Added Ian's changes with minor tweaks. These are used by the testsuite.
> Thu Mar 23 18:18:31 1995 Ian Lance Taylor <ian@cygnus.com>
* krshd.c (ARGSTR): Add S:M:A to KERBEROS version.
(srvtab): New global variable.
(krb5_override_default_realm): Declare.
(main): Handle -S, -M and -A arguments. Call SO_REUSEADDR on
socket if debug_port set.
(doit): If -A used, allocate a random port for the stderr stream,
rather than allocating a reserved port. Don't call initgroups if
not changing the uid.
(recvauth): Pass srvtab to krb5_compat_recvauth.
* krshd.M: Document -S, -M, and -A.
* krsh.c (main): Accept -A, and pass it to kcmd.
* rsh.M: Document -A.
* kcmd.c (kcmd): Add new argument anyport. If it is set, permit
any port for the stderr stream, rather than requiring a reserved
port. Initialize ret_cred to NULL.
* krcp.c (main): Pass 0 for anyport to kcmd.
* krlogin.c (main): Pass 0 for anyport to kcmd.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5428
dc483132-0cff-0310-8789-
dd5450dbe970
+Fri Apr 21 14:07:15 1995 Mark Eichin <eichin@cygnus.com>
+
+ Added Ian's changes with minor tweaks. These are used by the testsuite.
+
+> Thu Mar 23 18:18:31 1995 Ian Lance Taylor <ian@cygnus.com>
+
+ * krshd.c (ARGSTR): Add S:M:A to KERBEROS version.
+ (srvtab): New global variable.
+ (krb5_override_default_realm): Declare.
+ (main): Handle -S, -M and -A arguments. Call SO_REUSEADDR on
+ socket if debug_port set.
+ (doit): If -A used, allocate a random port for the stderr stream,
+ rather than allocating a reserved port. Don't call initgroups if
+ not changing the uid.
+ (recvauth): Pass srvtab to krb5_compat_recvauth.
+ * krshd.M: Document -S, -M, and -A.
+ * krsh.c (main): Accept -A, and pass it to kcmd.
+ * rsh.M: Document -A.
+ * kcmd.c (kcmd): Add new argument anyport. If it is set, permit
+ any port for the stderr stream, rather than requiring a reserved
+ port. Initialize ret_cred to NULL.
+ * krcp.c (main): Pass 0 for anyport to kcmd.
+ * krlogin.c (main): Pass 0 for anyport to kcmd.
+
Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
* krcp.c (send_auth()): Use new calling convention for krb5_rd_req().
extern krb5_context bsd_context;
kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
- cred, seqno, server_seqno, laddr, faddr, authopts)
+ cred, seqno, server_seqno, laddr, faddr, authopts, anyport)
int *sock;
char **ahost;
u_short rport;
krb5_int32 *server_seqno;
struct sockaddr_in *laddr, *faddr;
krb5_flags authopts;
+ int anyport;
{
int i, s, timo = 1, pid;
#ifdef POSIX_SIGNALS
}
*fd2p = s3;
from.sin_port = ntohs((u_short)from.sin_port);
- if (from.sin_family != AF_INET ||
- from.sin_port >= IPPORT_RESERVED) {
+ if (! anyport &&
+ (from.sin_family != AF_INET ||
+ from.sin_port >= IPPORT_RESERVED)) {
fprintf(stderr,
"socket: protocol failure in circuit setup.\n");
goto bad2;
0, /* No server seq # */
(struct sockaddr_in *) 0,
&foreign,
- authopts);
+ authopts,
+ 0); /* Not any port # */
if (status) {
fprintf(stderr,
"%s: kcmd to host %s failed - %s\n",
0, /* No server seq # */
(struct sockaddr_in *) 0,
&foreign,
- authopts);
+ authopts,
+ 0); /* Not any port # */
if (status) {
fprintf(stderr,
"%s: kcmd to host %s failed - %s\n",
0, /* No need for sequence number */
0, /* No need for server seq # */
&local, &foreign,
- authopts);
+ authopts,
+ 0); /* Not any port # */
if (status) {
/* should check for KDC_PR_UNKNOWN, NO_TKT_FILE here -- XXX */
fprintf(stderr,
#ifdef KERBEROS
krb5_flags authopts;
krb5_error_code status;
- int fflag = 0, Fflag = 0;
+ int fflag = 0, Fflag = 0, Aflag = 0;
int debug_port = 0;
#endif /* KERBEROS */
argv++, argc--;
goto another;
}
+ if (argc > 0 && !strncmp(*argv, "-A", 2)) {
+ Aflag++;
+ argv++, argc--;
+ goto another;
+ }
#endif /* KERBEROS */
/*
* Ignore the -L, -w, -e and -8 flags to allow aliases with rlogin
0, /* No need for server seq # */
(struct sockaddr_in *) 0,
(struct sockaddr_in *) 0,
- authopts);
+ authopts,
+ Aflag); /* Any port #? */
if (status) {
/* check NO_TKT_FILE or equivalent... */
fprintf(stderr,
.PP
If the \fB\-r\fP or \fB\-R\fP options are used, the client must
connect from a privileged port.
+.PP
+\fIKrshd\fP supports three options which may be used for testing:
+
+.IP \fB\-S\ srvtab\fP 10
+Set the \fIsrvtab\fP file to use.
+
+.IP \fB\-M\ realm\fP
+Set the Kerberos realm to use.
+
+.IP \fB\-A\fP
+Don't allocate a reserved port for the stderr connection.
.SH DIAGNOSTICS
Except for the last one listed below,
all diagnostic messages
#include "com_err.h"
#include "loginpaths.h"
-#define ARGSTR "rRxXeEkKD:?"
+#define ARGSTR "rRxXeEkKD:S:M:A?"
#define SECURE_MESSAGE "This rsh session is using DES encryption for all data transmissions.\r\n"
char des_outbuf[2*BUFSIZ]; /* needs to be > largest write size */
krb5_data desinbuf,desoutbuf;
krb5_context bsd_context;
+char *srvtab = NULL;
+extern char *krb5_override_default_realm;
void fatal();
int v5_des_read();
int (*des_write)() = v5_des_write;
int do_encrypt = 0;
+int anyport = 0;
int netf;
#else /* !KERBEROS */
case 'E':
do_encrypt = 1;
break;
+
+ case 'S':
+ srvtab = optarg;
+ break;
+
+ case 'M':
+ krb5_override_default_realm = optarg;
+ break;
+
+ case 'A':
+ anyport = 1;
+ break;
#endif
case 'D':
debug_port = atoi(optarg);
sin.sin_port = htons(debug_port);
sin.sin_addr.s_addr = INADDR_ANY;
+ (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+ (char *)&on, sizeof(on));
+
if ((bind(s, (struct sockaddr *) &sin, sizeof(sin))) < 0) {
fprintf(stderr, "Error in bind: %s\n", strerror(errno));
exit(2);
}
(void) alarm(0);
if (port != 0) {
- int lport = IPPORT_RESERVED - 1;
- s = rresvport(&lport);
+ int lport;
+ if (anyport) {
+ lport = 5120; /* arbitrary */
+ s = getport(&lport);
+ } else {
+ lport = IPPORT_RESERVED - 1;
+ s = rresvport(&lport);
+ }
if (s < 0) {
syslog(LOG_ERR ,
"can't get stderr port: %m");
(void) close(f);
(void) setgid((gid_t)pwd->pw_gid);
#ifndef sgi
- initgroups(pwd->pw_name, pwd->pw_gid);
+ if (getuid() == 0 || getuid() != pwd->pw_uid) {
+ /* For testing purposes, we don't call initgroups if we
+ already have the right uid, and it is not root. This is
+ because on some systems initgroups outputs an error message
+ if not called by root. */
+ initgroups(pwd->pw_name, pwd->pw_gid);
+ }
#endif
(void) setuid((uid_t)pwd->pw_uid);
environ = envinit;
server, /* Specify daemon principal */
0, /* default rc_type */
0, /* no flags */
- NULL, /* default keytab */
+ srvtab, /* normally NULL to use v5srvtab */
0, /* v4_opts */
"rcmd", /* v4_service */
v4_instance, /* v4_instance */
.B \-d
] [
.B \-k
-realm ] command
+realm ] [
+.B \-A
+] command
.br
host
[
.B \-d
] [
.B \-k
-realm ] command
+realm ] [
+.B \-A
+] command
.SH DESCRIPTION
.I Rsh
connects to the specified
.I /dev/null
(see the BUGS section below).
.PP
+The
+.B \-A
+option accepts any port number for the stderr stream. Normally
+.I rsh
+requires a reserved port number. This option is used for debugging.
+.PP
If you omit
.I command,
then instead of executing a single command, you will be logged in