[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-122-g76de1
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-122-g76de114 |
|
Date: |
Mon, 02 Jul 2012 18:47:12 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via 76de114e0804190217fa9007c1218315156c9d69 (commit)
via c32c09739e3adc26ffa505b1a829aaf1ecaddbb2 (commit)
from 3e80d3ab10a603309fc51ac899361bd2dcf83bdf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=76de114e0804190217fa9007c1218315156c9d69
commit 76de114e0804190217fa9007c1218315156c9d69
Author: Mats Erik Andersson <address@hidden>
Date: Mon Jul 2 20:18:38 2012 +0200
rlogin, rsh: Libshishi issues.
diff --git a/ChangeLog b/ChangeLog
index fc069cd..489feb8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2012-07-02 Mats Erik Andersson <address@hidden>
+
+ * libinetutils/shishi_def.c (shishi_auth): New type
+ `unsigned short port' of seventh parameter.
+ * libinetutils/shishi.c (shishi_auth): Likewise.
+ Call shishi_init() before shishi_realm_default_set().
+ * src/rlogin.c (parse_opt) <'k'>: Copy value from `arg'.
+ * src/rsh.c (options): The option `-k/--realm' takes
+ a value REALM, which was missing.
+
2012-07-01 Mats Erik Andersson <address@hidden>
rshd: Fix non-kerberized Shishi code.
diff --git a/libinetutils/shishi.c b/libinetutils/shishi.c
index caae9b0..bbe1ad6 100644
--- a/libinetutils/shishi.c
+++ b/libinetutils/shishi.c
@@ -31,8 +31,8 @@
/* shishi authentication */
int
shishi_auth (Shishi ** handle, int verbose, char **cname,
- const char *sname, int sock,
- char *cmd, int port, Shishi_key ** enckey, char *realm)
+ const char *sname, int sock, char *cmd,
+ unsigned short port, Shishi_key ** enckey, char *realm)
{
Shishi_ap *ap;
Shishi_tkt *tkt;
@@ -60,9 +60,6 @@ shishi_auth (Shishi ** handle, int verbose, char **cname,
return 1;
}
- if (realm)
- shishi_realm_default_set (*handle, realm);
-
rc = shishi_init (handle);
if (rc != SHISHI_OK)
{
@@ -71,6 +68,9 @@ shishi_auth (Shishi ** handle, int verbose, char **cname,
return 1;
}
+ if (realm)
+ shishi_realm_default_set (*handle, realm);
+
h = *handle;
if (!*cname)
diff --git a/libinetutils/shishi_def.h b/libinetutils/shishi_def.h
index 2351d34..868d72f 100644
--- a/libinetutils/shishi_def.h
+++ b/libinetutils/shishi_def.h
@@ -55,8 +55,8 @@ struct auth_data
};
extern int shishi_auth (Shishi ** handle, int verbose, char **cname,
- const char *sname, int sock,
- char *cmd, int port, Shishi_key ** enckey,
+ const char *sname, int sock, char *cmd,
+ unsigned short port, Shishi_key ** enckey,
char *realm);
extern int get_auth (int infd, Shishi ** handle, Shishi_ap ** ap,
diff --git a/src/rlogin.c b/src/rlogin.c
index d4f0171..bb21e1a 100644
--- a/src/rlogin.c
+++ b/src/rlogin.c
@@ -313,7 +313,7 @@ parse_opt (int key, char *arg, struct argp_state *state)
break;
case 'k':
- strncpy (dest_realm_buf, optarg, sizeof (dest_realm_buf));
+ strncpy (dest_realm_buf, arg, sizeof (dest_realm_buf));
/* Make sure it's null termintated. */
dest_realm_buf[sizeof (dest_realm_buf) - 1] = '\0';
dest_realm = dest_realm_buf;
@@ -536,11 +536,10 @@ try_connect:
# endif
# endif /* CRYPT */
- rem = krcmd (
# if defined SHISHI
- &handle, &host, sp->s_port, &user, term, 0, dest_realm);
+ rem = krcmd (&handle, &host, sp->s_port, &user, term, 0, dest_realm);
# else
- &host, sp->s_port, user, term, 0, dest_realm);
+ rem = krcmd (&host, sp->s_port, user, term, 0, dest_realm);
# endif
if (rem < 0)
{
diff --git a/src/rsh.c b/src/rsh.c
index aabc88f..dcbfc49 100644
--- a/src/rsh.c
+++ b/src/rsh.c
@@ -151,7 +151,7 @@ static struct argp_option options[] = {
#if defined KERBEROS || defined SHISHI
{ "kerberos", 'K', NULL, 0,
"turns off all Kerberos authentication" },
- { "realm", 'k', NULL, 0,
+ { "realm", 'k', "REALM", 0,
"obtain tickets for the remote host in REALM "
"instead of the remote host's realm" },
{ "encrypt", 'x', NULL, 0,
@@ -435,11 +435,10 @@ try_connect:
else
# endif
# endif
- rem = krcmd (
# if defined SHISHI
- &h, &host, sp->s_port, &user, args, &rfd2, dest_realm);
+ rem = krcmd (&h, &host, sp->s_port, &user, args, &rfd2, dest_realm);
# else
- &host, sp->s_port, user, args, &rfd2, dest_realm);
+ rem = krcmd (&host, sp->s_port, user, args, &rfd2, dest_realm);
# endif
if (rem < 0)
{
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=c32c09739e3adc26ffa505b1a829aaf1ecaddbb2
commit c32c09739e3adc26ffa505b1a829aaf1ecaddbb2
Author: Mats Erik Andersson <address@hidden>
Date: Sun Jul 1 00:07:09 2012 +0200
rshd: Usability with deactivated Shishi.
diff --git a/ChangeLog b/ChangeLog
index 01de26d..fc069cd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+2012-07-01 Mats Erik Andersson <address@hidden>
+
+ rshd: Fix non-kerberized Shishi code.
+
+ * src/rshd.c (options) [KERBEROS || SHISHI]: Add missing
+ SHISHI to conditional activation of `-k/--kerberos' and
+ `-v/--vacuous'.
+ (doit) [KERBEROS] <check address family>: Remove SHISHI
+ in conditional, thus preventing libshishi based server
+ from issuing failure for non AF_INET connections.
+ (doit) [SHISHI && use_kerberos] <authentication>:
+ Insert missing `if (use_kerberos)' before code block
+ for conducting Shishi authentication; adjust indentation
+ of this complete block!
+ (doit) [SHISHI] <checksum test>: Conditionally activate
+ getsockname() for reporting receiving port.
+
2012-06-25 Mats Erik Andersson <address@hidden>
rlogind: Prepare for address independence.
diff --git a/src/rshd.c b/src/rshd.c
index fe361cd..b76a421 100644
--- a/src/rshd.c
+++ b/src/rshd.c
@@ -208,10 +208,10 @@ static struct argp_option options[] = {
"do not set SO_KEEPALIVE" },
{ "log-sessions", 'L', NULL, 0,
"log successfull logins" },
-#ifdef KERBEROS
+#if defined KERBEROS || defined SHISHI
/* FIXME: The option semantics does not match that of others r* utilities */
{ "kerberos", 'k', NULL, 0,
- "use kerberos IV authentication" },
+ "use kerberos authentication" },
/* FIXME: Option name is misleading */
{ "vacuous", 'v', NULL, 0,
"require Kerberos authentication" },
@@ -460,14 +460,14 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t
fromlen)
#endif
/* Verify that the client's address is an Internet adress. */
-#if defined KERBEROS || defined SHISHI
+#ifdef KERBEROS
if (fromp->sa_family != AF_INET)
{
syslog (LOG_ERR, "malformed originating address (af %d)\n",
fromp->sa_family);
exit (EXIT_FAILURE);
}
-#endif
+#endif /* KERBEROS */
#ifdef IP_OPTIONS
{
unsigned char optbuf[BUFSIZ / 3], *cp;
@@ -829,74 +829,75 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t
fromlen)
cmdbuf = getstr ("command");
#ifdef SHISHI
- {
- int error;
- int rc;
- char *compcksum;
- size_t compcksumlen;
- char cksumdata[100];
- struct sockaddr_in sock;
- size_t socklen;
+ if (use_kerberos)
+ {
+ int error;
+ int rc;
+ char *compcksum;
+ size_t compcksumlen;
+ char cksumdata[100];
+ struct sockaddr_storage sock;
+ size_t socklen;
# ifdef ENCRYPTION
- if (strlen (cmdbuf) >= 3)
- if (!strncmp (cmdbuf, "-x ", 3))
- {
- doencrypt = 1;
- int i;
+ if (strlen (cmdbuf) >= 3)
+ if (!strncmp (cmdbuf, "-x ", 3))
+ {
+ int i;
- ivtab[0] = &iv1;
- ivtab[1] = &iv2;
- ivtab[2] = &iv3;
- ivtab[3] = &iv4;
+ doencrypt = 1;
- keytype = shishi_key_type (enckey);
- keylen = shishi_cipher_blocksize (keytype);
+ ivtab[0] = &iv1;
+ ivtab[1] = &iv2;
+ ivtab[2] = &iv3;
+ ivtab[3] = &iv4;
- for (i = 0; i < 4; i++)
- {
- ivtab[i]->ivlen = keylen;
+ keytype = shishi_key_type (enckey);
+ keylen = shishi_cipher_blocksize (keytype);
- switch (keytype)
- {
- case SHISHI_DES_CBC_CRC:
- case SHISHI_DES_CBC_MD4:
- case SHISHI_DES_CBC_MD5:
- case SHISHI_DES_CBC_NONE:
- case SHISHI_DES3_CBC_HMAC_SHA1_KD:
- ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES;
- ivtab[i]->iv = xmalloc (ivtab[i]->ivlen);
- memset (ivtab[i]->iv, 2 * i - 3 * (i >= 2),
- ivtab[i]->ivlen);
- ivtab[i]->ctx =
- shishi_crypto (h, enckey, ivtab[i]->keyusage,
- shishi_key_type (enckey), ivtab[i]->iv,
- ivtab[i]->ivlen);
- break;
-
- case SHISHI_ARCFOUR_HMAC:
- case SHISHI_ARCFOUR_HMAC_EXP:
- ivtab[i]->keyusage =
- SHISHI_KEYUSAGE_KCMD_DES + 4 * (i < 2) + 2 + 2 * (i % 2);
- ivtab[i]->ctx =
- shishi_crypto (h, enckey, ivtab[i]->keyusage,
- shishi_key_type (enckey), NULL, 0);
- break;
-
- default:
- ivtab[i]->keyusage =
- SHISHI_KEYUSAGE_KCMD_DES + 4 * (i < 2) + 2 + 2 * (i % 2);
- ivtab[i]->iv = xmalloc (ivtab[i]->ivlen);
- memset (ivtab[i]->iv, 0, ivtab[i]->ivlen);
- if (protocol == 2)
+ for (i = 0; i < 4; i++)
+ {
+ ivtab[i]->ivlen = keylen;
+
+ switch (keytype)
+ {
+ case SHISHI_DES_CBC_CRC:
+ case SHISHI_DES_CBC_MD4:
+ case SHISHI_DES_CBC_MD5:
+ case SHISHI_DES_CBC_NONE:
+ case SHISHI_DES3_CBC_HMAC_SHA1_KD:
+ ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES;
+ ivtab[i]->iv = xmalloc (ivtab[i]->ivlen);
+ memset (ivtab[i]->iv, 2 * i - 3 * (i >= 2),
+ ivtab[i]->ivlen);
ivtab[i]->ctx =
shishi_crypto (h, enckey, ivtab[i]->keyusage,
- shishi_key_type (enckey), ivtab[i]->iv,
- ivtab[i]->ivlen);
- }
- }
+ shishi_key_type (enckey),
+ ivtab[i]->iv, ivtab[i]->ivlen);
+ break;
- }
+ case SHISHI_ARCFOUR_HMAC:
+ case SHISHI_ARCFOUR_HMAC_EXP:
+ ivtab[i]->keyusage =
+ SHISHI_KEYUSAGE_KCMD_DES + 4 * (i < 2) + 2 + 2 * (i % 2);
+ ivtab[i]->ctx =
+ shishi_crypto (h, enckey, ivtab[i]->keyusage,
+ shishi_key_type (enckey), NULL, 0);
+ break;
+
+ default:
+ ivtab[i]->keyusage =
+ SHISHI_KEYUSAGE_KCMD_DES + 4 * (i < 2) + 2 + 2 * (i % 2);
+ ivtab[i]->iv = xmalloc (ivtab[i]->ivlen);
+ memset (ivtab[i]->iv, 0, ivtab[i]->ivlen);
+ if (protocol == 2)
+ ivtab[i]->ctx =
+ shishi_crypto (h, enckey, ivtab[i]->keyusage,
+ shishi_key_type (enckey),
+ ivtab[i]->iv, ivtab[i]->ivlen);
+ }
+ }
+ }
# endif /* ENCRYPTION */
remuser = getstr ("remuser");
@@ -906,19 +907,30 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t
fromlen)
/* verify checksum */
- /* Doesn't give socket port ?
- socklen = sizeof (sock);
- if (getsockname (STDIN_FILENO, (struct sockaddr *)&sock, &socklen) < 0)
- {
- syslog (LOG_ERR, "Can't get sock name");
- exit (EXIT_FAILURE);
- }
- */
- snprintf (cksumdata, 100, "544:%s%s", /*ntohs(sock.sin_port), */ cmdbuf,
- locuser);
- rc =
- shishi_checksum (h, enckey, 0, cksumtype, cksumdata, strlen (cksumdata),
- &compcksum, &compcksumlen);
+# if 1
+ {
+ unsigned short port;
+
+ /* Doesn't give socket port ? */
+ socklen = sizeof (sock);
+ if (getsockname (STDIN_FILENO, (struct sockaddr *)&sock, &socklen) < 0)
+ {
+ syslog (LOG_ERR, "Can't get sock name");
+ exit (EXIT_FAILURE);
+ }
+
+ port = (sock.ss_family == AF_INET6)
+ ? ((struct sockaddr_in6 *) &sock)->sin6_port
+ : ((struct sockaddr_in *) &sock)->sin_port;
+
+ snprintf (cksumdata, 100, "%u:%s%s", port, cmdbuf, locuser);
+ }
+# else
+ snprintf (cksumdata, 100, "544:%s%s", cmdbuf, locuser);
+# endif
+ rc = shishi_checksum (h, enckey, 0, cksumtype,
+ cksumdata, strlen (cksumdata),
+ &compcksum, &compcksumlen);
free (cksum);
if (rc != SHISHI_OK
|| compcksumlen != cksumlen
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 27 +++++++
libinetutils/shishi.c | 10 ++--
libinetutils/shishi_def.h | 4 +-
src/rlogin.c | 7 +-
src/rsh.c | 7 +-
src/rshd.c | 168 ++++++++++++++++++++++++---------------------
6 files changed, 130 insertions(+), 93 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-122-g76de114,
Mats Erik Andersson <=