[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_2-18-gdf4d44
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_2-18-gdf4d445 |
|
Date: |
Fri, 25 Apr 2014 20:46:38 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via df4d445682e20b0c0b111eadc88b6c11599a0357 (commit)
via bd212de4563a261f7ba133f95496117fef140527 (commit)
from bbff25dd378415078f3498d877e376c8160f9de7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=df4d445682e20b0c0b111eadc88b6c11599a0357
commit df4d445682e20b0c0b111eadc88b6c11599a0357
Author: Mats Erik Andersson <address@hidden>
Date: Fri Apr 25 20:44:08 2014 +0200
bootstrap: Updated from gnulib. (silent change)
diff --git a/bootstrap b/bootstrap
index 5acbe5b..ce90bc4 100755
--- a/bootstrap
+++ b/bootstrap
@@ -4,7 +4,7 @@ scriptversion=2013-12-05.23; # UTC
# Bootstrap this package from checked-out sources.
-# Copyright (C) 2003-2013 Free Software Foundation, Inc.
+# Copyright (C) 2003-2014 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=bd212de4563a261f7ba133f95496117fef140527
commit bd212de4563a261f7ba133f95496117fef140527
Author: Mats Erik Andersson <address@hidden>
Date: Fri Apr 25 20:23:20 2014 +0200
Begin adaptions to Heimdal's Kerberos.
Aim at an adaption of all r-commands, with the first
incomplete steps for `rsh'.
diff --git a/ChangeLog b/ChangeLog
index 1f0a0b8..4918c45 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,35 @@
2014-04-25 Mats Erik Andersson <address@hidden>
+ Begin support for Heimdal's Kerberos.
+ Very incomplete code for `rsh', but a needed start.
+
+ * libinetutils/kerberos5_def.h: New file.
+
+ * libinetutils/krcmd.c: Remove support for KRB4, replacing
+ most macros KERBEROS by KRB5.
+ [KRB5]: Include <krb5.h> and "kerberos5_def.h".
+ [KRB5] (kcmd, krcmd, krcmd_mutual): Update declarations,
+ and make small, obvious adaptions to Kerberos5.
+ [KRB5] (krcmd_mutual): Update value of AUTHOPTS.
+
+ * libinetutils/Makefile.am (noinst_HEADERS):
+ Add `kerberos5_def.h'.
+
+ * src/rsh.c: Replace macro KERBEROS by KRB5, temporarily
+ making an exception in some code related to encryption.
+ [KRB5]: Include <krb5.h> and "kerberos5_def.h".
+ [KRB5] (ctx, keyblock, server): New variables.
+ [KRB5 && ENCRYPTION] (parse_opt) <case 'x'>: Remove
+ call to des_set_key().
+ [KRB5 || SHISHI] (main): Refactor code for port lookup
+ and command string generation, since Kerberos5 and Shishi
+ have common traits.
+ [KRB5] (main): Adapt to new signatures of krcmd() and
+ krcmd_mutual(). Initialize `ctx', and reimplement realm
+ lookup using Kerberos5 API.
+
+2014-04-25 Mats Erik Andersson <address@hidden>
+
Silence warnings with libshishi.
* libinetutils/kcmd.c [KERBEROS || SHISHI] (kcmd):
diff --git a/libinetutils/Makefile.am b/libinetutils/Makefile.am
index 1e690f2..87922f5 100644
--- a/libinetutils/Makefile.am
+++ b/libinetutils/Makefile.am
@@ -27,7 +27,8 @@ AM_CPPFLAGS = \
noinst_LIBRARIES = libinetutils.a
-noinst_HEADERS = argcv.h libinetutils.h tftpsubs.h shishi_def.h
+noinst_HEADERS = argcv.h libinetutils.h tftpsubs.h \
+ kerberos5_def.h shishi_def.h
EXTRA_DIST = logwtmp.c
diff --git a/libinetutils/kerberos5_def.h b/libinetutils/kerberos5_def.h
new file mode 100644
index 0000000..764a9a4
--- /dev/null
+++ b/libinetutils/kerberos5_def.h
@@ -0,0 +1,54 @@
+/*
+ Copyright (C) 2014 Free Software Foundation, Inc.
+
+ This file is part of GNU Inetutils.
+
+ GNU Inetutils is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or (at
+ your option) any later version.
+
+ GNU Inetutils is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see `http://www.gnu.org/licenses/'. */
+
+#ifdef KRB5
+# include <sys/socket.h>
+# include <netinet/in.h>
+
+# ifdef HAVE_KRB5_h
+# include <krb5.h>
+# endif
+
+# define SERVICE "host"
+
+extern int kerberos_auth (krb5_context *ctx, int verbose, char **cname,
+ const char *sname, int sock, char *cmd,
+ unsigned short port, krb5_keyblock **key,
+ const char *realm);
+
+extern int get_auth (int infd, krb5_context *ctx, krb5_auth_context *actx,
+ krb5_keyblock **key, const char **err_msg,
+ int *protoversion, int *cksumtype, char **cksum,
+ size_t *cksumlen, char *srvname);
+
+extern int kcmd (krb5_context *ctx, int *sock, char **ahost,
+ unsigned short rport, char *locuser, char **remuser,
+ char *cmd, int *fd2p, char *service, const char *realm,
+ krb5_keyblock **key, struct sockaddr_in *laddr,
+ struct sockaddr_in *raddr, long opts);
+
+extern int krcmd (krb5_context *ctx, char **ahost, unsigned short rport,
+ char **remuser, char *cmd, int *fd2p,
+ const char *realm);
+
+extern int krcmd_mutual (krb5_context *ctx, char **ahost,
+ unsigned short rport, char **remuser,
+ char *cmd, int *fd2p, const char *realm,
+ krb5_keyblock **key);
+
+#endif /* KRB5 */
diff --git a/libinetutils/krcmd.c b/libinetutils/krcmd.c
index ce6d927..f9ff32b 100644
--- a/libinetutils/krcmd.c
+++ b/libinetutils/krcmd.c
@@ -49,7 +49,8 @@
#include <config.h>
-#if defined KRB4 || defined SHISHI
+#if defined KRB5 || defined SHISHI
+
# include <sys/types.h>
# ifdef ENCRYPTION
# include <sys/socket.h>
@@ -57,14 +58,13 @@
# include <netinet/in.h>
-# ifdef KERBEROS
-# ifdef HAVE_KERBEROSIV_DES_H
-# include <kerberosIV/des.h>
-# endif
-# ifdef HAVE_KERBEROSIV_KRB_H
-# include <kerberosIV/krb.h>
+# ifdef KRB5
+# ifdef HAVE_KRB5_H
+# include <krb5.h>
# endif
-# elif defined(SHISHI)
+# include "kerberos5_def.h"
+
+# elif defined(SHISHI) /* ! KRB5 */
# include <shishi.h>
# include "shishi_def.h"
# ifdef HAVE_GETPWUID_R
@@ -72,7 +72,7 @@
# include <unistd.h>
# include <pwd.h>
# endif /* HAVE_GETPWUID_R */
-# endif /* SHISHI */
+# endif /* SHISHI && !KRB5 */
# include <stdio.h>
@@ -83,11 +83,11 @@ int kcmd (Shishi **, int *, char **, unsigned short, char
*, char **,
char *, int *, char *, const char *, Shishi_key **,
struct sockaddr_storage *, struct sockaddr_storage *,
long, int);
-# else
-int kcmd (int *, char **, unsigned short, char *, char *, char *, int *,
- KTEXT, char *, const char *, CREDENTIALS *, Key_schedule,
- MSG_DAT *, struct sockaddr_in *, struct sockaddr_in *, long);
-# endif
+# else /* KRB5 && !SHISHI */
+int kcmd (krb5_context *, int *, char **, unsigned short, char *, char **,
+ char *, int *, char *, const char *, krb5_keyblock **,
+ struct sockaddr_in *, struct sockaddr_in *, long);
+# endif /* !SHISHI */
/*
* krcmd: simplified version of Athena's "kcmd"
@@ -103,8 +103,8 @@ static struct passwd pwstor, *pwd;
# endif /* HAVE_GETPWUID_R */
int
-krcmd (Shishi ** h, char **ahost, unsigned short rport, char **remuser, char
*cmd,
- int *fd2p, const char *realm, int af)
+krcmd (Shishi ** h, char **ahost, unsigned short rport, char **remuser,
+ char *cmd, int *fd2p, const char *realm, int af)
{
int sock = -1, err = 0;
long authopts = 0L;
@@ -146,33 +146,37 @@ krcmd (Shishi ** h, char **ahost, unsigned short rport,
char **remuser, char *cm
return (sock);
}
-# elif defined(KERBEROS)
+# elif defined(KRB5) /* !SHISHI */
int
-krcmd (char **ahost, unsigned short rport, char *remuser, char *cmd, int *fd2p,
- const char *realm)
+krcmd (krb5_context *ctx, char **ahost, unsigned short rport,
+ char **remuser, char *cmd, int *fd2p, const char *realm)
{
- int sock = -1, err = 0;
- KTEXT_ST ticket;
+ int sock = -1;
+ krb5_error_code err = 0;
long authopts = 0L;
- err = kcmd (&sock, ahost, rport, NULL, /* locuser not used */
- remuser, cmd, fd2p, &ticket, SERVICE_NAME, realm, NULL, /*
credentials not used */
- (bit_64 *) NULL, /* key schedule not used */
- (MSG_DAT *) NULL, /* MSG_DAT not used */
+ err = kcmd (ctx, &sock, ahost, rport,
+ NULL, /* locuser not used */
+ remuser, cmd, fd2p,
+ SERVICE_NAME, realm,
+ (krb5_keyblock **) NULL, /* key not used */
(struct sockaddr_in *) NULL, /* local addr not used */
(struct sockaddr_in *) NULL, /* foreign addr not used */
authopts);
- if (err > KSUCCESS && err < MAX_KRB_ERRORS)
+ if (err > 0)
{
- fprintf (stderr, "krcmd: %s\n", krb_err_txt[err]);
+ const char *text = krb5_get_error_message (*ctx, err);
+
+ fprintf (stderr, "krcmd: %s\n", text);
+ krb5_free_error_message (*ctx, text);
return (-1);
}
if (err < 0)
return (-1);
return (sock);
}
-# endif
+# endif /* KRB5 && !SHISHI */
# ifdef ENCRYPTION
@@ -206,7 +210,8 @@ krcmd_mutual (Shishi ** h, char **ahost, unsigned short
rport, char **remuser,
NULL, /* locuser not used */
# endif
remuser, cmd, fd2p,
- SERVICE_NAME, realm, key, /* filled in */
+ SERVICE_NAME, realm,
+ key, /* filled in */
&laddr, /* filled in */
&faddr, /* filled in */
authopts, af);
@@ -223,28 +228,32 @@ krcmd_mutual (Shishi ** h, char **ahost, unsigned short
rport, char **remuser,
return (sock);
}
-# elif defined(KERBEROS)
+# elif defined(KRB5) /* !SHISHI */
int
-krcmd_mutual (char **ahost, unsigned short rport, char *remuser, char *cmd,
- int *fd2p, const char *realm, CREDENTIALS * cred, Key_schedule
sched)
+krcmd_mutual (krb5_context *ctx, char **ahost, unsigned short rport,
+ char **remuser, char *cmd, int *fd2p, const char *realm,
+ krb5_keyblock **key)
{
- int sock, err;
- KTEXT_ST ticket;
- MSG_DAT msg_dat;
+ int sock;
+ krb5_error_code err = 0;
struct sockaddr_in laddr, faddr;
- long authopts = KOPT_DO_MUTUAL;
+ long authopts = AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY;
- err = kcmd (&sock, ahost, rport, NULL, /* locuser not used */
- remuser, cmd, fd2p, &ticket, SERVICE_NAME, realm, cred, /*
filled in */
- sched, /* filled in */
- &msg_dat, /* filled in */
+ err = kcmd (ctx, &sock, ahost, rport,
+ NULL, /* locuser not used */
+ remuser, cmd, fd2p,
+ SERVICE_NAME, realm,
+ key, /* filled in */
&laddr, /* filled in */
&faddr, /* filled in */
authopts);
- if (err > KSUCCESS && err < MAX_KRB_ERRORS)
+ if (err > 0)
{
- fprintf (stderr, "krcmd_mutual: %s\n", krb_err_txt[err]);
+ const char *text = krb5_get_error_message (*ctx, err);
+
+ fprintf (stderr, "krcmd_mutual: %s\n", text);
+ krb5_free_error_message (*ctx, text);
return (-1);
}
@@ -252,6 +261,6 @@ krcmd_mutual (char **ahost, unsigned short rport, char
*remuser, char *cmd,
return (-1);
return (sock);
}
-# endif /* CRYPT */
-# endif /* KERBEROS */
-#endif /* KERBEROS */
+# endif /* KRB5 && !SHISHI */
+# endif /* ENCRYPTION */
+#endif /* KRB5 || SHISHI */
diff --git a/src/rsh.c b/src/rsh.c
index 091ccd0..4ea507e 100644
--- a/src/rsh.c
+++ b/src/rsh.c
@@ -79,14 +79,12 @@
#include <libinetutils.h>
#include <unused-parameter.h>
-#ifdef KERBEROS
-# ifdef HAVE_KERBEROSIV_DES_H
-# include <kerberosIV/des.h>
-# endif
-# ifdef KERBEROSIV_KRB_H
-# include <kerberosIV/krb.h>
+#ifdef KRB5
+# ifdef HAVE_KRB5_H
+# include <krb5.h>
# endif
-#endif /* KERBEROS */
+# include "kerberos5_def.h"
+#endif /* KRB5 */
#ifdef SHISHI
# include <shishi.h>
@@ -100,14 +98,14 @@ char *user = NULL;
sa_family_t family = AF_UNSPEC;
#endif
-#if defined KERBEROS || defined SHISHI
+#if defined KRB5 || defined SHISHI
int use_kerberos = 1, doencrypt;
const char *dest_realm = NULL;
-# ifdef KERBEROS
-CREDENTIALS cred;
-Key_schedule schedule;
-extern char *krb_realmofhost ();
+# ifdef KRB5
+krb5_context ctx;
+krb5_keyblock *keyblock;
+krb5_principal server;
# elif defined(SHISHI)
Shishi *h;
@@ -120,7 +118,7 @@ int keylen;
int rc;
int wlen;
# endif /* SHISHI */
-#endif /* KERBEROS || SHISHI */
+#endif /* KRB5 || SHISHI */
/*
* rsh - remote shell
@@ -156,7 +154,7 @@ static struct argp_option options[] = {
{ "ipv6", '6', NULL, 0, "use only IPv6", GRP },
#endif
#undef GRP
-#if defined KERBEROS || defined SHISHI
+#if defined KRB5 || defined SHISHI
# define GRP 20
{ "kerberos", 'K', NULL, 0,
"turns off all Kerberos authentication", GRP },
@@ -168,7 +166,7 @@ static struct argp_option options[] = {
"encrypt all data transfer", GRP },
# endif /* ENCRYPTION */
# undef GRP
-#endif /* KERBEROS || SHISHI */
+#endif /* KRB5 || SHISHI */
{ NULL, 0, NULL, 0, NULL, 0 }
};
@@ -200,7 +198,7 @@ parse_opt (int key, char *arg,
user = arg;
break;
-#if defined KERBEROS || defined SHISHI
+#if defined KRB5 || defined SHISHI
case 'K':
use_kerberos = 0;
break;
@@ -212,12 +210,9 @@ parse_opt (int key, char *arg,
# ifdef ENCRYPTION
case 'x':
doencrypt = 1;
-# ifdef KERBEROS
- des_set_key (cred.session, schedule);
-# endif
break;
# endif
-#endif /* KERBEROS || SHISHI */
+#endif /* KRB5 || SHISHI */
case 'n':
null_input_option = 1;
@@ -242,7 +237,7 @@ main (int argc, char **argv)
struct servent *sp;
sigset_t sigs, osigs;
int asrsh, rem;
-#if defined KERBEROS || defined SHISHI
+#if defined KRB5 || defined SHISHI
int krb_errno;
#endif
pid_t pid = 0;
@@ -311,7 +306,7 @@ main (int argc, char **argv)
}
}
-#if defined KERBEROS || defined SHISHI
+#if defined KRB5 || defined SHISHI
# ifdef ENCRYPTION
/* -x turns off -n */
if (doencrypt)
@@ -322,18 +317,7 @@ main (int argc, char **argv)
args = copyargs (argv);
sp = NULL;
-#ifdef KERBEROS
- if (use_kerberos)
- {
- sp = getservbyname ((doencrypt ? "ekshell" : "kshell"), "tcp");
- if (sp == NULL)
- {
- use_kerberos = 0;
- warning ("can't get entry for %s/tcp service",
- doencrypt ? "ekshell" : "kshell");
- }
- }
-#elif defined(SHISHI)
+#if defined KRB5 || defined SHISHI
if (use_kerberos)
{
sp = getservbyname ("kshell", "tcp");
@@ -349,23 +333,40 @@ main (int argc, char **argv)
if (sp == NULL)
error (EXIT_FAILURE, 0, "shell/tcp: unknown service");
+#if defined KRB5
+ if (use_kerberos)
+ {
+ rem = krb5_init_context (&ctx);
+ if (rem)
+ error (EXIT_FAILURE, errno, "Error initializing krb5");
+ }
+#endif /* KRB5 */
-#if defined KERBEROS || defined SHISHI
+#if defined KRB5 || defined SHISHI
try_connect:
if (use_kerberos)
{
-# if defined KERBEROS
+# if defined KRB5
struct hostent *hp;
- /* fully qualify hostname (needed for krb_realmofhost) */
+ /* Get fully qualify hostname for realm determination. */
hp = gethostbyname (host);
if (hp != NULL && !(host = strdup (hp->h_name)))
error (EXIT_FAILURE, errno, "strdup");
- rem = KSUCCESS;
+ rem = 0;
krb_errno = 0;
+
if (dest_realm == NULL)
- dest_realm = krb_realmofhost (host);
+ {
+ krb_errno = krb5_sname_to_principal (ctx, host, SERVICE,
+ KRB5_NT_SRV_HST,
+ &server);
+ if (krb_errno)
+ warning ("cannot assign principal to host %s", host);
+ else
+ dest_realm = krb5_principal_get_realm (ctx, server);
+ }
# elif defined SHISHI
rem = SHISHI_OK;
krb_errno = 0;
@@ -373,18 +374,26 @@ try_connect:
# ifdef ENCRYPTION
if (doencrypt)
-# if defined SHISHI
{
int i;
+# if defined KRB5 || defined SHISHI
char *term;
term = xmalloc (strlen (args) + 4);
strcpy (term, "-x ");
strcat (term, args);
+# ifdef SHISHI
rem = krcmd_mutual (&h, &host, sp->s_port, &user, term, &rfd2,
dest_realm, &enckey, family);
+# else /* KRB5 && !SHISHI */
+ rem = krcmd_mutual (&ctx, &host, sp->s_port, &user, args,
+ &rfd2, dest_realm, &keyblock);
+# endif
krb_errno = errno;
+ free (term);
+
+# ifdef SHISHI
if (rem > 0)
{
keytype = shishi_key_type (enckey);
@@ -436,27 +445,27 @@ try_connect:
}
}
}
- free (term);
+# endif /* SHISHI */
+# endif /* KRB5 || SHISHI */
}
else
-# else /* KERBEROS */
- {
- rem = krcmd_mutual (&host, sp->s_port, user, args, &rfd2,
- dest_realm, &cred, schedule);
- krb_errno = errno;
- }
- else
-# endif
# endif /* ENCRYPTION */
{
# if defined SHISHI
rem = krcmd (&h, &host, sp->s_port, &user, args, &rfd2,
dest_realm, family);
-# else /* KERBEROS */
- rem = krcmd (&host, sp->s_port, user, args, &rfd2, dest_realm);
-# endif
+# else /* KRB5 && !SHISHI */
+ rem = krcmd (&ctx, &host, sp->s_port, &user, args,
+ &rfd2, dest_realm);
+# endif /* KRB5 */
krb_errno = errno;
}
+
+# ifdef KRB5
+ /* No more use of dest_realm. */
+ krb5_free_principal (ctx, server);
+# endif
+
if (rem < 0)
{
use_kerberos = 0;
@@ -494,7 +503,7 @@ try_connect:
rem = rcmd (&host, sp->s_port, pw->pw_name, user, args, &rfd2);
# endif
}
-#else /* !KERBEROS && !SHISHI */
+#else /* !KRB5 && !SHISHI */
if (!user)
user = pw->pw_name;
# ifdef WITH_ORCMD_AF
@@ -506,7 +515,7 @@ try_connect:
# else /* !WITH_ORCMD_AF && !WITH_RCMD_AF && !WITH_ORCMD */
rem = rcmd (&host, sp->s_port, pw->pw_name, user, args, &rfd2);
# endif
-#endif /* !KERBEROS && !SHISHI */
+#endif /* !KRB5 && !SHISHI */
if (rem < 0)
{
@@ -565,7 +574,7 @@ try_connect:
error (EXIT_FAILURE, errno, "fork");
}
-#if defined KERBEROS || defined SHISHI
+#if defined KRB5 || defined SHISHI
# ifdef ENCRYPTION
if (!doencrypt)
# endif
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 30 +++++++++++
bootstrap | 2 +-
libinetutils/Makefile.am | 3 +-
libinetutils/kerberos5_def.h | 54 +++++++++++++++++++
libinetutils/krcmd.c | 99 +++++++++++++++++++----------------
src/rsh.c | 119 ++++++++++++++++++++++-------------------
6 files changed, 205 insertions(+), 102 deletions(-)
create mode 100644 libinetutils/kerberos5_def.h
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_2-18-gdf4d445,
Mats Erik Andersson <=