char *srvtab = NULL;
krb5_keytab keytab = NULL;
krb5_ccache ccache = NULL;
+int default_realm(krb5_principal principal);
+#if defined(KERBEROS) && defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
+static int princ_maps_to_lname(krb5_principal principal, char *luser);
+#endif
void fatal(int, const char *);
int stripdomain = 1;
int always_ip = 0;
-static krb5_error_code recvauth(int netfd, struct sockaddr *peersin,
+static krb5_error_code recvauth(int netfd, struct sockaddr_in peersin,
int *valid_checksum);
#else /* !KERBEROS */
;
void usage(void), getstr(int, char *, int, char *),
- doit(int, struct sockaddr *);
+ doit(int, struct sockaddr_in *);
#ifndef HAVE_INITGROUPS
int initgroups(char* name, gid_t basegid) {
fatal(fd, "Configuration error: mutually exclusive options specified");
}
- doit(dup(fd), (struct sockaddr *) &from);
+ doit(dup(fd), &from);
return 0;
}
char term[64] = "TERM=network";
char path_rest[] = RPATH;
-char remote_addr[64+NI_MAXHOST]; /* = "KRB5REMOTEADDR=" */
-char remote_port[64+NI_MAXSERV]; /* = "KRB5REMOTEPORT=" */
-char local_addr[64+NI_MAXHOST]; /* = "KRB5LOCALADDR=" */
-char local_port[64+NI_MAXSERV]; /* = "KRB5LOCALPORT=" */
+char remote_addr[64]; /* = "KRB5REMOTEADDR=" */
+char remote_port[64]; /* = "KRB5REMOTEPORT=" */
+char local_addr[64]; /* = "KRB5LOCALADDR=" */
+char local_port[64]; /* = "KRB5LOCALPORT=" */
#define ADDRPAD 0,0,0,0
#define KRBPAD 0 /* KRB5CCNAME, optional */
void doit(f, fromp)
int f;
- struct sockaddr *fromp;
+ struct sockaddr_in *fromp;
{
char *cp;
#ifdef KERBEROS
int pv[2], pw[2], px[2], cc;
fd_set ready, readfrom;
char buf[RCMD_BUFSIZ], sig;
- struct sockaddr_storage localaddr;
+ struct sockaddr_in fromaddr;
+ struct sockaddr_in localaddr;
+ int non_privileged = 0;
#ifdef POSIX_SIGNALS
struct sigaction sa;
#endif
#endif /* IP_TOS */
{
- int sin_len = sizeof (localaddr);
+ int sin_len = sizeof (struct sockaddr_in);
if (getsockname(f, (struct sockaddr*)&localaddr, &sin_len) < 0) {
perror("getsockname");
exit(1);
}
}
+ fromaddr = *fromp;
#ifdef POSIX_SIGNALS
(void)sigemptyset(&sa.sa_mask);
}
#ifdef KERBEROS
netf = f;
+ if ( (fromp->sin_port >= IPPORT_RESERVED ||
+ fromp->sin_port < IPPORT_RESERVED/2))
+ non_privileged = 1;
#else
if (fromp->sin_port >= IPPORT_RESERVED ||
fromp->sin_port < IPPORT_RESERVED/2) {
"can't get stderr port: %m");
exit(1);
}
-#ifndef KERBEROS
+#ifdef KERBEROS
+ if ( port >= IPPORT_RESERVED)
+ non_privileged = 1;
+#else
if (port >= IPPORT_RESERVED) {
syslog(LOG_ERR , "2nd port not reserved\n");
exit(1);
exit(1);
}
- if ((status = recvauth(f, fromp, &valid_checksum))) {
+ if ((status = recvauth(f, fromaddr,&valid_checksum))) {
error("Authentication failed: %s\n", error_message(status));
exit(1);
}
{
int i;
/* these four are covered by ADDRPAD */
- int aierr;
- char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
-
+ sprintf(local_addr, "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr));
for (i = 0; envinit[i]; i++);
+ envinit[i] =local_addr;
+
+ sprintf(local_port, "KRB5LOCALPORT=%d", ntohs(localaddr.sin_port));
+ for (; envinit[i]; i++);
+ envinit[i] =local_port;
- aierr = getnameinfo((struct sockaddr *)&localaddr,
- socklen((struct sockaddr *)&localaddr),
- hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
- NI_NUMERICHOST | NI_NUMERICSERV);
- if (aierr)
- goto skip_localaddr_env;
- sprintf(local_addr, "KRB5LOCALADDR=%s", hbuf);
- envinit[i++] =local_addr;
-
- sprintf(local_port, "KRB5LOCALPORT=%s", sbuf);
- envinit[i++] =local_port;
- skip_localaddr_env:
-
- aierr = getnameinfo(fromp, socklen(fromp),
- hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
- NI_NUMERICHOST | NI_NUMERICSERV);
- if (aierr)
- goto skip_remoteaddr_env;
- sprintf(remote_addr, "KRB5REMOTEADDR=%s", hbuf);
- envinit[i++] =remote_addr;
-
- sprintf(remote_port, "KRB5REMOTEPORT=%s", sbuf);
- envinit[i++] =remote_port;
-
- skip_remoteaddr_env:
- ;
+ sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr));
+ for (; envinit[i]; i++);
+ envinit[i] =remote_addr;
+
+ sprintf(remote_port, "KRB5REMOTEPORT=%d", ntohs(fromp->sin_port));
+ for (; envinit[i]; i++);
+ envinit[i] =remote_port;
}
/* If we do anything else, make sure there is space in the array. */
}
+
#ifdef KERBEROS
#ifndef KRB_SENDAUTH_VLEN
static krb5_error_code
recvauth(netfd, peersin, valid_checksum)
int netfd;
- struct sockaddr *peersin;
+ struct sockaddr_in peersin;
int *valid_checksum;
{
krb5_auth_context auth_context = NULL;
0, /* v4_opts */
"rcmd", /* v4_service */
v4_instance, /* v4_instance */
- peersin, /* foreign address */
+ &peersin, /* foreign address */
&laddr, /* our local address */
"", /* use default srvtab */
return status;
if (authenticator->checksum && !checksum_ignored) {
- struct sockaddr_storage adr;
- unsigned int adr_length = sizeof(adr);
- int e;
- unsigned int buflen = strlen(cmdbuf)+strlen(locuser)+32;
- char * chksumbuf = (char *) malloc(buflen);
+ struct sockaddr_in adr;
+ int adr_length = sizeof(adr);
+ char * chksumbuf = (char *) malloc(strlen(cmdbuf)+strlen(locuser)+32);
if (chksumbuf == 0)
goto error_cleanup;
if (getsockname(netfd, (struct sockaddr *) &adr, &adr_length) != 0)
goto error_cleanup;
- e = getnameinfo((struct sockaddr *)&adr, adr_length, 0, 0,
- chksumbuf, buflen, NI_NUMERICSERV);
- if (e) {
- free(chksumbuf);
- fatal(netfd, "local error: can't examine port number");
- }
- if (strlen(chksumbuf) > 30) {
- free(chksumbuf);
- fatal(netfd, "wacky local port number?!");
- }
- strcat(chksumbuf, ":");
+ sprintf(chksumbuf,"%u:", ntohs(adr.sin_port));
strcat(chksumbuf,cmdbuf);
strcat(chksumbuf,locuser);
projects / krb5.git / commitdiff