From 4bd2cd2673ae2b5bec405d450b2742f537450230 Mon Sep 17 00:00:00 2001 From: Mark Eichin Date: Fri, 21 Apr 1995 19:11:07 +0000 Subject: [PATCH] Fri Apr 21 14:07:15 1995 Mark Eichin Added Ian's changes with minor tweaks. These are used by the testsuite. > Thu Mar 23 18:18:31 1995 Ian Lance Taylor * krshd.c (ARGSTR): Add S:M:A to KERBEROS version. (srvtab): New global variable. (krb5_override_default_realm): Declare. (main): Handle -S, -M and -A arguments. Call SO_REUSEADDR on socket if debug_port set. (doit): If -A used, allocate a random port for the stderr stream, rather than allocating a reserved port. Don't call initgroups if not changing the uid. (recvauth): Pass srvtab to krb5_compat_recvauth. * krshd.M: Document -S, -M, and -A. * krsh.c (main): Accept -A, and pass it to kcmd. * rsh.M: Document -A. * kcmd.c (kcmd): Add new argument anyport. If it is set, permit any port for the stderr stream, rather than requiring a reserved port. Initialize ret_cred to NULL. * krcp.c (main): Pass 0 for anyport to kcmd. * krlogin.c (main): Pass 0 for anyport to kcmd. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5428 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/ChangeLog | 24 ++++++++++++++++++++++++ src/appl/bsd/kcmd.c | 8 +++++--- src/appl/bsd/krcp.c | 6 ++++-- src/appl/bsd/krlogin.c | 3 ++- src/appl/bsd/krsh.c | 10 ++++++++-- src/appl/bsd/krshd.M | 11 +++++++++++ src/appl/bsd/krshd.c | 40 +++++++++++++++++++++++++++++++++++----- src/appl/bsd/rsh.M | 14 ++++++++++++-- 8 files changed, 101 insertions(+), 15 deletions(-) diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index c416395f3..c770feefc 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,27 @@ +Fri Apr 21 14:07:15 1995 Mark Eichin + + Added Ian's changes with minor tweaks. These are used by the testsuite. + +> Thu Mar 23 18:18:31 1995 Ian Lance Taylor + + * krshd.c (ARGSTR): Add S:M:A to KERBEROS version. + (srvtab): New global variable. + (krb5_override_default_realm): Declare. + (main): Handle -S, -M and -A arguments. Call SO_REUSEADDR on + socket if debug_port set. + (doit): If -A used, allocate a random port for the stderr stream, + rather than allocating a reserved port. Don't call initgroups if + not changing the uid. + (recvauth): Pass srvtab to krb5_compat_recvauth. + * krshd.M: Document -S, -M, and -A. + * krsh.c (main): Accept -A, and pass it to kcmd. + * rsh.M: Document -A. + * kcmd.c (kcmd): Add new argument anyport. If it is set, permit + any port for the stderr stream, rather than requiring a reserved + port. Initialize ret_cred to NULL. + * krcp.c (main): Pass 0 for anyport to kcmd. + * krlogin.c (main): Pass 0 for anyport to kcmd. + Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu) * krcp.c (send_auth()): Use new calling convention for krb5_rd_req(). diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index ef33d39b5..766f70bba 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -67,7 +67,7 @@ extern krb5_cksumtype krb5_kdc_req_sumtype; extern krb5_context bsd_context; kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, - cred, seqno, server_seqno, laddr, faddr, authopts) + cred, seqno, server_seqno, laddr, faddr, authopts, anyport) int *sock; char **ahost; u_short rport; @@ -80,6 +80,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, krb5_int32 *server_seqno; struct sockaddr_in *laddr, *faddr; krb5_flags authopts; + int anyport; { int i, s, timo = 1, pid; #ifdef POSIX_SIGNALS @@ -251,8 +252,9 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, } *fd2p = s3; from.sin_port = ntohs((u_short)from.sin_port); - if (from.sin_family != AF_INET || - from.sin_port >= IPPORT_RESERVED) { + if (! anyport && + (from.sin_family != AF_INET || + from.sin_port >= IPPORT_RESERVED)) { fprintf(stderr, "socket: protocol failure in circuit setup.\n"); goto bad2; diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c index f8152f8ed..7eaee827e 100644 --- a/src/appl/bsd/krcp.c +++ b/src/appl/bsd/krcp.c @@ -346,7 +346,8 @@ main(argc, argv) 0, /* No server seq # */ (struct sockaddr_in *) 0, &foreign, - authopts); + authopts, + 0); /* Not any port # */ if (status) { fprintf(stderr, "%s: kcmd to host %s failed - %s\n", @@ -434,7 +435,8 @@ main(argc, argv) 0, /* No server seq # */ (struct sockaddr_in *) 0, &foreign, - authopts); + authopts, + 0); /* Not any port # */ if (status) { fprintf(stderr, "%s: kcmd to host %s failed - %s\n", diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c index 2fe1662e7..b17aed003 100644 --- a/src/appl/bsd/krlogin.c +++ b/src/appl/bsd/krlogin.c @@ -567,7 +567,8 @@ main(argc, argv) 0, /* No need for sequence number */ 0, /* No need for server seq # */ &local, &foreign, - authopts); + authopts, + 0); /* Not any port # */ if (status) { /* should check for KDC_PR_UNKNOWN, NO_TKT_FILE here -- XXX */ fprintf(stderr, diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c index 8ed1e0dd3..06838fbfa 100644 --- a/src/appl/bsd/krsh.c +++ b/src/appl/bsd/krsh.c @@ -134,7 +134,7 @@ main(argc, argv0) #ifdef KERBEROS krb5_flags authopts; krb5_error_code status; - int fflag = 0, Fflag = 0; + int fflag = 0, Fflag = 0, Aflag = 0; int debug_port = 0; #endif /* KERBEROS */ @@ -216,6 +216,11 @@ main(argc, argv0) argv++, argc--; goto another; } + if (argc > 0 && !strncmp(*argv, "-A", 2)) { + Aflag++; + argv++, argc--; + goto another; + } #endif /* KERBEROS */ /* * Ignore the -L, -w, -e and -8 flags to allow aliases with rlogin @@ -338,7 +343,8 @@ main(argc, argv0) 0, /* No need for server seq # */ (struct sockaddr_in *) 0, (struct sockaddr_in *) 0, - authopts); + authopts, + Aflag); /* Any port #? */ if (status) { /* check NO_TKT_FILE or equivalent... */ fprintf(stderr, diff --git a/src/appl/bsd/krshd.M b/src/appl/bsd/krshd.M index fc5f801bc..a5d1f12c2 100644 --- a/src/appl/bsd/krshd.M +++ b/src/appl/bsd/krshd.M @@ -67,6 +67,17 @@ behaviour of the program exactly as with the command-line arguments. .PP If the \fB\-r\fP or \fB\-R\fP options are used, the client must connect from a privileged port. +.PP +\fIKrshd\fP supports three options which may be used for testing: + +.IP \fB\-S\ srvtab\fP 10 +Set the \fIsrvtab\fP file to use. + +.IP \fB\-M\ realm\fP +Set the Kerberos realm to use. + +.IP \fB\-A\fP +Don't allocate a reserved port for the stderr connection. .SH DIAGNOSTICS Except for the last one listed below, all diagnostic messages diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 0a2ffc28f..2ce15a99b 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -158,7 +158,7 @@ char copyright[] = #include "com_err.h" #include "loginpaths.h" -#define ARGSTR "rRxXeEkKD:?" +#define ARGSTR "rRxXeEkKD:S:M:A?" #define SECURE_MESSAGE "This rsh session is using DES encryption for all data transmissions.\r\n" @@ -174,6 +174,8 @@ krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */ char des_outbuf[2*BUFSIZ]; /* needs to be > largest write size */ krb5_data desinbuf,desoutbuf; krb5_context bsd_context; +char *srvtab = NULL; +extern char *krb5_override_default_realm; void fatal(); int v5_des_read(); @@ -183,6 +185,7 @@ int (*des_read)() = v5_des_read; int (*des_write)() = v5_des_write; int do_encrypt = 0; +int anyport = 0; int netf; #else /* !KERBEROS */ @@ -312,6 +315,18 @@ main(argc, argv) case 'E': do_encrypt = 1; break; + + case 'S': + srvtab = optarg; + break; + + case 'M': + krb5_override_default_realm = optarg; + break; + + case 'A': + anyport = 1; + break; #endif case 'D': debug_port = atoi(optarg); @@ -347,6 +362,9 @@ main(argc, argv) sin.sin_port = htons(debug_port); sin.sin_addr.s_addr = INADDR_ANY; + (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, + (char *)&on, sizeof(on)); + if ((bind(s, (struct sockaddr *) &sin, sizeof(sin))) < 0) { fprintf(stderr, "Error in bind: %s\n", strerror(errno)); exit(2); @@ -615,8 +633,14 @@ doit(f, fromp) } (void) alarm(0); if (port != 0) { - int lport = IPPORT_RESERVED - 1; - s = rresvport(&lport); + int lport; + if (anyport) { + lport = 5120; /* arbitrary */ + s = getport(&lport); + } else { + lport = IPPORT_RESERVED - 1; + s = rresvport(&lport); + } if (s < 0) { syslog(LOG_ERR , "can't get stderr port: %m"); @@ -1182,7 +1206,13 @@ doit(f, fromp) (void) close(f); (void) setgid((gid_t)pwd->pw_gid); #ifndef sgi - initgroups(pwd->pw_name, pwd->pw_gid); + if (getuid() == 0 || getuid() != pwd->pw_uid) { + /* For testing purposes, we don't call initgroups if we + already have the right uid, and it is not root. This is + because on some systems initgroups outputs an error message + if not called by root. */ + initgroups(pwd->pw_name, pwd->pw_gid); + } #endif (void) setuid((uid_t)pwd->pw_uid); environ = envinit; @@ -1554,7 +1584,7 @@ recvauth(netf, peersin, peeraddr) server, /* Specify daemon principal */ 0, /* default rc_type */ 0, /* no flags */ - NULL, /* default keytab */ + srvtab, /* normally NULL to use v5srvtab */ 0, /* v4_opts */ "rcmd", /* v4_service */ v4_instance, /* v4_instance */ diff --git a/src/appl/bsd/rsh.M b/src/appl/bsd/rsh.M index b740729d5..d9c2177d1 100644 --- a/src/appl/bsd/rsh.M +++ b/src/appl/bsd/rsh.M @@ -34,7 +34,9 @@ username .B \-d ] [ .B \-k -realm ] command +realm ] [ +.B \-A +] command .br host [ @@ -46,7 +48,9 @@ username .B \-d ] [ .B \-k -realm ] command +realm ] [ +.B \-A +] command .SH DESCRIPTION .I Rsh connects to the specified @@ -96,6 +100,12 @@ option redirects input from the special device .I /dev/null (see the BUGS section below). .PP +The +.B \-A +option accepts any port number for the stderr stream. Normally +.I rsh +requires a reserved port number. This option is used for debugging. +.PP If you omit .I command, then instead of executing a single command, you will be logged in -- 2.26.2