+2001-03-12 Ezra Peisach <epeisach@mit.edu>
+
+ * defines.h: Add prototypes for rcmd_stream_init_normal(),
+ rcmd_stream_init_krb4(), strsave() and rd_and_store_for_creds()
+
+ * Makefile.in: Add dependency of forward.o on defines.h
+
+ * forward.c: Include defines.h for prototypes.
+
+ * kcmd.c, krcp.c, krlogin.c, krlogind.c, krsh.c: Provide full prototype
+ for local functions and move include of kerberosIV/krb.h before
+ defines.h.
+
2001-01-26 Tom Yu <tlyu@mit.edu>
* krshd.c: Get path for NOLOGIN file from paths.h if present,
getdtablesize.o: $(srcdir)/getdtablesize.c
-kcmd.o krcp.o krlogin.o krlogind.o krsh.o krshd.o : defines.h
+kcmd.o krcp.o krlogin.o krlogind.o krsh.o krshd.o forward.o: defines.h
extern void rcmd_stream_init_krb5 (krb5_keyblock *in_keyblock,
int encrypt_flag, int lencheck,
int am_client, enum kcmd_proto protonum);
+
+extern void rcmd_stream_init_normal(void);
+
+#if defined(KRB5_KRB4_COMPAT) && !defined(SKIP_V4_PROTO)
+extern void rcmd_stream_init_krb4(C_Block, int, int, int);
+
+extern int k4cmd(int *sock, char **ahost, u_short rport, char *locuser,
+ char *remuser, char *cmd, int *fd2p, KTEXT ticket,
+ char *service, char *realm, CREDENTIALS *cred,
+ Key_schedule schedule, MSG_DAT *msg_data,
+ struct sockaddr_in *laddr, struct sockaddr_in *faddr,
+ long authopts, int anyport);
+#endif
+
+#ifndef HAVE_STRSAVE
+extern char *strsave(const char *sp);
+#endif
+
+krb5_error_code rd_and_store_for_creds(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_data *inbuf, krb5_ticket *ticket,
+ krb5_ccache *ccache);
+
#include "k5-int.h"
+#define SKIP_V4_PROTO /* To skip the krb4 prototypes */
+#include "defines.h"
+
/* Decode, decrypt and store the forwarded creds in the local ccache. */
krb5_error_code
rd_and_store_for_creds(context, auth_context, inbuf, ticket, ccache)
static int nstored = 0;
static char *store_ptr = storage;
static int twrite(int, char *, int, int);
-static int v5_des_read(), v5_des_write();
+static int v5_des_read(int, char *, int, int),
+ v5_des_write(int, char *, int, int);
#ifdef KRB5_KRB4_COMPAT
-static int v4_des_read(), v4_des_write();
+static int v4_des_read(int, char *, int, int),
+ v4_des_write(int, char *, int, int);
static C_Block v4_session;
static int right_justify;
#endif
#else
long oldmask;
#endif
- struct sockaddr_in sin, from, local_laddr;
+ struct sockaddr_in sockin, from, local_laddr;
krb5_creds *get_cred, *ret_cred = 0;
char c;
int lport;
#endif /* POSIX_SIGNALS */
return (-1);
}
- sin.sin_family = hp->h_addrtype;
- memcpy((caddr_t)&sin.sin_addr,hp->h_addr, sizeof(sin.sin_addr));
- sin.sin_port = rport;
- if (connect(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0)
+ sockin.sin_family = hp->h_addrtype;
+ memcpy((caddr_t)&sockin.sin_addr,hp->h_addr, sizeof(sockin.sin_addr));
+ sockin.sin_port = rport;
+ if (connect(s, (struct sockaddr *)&sockin, sizeof (sockin)) >= 0)
break;
(void) close(s);
if (errno == EADDRINUSE)
int oerrno = errno;
fprintf(stderr,
- "connect to address %s: ", inet_ntoa(sin.sin_addr));
+ "connect to address %s: ", inet_ntoa(sockin.sin_addr));
errno = oerrno;
perror(0);
hp->h_addr_list++;
- memcpy((caddr_t)&sin.sin_addr,hp->h_addr_list[0],
- sizeof(sin.sin_addr));
+ memcpy((caddr_t)&sockin.sin_addr,hp->h_addr_list[0],
+ sizeof(sockin.sin_addr));
fprintf(stderr, "Trying %s...\n",
- inet_ntoa(sin.sin_addr));
+ inet_ntoa(sockin.sin_addr));
continue;
}
#endif /* !(defined(ultrix) || defined(sun)) */
}
if (!laddr) laddr = &local_laddr;
- if (!faddr) faddr = &sin;
+ if (!faddr) faddr = &sockin;
else
- memcpy(faddr,&sin,sizeof(sin));
+ memcpy(faddr,&sockin,sizeof(sockin));
sin_len = sizeof (struct sockaddr_in);
if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
#else
sigmasktype oldmask;
#endif
- struct sockaddr_in sin, from;
+ struct sockaddr_in sockin, from;
char c;
int lport = START_PORT;
struct hostent *hp;
#endif /* POSIX_SIGNALS */
return (-1);
}
- sin.sin_family = hp->h_addrtype;
- memcpy((caddr_t)&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
- sin.sin_port = rport;
- if (connect(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0)
+ sockin.sin_family = hp->h_addrtype;
+ memcpy((caddr_t)&sockin.sin_addr, hp->h_addr, sizeof(sockin.sin_addr));
+ sockin.sin_port = rport;
+ if (connect(s, (struct sockaddr *)&sockin, sizeof (sockin)) >= 0)
break;
(void) close(s);
if (errno == EADDRINUSE) {
int oerrno = errno;
fprintf(stderr,
- "connect to address %s: ", inet_ntoa(sin.sin_addr));
+ "connect to address %s: ", inet_ntoa(sockin.sin_addr));
errno = oerrno;
perror(0);
hp->h_addr_list++;
- memcpy((caddr_t)&sin.sin_addr, hp->h_addr_list[0],
- sizeof(sin.sin_addr));
- fprintf(stderr, "Trying %s...\n", inet_ntoa(sin.sin_addr));
+ memcpy((caddr_t)&sockin.sin_addr, hp->h_addr_list[0],
+ sizeof(sockin.sin_addr));
+ fprintf(stderr, "Trying %s...\n", inet_ntoa(sockin.sin_addr));
continue;
}
#endif /* !(defined(ultrix) || defined(sun)) */
}
/* set up the needed stuff for mutual auth */
- *faddr = sin;
+ *faddr = sockin;
sin_len = sizeof (struct sockaddr_in);
if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
perror("getsockname");
getport(alport)
int *alport;
{
- struct sockaddr_in sin;
+ struct sockaddr_in sockin;
int s;
- int len = sizeof(sin);
+ int len = sizeof(sockin);
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0)
return (-1);
- memset((char *) &sin, 0,sizeof(sin));
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = INADDR_ANY;
+ memset((char *) &sockin, 0,sizeof(sockin));
+ sockin.sin_family = AF_INET;
+ sockin.sin_addr.s_addr = INADDR_ANY;
- if (bind(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0) {
+ if (bind(s, (struct sockaddr *)&sockin, sizeof (sockin)) >= 0) {
if (alport) {
- if (getsockname(s, (struct sockaddr *)&sin, &len) < 0) {
+ if (getsockname(s, (struct sockaddr *)&sockin, &len) < 0) {
(void) close(s);
return -1;
} else {
- *alport = ntohs(sin.sin_port);
+ *alport = ntohs(sockin.sin_port);
}
}
return s;
#ifdef KRB5_KRB4_COMPAT
static int
-v4_des_read(fd, buf, len)
+v4_des_read(fd, buf, len, secondary)
int fd;
char *buf;
int len;
+int secondary;
{
int nreturned = 0;
krb5_ui_4 net_len, rd_len;
}
static int
-v4_des_write(fd, buf, len)
+v4_des_write(fd, buf, len, secondary)
int fd;
char *buf;
int len;
+int secondary;
{
static char garbage_buf[8];
unsigned char *len_buf = (unsigned char *) des_outpkt;
char *
strsave(sp)
-char *sp;
+const char *sp;
{
register char *ret;
#include <k5-util.h>
#include <com_err.h>
+#ifdef KRB5_KRB4_COMPAT
+#include <kerberosIV/krb.h>
+#endif
+
#include "defines.h"
#define RCP_BUFSIZ 4096
krb5_context bsd_context;
#ifdef KRB5_KRB4_COMPAT
-#include <kerberosIV/krb.h>
Key_schedule v4_schedule;
CREDENTIALS v4_cred;
KTEXT_ST v4_ticket;
MSG_DAT v4_msg_data;
#endif
-void v4_send_auth(), try_normal();
-char **save_argv();
+void v4_send_auth(char *, char *), try_normal(char **);
+char **save_argv(int, char **);
#ifndef HAVE_STRSAVE
char *strsave();
#endif
int rcmd_stream_write(), rcmd_stream_read();
-void usage(), sink(), source(), rsource(), verifydir(), answer_auth();
-int response(), hosteq(), okname(), susystem();
+void usage(void), sink(int, char **),
+ source(int, char **), rsource(char *, struct stat *), verifydir(char *),
+ answer_auth(char *, char *);
+int response(void), hosteq(char *, char *), okname(char *),
+ susystem(char *);
int encryptflag = 0;
#ifndef UCB_RCP
#endif /* KERBEROS */
int rem;
-char *colon();
+char *colon(char *);
int errs;
krb5_sigtype lostconn();
int iamremote, targetshouldbedirectory;
struct buffer {
int cnt;
char *buf;
-} *allocbuf();
+};
+
+struct buffer *allocbuf(struct buffer *, int, int);
#define NULLBUF (struct buffer *) 0
#ifdef KERBEROS
#include <krb5.h>
#include <com_err.h>
-#include "defines.h"
#ifdef KRB5_KRB4_COMPAT
#include <kerberosIV/krb.h>
#endif
+#include "defines.h"
#define RLOGIN_BUFSIZ 5120
#if __STDC__
int setsignal(int sig, krb5_sigtype (*act)());
#endif
+static int read_wrapper(int fd, char *buf, int size, int *got_esc);
+void try_normal(char **);
+static void mode(int);
+#ifdef POSIX_SIGNALS
+static int reader(sigset_t *);
+static void doit(sigset_t *);
+#else
+static int reader(int);
+static void doit(int);
+#endif
+static int control(unsigned char *, int);
+static void sendwindow(void);
+static void stop(char), echo(char);
+static void writer(void), done(int);
+static int confirm_death (void);
+
/* to allow exits from signal handlers, without conflicting declarations */
static krb5_sigtype exit_handler() {
-int confirm_death ()
+static int confirm_death ()
{
char hostname[33];
char input;
struct tchars notc = { -1, -1, -1, -1, -1, -1 };
#endif
-doit(oldmask)
+static void doit(oldmask)
#ifdef POSIX_SIGNALS
sigset_t *oldmask;
+#else
+ int oldmask;
#endif
{
#ifdef POSIX_SIGNALS
-done(status)
+void done(status)
int status;
{
#ifdef POSIX_SIGNALS
* ~^Z suspend rlogin process.
* ~^Y suspend rlogin process, but leave reader alone.
*/
-writer()
+static void writer()
{
int n_read;
char buf[1024];
was a read error (other than EINTR) and errno is set appropriately.
*/
-int read_wrapper(fd,buf,size,got_esc)
+static int read_wrapper(fd,buf,size,got_esc)
int fd;
char *buf;
int size;
return return_length;
}
-echo(c)
+static void echo(c)
register char c;
{
char buf[8];
-stop(cmdc)
+static void stop(cmdc)
char cmdc;
{
#ifdef POSIX_SIGNALS
/*
* Send the window size to the server via the magic escape
*/
-sendwindow()
+static void sendwindow()
{
char obuf[4 + sizeof (struct winsize)];
struct winsize *wp = (struct winsize *)(obuf+4);
quote rule so that binary data from the server does not confuse the
client. */
-int control(cp, n)
+static int control(cp, n)
unsigned char *cp;
int n;
{
/*
* reader: read from remote: line -> 1
*/
+static int
reader(oldmask)
#ifdef POSIX_SIGNALS
sigset_t *oldmask;
-mode(f)
+static void mode(f)
+int f;
{
#ifdef POSIX_TERMIOS
struct termios newtty;
void try_normal(argv)
char **argv;
{
- register char *host;
+ register char *nhost;
#ifdef POSIX_SIGNALS
struct sigaction sa;
sigset_t mask;
UCB_RLOGIN);
fflush(stderr);
- host = strrchr(argv[0], '/');
- if (host)
- host++;
+ nhost = strrchr(argv[0], '/');
+ if (nhost)
+ nhost++;
else
- host = argv[0];
- if (!strcmp(host, "rlogin"))
+ nhost = argv[0];
+ if (!strcmp(nhost, "rlogin"))
argv++;
#ifdef POSIX_SIGNALS
#define VHANG_LAST /* vhangup must occur on close, not open */
#endif
-void fatal(), fatalperror(), doit(), usage(), do_krb_login(), getstr();
-void protocol();
-int princ_maps_to_lname(), default_realm();
+void fatal(int, const char *), fatalperror(int, const char *), doit(int, struct sockaddr_in *), usage(void), do_krb_login(char *, char *), getstr(int, char *, int, char *);
+void protocol(int, int);
+int princ_maps_to_lname(krb5_principal, char *), default_realm(krb5_principal);
krb5_sigtype cleanup();
-krb5_error_code recvauth();
+krb5_error_code recvauth(int *);
/* There are two authentication related masks:
* auth_ok and auth_sent.
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
syslog(LOG_ERR,"Can't get peer name of remote host: %m");
#ifdef STDERR_FILENO
- fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
+ fatal(STDERR_FILENO, "Can't get peer name of remote host");
#else
- fatal(2, "Can't get peer name of remote host", 1);
+ fatal(2, "Can't get peer name of remote host");
#endif
}
fd = 0;
char oobdata[] = {0};
#endif
+static
int sendoob(fd, byte)
int fd;
char *byte;
* in the data stream. For now, we are only willing to handle
* window size changes.
*/
-int control(pty, cp, n)
+static int control(pty, cp, n)
int pty;
unsigned char *cp;
int n;
void fatal(f, msg)
int f;
- char *msg;
+ const char *msg;
{
char buf[512];
int out = 1 ; /* Output queue of f */
void fatalperror(f, msg)
int f;
- char *msg;
+ const char *msg;
{
char buf[512];
#ifdef KERBEROS
#include <krb5.h>
#include <com_err.h>
-#include "defines.h"
#ifdef KRB5_KRB4_COMPAT
#include <kerberosIV/krb.h>
#endif
+#include "defines.h"
#endif /* KERBEROS */
#ifdef KRB5_KRB4_COMPAT
int encrypt_flag = 0;
char *krb_realm = (char *)0;
-void try_normal();
+void try_normal(char **);
#endif /* KERBEROS */
char *srvtab = NULL;
krb5_keytab keytab = NULL;
krb5_ccache ccache = NULL;
-void fatal();
+int default_realm(krb5_principal principal);
+static int princ_maps_to_lname(krb5_principal principal, char *luser);
+
+void fatal(int, const char *);
int require_encrypt = 0;
int do_encrypt = 0;
int stripdomain = 1;
int always_ip = 0;
+static krb5_error_code recvauth(int netfd, struct sockaddr_in peersin,
+ int *valid_checksum);
+
#else /* !KERBEROS */
#define ARGSTR "RD:?"
#endif /* KERBEROS */
+
#ifndef HAVE_KILLPG
#define killpg(pid, sig) kill(-(pid), (sig))
/*VARARGS1*/
void error();
-void usage(), getstr(), doit();
+void usage(void), getstr(int, char *, int, char *),
+ doit(int, struct sockaddr_in *);
#ifdef __SCO__
/* sco has getgroups and setgroups but no initgroups */
-int princ_maps_to_lname(principal, luser)
+static int princ_maps_to_lname(principal, luser)
krb5_principal principal;
char *luser;
{
#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN
chars */
-krb5_error_code
-recvauth(netf, peersin, valid_checksum)
- int netf;
+static krb5_error_code
+recvauth(netfd, peersin, valid_checksum)
+ int netfd;
struct sockaddr_in peersin;
int *valid_checksum;
{
*valid_checksum = 0;
len = sizeof(laddr);
- if (getsockname(netf, (struct sockaddr *)&laddr, &len)) {
+ if (getsockname(netfd, (struct sockaddr *)&laddr, &len)) {
exit(1);
}
if (status = krb5_auth_con_init(bsd_context, &auth_context))
return status;
- if (status = krb5_auth_con_genaddrs(bsd_context, auth_context, netf,
+ if (status = krb5_auth_con_genaddrs(bsd_context, auth_context, netfd,
KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR))
return status;
}
#ifdef KRB5_KRB4_COMPAT
- status = krb5_compat_recvauth_version(bsd_context, &auth_context, &netf,
+ status = krb5_compat_recvauth_version(bsd_context, &auth_context, &netfd,
NULL, /* Specify daemon principal */
0, /* no flags */
keytab, /* normally NULL to use v5srvtab */
&auth_sys, /* which authentication system*/
&v4_kdata, 0, &version);
#else
- status = krb5_recvauth_version(bsd_context, &auth_context, &netf,
+ status = krb5_recvauth_version(bsd_context, &auth_context, &netfd,
NULL, /* daemon principal */
0, /* no flags */
keytab, /* normally NULL to use v5srvtab */
/*
* clean up before exiting
*/
- getstr(netf, locuser, sizeof(locuser), "locuser");
- getstr(netf, cmdbuf, sizeof(cmdbuf), "command");
- getstr(netf, remuser, sizeof(locuser), "remuser");
+ getstr(netfd, locuser, sizeof(locuser), "locuser");
+ getstr(netfd, cmdbuf, sizeof(cmdbuf), "command");
+ getstr(netfd, remuser, sizeof(locuser), "remuser");
}
return status;
}
- getstr(netf, locuser, sizeof(locuser), "locuser");
- getstr(netf, cmdbuf, sizeof(cmdbuf), "command");
+ getstr(netfd, locuser, sizeof(locuser), "locuser");
+ getstr(netfd, cmdbuf, sizeof(cmdbuf), "command");
#ifdef KRB5_KRB4_COMPAT
if (auth_sys == KRB5_RECVAUTH_V4) {
kcmd_proto = KCMD_UNKNOWN_PROTOCOL;
if (version.length != 9)
- fatal (netf, "bad application version length");
+ fatal (netfd, "bad application version length");
if (!memcmp (version.data, "KCMDV0.1", 9))
kcmd_proto = KCMD_OLD_PROTOCOL;
if (!memcmp (version.data, "KCMDV0.2", 9))
kcmd_proto = KCMD_NEW_PROTOCOL;
- getstr(netf, remuser, sizeof(locuser), "remuser");
+ getstr(netfd, remuser, sizeof(locuser), "remuser");
if ((status = krb5_unparse_name(bsd_context, ticket->enc_part2->client,
&kremuser)))
if (chksumbuf == 0)
goto error_cleanup;
- if (getsockname(netf, (struct sockaddr *) &adr, &adr_length) != 0)
+ if (getsockname(netfd, (struct sockaddr *) &adr, &adr_length) != 0)
goto error_cleanup;
sprintf(chksumbuf,"%u:", ntohs(adr.sin_port));
status = krb5_auth_con_getremotesubkey (bsd_context, auth_context,
&key);
if (status)
- fatal (netf, "Server can't get session subkey");
+ fatal (netfd, "Server can't get session subkey");
if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL)
- fatal (netf, "No session subkey sent");
+ fatal (netfd, "No session subkey sent");
if (key && kcmd_proto == KCMD_OLD_PROTOCOL) {
#ifdef HEIMDAL_FRIENDLY
key = 0;
#else
- fatal (netf, "Session subkey not allowed in old kcmd protocol");
+ fatal (netfd, "Session subkey not allowed in old kcmd protocol");
#endif
}
if (key == 0)
* key here, and we do not want krb5_free_ticket() to destroy it. */
ticket->enc_part2->session = 0;
- if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netf,
+ if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netfd,
&inbuf))) {
error("Error reading message: %s\n", error_message(status));
exit(1);
void fatal(f, msg)
int f;
- char *msg;
+ const char *msg;
{
char buf[512];
#ifndef POSIX_TERMIOS
projects / krb5.git / commitdiff