oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

make sure it tries with all other authentication methods after one has

Browse Source 
failed


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6177 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1999-05-09 12:31:21 +00:00
parent 489626c62e
commit 0f15e127e3
1 changed files with 136 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
appl/rsh/rsh.c
View File

@@ -120,7 +120,7 @@ loop (int s, int errsock)
} }
#ifdef KRB4 #ifdef KRB4
static void static int
send_krb4_auth(int s, send_krb4_auth(int s,
struct sockaddr_in thisaddr, struct sockaddr_in thisaddr,
struct sockaddr_in thataddr, struct sockaddr_in thataddr,
@@ -141,15 +141,22 @@ send_krb4_auth(int s,
hostname, krb_realmofhost (hostname), hostname, krb_realmofhost (hostname),
getpid(), &msg, &cred, schedule, getpid(), &msg, &cred, schedule,
&thisaddr, &thataddr, KCMD_VERSION); &thisaddr, &thataddr, KCMD_VERSION);
if (status != KSUCCESS) if (status != KSUCCESS) {
errx (1, "%s: %s", hostname, krb_get_err_text(status)); warnx ("%s: %s", hostname, krb_get_err_text(status));
return 1;
}
memcpy (iv, cred.session, sizeof(iv)); memcpy (iv, cred.session, sizeof(iv));
len = strlen(remote_user) + 1; len = strlen(remote_user) + 1;
if (net_write (s, remote_user, len) != len) if (net_write (s, remote_user, len) != len) {
err (1, "write"); warn("write");
if (net_write (s, cmd, cmd_len) != cmd_len) return 1;
err (1, "write"); }
if (net_write (s, cmd, cmd_len) != cmd_len) {
warn("write");
return 1;
}
return 0;
} }
#endif /* KRB4 */ #endif /* KRB4 */
@@ -233,7 +240,7 @@ krb5_forward_cred (krb5_auth_context auth_context,
return 0; return 0;
} }
static void static int
send_krb5_auth(int s, send_krb5_auth(int s,
struct sockaddr_in thisaddr, struct sockaddr_in thisaddr,
struct sockaddr_in thataddr, struct sockaddr_in thataddr,
@@ -259,8 +266,10 @@ send_krb5_auth(int s,
"host", "host",
KRB5_NT_SRV_HST, KRB5_NT_SRV_HST,
&server); &server);
if (status) if (status) {
errx (1, "%s: %s", hostname, krb5_get_err_text(context, status)); warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
return 1;
}
cksum_data.length = asprintf ((char **)&cksum_data.data, cksum_data.length = asprintf ((char **)&cksum_data.data,
"%u:%s%s%s", "%u:%s%s%s",
@@ -282,29 +291,41 @@ send_krb5_auth(int s,
NULL, NULL,
NULL, NULL,
NULL); NULL);
if (status) if (status) {
errx (1, "%s: %s", hostname, krb5_get_err_text(context, status)); warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
return 1;
}
status = krb5_auth_con_getkey (context, auth_context, &keyblock); status = krb5_auth_con_getkey (context, auth_context, &keyblock);
if (status) if (status) {
errx (1, "krb5_auth_con_getkey: %s", warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
krb5_get_err_text(context, status)); return 1;
}
krb5_crypto_init(context, keyblock, 0, &crypto); krb5_crypto_init(context, keyblock, 0, &crypto);
if(status) if(status) {
errx (1, "krb5_crypto_init: %s", warnx ("krb5_crypto_init: %s", krb5_get_err_text(context, status));
krb5_get_err_text(context, status)); return 1;
}
len = strlen(remote_user) + 1; len = strlen(remote_user) + 1;
if (net_write (s, remote_user, len) != len) if (net_write (s, remote_user, len) != len) {
err (1, "write"); warn ("write");
if (do_encrypt && net_write (s, "-x ", 3) != 3) return 1;
err (1, "write"); }
if (net_write (s, cmd, cmd_len) != cmd_len) if (do_encrypt && net_write (s, "-x ", 3) != 3) {
err (1, "write"); warn ("write");
return 1;
}
if (net_write (s, cmd, cmd_len) != cmd_len) {
warn ("write");
return 1;
}
len = strlen(local_user) + 1; len = strlen(local_user) + 1;
if (net_write (s, local_user, len) != len) if (net_write (s, local_user, len) != len) {
err (1, "write"); warn ("write");
return 1;
}
if (!do_forward if (!do_forward
|| krb5_forward_cred (auth_context, s, hostname, do_forwardable)) { || krb5_forward_cred (auth_context, s, hostname, do_forwardable)) {
@@ -314,10 +335,10 @@ send_krb5_auth(int s,
write (s, &zero, 4); write (s, &zero, 4);
} }
krb5_auth_con_free (context, auth_context); krb5_auth_con_free (context, auth_context);
return 0;
} }
static void static int
send_broken_auth(int s, send_broken_auth(int s,
struct sockaddr_in thisaddr, struct sockaddr_in thisaddr,
struct sockaddr_in thataddr, struct sockaddr_in thataddr,
@@ -330,13 +351,20 @@ send_broken_auth(int s,
size_t len; size_t len;
len = strlen(local_user) + 1; len = strlen(local_user) + 1;
if (net_write (s, local_user, len) != len) if (net_write (s, local_user, len) != len) {
err (1, "write"); warn ("write");
return 1;
}
len = strlen(remote_user) + 1; len = strlen(remote_user) + 1;
if (net_write (s, remote_user, len) != len) if (net_write (s, remote_user, len) != len) {
err (1, "write"); warn ("write");
if (net_write (s, cmd, cmd_len) != cmd_len) return 1;
err (1, "write"); }
if (net_write (s, cmd, cmd_len) != cmd_len) {
warn ("write");
return 1;
}
return 0;
} }
static int static int
@@ -357,59 +385,84 @@ proto (int s, int errsock,
addrlen = sizeof(thisaddr); addrlen = sizeof(thisaddr);
if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0
|| addrlen != sizeof(thisaddr)) { || addrlen != sizeof(thisaddr)) {
err (1, "getsockname(%s)", hostname); warn ("getsockname(%s)", hostname);
return 1;
} }
addrlen = sizeof(thataddr); addrlen = sizeof(thataddr);
if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0 if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0
|| addrlen != sizeof(thataddr)) { || addrlen != sizeof(thataddr)) {
err (1, "getpeername(%s)", hostname); warn ("getpeername(%s)", hostname);
return 1;
} }
addrlen = sizeof(erraddr); addrlen = sizeof(erraddr);
if (getsockname (errsock, (struct sockaddr *)&erraddr, &addrlen) < 0) if (getsockname (errsock, (struct sockaddr *)&erraddr, &addrlen) < 0) {
err (1, "getsockname"); warn ("getsockname");
return 1;
}
if (listen (errsock, 1) < 0) if (listen (errsock, 1) < 0) {
err (1, "listen"); warn ("listen");
return 1;
}
p = buf; p = buf;
snprintf (p, sizeof(buf), "%u", ntohs(erraddr.sin_port)); snprintf (p, sizeof(buf), "%u", ntohs(erraddr.sin_port));
len = strlen(buf) + 1; len = strlen(buf) + 1;
if(net_write (s, buf, len) != len) if(net_write (s, buf, len) != len) {
err (1, "write"); warn ("write");
close (errsock);
return 1;
}
errsock2 = accept (errsock, NULL, NULL); errsock2 = accept (errsock, NULL, NULL);
if (errsock2 < 0) if (errsock2 < 0) {
err (1, "accept"); warn ("accept");
close (errsock);
return 1;
}
close (errsock); close (errsock);
#ifdef KRB4 #ifdef KRB4
if (auth_method == AUTH_KRB4) if (auth_method == AUTH_KRB4) {
send_krb4_auth (s, thisaddr, thataddr, if(send_krb4_auth (s, thisaddr, thataddr,
hostname, remote_user, local_user, hostname, remote_user, local_user,
cmd_len, cmd); cmd_len, cmd)){
else close (errsock2);
return 1;
}
} else
#endif /* KRB4 */ #endif /* KRB4 */
if(auth_method == AUTH_KRB5) if(auth_method == AUTH_KRB5) {
send_krb5_auth (s, thisaddr, thataddr, if(send_krb5_auth (s, thisaddr, thataddr,
hostname, remote_user, local_user, hostname, remote_user, local_user,
cmd_len, cmd); cmd_len, cmd)) {
else close (errsock2);
if(auth_method == AUTH_BROKEN) return 1;
send_broken_auth (s, thisaddr, thataddr, }
hostname, remote_user, local_user, } else
cmd_len, cmd); if(auth_method == AUTH_BROKEN) {
else if(send_broken_auth (s, thisaddr, thataddr,
hostname, remote_user, local_user,
cmd_len, cmd)) {
close (errsock2);
return 1;
}
} else
abort (); abort ();
if (net_read (s, &reply, 1) != 1) if (net_read (s, &reply, 1) != 1) {
err (1, "read"); warn ("read");
close (errsock2);
return 1;
}
if (reply != 0) { if (reply != 0) {
warnx ("Error from rshd at %s:", hostname); warnx ("Error from rshd at %s:", hostname);
while ((ret = read (s, buf, sizeof(buf))) > 0) while ((ret = read (s, buf, sizeof(buf))) > 0)
write (STDOUT_FILENO, buf, ret); write (STDOUT_FILENO, buf, ret);
close (errsock2);
return 1; return 1;
} }
@@ -460,13 +513,16 @@ doit_broken (int argc,
struct hostent *hostent; struct hostent *hostent;
struct sockaddr_in addr; struct sockaddr_in addr;
if (priv_socket1 < 0 || priv_socket2 < 0) if (priv_socket1 < 0 || priv_socket2 < 0) {
errx (1, "unable to bind reserved port: is rsh setuid root?"); warnx ("unable to bind reserved port: is rsh setuid root?");
return 1;
}
hostent = roken_gethostbyname (host); hostent = roken_gethostbyname (host);
if (hostent == NULL) if (hostent == NULL) {
errx (1, "gethostbyname '%s' failed: %s", warn("gethostbyname '%s' failed: %s", host, hstrerror(h_errno));
host, hstrerror(h_errno)); return 1;
}
memset (&addr, 0, sizeof(addr)); memset (&addr, 0, sizeof(addr));
addr.sin_family = AF_INET; addr.sin_family = AF_INET;
@@ -520,10 +576,13 @@ doit_broken (int argc,
} }
return 1; return 1;
} else { } else {
return proto (priv_socket1, priv_socket2, int ret;
argv[optind],
local_user, remote_user, ret = proto (priv_socket1, priv_socket2,
cmd, cmd_len); argv[optind],
local_user, remote_user,
cmd, cmd_len);
return ret;
} }
} }
@@ -550,6 +609,7 @@ doit (char *hostname,
struct sockaddr_in addr; struct sockaddr_in addr;
int errsock; int errsock;
struct sockaddr_in erraddr; struct sockaddr_in erraddr;
int ret;
memset (&addr, 0, sizeof(addr)); memset (&addr, 0, sizeof(addr));
addr.sin_family = AF_INET; addr.sin_family = AF_INET;
@@ -573,10 +633,12 @@ doit (char *hostname,
if (bind (errsock, (struct sockaddr *)&erraddr, sizeof(erraddr)) < 0) if (bind (errsock, (struct sockaddr *)&erraddr, sizeof(erraddr)) < 0)
err (1, "bind"); err (1, "bind");
return proto (s, errsock, ret = proto (s, errsock,
hostname, hostname,
local_user, remote_user, local_user, remote_user,
cmd, cmd_len); cmd, cmd_len);
close (s);
return ret;
} }
return 1; return 1;
} }