[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-143-g7439c
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-143-g7439cb7 |
|
Date: |
Wed, 08 Aug 2012 10:20:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via 7439cb7c3df2b76759dd3ad65bcdf2ef99c799d4 (commit)
from 3054a34cda7ced89f28fcaf3401097ee0b83cebc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=7439cb7c3df2b76759dd3ad65bcdf2ef99c799d4
commit 7439cb7c3df2b76759dd3ad65bcdf2ef99c799d4
Author: Mats Erik Andersson <address@hidden>
Date: Wed Aug 8 11:49:48 2012 +0200
Authorization type k5login.
Enable k5login authorization in telnetd and
rlogind/rshd for future versions of libshishi.
diff --git a/ChangeLog b/ChangeLog
index 6ed2ba5..897434f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,33 @@
+2012-08-08 Mats Erik Andersson <address@hidden>
+
+ telnet: Support k5login authorization.
+
+ * libtelnet/misc.c (UserNameRequested): Assign
+ NULL, not naught.
+ * libtelnet/auth.c (authenticated): Likewise.
+ (authenticators) [SHISHI]: Remove two references
+ to krb5shishi_cleanup.
+ * libtelnet/shishi.c (krb5shishi_send): Check for
+ non-empty UserNameRequested as the very first action.
+ Add UserNameRequested to `HINT.client'.
+ (krb5shishi_reply): Call shishi_done(), and assign NULL
+ to `shishi_handle'.
+ (krb5shishi_status): Remove variables CNAME, CNAMELEN.
+ Replace call to shishi_encticketpart_client() with a call
+ to shishi_authorized_p().
+ (krb5shishi_is_auth): Check version of libshishi and call
+ shishi_cfg_authorizationtype_set() "k5login basic".
+ Replace a call to shishi_encticketpart_crealm() with a
+ call to shishi_encticketpart_clientrealm().
+ (krb5shishi_is): Remove debug print using puts().
+ (krb5shishi_printsub): Likewise.
+
+ rlogind, rshd: Support k5login authorization.
+
+ * libinetutils/shishi.c (get_auth): Check version
+ of libshishi and call shishi_cfg_authorizationtype_set()
+ with "k5login basic".
+
2012-08-03 Mats Erik Andersson <address@hidden>
rlogind, rshd: Protocol exchange adherence.
diff --git a/TODO b/TODO
index 5ee5012..757daae 100644
--- a/TODO
+++ b/TODO
@@ -154,15 +154,9 @@ Ability to ping multiple host in one go.
For example, if a system specific option shadows a normal option?
Allow this?
�
-* ftpd
+* ftp, ftpd
-Complete the initiated rewrite for supporting IPv6.
-�
-* tftpd
-
-OpenSolaris is only able to transmit a single package of
-size at most PKTSIZE. Debug libinetutils/tftpsubs.c on this.
-No issue with other systems.
+Implement libshishi support?
�
* whois
diff --git a/libinetutils/shishi.c b/libinetutils/shishi.c
index 27c72f0..28996b1 100644
--- a/libinetutils/shishi.c
+++ b/libinetutils/shishi.c
@@ -293,6 +293,17 @@ get_auth (int infd, Shishi ** handle, Shishi_ap ** ap,
else
servername = shishi_server_for_local_service (*handle, SERVICE);
+ /* Enable use of `~/.k5login'. */
+ if (shishi_check_version ("1.0.2")) /* Faulty in version 1.0.1. */
+ {
+ rc = shishi_cfg_authorizationtype_set (*handle, "k5login basic");
+ if (rc != SHISHI_OK)
+ {
+ *err_msg = shishi_error (*handle);
+ return rc;
+ }
+ }
+
key = shishi_hostkeys_for_server (*handle, servername);
free (servername);
if (!key)
diff --git a/libtelnet/auth.c b/libtelnet/auth.c
index 886b0ef..753377d 100644
--- a/libtelnet/auth.c
+++ b/libtelnet/auth.c
@@ -118,7 +118,7 @@ extern rsaencpwd_printsub ();
int auth_debug_mode = 0;
static char *Name = "Noname";
static int Server = 0;
-static TN_Authenticator *authenticated = 0;
+static TN_Authenticator *authenticated = NULL;
static int authenticating = 0;
static int validuser = 0;
static unsigned char _auth_send_data[256];
@@ -154,7 +154,7 @@ TN_Authenticator authenticators[] = {
krb5shishi_reply,
krb5shishi_status,
krb5shishi_printsub,
- krb5shishi_cleanup},
+ },
{AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT | AUTH_HOW_ONE_WAY,
krb5shishi_init,
krb5shishi_send,
@@ -162,7 +162,7 @@ TN_Authenticator authenticators[] = {
krb5shishi_reply,
krb5shishi_status,
krb5shishi_printsub,
- krb5shishi_cleanup},
+ },
# endif
# ifdef KRB5
# ifdef ENCRYPTION
@@ -245,7 +245,7 @@ auth_init (char *name, int server)
Name = name;
i_support = 0;
- authenticated = 0;
+ authenticated = NULL;
authenticating = 0;
while (ap->type)
{
diff --git a/libtelnet/misc.c b/libtelnet/misc.c
index 4708302..0385040 100644
--- a/libtelnet/misc.c
+++ b/libtelnet/misc.c
@@ -58,7 +58,7 @@
char *RemoteHostName;
char *LocalHostName;
-char *UserNameRequested = 0;
+char *UserNameRequested = NULL;
void
auth_encrypt_init (char *local, char *remote, char *name, int server)
@@ -66,7 +66,7 @@ auth_encrypt_init (char *local, char *remote, char *name, int
server)
RemoteHostName = remote;
LocalHostName = local;
(void) name;
- (void) server; /* shutup gcc */
+ (void) server; /* silence gcc */
#if defined AUTHENTICATION
auth_init (name, server);
#endif
@@ -74,7 +74,7 @@ auth_encrypt_init (char *local, char *remote, char *name, int
server)
encrypt_init (name, server);
#endif /* ENCRYPTION */
free (UserNameRequested);
- UserNameRequested = 0;
+ UserNameRequested = NULL;
}
void
@@ -83,13 +83,13 @@ auth_encrypt_user (char *name)
extern char *strdup (const char *);
free (UserNameRequested);
- UserNameRequested = name ? strdup (name) : 0;
+ UserNameRequested = name ? strdup (name) : NULL;
}
void
auth_encrypt_connect (int cnt)
{
- (void) cnt; /*shutup gcc */
+ (void) cnt; /* silence gcc */
}
void
diff --git a/libtelnet/shishi.c b/libtelnet/shishi.c
index 17c9c3e..a90e40e 100644
--- a/libtelnet/shishi.c
+++ b/libtelnet/shishi.c
@@ -155,6 +155,12 @@ krb5shishi_send (TN_Authenticator * ap)
char *apreq;
size_t apreq_len;
+ if (!UserNameRequested)
+ {
+ DEBUG (("telnet: Kerberos V5: no user name supplied\r\n"));
+ return 0;
+ }
+
if (!delayed_shishi_init ())
{
DEBUG (("telnet: Kerberos V5: shishi initialization failed\r\n"));
@@ -170,6 +176,7 @@ krb5shishi_send (TN_Authenticator * ap)
sprintf (tmp, "host/%s", RemoteHostName);
memset (&hint, 0, sizeof (hint));
hint.server = tmp;
+ hint.client = UserNameRequested;
if (dest_realm && *dest_realm)
shishi_realm_default_set (shishi_handle, dest_realm);
@@ -185,12 +192,6 @@ krb5shishi_send (TN_Authenticator * ap)
if (auth_debug_mode)
shishi_tkt_pretty_print (tkt, stdout);
- if (!UserNameRequested)
- {
- DEBUG (("telnet: Kerberos V5: no user name supplied\r\n"));
- return 0;
- }
-
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
ap_opts = SHISHI_APOPTIONS_MUTUAL_REQUIRED;
else
@@ -333,7 +334,11 @@ krb5shishi_reply (TN_Authenticator * ap, unsigned char
*data, int cnt)
" (server authenticated)" : " (server NOT authenticated)");
else
printf ("[ Kerberos V5 accepts you ]\r\n");
+
auth_finished (ap, AUTH_USER);
+ /* This was last access to handle on behalf of the client. */
+ shishi_done (shishi_handle);
+ shishi_handle = NULL;
break;
case KRB_RESPONSE:
@@ -370,23 +375,16 @@ krb5shishi_reply (TN_Authenticator * ap, unsigned char
*data, int cnt)
int
krb5shishi_status (TN_Authenticator * ap, char *name, int level)
{
- char *cname;
- int cnamelen;
int rc;
int status;
if (level < AUTH_USER)
return level;
- rc = shishi_encticketpart_client
- (shishi_handle,
- shishi_tkt_encticketpart (shishi_ap_tkt (auth_handle)),
- &cname, &cnamelen);
-
if (UserNameRequested
- && rc == SHISHI_OK
- && cnamelen == strlen (UserNameRequested)
- && memcmp (UserNameRequested, cname, cnamelen) == 0)
+ && shishi_authorized_p (shishi_handle,
+ shishi_ap_tkt (auth_handle),
+ UserNameRequested))
{
/* FIXME: Check buffer length */
strcpy (name, UserNameRequested);
@@ -394,7 +392,7 @@ krb5shishi_status (TN_Authenticator * ap, char *name, int
level)
}
else
status = AUTH_USER;
- free (cname);
+
return status;
}
@@ -416,6 +414,19 @@ krb5shishi_is_auth (TN_Authenticator * a, unsigned char
*data, int cnt,
return 0;
}
+ /* Enable use of `~/.k5login'. */
+ if (shishi_check_version ("1.0.2")) /* Faulty in version 1.0.1. */
+ {
+ rc = shishi_cfg_authorizationtype_set (shishi_handle, "k5login basic");
+ if (rc != SHISHI_OK)
+ {
+ snprintf (errbuf, errbuflen,
+ "Cannot initiate authorization types: %s",
+ shishi_error (shishi_handle));
+ return rc;
+ }
+ }
+
rc = shishi_ap (shishi_handle, &auth_handle);
if (rc != SHISHI_OK)
{
@@ -477,10 +488,10 @@ krb5shishi_is_auth (TN_Authenticator * a, unsigned char
*data, int cnt,
free (der);
}
- rc = shishi_encticketpart_crealm (shishi_handle,
- shishi_tkt_encticketpart (shishi_ap_tkt
- (auth_handle)),
- &cnamerealm, &cnamerealmlen);
+ rc = shishi_encticketpart_clientrealm (
+ shishi_handle,
+ shishi_tkt_encticketpart (shishi_ap_tkt (auth_handle)),
+ &cnamerealm, &cnamerealmlen);
if (rc != SHISHI_OK)
{
snprintf (errbuf, errbuflen, "Error getting authenticator name: %s\n",
@@ -493,6 +504,11 @@ krb5shishi_is_auth (TN_Authenticator * a, unsigned char
*data, int cnt,
free (cnamerealm);
auth_finished (a, AUTH_USER);
+ /* Make sure that shishi_handle is still valid,
+ * it must not be released in auth_finish()!
+ * The server side will make reference to it
+ * later on. */
+
# ifdef ENCRYPTION
if (enckey)
{
@@ -540,8 +556,6 @@ krb5shishi_is (TN_Authenticator * ap, unsigned char *data,
int cnt)
int r = 0;
char errbuf[512];
- puts ("krb5shishi_is");
-
if (cnt-- < 1)
return;
errbuf[0] = 0;
@@ -597,8 +611,6 @@ krb5shishi_printsub (unsigned char *data, int cnt,
char *p;
int i;
- puts ("krb5shishi_printsub");
-
buf[buflen - 1] = '\0'; /* make sure its NULL terminated */
buflen -= 1;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 30 +++++++++++++++++++++++
TODO | 10 +------
libinetutils/shishi.c | 11 ++++++++
libtelnet/auth.c | 8 +++---
libtelnet/misc.c | 10 ++++----
libtelnet/shishi.c | 62 +++++++++++++++++++++++++++++-------------------
6 files changed, 89 insertions(+), 42 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-143-g7439cb7,
Mats Erik Andersson <=