From e686a72a203089e8a35f78db360076de2cf57fde Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Sat, 12 Jul 1997 22:33:32 +0000 Subject: [PATCH] support conditional KRB4 git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2219 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/rsh/Makefile.am | 6 ++-- appl/rsh/common.c | 51 ++++++++++++++++++++++++++++--- appl/rsh/rsh.c | 39 +++++++++++++++-------- appl/rsh/rsh_locl.h | 4 +++ appl/rsh/rshd.c | 32 +++++++++++-------- appl/telnet/libtelnet/Makefile.am | 2 +- appl/telnet/telnet/Makefile.am | 2 +- appl/telnet/telnetd/Makefile.am | 4 +-- 8 files changed, 102 insertions(+), 38 deletions(-) diff --git a/appl/rsh/Makefile.am b/appl/rsh/Makefile.am index 491a93e96..1dea300bc 100644 --- a/appl/rsh/Makefile.am +++ b/appl/rsh/Makefile.am @@ -2,8 +2,7 @@ AUTOHEADER_FLAGS = no-dependencies foreign -#INCLUDES = -I$(top_builddir)/include -I/usr/athena/include -INCLUDES = -I$(top_builddir)/include -I$(top_builddir)/../k/include +INCLUDES = -I$(top_builddir)/include $(INCLUDE_krb4) bin_PROGRAMS = rsh @@ -13,5 +12,4 @@ rsh_SOURCES = rsh.c common.c rshd_SOURCES = rshd.c common.c -#LDADD = -L$(top_builddir)/lib/krb5 -lkrb5 -L$(top_builddir)/lib/des -ldes -L/usr/athena/lib -lkrb -ldes -L$(top_builddir)/lib/asn1 -lasn1 -L$(top_builddir)/lib/roken -lroken -LDADD = -L$(top_builddir)/lib/krb5 -lkrb5 -L$(top_builddir)/lib/des -ldes -L$(top_builddir)/../k/lib/krb -lkrb -ldes -L$(top_builddir)/lib/asn1 -lasn1 -L$(top_builddir)/lib/roken -lroken +LDADD = -L$(top_builddir)/lib/krb5 -lkrb5 -L$(top_builddir)/lib/des -ldes $(LIB_krb4) -L$(top_builddir)/lib/asn1 -lasn1 -L$(top_builddir)/lib/roken -lroken diff --git a/appl/rsh/common.c b/appl/rsh/common.c index e6a25a76c..85b102a4a 100644 --- a/appl/rsh/common.c +++ b/appl/rsh/common.c @@ -9,9 +9,12 @@ do_read (int fd, int ret; if (do_encrypt) { +#ifdef KRB4 if (auth_method == AUTH_KRB4) { return des_enc_read (fd, buf, sz, schedule, &iv); - } else if(auth_method == AUTH_KRB5) { + } else +#endif /* KRB4 */ + if(auth_method == AUTH_KRB5) { u_int32_t len, outer_len; int status; krb5_data data; @@ -30,7 +33,7 @@ do_read (int fd, status = krb5_decrypt(context, buf, outer_len, ETYPE_DES_CBC_CRC, /* XXX */ keyblock, &data); - if (status != KSUCCESS) + if (status) errx (1, "%s", krb5_get_err_text (context, status)); memcpy (buf, data.data, len); free (data.data); @@ -48,9 +51,12 @@ do_write (int fd, void *buf, size_t sz) int ret; if (do_encrypt) { +#ifdef KRB4 if(auth_method == AUTH_KRB4) { return des_enc_write (fd, buf, sz, schedule, &iv); - } else if(auth_method == AUTH_KRB5) { + } else +#endif /* KRB4 */ + if(auth_method == AUTH_KRB5) { krb5_error_code status; krb5_data data; u_int32_t len; @@ -62,7 +68,7 @@ do_write (int fd, void *buf, size_t sz) ETYPE_DES_CBC_CRC, /* XXX */ keyblock, &data); - if (status != KSUCCESS) + if (status) errx (1, "%s", krb5_get_err_text(context, status)); len = htonl(sz); ret = krb5_net_write (context, fd, &len, 4); @@ -80,3 +86,40 @@ do_write (int fd, void *buf, size_t sz) return write (fd, buf, sz); } +ssize_t +net_write (int fd, + const void *buf, + size_t len) +{ + char *cbuf = (char *)buf; + ssize_t count; + size_t rem = len; + + while (rem > 0) { + count = write (fd, cbuf, rem); + if (count < 0) + return count; + cbuf += count; + rem -= count; + } + return len; +} + +ssize_t +net_read (int fd, + void *buf, + size_t len) +{ + char *cbuf = (char *)buf; + ssize_t count; + size_t rem = len; + + while (rem > 0) { + count = read (fd, cbuf, rem); + if (count <= 0) + return count; + cbuf += count; + rem -= count; + } + return len; +} diff --git a/appl/rsh/rsh.c b/appl/rsh/rsh.c index 4fb8eb6af..772b184db 100644 --- a/appl/rsh/rsh.c +++ b/appl/rsh/rsh.c @@ -18,7 +18,11 @@ static int no_input; static void usage (void) { - errx (1, "Usage: %s [-45nx] [-p port] [-l user] host command", __progname); + errx (1, "Usage: %s [-" +#ifdef KRB4 + "4" +#endif + "5nx] [-p port] [-l user] host command", __progname); } static int @@ -56,7 +60,7 @@ loop (int s, int errsock) if (--count == 0) return 0; } else - krb_net_write (STDOUT_FILENO, buf, ret); + net_write (STDOUT_FILENO, buf, ret); } if (FD_ISSET(errsock, &readset)) { ret = do_read (errsock, buf, sizeof(buf)); @@ -68,7 +72,7 @@ loop (int s, int errsock) if (--count == 0) return 0; } else - krb_net_write (STDERR_FILENO, buf, ret); + net_write (STDERR_FILENO, buf, ret); } if (FD_ISSET(STDIN_FILENO, &readset)) { ret = read (STDIN_FILENO, buf, sizeof(buf)); @@ -83,6 +87,7 @@ loop (int s, int errsock) } } +#ifdef KRB4 static void send_krb4_auth(int s, struct sockaddr_in thisaddr, struct sockaddr_in thataddr, @@ -108,11 +113,12 @@ send_krb4_auth(int s, struct sockaddr_in thisaddr, memcpy (iv, cred.session, sizeof(iv)); len = strlen(remote_user) + 1; - if (krb_net_write (s, remote_user, len) != len) + if (net_write (s, remote_user, len) != len) err (1, "write"); - if (krb_net_write (s, cmd, cmd_len) != cmd_len) + if (net_write (s, cmd, cmd_len) != cmd_len) err (1, "write"); } +#endif /* KRB4 */ static void send_krb5_auth(int s, struct sockaddr_in thisaddr, @@ -172,14 +178,14 @@ send_krb5_auth(int s, struct sockaddr_in thisaddr, krb5_get_err_text(context, status)); len = strlen(local_user) + 1; - if (krb_net_write (s, local_user, len) != len) + if (net_write (s, local_user, len) != len) err (1, "write"); - if (do_encrypt && krb_net_write (s, "-x ", 3) != 3) + if (do_encrypt && net_write (s, "-x ", 3) != 3) err (1, "write"); - if (krb_net_write (s, cmd, cmd_len) != cmd_len) + if (net_write (s, cmd, cmd_len) != cmd_len) err (1, "write"); len = strlen(remote_user) + 1; - if (krb_net_write (s, remote_user, len) != len) + if (net_write (s, remote_user, len) != len) err (1, "write"); { @@ -235,7 +241,7 @@ proto (int s, char *hostname, char *local_user, char *remote_user, p = buf; snprintf (p, sizeof(buf), "%u", ntohs(erraddr.sin_port)); len = strlen(buf) + 1; - if(krb_net_write (s, buf, len) != len) + if(net_write (s, buf, len) != len) err (1, "write"); errsock2 = accept (errsock, NULL, NULL); @@ -243,11 +249,14 @@ proto (int s, char *hostname, char *local_user, char *remote_user, err (1, "accept"); close (errsock); +#ifdef KRB4 if (auth_method == AUTH_KRB4) send_krb4_auth (s, thisaddr, thataddr, hostname, remote_user, local_user, cmd_len, cmd); - else if(auth_method == AUTH_KRB5) + else +#endif /* KRB4 */ + if(auth_method == AUTH_KRB5) send_krb5_auth (s, thisaddr, thataddr, hostname, remote_user, local_user, cmd_len, cmd); @@ -256,7 +265,7 @@ proto (int s, char *hostname, char *local_user, char *remote_user, free (cmd); - if (krb_net_read (s, &reply, 1) != 1) + if (net_read (s, &reply, 1) != 1) err (1, "read"); if (reply != 0) { @@ -355,9 +364,11 @@ main(int argc, char **argv) auth_method = AUTH_KRB5; while ((c = getopt(argc, argv, "45l:nxp:")) != EOF) { switch (c) { +#ifdef KRB4 case '4': auth_method = AUTH_KRB4; break; +#endif case '5': auth_method = AUTH_KRB5; break; @@ -397,10 +408,12 @@ main(int argc, char **argv) usage (); if (port == 0) +#ifdef KRB4 if (do_encrypt && auth_method == AUTH_KRB4) port = k_getportbyname ("ekshell", "tcp", htons(545)); else - port = k_getportbyname ("kshell", "tcp", htons(544)); +#endif /* KRB4 */ + port = krb5_getportbyname ("kshell", "tcp", htons(544)); return doit (*argv, remote_user, port, argc - 1, argv + 1); diff --git a/appl/rsh/rsh_locl.h b/appl/rsh/rsh_locl.h index ff6fe4498..ae5bd4c18 100644 --- a/appl/rsh/rsh_locl.h +++ b/appl/rsh/rsh_locl.h @@ -34,8 +34,10 @@ #include #endif #include +#ifdef KRB4 #include #include +#endif #include #ifndef _PATH_NOLOGIN @@ -72,3 +74,5 @@ extern des_cblock iv; ssize_t do_read (int fd, void *buf, size_t sz); ssize_t do_write (int fd, void *buf, size_t sz); +ssize_t net_read (int fd, void *buf, size_t len); +ssize_t net_write (int fd, const void *buf, size_t len); diff --git a/appl/rsh/rshd.c b/appl/rsh/rshd.c index 74057d124..6da087e29 100644 --- a/appl/rsh/rshd.c +++ b/appl/rsh/rshd.c @@ -33,7 +33,7 @@ fatal (int sock, const char *m, ...) len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args); va_end(args); syslog (LOG_ERR, buf + 1); - krb_net_write (sock, buf, len + 1); + net_write (sock, buf, len + 1); exit (1); } @@ -41,7 +41,7 @@ static void read_str (int s, char *str, size_t sz, char *expl) { while (sz > 0) { - if (krb_net_read (s, str, 1) != 1) + if (net_read (s, str, 1) != 1) syslog_and_die ("read: %m"); if (*str == '\0') return; @@ -51,6 +51,7 @@ read_str (int s, char *str, size_t sz, char *expl) fatal (s, "%s too long", expl); } +#ifdef KRB4 static int recv_krb4_auth (int s, u_char *buf, struct sockaddr_in thisaddr, @@ -68,7 +69,7 @@ recv_krb4_auth (int s, u_char *buf, if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0) return -1; - if (krb_net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) != + if (net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) != KRB_SENDAUTH_VLEN - 4) syslog_and_die ("reading auth info: %m"); if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) @@ -100,6 +101,7 @@ recv_krb4_auth (int s, u_char *buf, read_str (s, cmd, COMMAND_SZ, "command"); return 0; } +#endif /* KRB4 */ static int recv_krb5_auth (int s, u_char *buf, @@ -120,7 +122,7 @@ recv_krb5_auth (int s, u_char *buf, return -1; len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]); - if (krb_net_read(s, buf, len) != len) + if (net_read(s, buf, len) != len) syslog_and_die ("reading auth info: %m"); if (len != sizeof(KRB5_SENDAUTH_VERSION) || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) @@ -174,7 +176,7 @@ recv_krb5_auth (int s, u_char *buf, krb5_get_err_text(context, status)); /* discard forwarding information */ - krb_net_read (s, buf, 4); + net_read (s, buf, 4); if(!krb5_kuserok (context, ticket->enc_part2.client, @@ -221,7 +223,7 @@ loop (int from0, int to0, close (from0); FD_CLR(from0, &real_readset); } else - krb_net_write (to0, buf, ret); + net_write (to0, buf, ret); } if (FD_ISSET(from1, &readset)) { ret = read (from1, buf, sizeof(buf)); @@ -280,7 +282,7 @@ setup_copier (void) close (p1[1]); close (p2[1]); - if (krb_net_write (STDOUT_FILENO, "", 1) != 1) + if (net_write (STDOUT_FILENO, "", 1) != 1) fatal (STDOUT_FILENO, "write failed"); loop (STDIN_FILENO, p0[1], @@ -318,7 +320,7 @@ doit (void) p = buf; port = 0; for(;;) { - if (krb_net_read (s, p, 1) != 1) + if (net_read (s, p, 1) != 1) syslog_and_die ("reading port number: %m"); if (*p == '\0') break; @@ -347,15 +349,18 @@ doit (void) syslog_and_die ("connect: %m"); } - if (krb_net_read (s, buf, 4) != 4) + if (net_read (s, buf, 4) != 4) syslog_and_die ("reading auth info: %m"); +#ifdef KRB4 if (recv_krb4_auth (s, buf, thisaddr, thataddr, client_user, server_user, cmd) == 0) auth_method = AUTH_KRB4; - else if(recv_krb5_auth (s, buf, thisaddr, thataddr, + else +#endif /* KRB4 */ + if(recv_krb5_auth (s, buf, thisaddr, thataddr, client_user, server_user, cmd) == 0) @@ -407,7 +412,7 @@ doit (void) if (do_encrypt) { setup_copier (); } else { - if (krb_net_write (s, "", 1) != 1) + if (net_write (s, "", 1) != 1) fatal (s, "write failed"); } @@ -462,11 +467,12 @@ main(int argc, char **argv) if (inetd) { if (port == 0) if (do_encrypt) - port = k_getportbyname ("ekshell", "tcp", htons(545)); + port = krb5_getportbyname ("ekshell", "tcp", htons(545)); else - port = k_getportbyname ("kshell", "tcp", htons(544)); + port = krb5_getportbyname ("kshell", "tcp", htons(544)); mini_inetd (port); } doit (); + return 0; } diff --git a/appl/telnet/libtelnet/Makefile.am b/appl/telnet/libtelnet/Makefile.am index 542d6a4bd..f786669ec 100644 --- a/appl/telnet/libtelnet/Makefile.am +++ b/appl/telnet/libtelnet/Makefile.am @@ -2,7 +2,7 @@ AUTOHEADER_FLAGS = no-dependencies foreign -INCLUDES = -I$(top_builddir)/include -I$(srcdir)/.. +INCLUDES = -I$(top_builddir)/include -I$(srcdir)/.. $(INCLUDE_krb4) noinst_LIBRARIES = libtelnet.a diff --git a/appl/telnet/telnet/Makefile.am b/appl/telnet/telnet/Makefile.am index 97e20e7d6..45a0e6823 100644 --- a/appl/telnet/telnet/Makefile.am +++ b/appl/telnet/telnet/Makefile.am @@ -10,4 +10,4 @@ telnet_SOURCES = authenc.c commands.c main.c network.c ring.c \ sys_bsd.c telnet.c terminal.c \ utilities.c -LDADD = -L../libtelnet -ltelnet -L$(top_builddir)/lib/krb5 -lkrb5 -L$(top_builddir)/lib/des -ldes -L$(top_builddir)/lib/asn1 -lasn1 @LIB_tgetent@ -L$(top_builddir)/lib/roken -lroken +LDADD = -L../libtelnet -ltelnet -L$(top_builddir)/lib/krb5 -lkrb5 -L$(top_builddir)/lib/des -ldes $(LIB_krb4) -L$(top_builddir)/lib/asn1 -lasn1 @LIB_tgetent@ -L$(top_builddir)/lib/roken -lroken diff --git a/appl/telnet/telnetd/Makefile.am b/appl/telnet/telnetd/Makefile.am index 3c90499ea..96147b06d 100644 --- a/appl/telnet/telnetd/Makefile.am +++ b/appl/telnet/telnetd/Makefile.am @@ -2,11 +2,11 @@ AUTOHEADER_FLAGS = no-dependencies foreign -INCLUDES = -I$(top_builddir)/include -I$(srcdir)/.. +INCLUDES = -I$(top_builddir)/include -I$(srcdir)/.. $(INCLUDE_krb4) libexec_PROGRAMS = telnetd telnetd_SOURCES = telnetd.c state.c termstat.c slc.c sys_term.c \ utility.c global.c authenc.c -LDADD = -L../libtelnet -ltelnet -L$(top_builddir)/lib/krb5 -lkrb5 -L$(top_builddir)/lib/des -ldes -L$(top_builddir)/lib/asn1 -lasn1 @LIB_tgetent@ -L$(top_builddir)/lib/roken -lroken +LDADD = -L../libtelnet -ltelnet -L$(top_builddir)/lib/krb5 -lkrb5 -L$(top_builddir)/lib/des -ldes $(LIB_krb4) -L$(top_builddir)/lib/asn1 -lasn1 @LIB_tgetent@ -L$(top_builddir)/lib/roken -lroken