdestroy utility destroys the user's active Kerberos authorization tickets by writing zeros to the file that contains them. If the ticket file does not exist, .I kdestroy displays a message to that effect. .PP After overwriting the file, .I kdestroy removes the file from the system. The utility displays a message indicating the success or failure of the operation. If .I kdestroy is unable to destroy the ticket file, the utility will warn you by making your terminal beep. .PP In the Athena workstation environment, the .I toehold service automatically destroys your tickets when you end a workstation session. If your site does not provide a similar ticket-destroying mechanism, you can place the .I kdestroy command in your .I .logout file so that your tickets are destroyed automatically when you logout. .PP The options to .I kdestroy are as follows: .TP 7 .B \-f .I kdestroy runs without displaying the status message. .TP .B \-q .I kdestroy will not make your terminal beep if it fails to destroy the tickets. .TP .B \-t -.I kdestroy -will not remove any afs-tokens. Without this flag the tokens -associated with the current PAG is destroyed. +destroy tickets only and keep all AFS tokens. +.TP +.B \-u +unlog, i.e remove any AFS tokens associated with the current PAG +but leave the ticket file alone. +.PP +If neither +.B \-t +nor +.B \-u +is given, both tickets and AFS tokens are destroyed. .SH FILES KRBTKFILE environment variable if set, otherwise .br /tmp/tkt[uid] .SH SEE ALSO kerberos(1), kinit(1), klist(1) .SH BUGS .PP Only the tickets in the user's current ticket file are destroyed. Separate ticket files are used to hold root instance and password changing tickets. These files should probably be destroyed too, or all of a user's tickets kept in a single ticket file. .SH AUTHORS Steve Miller, MIT Project Athena/Digital Equipment Corporation .br Clifford Neuman, MIT Project Athena .br Bill Sommerfeld, MIT Project Athena Index: stable/3/crypto/kerberosIV/man/kerberos.1 =================================================================== --- stable/3/crypto/kerberosIV/man/kerberos.1 (revision 62577) +++ stable/3/crypto/kerberosIV/man/kerberos.1 (revision 62578) @@ -1,258 +1,258 @@ -.\" $Id: kerberos.1,v 1.2 1996/06/12 21:29:16 bg Exp $ +.\" $Id: kerberos.1,v 1.3 1997/11/07 12:37:34 bg Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, .\" please see the file . .\" .TH KERBEROS 1 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME kerberos \- introduction to the Kerberos system .SH DESCRIPTION The Kerberos system authenticates individual users in a network environment. After authenticating yourself to Kerberos, you can use network utilities such as .IR rlogin , .IR rcp , and .IR rsh without having to present passwords to remote hosts and without having to bother with .I \.rhosts files. Note that these utilities will work without passwords only if the remote machines you deal with support the Kerberos system. All Athena timesharing machines and public workstations support Kerberos. .PP Before you can use Kerberos, you must register as an Athena user, and you must make sure you have been added to the Kerberos database. You can use the .I kinit command to find out. This command tries to log you into the Kerberos system. .I kinit will prompt you for a username and password. Enter your username and password. If the utility lets you login without giving you a message, you have already been registered. .PP If you enter your username and .I kinit responds with this message: .nf Principal unknown (kerberos) .fi you haven't been registered as a Kerberos user. See your system administrator. .PP A Kerberos name contains three parts. The first is the .I principal name, which is usually a user's or service's name. The second is the .I instance, which in the case of a user is usually null. Some users may have privileged instances, however, such as ``root'' or ``admin''. In the case of a service, the instance is the name of the machine on which it runs; i.e. there can be an .I rlogin service running on the machine ABC, which is different from the rlogin service running on the machine XYZ. The third part of a Kerberos name is the .I realm. The realm corresponds to the Kerberos service providing authentication for the principal. For example, at MIT there is a Kerberos running at the Laboratory for Computer Science and one running at Project Athena. .PP When writing a Kerberos name, the principal name is separated from the instance (if not null) by a period, and the realm (if not the local realm) follows, preceded by an ``@'' sign. The following are examples of valid Kerberos names: .sp .nf .in +8 billb jis.admin srz@lcs.mit.edu treese.root@athena.mit.edu .in -8 .fi .PP When you authenticate yourself with Kerberos, through either the workstation .I toehold system or the .I kinit command, Kerberos gives you an initial Kerberos .IR ticket . (A Kerberos ticket is an encrypted protocol message that provides authentication.) Kerberos uses this ticket for network utilities such as .I rlogin and .IR rcp . The ticket transactions are done transparently, so you don't have to worry about their management. .PP Note, however, that tickets expire. Privileged tickets, such as root instance tickets, expire in a few minutes, while tickets that carry more ordinary privileges may be good for several hours or a day, depending on the installation's policy. If your login session extends beyond the time limit, you will have to re-authenticate yourself to Kerberos to get new tickets. Use the .IR kinit command to re-authenticate yourself. .PP If you use the .I kinit command to get your tickets, make sure you use the .I kdestroy command to destroy your tickets before you end your login session. You should probably put the .I kdestroy command in your .I \.logout file so that your tickets will be destroyed automatically when you logout. For more information about the .I kinit and .I kdestroy commands, see the .I kinit(1) and .I kdestroy(1) manual pages. .PP Currently, Kerberos supports the following network services: .IR rlogin , .IR rsh , +.IR rcp , +.IR pop , +.IR ftp , +.IR telnet , +.IR AFS and -.IR rcp . -Other services are being worked on, -such as the -.IR pop -mail system and NFS (network file system), -but are not yet available. +.IR NFS. .SH "SEE ALSO" kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3), kadmin(8) .SH BUGS Kerberos will not do authentication forwarding. In other words, if you use .I rlogin to login to a remote host, you cannot use Kerberos services from that host until you authenticate yourself explicitly on that host. Although you may need to authenticate yourself on the remote host, be aware that when you do so, .I rlogin sends your password across the network in clear text. .SH AUTHORS Steve Miller, MIT Project Athena/Digital Equipment Corporation .br Clifford Neuman, MIT Project Athena The following people helped out on various aspects of the system: Jeff Schiller designed and wrote the administration server and its user interface, kadmin. He also wrote the dbm version of the database management system. Mark Colan developed the Kerberos versions of .IR rlogin , .IR rsh , and .IR rcp , as well as contributing work on the servers. John Ostlund developed the Kerberos versions of .I passwd and .IR userreg . Stan Zanarotti pioneered Kerberos in a foreign realm (LCS), and made many contributions based on that experience. Many people contributed code and/or useful ideas, including Jim Aspnes, Bob Baldwin, John Barba, Richard Basch, Jim Bloom, Bill Bryant, Rob French, Dan Geer, David Jedlinsky, John Kohl, John Kubiatowicz, Bob McKie, Brian Murphy, Ken Raeburn, Chris Reed, Jon Rochlis, Mike Shanzer, Bill Sommerfeld, Jennifer Steiner, Ted Ts'o, and Win Treese. .SH RESTRICTIONS COPYRIGHT 1985,1986 Massachusetts Institute of Technology Index: stable/3/crypto/kerberosIV/man/kerberos.8 =================================================================== --- stable/3/crypto/kerberosIV/man/kerberos.8 (revision 62577) +++ stable/3/crypto/kerberosIV/man/kerberos.8 (revision 62578) @@ -1,44 +1,192 @@ -.\" $Id: kerberos.8,v 1.1 1996/11/14 22:14:55 assar Exp $ +.\" $Id: kerberos.8,v 1.4 1997/09/26 17:55:23 joda Exp $ .\" -.Dd November 14, 1996 +.Dd September 26, 1997 .Dt KERBEROS 8 .Os KTH-KRB .Sh NAME .Nm kerberos .Nd The kerberos daemon .Sh SYNPOSIS .Nm -.Op Fl snm -.Op Fl p Ar pause +.Op Fl mns .Op Fl a Ar max age +.Op Fl i Ar address .Op Fl l Ar log +.Op Fl p Ar pause +.Op Fl P Ar portspec .Op Fl r Ar realm -.Ar database +.Op Ar database .Sh DESCRIPTION This is the .Nm daemon. .Pp Options: .Bl -tag -width -ident -.It Fl s -Set slave parameters. This will enable check to see if data is -getting too stale relative to the master. -.It Fl n -Do not check max age. -.It Fl m -Run manually and prompt for master key. -.It Fl p -Pause for -.Ar pause -before dying. .It Fl a Set the .Ar max age before the database is considered stale. +.It Fl i +Only listen on +.Ar address . +Normally, the kerberos server listens on all addresses of all +interfaces. .It Fl l Write the log to .Ar log +.It Fl m +Run manually and prompt for master key. +.It Fl n +Do not check max age. +.It Fl p +Pause for +.Ar pause +before dying. +.It Fl P +Listen to the ports specified by +.Ar portspec . +This should be a white-space separated list of port specificatios. A +port specification follows the format: +.Ar port Ns Op / Ns Ar protocol . +The +.Ar port +can be either a symbolic port name (from +.Pa /etc/services), or a number; +.Ar protocol can be either +.Li udp , +or +.Li tcp . +If left out, the KDC will listen to both UDP and TCP sockets on the +specified port. +.br +The special string +.Li + +mean that the default set of ports (TCP and UDP on ports 88 and 750) +should be included. .It Fl r Run as a server for realm .Ar realm +.It Fl s +Set slave parameters. This will enable check to see if data is +getting too stale relative to the master. +.El + +If no +.Ar database +is given a default datbase will be used, normally +.Pa /var/kerberos/principal . +.Sh DIAGNOSTICS + +The server logs several messages in a log file +.Pf ( Pa /var/run/kerberos.log +by default). The logging mechanism opens and closes the log file for +each message, so you can safely rename the log file when the server is +running. +.Ss Operational messages +These are normal messages that you will see in the log. They might be +followed by some error message. +.Bl -tag -width xxxxx +.It Li Getting key for Ar REALM +The server fetched the key for +.Sq krbtgt.REALM +for the specific +realm. You will see this at startup, and for every attempt to use +cross realm authentication. +.It Xo Li Starting Kerberos for +.Ar REALM +.Li (kvno Ar kvno ) +.Xc +You will see this also if you start with +.Fl m . +.It Xo Li AS REQ +.Ar name.instance@REALM +.Li for +.Ar sname.sinstance +.Li from +.Ar ip-number +.Xc +An initial (password authenticated) request was received. +.It Xo Li APPL REQ +.Ar name.instance@REALM +.Li for +.Ar sname.sinstance +.Li from Ar ip-number +.Xc +A tgt-based request for a ticket was made. +.El + +.Ss Error messages +These messages reflects misconfigured clients, invalid requests, or +possibly attepted attacks. +.Bl -tag -width xxxxx +.It Li UNKNOWN Ar name.instance +The server received a request with an unknown principal. This is most +likely because someone typed the wrong name at a login prompt. It +could also be someone trying to get a list of possible users. +.It Xo Li Unknown realm Ar REALM +.Li from Ar ip-number +.Xc +There isn't a principal for +.Sq krbtgt.REALM +in the database. +.It Xo Li Can't hop realms: Ar REALM1 +.Li -> Ar REALM2 +.Xc +There was a request for a ticket for another realm. This might be +because of a misconfigured client. +.It Li Principal not unique Ar name.instance +There is more than one entry for this principal in the database. This +is not very good. +.It Li Null key Ar name.instance +Someone tried to use a principal that for some reason doesn't have a +key. +.It Xo Li Incorrect master key version for +.Ar name.instance +.Li : Ar number +.Li (should be Ar number ) +.Xc +The principal has it's key encrypted with the wrong master key. +.It Xo Li Principal Ar name.instance +.Li expired at Ar date +.Xc +The principal's key has expired. +.It Li krb_rd_req from Ar ip-number : error-message +The message couldn't be decoded properly. The error message will give +you further hints. You will see this if someone is trying to use +expired tickets. +.It Xo Li Unknown message type: Ar number +.Li from Ar ip-number +.Xc +The message received was not one that is understood by this server. +.It Li Can't authorize password changed based on TGT +Someone tried to get a +.Sq changepw.kerberos +via a tgt exchange. This is +because of a broken client, or possibly an attack. +.It Li KRB protocol version mismatch ( Ar number ) +The server received a request with an unknown version number. +.El + +.Ss Fatal error messages +The following messages indicate problems when starting the server. +.Bl -tag -width xxxxx +.It Li Database unavailable! +There was some problem reading the database. +.It Li Database currently being updated! +Someone is currently updating the database (possibly via krop). +.It Li Database out of date! +The database is older than the maximum age specified. +.It Li Couldn't get master key. +The master key file wasn't found or the file is damaged. +.It Li Can't verify master key. +The key in the keyfile doesn't match the current databse. +.It Li Ticket granting ticket service unknown +The database doesn't contain a +.Sq krbtgt.REALM +for the local realm. +.El + +.Sh SEE ALSO +.Xr kprop 8 , +.Xr kpropd 8 Index: stable/3/crypto/kerberosIV/man/kinit.1 =================================================================== --- stable/3/crypto/kerberosIV/man/kinit.1 (revision 62577) +++ stable/3/crypto/kerberosIV/man/kinit.1 (revision 62578) @@ -1,136 +1,136 @@ -.\" $Id$ +.\" $Id: kinit.1,v 1.4 1998/12/18 16:57:29 assar Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, .\" please see the file . .\" .TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME kinit \- Kerberos login utility .SH SYNOPSIS .B kinit [ .B \-irvlp ] .SH DESCRIPTION The .I kinit command is used to login to the Kerberos authentication and authorization system. Note that only registered Kerberos users can use the Kerberos system. For information about registering as a Kerberos user, see the .I kerberos(1) manual page. .PP If you are logged in to a workstation that is running the .I toehold service, you do not have to use .I kinit. The .I toehold login procedure will log you into Kerberos automatically. You will need to use .I kinit only in those situations in which your original tickets have expired. (Tickets expire in about a day.) Note as well that .I toehold will automatically destroy your tickets when you logout from the workstation. .PP When you use .I kinit without options, the utility prompts for your username and Kerberos password, and tries to authenticate your login with the local Kerberos server. .PP If Kerberos authenticates the login attempt, .I kinit retrieves your initial ticket and puts it in the ticket file specified by your KRBTKFILE environment variable. If this variable is undefined, your ticket will be stored in the .IR /tmp directory, in the file .I tktuid , where .I uid specifies your user identification number. .PP If you have logged in to Kerberos without the benefit of the workstation .I toehold system, make sure you use the .I kdestroy command to destroy any active tickets before you end your login session. You may want to put the .I kdestroy command in your .I \.logout file so that your tickets will be destroyed automatically when you logout. .PP The options to .I kinit are as follows: .TP 7 .B \-i .I kinit prompts you for a Kerberos instance. .TP .B \-r .I kinit prompts you for a Kerberos realm. This option lets you authenticate yourself with a remote Kerberos server. .TP .B \-v Verbose mode. .I kinit prints the realm you are in, the name of the ticket file used, and a status message indicating the success or failure of your login attempt. .TP .B \-l .I kinit prompts you for a ticket lifetime in minutes. Due to protocol restrictions in Kerberos Version 4, this value must be between 5 and 1275 minutes. .TP .B \-p .I kinit -will acquires a ticket for chpass.kerberos. +will acquires a ticket for changepw.kerberos. .SH SEE ALSO .PP kerberos(1), kdestroy(1), klist(1), toehold(1) .SH BUGS The .B \-r option has not been fully implemented. .SH AUTHORS Steve Miller, MIT Project Athena/Digital Equipment Corporation .br Clifford Neuman, MIT Project Athena Index: stable/3/crypto/kerberosIV/man/krb.conf.5 =================================================================== --- stable/3/crypto/kerberosIV/man/krb.conf.5 (revision 62577) +++ stable/3/crypto/kerberosIV/man/krb.conf.5 (revision 62578) @@ -1,31 +1,42 @@ -.\" $Id: krb.conf.5,v 1.2 1996/06/12 21:29:21 bg Exp $ +.\" $Id: krb.conf.5,v 1.4 1999/08/02 16:09:57 bg Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, .\" please see the file . .\" .TH KRB.CONF 5 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME /etc/krb.conf \- Kerberos configuration file .SH DESCRIPTION .I krb.conf -contains configuration information describing the Kerberos realm and the +contains configuration information describing the Kerberos realm(s) and the Kerberos key distribution center (KDC) servers for known realms. .PP .I krb.conf -contains the name of the local realm in the first -line, followed by lines indicating realm/host -entries. The first token is a realm name, and the second is the hostname -of a host running a KDC for that realm. -The words "admin server" following the hostname indicate that -the host also provides an administrative database server. +starts with a definition of the local realm on the first line, this is +followed by any number lines defining supplementary local realms. The +rest of the file consists of lines indicating realm/host entries. The +first token is a realm name, and the second is a server specification +of a host running a KDC for that realm. The words "admin server" +following the hostname indicate that the host also provides an +administrative database server. + +To be able to communicate with the KDC through a firewall it is +sometimes necessary to tunnel requests over HTTP or TCP. Tunnel +protocols and port numbers are specified in the server specification +using the syntax [(UDP|TCP|HTTP)/]hostname[:port]. + For example: .nf .in +1i -ATHENA.MIT.EDU -ATHENA.MIT.EDU kerberos-1.mit.edu admin server -ATHENA.MIT.EDU kerberos-2.mit.edu -LCS.MIT.EDU kerberos.lcs.mit.edu admin server +SICS.SE +NADA.KTH.SE +SICS.SE TCP/kerberos.sics.se:88 admin server +NADA.KTH.SE kerberos.nada.kth.se admin server +NADA.KTH.SE kerberos-1.nada.kth.se +NADA.KTH.SE kerberos-2.nada.kth.se +NADA.KTH.SE HTTP/kerberos-3.nada.kth.se +KTH.SE kerberos.kth.se admin server .in -1i .SH SEE ALSO krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3) Index: stable/3/crypto/kerberosIV/server/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/server/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/server/Makefile.in (revision 62578) @@ -1,79 +1,77 @@ -# $Id: Makefile.in,v 1.24 1997/05/02 17:52:00 assar Exp $ +# $Id: Makefile.in,v 1.30 1999/03/10 19:01:17 joda Exp $ SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ DEFS = @DEFS@ -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs LIBS = @LIBS@ LIB_DBM = @LIB_DBM@ prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ libexecdir = @libexecdir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ PROGS = kerberos$(EXECSUFFIX) SOURCES = kerberos.c OBJECTS = kerberos.o all: $(PROGS) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + $(CC) -c $(DEFS) -I../include -I$(srcdir) $(CPPFLAGS) $(CFLAGS) $< install: all - $(MKINSTALLDIRS) $(libexecdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) for x in $(PROGS); do \ - $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done uninstall: for x in $(PROGS); do \ - rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done TAGS: $(SOURCES) etags $(SOURCES) check: clean: rm -f *.a *.o $(PROGS) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - kerberos$(EXECSUFFIX): kerberos.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kerberos.o -L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIB_DBM) $(LIBS) -lroken + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kerberos.o -L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIB_DBM) $(LIBS) -lroken $(OBJECTS): ../include/config.h + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/server/kerberos.c =================================================================== --- stable/3/crypto/kerberosIV/server/kerberos.c (revision 62577) +++ stable/3/crypto/kerberosIV/server/kerberos.c (revision 62578) @@ -1,846 +1,1041 @@ /* * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. * * For copying and distribution information, please see the file * . */ #include "config.h" #include "protos.h" -RCSID("$Id: kerberos.c,v 1.64 1997/05/20 18:40:46 bg Exp $"); +RCSID("$Id: kerberos.c,v 1.87 1999/11/13 06:35:39 assar Exp $"); #include #include #include #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_SELECT_H #include #endif #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifdef HAVE_FCNTL_H #include #endif -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include #endif #ifdef HAVE_SYS_FILIO_H #include #endif /* HAVE_SYS_FILIO_H */ #ifdef HAVE_NETDB_H #include #endif #include #ifdef SOCKS #include #endif #include +#include #include #include #include #include #include +#include + #include static des_key_schedule master_key_schedule; static des_cblock master_key; static struct timeval kerb_time; static u_char master_key_version; -static char k_instance[INST_SZ]; static char *lt; static int more; static int mflag; /* Are we invoked manually? */ -static char *log_file; /* name of alt. log file */ +static char *log_file = KRBLOG; /* name of alt. log file */ static int nflag; /* don't check max age */ static int rflag; /* alternate realm specified */ /* fields within the received request packet */ static char *req_name_ptr; static char *req_inst_ptr; static char *req_realm_ptr; static u_int32_t req_time_ws; static char local_realm[REALM_SZ]; /* options */ static int max_age = -1; static int pause_int = -1; /* * Print usage message and exit. */ static void usage(void) { fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]" - " [-a max_age] [-l log_file] [-r realm] [database_pathname]\n", + " [-a max_age] [-l log_file] [-i address_to_listen_on]" + " [-r realm] [database_pathname]\n", __progname); exit(1); } /* * kerb_err_reply creates an error reply packet and sends it to the * client. */ static void kerb_err_reply(int f, struct sockaddr_in *client, int err, char *string) { static KTEXT_ST e_pkt_st; KTEXT e_pkt = &e_pkt_st; static char e_msg[128]; - strcpy(e_msg, "\nKerberos error -- "); - strcat(e_msg, string); + snprintf (e_msg, sizeof(e_msg), + "\nKerberos error -- %s", string); cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, req_time_ws, err, e_msg); sendto(f, (char*)e_pkt->dat, e_pkt->length, 0, (struct sockaddr *)client, sizeof(*client)); } static void hang(void) { if (pause_int == -1) { klog(L_KRB_PERR, "Kerberos will pause so as not to loop init"); for (;;) pause(); } else { char buf[256]; snprintf(buf, sizeof(buf), "Kerberos will wait %d seconds before dying so as not to loop init", pause_int); klog(L_KRB_PERR, buf); sleep(pause_int); klog(L_KRB_PERR, "Do svedania....\n"); exit(1); } } static int check_princ(char *p_name, char *instance, unsigned int lifetime, Principal *p) { static int n; static int more; n = kerb_get_principal(p_name, instance, p, 1, &more); if (n < 0) { lt = klog(L_KRB_PERR, "Database unavailable!"); hang(); } /* * if more than one p_name, pick one, randomly create a session key, * compute maximum lifetime, lookup authorizations if applicable, * and stuff into cipher. */ if (n == 0) { /* service unknown, log error, skip to next request */ lt = klog(L_ERR_UNK, "UNKNOWN %s.%s", p_name, instance); return KERB_ERR_PRINCIPAL_UNKNOWN; } if (more) { /* not unique, log error */ lt = klog(L_ERR_NUN, "Principal not unique %s.%s", p_name, instance); return KERB_ERR_PRINCIPAL_NOT_UNIQUE; } /* If the user's key is null, we want to return an error */ if ((p->key_low == 0) && (p->key_high == 0)) { /* User has a null key */ lt = klog(L_ERR_NKY, "Null key %s.%s", p_name, instance); return KERB_ERR_NULL_KEY; } if (master_key_version != p->kdc_key_ver) { /* log error reply */ lt = klog(L_ERR_MKV, "Incorrect master key version for %s.%s: %d (should be %d)", p->name, p->instance, p->kdc_key_ver, master_key_version); return KERB_ERR_NAME_MAST_KEY_VER; } /* make sure the service hasn't expired */ if ((u_int32_t) p->exp_date < (u_int32_t) kerb_time.tv_sec) { /* service did expire, log it */ time_t t = p->exp_date; lt = klog(L_ERR_SEXP, "Principal %s.%s expired at %s", p->name, p->instance, krb_stime(&t)); return KERB_ERR_NAME_EXP; } /* ok is zero */ return 0; } static void unseal(des_cblock *key) { kdb_encrypt_key(key, key, &master_key, master_key_schedule, DES_DECRYPT); } /* Set the key for krb_rd_req so we can check tgt */ static int set_tgtkey(char *r) /* Realm for desired key */ { int n; static char lastrealm[REALM_SZ]; Principal p_st; Principal *p = &p_st; des_cblock key; if (!strcmp(lastrealm, r)) return (KSUCCESS); klog(L_ALL_REQ, "Getting key for %s", r); n = kerb_get_principal(KRB_TICKET_GRANTING_TICKET, r, p, 1, &more); if (n == 0) return (KFAILURE); /* unseal tgt key from master key */ copy_to_key(&p->key_low, &p->key_high, key); unseal(&key); krb_set_key(key, 0); - strcpy(lastrealm, r); + strlcpy (lastrealm, r, REALM_SZ); return (KSUCCESS); } static int -kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt) +kerberos(unsigned char *buf, int len, + char *proto, struct sockaddr_in *client, + struct sockaddr_in *server, + KTEXT rpkt) { int pvno; int msg_type; int lsb; int life; int flags = 0; char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ]; char service[SNAME_SZ], sinst[INST_SZ]; u_int32_t req_time; static KTEXT_ST ticket, cipher, adat; KTEXT tk = &ticket, ciph = &cipher, auth = &adat; AUTH_DAT ad; des_cblock session, key; int err; Principal a_name, s_name; char *msg; unsigned char *p = buf; if(len < 2){ - strcpy((char*)rpkt->dat, "Packet too short"); + strlcpy((char*)rpkt->dat, + "Packet too short", + sizeof(rpkt->dat)); return KFAILURE; } gettimeofday(&kerb_time, NULL); pvno = *p++; if(pvno != KRB_PROT_VERSION){ msg = klog(L_KRB_PERR, "KRB protocol version mismatch (%d)", pvno); - strcpy((char*)rpkt->dat, msg); + strlcpy((char*)rpkt->dat, + msg, + sizeof(rpkt->dat)); return KERB_ERR_PKT_VER; } msg_type = *p++; lsb = msg_type & 1; msg_type &= ~1; switch(msg_type){ case AUTH_MSG_KDC_REQUEST: /* XXX range check */ p += krb_get_nir(p, name, inst, realm); p += krb_get_int(p, &req_time, 4, lsb); life = *p++; p += krb_get_nir(p, service, sinst, NULL); - klog(L_INI_REQ, "AS REQ %s.%s@%s for %s.%s from %s", - name, inst, realm, service, sinst, inet_ntoa(client)); + klog(L_INI_REQ, + "AS REQ %s.%s@%s for %s.%s from %s (%s/%u)", + name, inst, realm, service, sinst, + inet_ntoa(client->sin_addr), + proto, ntohs(server->sin_port)); if((err = check_princ(name, inst, 0, &a_name))){ - strcpy((char*)rpkt->dat, krb_get_err_text(err)); + strlcpy((char*)rpkt->dat, + krb_get_err_text(err), + sizeof(rpkt->dat)); return err; } tk->length = 0; if((err = check_princ(service, sinst, 0, &s_name))){ - strcpy((char*)rpkt->dat, krb_get_err_text(err)); + strlcpy((char*)rpkt->dat, + krb_get_err_text(err), + sizeof(rpkt->dat)); return err; } life = min(life, s_name.max_life); life = min(life, a_name.max_life); des_new_random_key(&session); copy_to_key(&s_name.key_low, &s_name.key_high, key); unseal(&key); krb_create_ticket(tk, flags, a_name.name, a_name.instance, - local_realm, client.s_addr, session, + local_realm, client->sin_addr.s_addr, + session, life, kerb_time.tv_sec, s_name.name, s_name.instance, &key); copy_to_key(&a_name.key_low, &a_name.key_high, key); unseal(&key); create_ciph(ciph, session, s_name.name, s_name.instance, local_realm, life, s_name.key_version, tk, kerb_time.tv_sec, &key); memset(&session, 0, sizeof(session)); memset(&key, 0, sizeof(key)); { KTEXT r; r = create_auth_reply(name, inst, realm, req_time, 0, a_name.exp_date, a_name.key_version, ciph); memcpy(rpkt, r, sizeof(*rpkt)); } return 0; case AUTH_MSG_APPL_REQUEST: - strcpy(realm, (char*)buf + 3); + strlcpy(realm, (char*)buf + 3, REALM_SZ); if((err = set_tgtkey(realm))){ - msg = klog(L_ERR_UNK, "Unknown realm %s from %s", - realm, inet_ntoa(client)); - strcpy((char*)rpkt->dat, msg); + msg = klog(L_ERR_UNK, + "Unknown realm %s from %s (%s/%u)", + realm, inet_ntoa(client->sin_addr), + proto, ntohs(server->sin_port)); + strlcpy((char*)rpkt->dat, + msg, + sizeof(rpkt->dat)); return err; } p = buf + strlen(realm) + 4; p = p + p[0] + p[1] + 2; auth->length = p - buf; memcpy(auth->dat, buf, auth->length); err = krb_rd_req(auth, KRB_TICKET_GRANTING_TICKET, - realm, client.s_addr, &ad, 0); + realm, client->sin_addr.s_addr, &ad, 0); if(err){ - msg = klog(L_ERR_UNK, "krb_rd_req from %s: %s", - inet_ntoa(client), krb_get_err_text(err)); - strcpy((char*)rpkt->dat, msg); + msg = klog(L_ERR_UNK, + "krb_rd_req from %s (%s/%u): %s", + inet_ntoa(client->sin_addr), + proto, + ntohs(server->sin_port), + krb_get_err_text(err)); + strlcpy((char*)rpkt->dat, + msg, + sizeof(rpkt->dat)); return err; } p += krb_get_int(p, &req_time, 4, lsb); life = *p++; p += krb_get_nir(p, service, sinst, NULL); - klog(L_APPL_REQ, "APPL REQ %s.%s@%s for %s.%s from %s", + klog(L_APPL_REQ, + "APPL REQ %s.%s@%s for %s.%s from %s (%s/%u)", ad.pname, ad.pinst, ad.prealm, service, sinst, - inet_ntoa(client)); + inet_ntoa(client->sin_addr), + proto, + ntohs(server->sin_port)); + if(strcmp(ad.prealm, realm)){ msg = klog(L_ERR_UNK, "Can't hop realms: %s -> %s", realm, ad.prealm); - strcpy((char*)rpkt->dat, msg); + strlcpy((char*)rpkt->dat, + msg, + sizeof(rpkt->dat)); return KERB_ERR_PRINCIPAL_UNKNOWN; } if(!strcmp(service, "changepw")){ - strcpy((char*)rpkt->dat, - "Can't authorize password changed based on TGT"); + strlcpy((char*)rpkt->dat, + "Can't authorize password changed based on TGT", + sizeof(rpkt->dat)); return KERB_ERR_PRINCIPAL_UNKNOWN; } err = check_princ(service, sinst, life, &s_name); if(err){ - strcpy((char*)rpkt->dat, krb_get_err_text(err)); + strlcpy((char*)rpkt->dat, + krb_get_err_text(err), + sizeof(rpkt->dat)); return err; } life = min(life, krb_time_to_life(kerb_time.tv_sec, krb_life_to_time(ad.time_sec, ad.life))); life = min(life, s_name.max_life); copy_to_key(&s_name.key_low, &s_name.key_high, key); unseal(&key); des_new_random_key(&session); krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm, - client.s_addr, &session, life, kerb_time.tv_sec, + client->sin_addr.s_addr, &session, + life, kerb_time.tv_sec, s_name.name, s_name.instance, &key); memset(&key, 0, sizeof(key)); create_ciph(ciph, session, service, sinst, local_realm, life, s_name.key_version, tk, kerb_time.tv_sec, &ad.session); memset(&session, 0, sizeof(session)); memset(ad.session, 0, sizeof(ad.session)); { KTEXT r; r =create_auth_reply(ad.pname, ad.pinst, ad.prealm, req_time, 0, 0, 0, ciph); memcpy(rpkt, r, sizeof(*rpkt)); } memset(&s_name, 0, sizeof(s_name)); return 0; case AUTH_MSG_ERR_REPLY: return -1; default: - msg = klog(L_KRB_PERR, "Unknown message type: %d from %s", - msg_type, inet_ntoa(client)); - strcpy((char*)rpkt->dat, msg); + msg = klog(L_KRB_PERR, + "Unknown message type: %d from %s (%s/%u)", + msg_type, + inet_ntoa(client->sin_addr), + proto, + ntohs(server->sin_port)); + strlcpy((char*)rpkt->dat, + msg, + sizeof(rpkt->dat)); return KFAILURE; } } static void -kerberos_wrap(int s, KTEXT data, struct sockaddr_in *client) +kerberos_wrap(int s, KTEXT data, char *proto, struct sockaddr_in *client, + struct sockaddr_in *server) { KTEXT_ST pkt; - int err = kerberos(data->dat, data->length, client->sin_addr, &pkt); + int http_flag = strcmp(proto, "http") == 0; + int err = kerberos(data->dat, data->length, proto, client, server, &pkt); if(err == -1) return; + if(http_flag){ + const char *msg = + "HTTP/1.1 200 OK\r\n" + "Server: KTH-KRB/1\r\n" + "Content-type: application/octet-stream\r\n" + "Content-transfer-encoding: binary\r\n\r\n"; + sendto(s, msg, strlen(msg), 0, (struct sockaddr *)client, + sizeof(*client)); + } if(err){ kerb_err_reply(s, client, err, (char*)pkt.dat); return; } sendto(s, pkt.dat, pkt.length, 0, (struct sockaddr *)client, sizeof(*client)); } /* * setup_disc * * disconnect all descriptors, remove ourself from the process * group that spawned us. */ static void setup_disc(void) { int s; for (s = 0; s < 3; s++) { close(s); } open("/dev/null", 0); dup2(0, 1); dup2(0, 2); setsid(); chdir("/tmp"); return; } /* * Make sure that database isn't stale. * * Exit if it is; we don't want to tell lies. */ static void check_db_age(void) { long age; if (max_age != -1) { /* Requires existance of kerb_get_db_age() */ gettimeofday(&kerb_time, 0); age = kerb_get_db_age(); if (age == 0) { klog(L_KRB_PERR, "Database currently being updated!"); hang(); } if ((age + max_age) < kerb_time.tv_sec) { klog(L_KRB_PERR, "Database out of date!"); hang(); /* NOTREACHED */ } } } struct descr{ int s; KTEXT_ST buf; int type; int timeout; + struct sockaddr_in addr; }; static void mksocket(struct descr *d, struct in_addr addr, int type, const char *service, int port) { - struct sockaddr_in sina; int on = 1; int sock; memset(d, 0, sizeof(struct descr)); if ((sock = socket(AF_INET, type, 0)) < 0) err (1, "socket"); #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)) < 0) warn ("setsockopt (SO_REUSEADDR)"); #endif - memset(&sina, 0, sizeof(sina)); - sina.sin_family = AF_INET; - sina.sin_port = port; - sina.sin_addr = addr; - if (bind(sock, (struct sockaddr *)&sina, sizeof(sina)) < 0) + memset(&d->addr, 0, sizeof(d->addr)); + d->addr.sin_family = AF_INET; + d->addr.sin_port = port; + d->addr.sin_addr = addr; + if (bind(sock, (struct sockaddr *)&d->addr, sizeof(d->addr)) < 0) err (1, "bind '%s/%s' (%d)", service, (type == SOCK_DGRAM) ? "udp" : "tcp", - ntohs(sina.sin_port)); + ntohs(d->addr.sin_port)); if(type == SOCK_STREAM) listen(sock, SOMAXCONN); d->s = sock; d->type = type; } static void loop(struct descr *fds, int maxfd); +struct port_spec { + int port; + int type; +}; + +static int +add_port(struct port_spec **ports, int *num_ports, int port, int type) +{ + struct port_spec *tmp; + tmp = realloc(*ports, (*num_ports + 1) * sizeof(*tmp)); + if(tmp == NULL) + return ENOMEM; + *ports = tmp; + tmp[*num_ports].port = port; + tmp[*num_ports].type = type; + (*num_ports)++; + return 0; +} + +static void +make_sockets(const char *port_spec, struct in_addr *i_addr, + struct descr **fds, int *nfds) +{ + int tp; + struct in_addr *a; + char *p, *q, *pos = NULL; + struct servent *sp; + struct port_spec *ports = NULL; + int num_ports = 0; + int i, j; + char *port_spec_copy = strdup (port_spec); + + if (port_spec_copy == NULL) + err (1, "strdup"); + + for(p = strtok_r(port_spec_copy, ", \t", &pos); + p; + p = strtok_r(NULL, ", \t", &pos)){ + if(strcmp(p, "+") == 0){ + add_port(&ports, &num_ports, 88, SOCK_DGRAM); + add_port(&ports, &num_ports, 88, SOCK_STREAM); + add_port(&ports, &num_ports, 750, SOCK_DGRAM); + add_port(&ports, &num_ports, 750, SOCK_STREAM); + }else{ + q = strchr(p, '/'); + if(q){ + *q = 0; + q++; + } + sp = getservbyname(p, q); + if(sp) + tp = ntohs(sp->s_port); + else if(sscanf(p, "%d", &tp) != 1) { + warnx("Unknown port: %s%s%s", p, q ? "/" : "", q ? q : ""); + continue; + } + if(q){ + if(strcasecmp(q, "tcp") == 0) + add_port(&ports, &num_ports, tp, SOCK_STREAM); + else if(strcasecmp(q, "udp") == 0) + add_port(&ports, &num_ports, tp, SOCK_DGRAM); + else + warnx("Unknown protocol type: %s", q); + }else{ + add_port(&ports, &num_ports, tp, SOCK_DGRAM); + add_port(&ports, &num_ports, tp, SOCK_STREAM); + } + } + } + free (port_spec_copy); + + if(num_ports == 0) + errx(1, "No valid ports specified!"); + + if (i_addr) { + *nfds = 1; + a = malloc(sizeof(*a) * *nfds); + if (a == NULL) + errx (1, "Failed to allocate %lu bytes", + (unsigned long)(sizeof(*a) * *nfds)); + memcpy(a, i_addr, sizeof(struct in_addr)); + } else + *nfds = k_get_all_addrs (&a); + if (*nfds < 0) { + struct in_addr any; + + any.s_addr = INADDR_ANY; + + warnx ("Could not get local addresses, binding to INADDR_ANY"); + *nfds = 1; + a = malloc(sizeof(*a) * *nfds); + if (a == NULL) + errx (1, "Failed to allocate %lu bytes", + (unsigned long)(sizeof(*a) * *nfds)); + memcpy(a, &any, sizeof(struct in_addr)); + } + *fds = malloc(*nfds * num_ports * sizeof(**fds)); + if (*fds == NULL) + errx (1, "Failed to allocate %lu bytes", + (unsigned long)(*nfds * num_ports * sizeof(**fds))); + for (i = 0; i < *nfds; i++) { + for(j = 0; j < num_ports; j++) { + mksocket(*fds + num_ports * i + j, a[i], + ports[j].type, "", htons(ports[j].port)); + } + } + *nfds *= num_ports; + free(ports); + free (a); +} + + int main(int argc, char **argv) { int child; int c; struct descr *fds; int nfds; - int i; int n; int kerror; + int i_flag = 0; + struct in_addr i_addr; + char *port_spec = "+"; umask(077); /* Create protected files */ set_progname (argv[0]); - while ((c = getopt(argc, argv, "snmp:a:l:r:")) != EOF) { + while ((c = getopt(argc, argv, "snmp:P:a:l:r:i:")) != -1) { switch(c) { case 's': /* * Set parameters to slave server defaults. */ if (max_age == -1 && !nflag) - max_age = ONE_DAY; /* 24 hours */ + max_age = THREE_DAYS; /* Survive weekend */ if (pause_int == -1) pause_int = FIVE_MINUTES; /* 5 minutes */ -#if 0 - if (log_file == NULL) { - /* this is only silly */ - log_file = KRBSLAVELOG; - } -#endif break; case 'n': max_age = -1; /* don't check max age. */ nflag++; break; case 'm': mflag++; /* running manually; prompt for master key */ break; - case 'p': + case 'p': { /* Set pause interval. */ - if (!isdigit(optarg[0])) + char *tmp; + + pause_int = strtol (optarg, &tmp, 0); + if (pause_int == 0 && tmp == optarg) { + fprintf(stderr, "pause_int `%s' not a number\n", optarg); usage(); - pause_int = atoi(optarg); + } + if ((pause_int < 5) || (pause_int > ONE_HOUR)) { fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n"); usage(); } break; - case 'a': + } + case 'P': + port_spec = optarg; + break; + case 'a': { /* Set max age. */ - if (!isdigit(optarg[0])) + char *tmp; + + max_age = strtol (optarg, &tmp, 0); + if (max_age == 0 && tmp == optarg) { + fprintf (stderr, "max_age `%s' not a number\n", optarg); usage(); - max_age = atoi(optarg); + } if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) { - fprintf(stderr, "max_age must be between one hour and three days, in seconds\n"); + fprintf(stderr, "max_age must be between one hour and " + "three days, in seconds\n"); usage(); } break; + } case 'l': /* Set alternate log file */ log_file = optarg; break; case 'r': /* Set realm name */ rflag++; - strcpy(local_realm, optarg); + strlcpy(local_realm, optarg, sizeof(local_realm)); break; + case 'i': + /* Only listen on this address */ + if(inet_aton (optarg, &i_addr) == 0) { + fprintf (stderr, "Bad address: %s\n", optarg); + exit (1); + } + ++i_flag; + break; default: usage(); break; } } - if(log_file == NULL) - log_file = KRBLOG; - if (optind == (argc-1)) { if (kerb_db_set_name(argv[optind]) != 0) { fprintf(stderr, "Could not set alternate database name\n"); exit(1); } optind++; } if (optind != argc) usage(); printf("Kerberos server starting\n"); if ((!nflag) && (max_age != -1)) printf("\tMaximum database age: %d seconds\n", max_age); if (pause_int != -1) printf("\tSleep for %d seconds on error\n", pause_int); else printf("\tSleep forever on error\n"); if (mflag) printf("\tMaster key will be entered manually\n"); printf("\tLog file is %s\n", log_file); kset_logfile(log_file); - - /* find our hostname, and use it as the instance */ - if (k_gethostname(k_instance, INST_SZ)) - err (1, "gethostname"); - /* - * Yes this looks backwards but it has to be this way to enable a - * smooth migration to the new port 88. - */ - { - int p1, p2; - struct in_addr *a; + make_sockets(port_spec, i_flag ? &i_addr : NULL, &fds, &nfds); - p1 = k_getportbyname ("kerberos-iv", "udp", htons(750)); - p2 = k_getportbyname ("kerberos-sec", "udp", htons(88)); - - if (p1 == p2) - { - fprintf(stderr, "Either define kerberos-iv/udp as 750\n"); - fprintf(stderr, " and kerberos-sec/udp as 88\n"); - fprintf(stderr, "or the other way around!"); - exit(1); - } - - nfds = k_get_all_addrs (&a); - if (nfds < 0) { - struct in_addr any; - - any.s_addr = INADDR_ANY; - - fprintf (stderr, "Could not get local addresses, " - "binding to INADDR_ANY\n"); - nfds = 1; - a = malloc(sizeof(*a) * nfds); - memcpy(a, &any, sizeof(struct in_addr)); - } - nfds *= 4; - fds = (struct descr*)malloc(nfds * sizeof(struct descr)); - for (i = 0; i < nfds/4; i++) { - mksocket(fds + 4 * i + 0, a[i], SOCK_DGRAM, "kerberos-iv", p1); - mksocket(fds + 4 * i + 1, a[i], SOCK_DGRAM, "kerberos-sec", p2); - mksocket(fds + 4 * i + 2, a[i], SOCK_STREAM, "kerberos-iv", p1); - mksocket(fds + 4 * i + 3, a[i], SOCK_STREAM, "kerberos-sec", p2); - } - free (a); - } /* do all the database and cache inits */ if ((n = kerb_init())) { if (mflag) { printf("Kerberos db and cache init "); printf("failed = %d ...exiting\n", n); exit (1); } else { klog(L_KRB_PERR, "Kerberos db and cache init failed = %d ...exiting", n); hang(); } } /* Make sure database isn't stale */ check_db_age(); /* setup master key */ if (kdb_get_master_key (mflag, &master_key, master_key_schedule) != 0) { - klog (L_KRB_PERR, "kerberos: couldn't get master key.\n"); + klog (L_KRB_PERR, "kerberos: couldn't get master key."); exit (1); } kerror = kdb_verify_master_key (&master_key, master_key_schedule, stdout); if (kerror < 0) { klog (L_KRB_PERR, "Can't verify master key."); memset(master_key, 0, sizeof (master_key)); memset (master_key_schedule, 0, sizeof (master_key_schedule)); exit (1); } master_key_version = (u_char) kerror; fprintf(stdout, "\nCurrent Kerberos master key version is %d\n", master_key_version); des_init_random_number_generator(&master_key); if (!rflag) { /* Look up our local realm */ krb_get_lrealm(local_realm, 1); } fprintf(stdout, "Local realm: %s\n", local_realm); fflush(stdout); if (set_tgtkey(local_realm)) { /* Ticket granting service unknown */ klog(L_KRB_PERR, "Ticket granting ticket service unknown"); fprintf(stderr, "Ticket granting ticket service unknown\n"); exit(1); } if (mflag) { if ((child = fork()) != 0) { printf("Kerberos started, PID=%d\n", child); exit(0); } setup_disc(); } klog(L_ALL_REQ, "Starting Kerberos for %s (kvno %d)", local_realm, master_key_version); /* receive loop */ loop(fds, nfds); exit(1); } static void +read_socket(struct descr *n) +{ + int b; + struct sockaddr_in from; + int fromlen = sizeof(from); + b = recvfrom(n->s, n->buf.dat + n->buf.length, + MAX_PKT_LEN - n->buf.length, 0, + (struct sockaddr *)&from, &fromlen); + if(b < 0){ + if(n->type == SOCK_STREAM){ + close(n->s); + n->s = -1; + } + n->buf.length = 0; + return; + } + n->buf.length += b; + if(n->type == SOCK_STREAM){ + char *proto = "tcp"; + if(n->buf.length > 4 && + strncmp((char *)n->buf.dat, "GET ", 4) == 0 && + strncmp((char *)n->buf.dat + n->buf.length - 4, + "\r\n\r\n", 4) == 0){ + char *p; + char *save = NULL; + + n->buf.dat[n->buf.length - 1] = 0; + strtok_r((char *)n->buf.dat, " \t\r\n", &save); + p = strtok_r(NULL, " \t\r\n", &save); + if(p == NULL) + p = ""; + if(*p == '/') p++; + n->buf.length = base64_decode(p, n->buf.dat); + if(n->buf.length <= 0){ + const char *msg = + "HTTP/1.1 404 Not found\r\n" + "Server: KTH-KRB/1\r\n" + "Content-type: text/html\r\n" + "Content-transfer-encoding: 8bit\r\n\r\n" + "404 Not found\r\n" + "

404 Not found

\r\n" + "That page does not exist. Information about " + "KTH-KRB " + "is available elsewhere.\r\n"; + fromlen = sizeof(from); + if(getpeername(n->s,(struct sockaddr*)&from, &fromlen) == 0) + klog(L_KRB_PERR, "Unknown HTTP request from %s", + inet_ntoa(from.sin_addr)); + else + klog(L_KRB_PERR, "Unknown HTTP request from "); + write(n->s, msg, strlen(msg)); + close(n->s); + n->s = -1; + n->buf.length = 0; + return; + } + proto = "http"; + b = 0; + } + else if(n->buf.length >= 4 && n->buf.dat[0] == 0){ + /* if this is a new type of packet (with + the length attached to the head of the + packet), and there is no more data to + be read, fake an old packet, so the + code below will work */ + u_int32_t len; + krb_get_int(n->buf.dat, &len, 4, 0); + if(n->buf.length == len + 4){ + memmove(n->buf.dat, n->buf.dat + 4, len); + b = 0; + } + } + if(b == 0){ + /* handle request if there are + no more bytes to read */ + fromlen = sizeof(from); + getpeername(n->s,(struct sockaddr*)&from, &fromlen); + kerberos_wrap(n->s, &n->buf, proto, &from, + &n->addr); + n->buf.length = 0; + close(n->s); + n->s = -1; + } + }else{ + /* udp packets are atomic */ + kerberos_wrap(n->s, &n->buf, "udp", &from, + &n->addr); + n->buf.length = 0; + } +} + +static void loop(struct descr *fds, int nfds) { for (;;) { int ret; fd_set readfds; struct timeval tv; int maxfd = 0; struct descr *n, *minfree; + int accepted; /* accept at most one socket per `round' */ FD_ZERO(&readfds); gettimeofday(&tv, NULL); maxfd = 0; minfree = NULL; /* Remove expired TCP sockets, and add all other to the set we are selecting on */ for(n = fds; n < fds + nfds; n++){ if(n->s >= 0 && n->timeout && tv.tv_sec > n->timeout){ kerb_err_reply(n->s, NULL, KERB_ERR_TIMEOUT, "Timeout"); close(n->s); n->s = -1; } if(n->s < 0){ if(minfree == NULL) minfree = n; continue; } FD_SET(n->s, &readfds); maxfd = max(maxfd, n->s); } /* add more space for sockets */ if(minfree == NULL){ int i = nfds; struct descr *new; nfds *=2; new = realloc(fds, sizeof(struct descr) * nfds); if(new){ fds = new; minfree = fds + i; for(; i < nfds; i++) fds[i].s = -1; } } ret = select(maxfd + 1, &readfds, 0, 0, 0); + accepted = 0; for (n = fds; n < fds + nfds; n++){ if(n->s < 0) continue; if (FD_ISSET(n->s, &readfds)){ if(n->type == SOCK_STREAM && n->timeout == 0){ /* add accepted socket to list of sockets we are selecting on */ - int s = accept(n->s, NULL, 0); + int s; + if(accepted) continue; + accepted = 1; + s = accept(n->s, NULL, 0); if(minfree == NULL){ kerb_err_reply(s, NULL, KFAILURE, "Out of memory"); close(s); }else{ minfree->s = s; minfree->type = SOCK_STREAM; gettimeofday(&tv, NULL); minfree->timeout = tv.tv_sec + 4; /* XXX */ - } - }else{ - int b; - struct sockaddr_in from; - int fromlen = sizeof(from); - b = recvfrom(n->s, n->buf.dat + n->buf.length, - MAX_PKT_LEN - n->buf.length, 0, - (struct sockaddr *)&from, &fromlen); - if(b < 0){ - if(n->type == SOCK_STREAM){ - close(n->s); - n->s = -1; - } - n->buf.length = 0; - continue; - } - n->buf.length += b; - if(n->type == SOCK_STREAM){ - if(n->buf.length >= 4 && n->buf.dat[0] == 0){ - /* if this is a new type of packet (with - the length attached to the head of the - packet), and there is no more data to - be read, fake an old packet, so the - code below will work */ - u_int32_t len; - krb_get_int(n->buf.dat, &len, 4, 0); - if(n->buf.length == len + 4){ - memmove(n->buf.dat, n->buf.dat + 4, len); - b = 0; - } - } - if(b == 0){ - /* handle request if there are - no more bytes to read */ - fromlen = sizeof(from); - getpeername(n->s,(struct sockaddr*)&from, &fromlen); - kerberos_wrap(n->s, &n->buf, &from); - n->buf.length = 0; - close(n->s); - n->s = -1; - } - }else{ - /* udp packets are atomic */ - kerberos_wrap(n->s, &n->buf, &from); - n->buf.length = 0; - } + minfree->buf.length = 0; + memcpy(&minfree->addr, &n->addr, sizeof(minfree->addr)); } + }else + read_socket(n); } } } } Index: stable/3/crypto/kerberosIV/slave/Makefile.in =================================================================== --- stable/3/crypto/kerberosIV/slave/Makefile.in (revision 62577) +++ stable/3/crypto/kerberosIV/slave/Makefile.in (revision 62578) @@ -1,82 +1,80 @@ -# $Id: Makefile.in,v 1.27 1997/05/04 04:16:28 assar Exp $ +# $Id: Makefile.in,v 1.33 1999/03/10 19:01:17 joda Exp $ SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ DEFS = @DEFS@ -DSBINDIR=\"$(sbindir)\" -CFLAGS = @CFLAGS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ LIBS = @LIBS@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ libexecdir = @libexecdir@ sbindir = @sbindir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ PROGS = kpropd$(EXECSUFFIX) \ kprop$(EXECSUFFIX) SOURCES = kpropd.c kprop.c OBJECTS = kpropd.o kprop.o all: $(PROGS) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + $(CC) -c $(DEFS) -I../include -I$(srcdir) $(CPPFLAGS) $(CFLAGS) $< install: all - $(MKINSTALLDIRS) $(libexecdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) for x in $(PROGS); do \ - $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done uninstall: for x in $(PROGS); do \ - rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done TAGS: $(SOURCES) etags $(SOURCES) check: clean: rm -f *.a *.o $(PROGS) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - kprop$(EXECSUFFIX): kprop.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kprop.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kprop.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken kpropd$(EXECSUFFIX): kpropd.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpropd.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken + $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kpropd.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken $(OBJECTS): ../include/config.h + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean Index: stable/3/crypto/kerberosIV/slave/kprop.c =================================================================== --- stable/3/crypto/kerberosIV/slave/kprop.c (revision 62577) +++ stable/3/crypto/kerberosIV/slave/kprop.c (revision 62578) @@ -1,530 +1,543 @@ /* Copyright 1987, 1988 by the Student Information Processing Board of the Massachusetts Institute of Technology Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the names of M.I.T. and the M.I.T. S.I.P.B. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. and the M.I.T. S.I.P.B. make no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "slav_locl.h" -RCSID("$Id: kprop.c,v 1.29 1997/05/25 02:43:54 joda Exp $"); +RCSID("$Id: kprop.c,v 1.37 1999/09/16 20:41:59 assar Exp $"); #include "kprop.h" static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION; int debug = 0; char my_realm[REALM_SZ]; int princ_data_size = 3 * sizeof(int32_t) + 3 * sizeof(unsigned char); short transfer_mode, net_transfer_mode; int force_flag; static char ok[] = ".dump_ok"; struct slave_host { u_int32_t net_addr; char *name; char *instance; char *realm; int not_time_yet; int succeeded; struct slave_host *next; }; -static -int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime) +static int +get_slaves(struct slave_host **psl, + const char *dir_path, + const char *file, + time_t ok_mtime) { FILE *fin; char namebuf[128], *inst; char *pc; struct hostent *host; struct slave_host **th; - char path[256]; - char *ppath; + char *last_prop_path; struct stat stbuf; if ((fin = fopen(file, "r")) == NULL) err (1, "open(%s)", file); - strcpy(path, file); - if ((ppath = strrchr(path, '/'))) { - ppath += 1; - } else { - ppath = path; - } + th = psl; while(fgets(namebuf, sizeof(namebuf), fin)){ if ((pc = strchr(namebuf, '\n'))) { *pc = '\0'; } else { if(strlen(namebuf) == sizeof(namebuf) - 1){ warnx ("Hostname too long (>= %d chars) in '%s'.", (int) sizeof(namebuf), file); do{ if(fgets(namebuf, sizeof(namebuf), fin) == NULL) break; }while(strchr(namebuf, '\n') == NULL); continue; } } if(namebuf[0] == 0 || namebuf[0] == '#') continue; host = gethostbyname(namebuf); if (host == NULL) { warnx ("Ignoring host '%s' in '%s': %s", namebuf, file, -#ifdef HAVE_H_ERRNO - hstrerror(h_errno) -#else - "unknown error" -#endif - ); + hstrerror(h_errno)); continue; } (*th) = (struct slave_host *) malloc(sizeof(struct slave_host)); if (!*th) errx (1, "No memory reading host list from '%s'.", file); memset(*th, 0, sizeof(struct slave_host)); (*th)->name = strdup(namebuf); if ((*th)->name == NULL) errx (1, "No memory reading host list from '%s'.", file); /* get kerberos cannonical instance name */ inst = krb_get_phost ((*th)->name); (*th)->instance = strdup(inst); if ((*th)->instance == NULL) errx (1, "No memory reading host list from '%s'.", file); /* what a concept, slave servers in different realms! */ (*th)->realm = my_realm; memcpy(&(*th)->net_addr, host->h_addr, sizeof((*th)->net_addr)); (*th)->not_time_yet = 0; (*th)->succeeded = 0; (*th)->next = NULL; - strcat(strcpy(ppath, (*th)->name), "-last-prop"); - if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) { + asprintf(&last_prop_path, "%s%s-last-prop", dir_path, (*th)->name); + if (last_prop_path == NULL) + errx (1, "malloc failed"); + if (!force_flag + && !stat(last_prop_path, &stbuf) + && stbuf.st_mtime > ok_mtime) { (*th)->not_time_yet = 1; (*th)->succeeded = 1; /* no change since last success */ } + free(last_prop_path); th = &(*th)->next; } fclose(fin); return (1); } /* The master -> slave protocol looks like this: 1) 8 byte version string 2) 2 bytes of "transfer mode" (net byte order of course) 3) ticket/authentication send by sendauth 4) 4 bytes of "block" length (u_int32_t) 5) data 4 and 5 repeat til EOF ... */ static int -prop_to_slaves(struct slave_host *sl, int fd, char *fslv) +prop_to_slaves(struct slave_host *sl, + int fd, + const char *dir_path, + const char *fslv) { u_char buf[KPROP_BUFSIZ]; u_char obuf[KPROP_BUFSIZ + 64]; /* leave room for private msg overhead */ struct sockaddr_in sin, my_sin; int i, n, s; struct slave_host *cs; /* current slave */ - char path[256], my_host_name[MaxHostNameLen], *p_my_host_name; + char my_host_name[MaxHostNameLen], *p_my_host_name; char kprop_service_instance[INST_SZ]; - char *pc; u_int32_t cksum; u_int32_t length, nlength; long kerror; KTEXT_ST ticket; CREDENTIALS cred; MSG_DAT msg_dat; static char tkstring[] = "/tmp/kproptktXXXXXX"; - des_key_schedule session_sched; + char *last_prop_path; close(mkstemp(tkstring)); krb_set_tkt_string(tkstring); memset(&sin, 0, sizeof sin); sin.sin_family = AF_INET; sin.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT)); sin.sin_addr.s_addr = INADDR_ANY; - strcpy(path, fslv); - if ((pc = strrchr(path, '/'))) { - pc += 1; - } else { - pc = path; - } - for (i = 0; i < 5; i++) { /* try each slave five times max */ for (cs = sl; cs; cs = cs->next) { if (!cs->succeeded) { if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) err (1, "socket"); memcpy(&sin.sin_addr, &cs->net_addr, sizeof cs->net_addr); if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { warn ("connect(%s)", cs->name); close(s); continue; /*** NEXT SLAVE ***/ } /* for krb_mk_{priv, safe} */ memset(&my_sin, 0, sizeof my_sin); n = sizeof my_sin; if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) { warn ("getsockname(%s)", cs->name); close (s); continue; /*** NEXT SLAVE ***/ } if (n != sizeof (my_sin)) { warnx ("can't get socketname %s length", cs->name); close (s); continue; /*** NEXT SLAVE ***/ } /* Get ticket */ kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, cs->instance, cs->realm, (u_int32_t) 0); /* if ticket has expired try to get a new one, but * first get a TGT ... */ if (kerror != MK_AP_OK) { - if (k_gethostname (my_host_name, sizeof(my_host_name)) != 0) { + if (gethostname (my_host_name, sizeof(my_host_name)) != 0) { warnx ("gethostname(%s): %s", my_host_name, -#ifdef HAVE_H_ERRNO - hstrerror(h_errno) -#else - "unknown error" -#endif - ); + hstrerror(h_errno)); close (s); break; /* next one can't work either! */ } /* get canonical kerberos service instance name */ p_my_host_name = krb_get_phost (my_host_name); /* copy it to make sure gethostbyname static doesn't * screw us. */ - strcpy (kprop_service_instance, p_my_host_name); + strlcpy (kprop_service_instance, + p_my_host_name, + INST_SZ); kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, #if 0 kprop_service_instance, #else KRB_MASTER, #endif my_realm, KRB_TICKET_GRANTING_TICKET, my_realm, 96, KPROP_SRVTAB); if (kerror != INTK_OK) { warnx ("%s: %s. While getting initial ticket\n", cs->name, krb_get_err_text(kerror)); close (s); goto punt; } kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, - cs->instance, cs->realm, (u_int32_t) 0); + cs->instance, cs->realm, + (u_int32_t) 0); } if (kerror != MK_AP_OK) { warnx ("%s: krb_mk_req: %s", cs->name, krb_get_err_text(kerror)); close (s); continue; /*** NEXT SLAVE ***/ } if (write(s, kprop_version, sizeof(kprop_version)) != sizeof(kprop_version)) { warn ("%s", cs->name); close (s); continue; /*** NEXT SLAVE ***/ } net_transfer_mode = htons (transfer_mode); if (write(s, &net_transfer_mode, sizeof(net_transfer_mode)) != sizeof(net_transfer_mode)) { warn ("write(%s)", cs->name); close (s); continue; /*** NEXT SLAVE ***/ } kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance, cs->realm, &cred); if (kerror != KSUCCESS) { warnx ("%s: %s. Getting session key.", cs->name, krb_get_err_text(kerror)); close (s); continue; /*** NEXT SLAVE ***/ } #ifdef NOENCRYPTION memset(session_sched, 0, sizeof(session_sched)); #else if (des_key_sched (&cred.session, session_sched)) { warnx ("%s: can't make key schedule.", cs->name); close (s); continue; /*** NEXT SLAVE ***/ } #endif /* SAFE (quad_cksum) and CLEAR are just not good enough */ cksum = 0; #ifdef not_working_yet if (transfer_mode != KPROP_TRANSFER_PRIVATE) { cksum = get_data_checksum(fd, session_sched); lseek(fd, 0L, 0); } else #endif { struct stat st; fstat (fd, &st); cksum = st.st_size; } kerror = krb_sendauth(KOPT_DO_MUTUAL, s, &ticket, KPROP_SERVICE_NAME, cs->instance, cs->realm, cksum, &msg_dat, &cred, session_sched, &my_sin, &sin, KPROP_PROT_VERSION); if (kerror != KSUCCESS) { warnx ("%s: krb_sendauth: %s.", cs->name, krb_get_err_text(kerror)); close (s); continue; /*** NEXT SLAVE ***/ } lseek(fd, 0L, SEEK_SET); /* Rewind file before rereading it. */ while ((n = read(fd, buf, sizeof buf))) { if (n < 0) err (1, "read"); switch (transfer_mode) { case KPROP_TRANSFER_PRIVATE: case KPROP_TRANSFER_SAFE: if (transfer_mode == KPROP_TRANSFER_PRIVATE) length = krb_mk_priv (buf, obuf, n, session_sched, &cred.session, &my_sin, &sin); else length = krb_mk_safe (buf, obuf, n, &cred.session, &my_sin, &sin); if (length == -1) { warnx ("%s: %s failed.", cs->name, (transfer_mode == KPROP_TRANSFER_PRIVATE) ? "krb_rd_priv" : "krb_rd_safe"); close (s); continue; /*** NEXT SLAVE ***/ } nlength = htonl(length); if (write(s, &nlength, sizeof nlength) != sizeof nlength) { warn ("write(%s)", cs->name); close (s); continue; /*** NEXT SLAVE ***/ } if (write(s, obuf, length) != length) { warn ("write(%s)", cs->name); close(s); continue; /*** NEXT SLAVE ***/ } break; case KPROP_TRANSFER_CLEAR: if (write(s, buf, n) != n) { warn ("write(%s)", cs->name); close(s); continue; /*** NEXT SLAVE ***/ } break; } } close(s); cs->succeeded = 1; - fprintf(stderr, "%s: success.\n", cs->name); - strcat(strcpy(pc, cs->name), "-last-prop"); - unlink(path); - close(creat(path, 0600)); + printf("%s: success.\n", cs->name); + + asprintf(&last_prop_path, + "%s%s-last-prop", + dir_path, + cs->name); + if (last_prop_path == NULL) + errx (1, "malloc failed"); + + unlink(last_prop_path); + close(creat(last_prop_path, 0600)); } } } punt: dest_tkt(); for (cs = sl; cs; cs = cs->next) { if (!cs->succeeded) return (0); /* didn't get this slave */ } return (1); } static void -usage() +usage(void) { /* already got floc and fslv, what is this? */ fprintf(stderr, "\nUsage: kprop [-force] [-realm realm] [-private" #ifdef not_safe_yet "|-safe|-clear" #endif "] [data_file [slaves_file]]\n\n"); exit(1); } int main(int argc, char **argv) { int fd, i; char *floc, *floc_ok; char *fslv; + char *dir_path; struct stat stbuf, stbuf_ok; time_t l_init, l_final; char *pc; int l_diff; static struct slave_host *slave_host_list = NULL; struct slave_host *sh; set_progname (argv[0]); transfer_mode = KPROP_TRANSFER_PRIVATE; time(&l_init); pc = ctime(&l_init); pc[strlen(pc) - 1] = '\0'; printf("\nStart slave propagation: %s\n", pc); floc = NULL; fslv = NULL; if (krb_get_lrealm(my_realm,1) != KSUCCESS) errx (1, "Getting my kerberos realm. Check krb.conf"); for (i = 1; i < argc; i++) switch (argv[i][0]) { case '-': if (strcmp (argv[i], "-private") == 0) transfer_mode = KPROP_TRANSFER_PRIVATE; #ifdef not_safe_yet else if (strcmp (argv[i], "-safe") == 0) transfer_mode = KPROP_TRANSFER_SAFE; else if (strcmp (argv[i], "-clear") == 0) transfer_mode = KPROP_TRANSFER_CLEAR; #endif else if (strcmp (argv[i], "-realm") == 0) { i++; if (i < argc) - strcpy(my_realm, argv[i]); + strlcpy(my_realm, argv[i], REALM_SZ); else usage(); } else if (strcmp (argv[i], "-force") == 0) force_flag++; else { warnx("unknown control argument %s.", argv[i]); usage (); } break; default: /* positional arguments are marginal at best ... */ if (floc == NULL) floc = argv[i]; else { if (fslv == NULL) fslv = argv[i]; else usage(); } } if(floc == NULL) floc = DB_DIR "/slave_dump"; if(fslv == NULL) fslv = DB_DIR "/slaves"; asprintf (&floc_ok, "%s%s", floc, ok); if (floc_ok == NULL) errx (1, "out of memory in copying %s", floc); + dir_path = strdup(fslv); + if(dir_path == NULL) + errx (1, "malloc failed"); + pc = strrchr(dir_path, '/'); + if (pc != NULL) + ++pc; + else + pc = dir_path; + *pc = '\0'; + if ((fd = open(floc, O_RDONLY)) < 0) err (1, "open(%s)", floc); - if (k_flock(fd, K_LOCK_SH | K_LOCK_NB)) + if (flock(fd, LOCK_SH | LOCK_NB)) err (1, "flock(%s)", floc); if (stat(floc, &stbuf)) err (1, "stat(%s)", floc); if (stat(floc_ok, &stbuf_ok)) err (1, "stat(%s)", floc_ok); if (stbuf.st_mtime > stbuf_ok.st_mtime) errx (1, "'%s' more recent than '%s'.", floc, floc_ok); - if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime)) + if (!get_slaves(&slave_host_list, dir_path, fslv, stbuf_ok.st_mtime)) errx (1, "can't read slave host file '%s'.", fslv); #ifdef KPROP_DBG { struct slave_host *sh; int i; fprintf(stderr, "\n\n"); fflush(stderr); for (sh = slave_host_list; sh; sh = sh->next) { fprintf(stderr, "slave %d: %s, %s", i++, sh->name, inet_ntoa(sh->net_addr)); fflush(stderr); } } #endif /* KPROP_DBG */ - if (!prop_to_slaves(slave_host_list, fd, fslv)) + if (!prop_to_slaves(slave_host_list, fd, dir_path, fslv)) errx (1, "propagation failed."); - if (k_flock(fd, K_LOCK_UN)) + if (flock(fd, LOCK_UN)) err (1, "flock(%s, LOCK_UN)", floc); - fprintf(stderr, "\n\n"); + printf("\n\n"); for (sh = slave_host_list; sh; sh = sh->next) { - fprintf(stderr, "%s:\t\t%s\n", sh->name, - (sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED"))); + if (sh->not_time_yet) + printf( "%s:\t\tNot time yet\n", sh->name); + else if (sh->succeeded) + printf( "%s:\t\tSucceeded\n", sh->name); + else + fprintf(stderr, "%s:\t\tFAILED\n", sh->name); + fflush(stdout); } time(&l_final); l_diff = l_final - l_init; printf("propagation finished, %d:%02d:%02d elapsed\n", l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60); exit(0); } #ifdef doesnt_work_yet u_long get_data_checksum(fd, key_sched) int fd; des_key_schedule key_sched; { u_int32_t cksum = 0; int n; char buf[BUFSIZ]; u_int32_t obuf[2]; while (n = read(fd, buf, sizeof buf)) { if (n < 0) err (1, "read"); cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched); } return cksum; } #endif Index: stable/3/crypto/kerberosIV/slave/kpropd.c =================================================================== --- stable/3/crypto/kerberosIV/slave/kpropd.c (revision 62577) +++ stable/3/crypto/kerberosIV/slave/kpropd.c (revision 62578) @@ -1,301 +1,318 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "slav_locl.h" #include "kprop.h" -RCSID("$Id: kpropd.c,v 2.21 1997/05/02 17:52:13 assar Exp $"); +RCSID("$Id: kpropd.c,v 2.32 1999/12/02 16:58:56 joda Exp $"); #ifndef SBINDIR #define SBINDIR "/usr/athena/sbin" #endif struct sockaddr_in master, slave; char *database = DBM_FILE; char *lockfile = DB_DIR "/slave_propagation"; char *logfile = K_LOGFIL; char *kdb_util = SBINDIR "/kdb_util"; char *kdb_util_command = "load"; char *srvtab = ""; char realm[REALM_SZ]; static int copy_data(int from, int to, des_cblock *session, des_key_schedule schedule) { unsigned char tmp[4]; char buf[KPROP_BUFSIZ + 26]; u_int32_t length; int n; int kerr; MSG_DAT m; while(1){ n = krb_net_read(from, tmp, 4); if(n == 0) break; if(n < 0){ klog(L_KRB_PERR, "krb_net_read: %s", strerror(errno)); return -1; } if(n != 4){ klog(L_KRB_PERR, "Premature end of data"); return -1; } length = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; if(length > sizeof(buf)){ klog(L_KRB_PERR, "Giant packet received: %d", length); return -1; } if(krb_net_read(from, buf, length) != length){ klog(L_KRB_PERR, "Premature end of data"); return -1; } - kerr = krb_rd_priv (buf, length, schedule, session, &master, &slave, &m); + kerr = krb_rd_priv (buf, length, schedule, session, + &master, &slave, &m); if(kerr != KSUCCESS){ klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr)); return -1; } write(to, m.app_data, m.app_length); } return 0; } static int kprop(int s) { char buf[128]; int n; KTEXT_ST ticket; AUTH_DAT ad; char sinst[INST_SZ]; - char command[1024]; des_key_schedule schedule; int mode; int kerr; int lock; n = sizeof(master); if(getpeername(s, (struct sockaddr*)&master, &n) < 0){ klog(L_KRB_PERR, "getpeername: %s", strerror(errno)); return 1; } n = sizeof(slave); if(getsockname(s, (struct sockaddr*)&slave, &n) < 0){ klog(L_KRB_PERR, "getsockname: %s", strerror(errno)); return 1; } klog(L_KRB_PERR, "Connection from %s", inet_ntoa(master.sin_addr)); n = krb_net_read(s, buf, KPROP_PROT_VERSION_LEN + 2); if(n < KPROP_PROT_VERSION_LEN + 2){ klog(L_KRB_PERR, "Premature end of data"); return 1; } if(memcmp(buf, KPROP_PROT_VERSION, KPROP_PROT_VERSION_LEN) != 0){ klog(L_KRB_PERR, "Bad protocol version string received"); return 1; } mode = (buf[n-2] << 8) | buf[n-1]; if(mode != KPROP_TRANSFER_PRIVATE){ klog(L_KRB_PERR, "Bad transfer mode received: %d", mode); return 1; } k_getsockinst(s, sinst, sizeof(sinst)); kerr = krb_recvauth(KOPT_DO_MUTUAL, s, &ticket, KPROP_SERVICE_NAME, sinst, &master, &slave, &ad, srvtab, schedule, buf); if(kerr != KSUCCESS){ klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr)); return 1; } + + if(strcmp(ad.pname, KPROP_SERVICE_NAME) || +#if 0 + strcmp(ad.pinst, /* XXX remote host */) || +#else + strcmp(ad.pinst, KRB_MASTER) || +#endif + strcmp(ad.prealm, realm)){ + klog(L_KRB_PERR, "Connection from unauthorized client: %s", + krb_unparse_name_long(ad.pname, ad.pinst, ad.prealm)); + return 1; + } + des_set_key(&ad.session, schedule); lock = open(lockfile, O_WRONLY|O_CREAT, 0600); if(lock < 0){ klog(L_KRB_PERR, "Failed to open file: %s", strerror(errno)); return 1; } - if(k_flock(lock, K_LOCK_EX | K_LOCK_NB)){ + if(flock(lock, LOCK_EX | LOCK_NB)){ close(lock); klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno)); return 1; } if(ftruncate(lock, 0) < 0){ close(lock); klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno)); return 1; } if(copy_data(s, lock, &ad.session, schedule)){ close(lock); return 1; } close(lock); - snprintf(command, sizeof(command), - "%s %s %s %s", kdb_util, kdb_util_command, - lockfile, database); - if(system(command) == 0){ + + if(simple_execlp(kdb_util, "kdb_util", kdb_util_command, + lockfile, database, NULL) != 0) { + klog(L_KRB_PERR, "*** Propagation failed ***"); + return 1; + }else{ klog(L_KRB_PERR, "Propagation finished successfully"); return 0; } - klog(L_KRB_PERR, "*** Propagation failed ***"); - return 1; } static int doit(void) { return kprop(0); } static int doit_interactive(void) { struct sockaddr_in sa; int salen; int s, s2; int ret; s = socket(AF_INET, SOCK_STREAM, 0); if(s < 0){ klog(L_KRB_PERR, "socket: %s", strerror(errno)); return 1; } memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT)); ret = bind(s, (struct sockaddr*)&sa, sizeof(sa)); if (ret < 0) { klog(L_KRB_PERR, "bind: %s", strerror(errno)); return 1; } ret = listen(s, SOMAXCONN); if (ret < 0) { klog(L_KRB_PERR, "listen: %s", strerror(errno)); return 1; } for(;;) { salen = sizeof(sa); s2 = accept(s, (struct sockaddr*)&sa, &salen); switch(fork()){ case -1: klog(L_KRB_PERR, "fork: %s", strerror(errno)); return 1; case 0: close(s); kprop(s2); return 1; default: { int status; close(s2); wait(&status); } } } } static void usage (void) { fprintf (stderr, "Usage: kpropd [-i] [-d database] [-l log] [-m] [-[p|P] program]" " [-r realm] [-s srvtab]\n"); exit (1); } int main(int argc, char **argv) { int opt; int interactive = 0; krb_get_lrealm(realm, 1); while((opt = getopt(argc, argv, ":d:l:mp:P:r:s:i")) >= 0){ switch(opt){ case 'd': database = optarg; break; case 'l': logfile = optarg; break; case 'm': kdb_util_command = "merge"; break; case 'p': case 'P': kdb_util = optarg; break; case 'r': - strcpy(realm, optarg); + strlcpy(realm, optarg, REALM_SZ); break; case 's': srvtab = optarg; break; case 'i': interactive = 1; break; default: klog(L_KRB_PERR, "Bad option: -%c", optopt); usage (); exit(1); } + } + if (!interactive) { + /* Use logfile as stderr so we don't lose error messages. */ + int fd = open(logfile, O_CREAT | O_WRONLY | O_APPEND, 0600); + if (fd == -1) + klog(L_KRB_PERR, "Can't open logfile %s: %s", logfile,strerror(errno)); + else + dup2(fd, 2); + close(fd); } kset_logfile(logfile); if (interactive) return doit_interactive (); else return doit (); } Index: stable/3/crypto/kerberosIV/slave/slav_locl.h =================================================================== --- stable/3/crypto/kerberosIV/slave/slav_locl.h (revision 62577) +++ stable/3/crypto/kerberosIV/slave/slav_locl.h (revision 62578) @@ -1,101 +1,101 @@ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: slav_locl.h,v 1.11 1997/05/20 18:40:47 bg Exp $ */ +/* $Id: slav_locl.h,v 1.14 1999/12/02 16:58:56 joda Exp $ */ #ifndef __slav_locl_h #define __slav_locl_h #include "config.h" #include "protos.h" #include #include #include #include #include #include #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #include #ifdef HAVE_SYS_FILE_H #include #endif #ifdef HAVE_SYS_WAIT_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_NETDB_H #include #endif #include #ifdef SOCKS #include +/* This doesn't belong here. */ +struct tm *localtime(const time_t *); +struct hostent *gethostbyname(const char *); #endif #include #include #include #include #include #include + +#include #include "kprop.h" #endif /* __slav_locl_h */