From 4d86efa66e74670f259b6ccc068b9a154a661592 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Tue, 25 Jun 2002 21:50:00 +0000 Subject: [PATCH] back out some changes that weren't ready git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14576 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/ChangeLog | 9 ---- src/appl/bsd/krshd.c | 104 ++++++++++++++++++----------------------- 2 files changed, 45 insertions(+), 68 deletions(-) diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 6970a6988..e7d289378 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -13,15 +13,6 @@ * krlogind.c (princ_maps_to_lname, default_realm): ...from here. (recvauth): Use sockaddr_storage to hold addresses. * krshd.c (default_realm, princ_maps_to_lname): Deleted. - (recvauth): Take sockaddr pointer argument instead of - sockaddr_in. Use getnameinfo to extract port number string. - (remote_addr, remote_port, local_addr, local_port): Make buffers - bigger. - (doit): Use sockaddr_storage for local address. Get rid of all - settings of non_privileged, since it's never used. Don't copy - remote address to local variable. Use getnameinfo instead of - inet_ntoa to format addresses and port numbers for environment - variables. * krsh.c (SECURE_MESSAGE): Only indicate that input/output data are being encrypted, and don't automatically say it's with DES. diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 0bb3f69c1..30aa669fa 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -200,6 +200,10 @@ krb5_context bsd_context; char *srvtab = NULL; krb5_keytab keytab = NULL; krb5_ccache ccache = NULL; +int default_realm(krb5_principal principal); +#if defined(KERBEROS) && defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS) +static int princ_maps_to_lname(krb5_principal principal, char *luser); +#endif void fatal(int, const char *); @@ -212,7 +216,7 @@ int maxhostlen = 0; int stripdomain = 1; int always_ip = 0; -static krb5_error_code recvauth(int netfd, struct sockaddr *peersin, +static krb5_error_code recvauth(int netfd, struct sockaddr_in peersin, int *valid_checksum); #else /* !KERBEROS */ @@ -260,7 +264,7 @@ void error (char *fmt, ...) ; void usage(void), getstr(int, char *, int, char *), - doit(int, struct sockaddr *); + doit(int, struct sockaddr_in *); #ifndef HAVE_INITGROUPS int initgroups(char* name, gid_t basegid) { @@ -488,7 +492,7 @@ int main(argc, argv) fatal(fd, "Configuration error: mutually exclusive options specified"); } - doit(dup(fd), (struct sockaddr *) &from); + doit(dup(fd), &from); return 0; } @@ -505,10 +509,10 @@ char shell[64] = "SHELL="; char term[64] = "TERM=network"; char path_rest[] = RPATH; -char remote_addr[64+NI_MAXHOST]; /* = "KRB5REMOTEADDR=" */ -char remote_port[64+NI_MAXSERV]; /* = "KRB5REMOTEPORT=" */ -char local_addr[64+NI_MAXHOST]; /* = "KRB5LOCALADDR=" */ -char local_port[64+NI_MAXSERV]; /* = "KRB5LOCALPORT=" */ +char remote_addr[64]; /* = "KRB5REMOTEADDR=" */ +char remote_port[64]; /* = "KRB5REMOTEPORT=" */ +char local_addr[64]; /* = "KRB5LOCALADDR=" */ +char local_port[64]; /* = "KRB5LOCALPORT=" */ #define ADDRPAD 0,0,0,0 #define KRBPAD 0 /* KRB5CCNAME, optional */ @@ -605,7 +609,7 @@ cleanup(signumber) void doit(f, fromp) int f; - struct sockaddr *fromp; + struct sockaddr_in *fromp; { char *cp; #ifdef KERBEROS @@ -644,7 +648,9 @@ void doit(f, fromp) int pv[2], pw[2], px[2], cc; fd_set ready, readfrom; char buf[RCMD_BUFSIZ], sig; - struct sockaddr_storage localaddr; + struct sockaddr_in fromaddr; + struct sockaddr_in localaddr; + int non_privileged = 0; #ifdef POSIX_SIGNALS struct sigaction sa; #endif @@ -665,12 +671,13 @@ void doit(f, fromp) #endif /* IP_TOS */ { - int sin_len = sizeof (localaddr); + int sin_len = sizeof (struct sockaddr_in); if (getsockname(f, (struct sockaddr*)&localaddr, &sin_len) < 0) { perror("getsockname"); exit(1); } } + fromaddr = *fromp; #ifdef POSIX_SIGNALS (void)sigemptyset(&sa.sa_mask); @@ -699,6 +706,9 @@ void doit(f, fromp) } #ifdef KERBEROS netf = f; + if ( (fromp->sin_port >= IPPORT_RESERVED || + fromp->sin_port < IPPORT_RESERVED/2)) + non_privileged = 1; #else if (fromp->sin_port >= IPPORT_RESERVED || fromp->sin_port < IPPORT_RESERVED/2) { @@ -769,7 +779,10 @@ void doit(f, fromp) "can't get stderr port: %m"); exit(1); } -#ifndef KERBEROS +#ifdef KERBEROS + if ( port >= IPPORT_RESERVED) + non_privileged = 1; +#else if (port >= IPPORT_RESERVED) { syslog(LOG_ERR , "2nd port not reserved\n"); exit(1); @@ -804,7 +817,7 @@ void doit(f, fromp) exit(1); } - if ((status = recvauth(f, fromp, &valid_checksum))) { + if ((status = recvauth(f, fromaddr,&valid_checksum))) { error("Authentication failed: %s\n", error_message(status)); exit(1); } @@ -1425,37 +1438,21 @@ if(port) { int i; /* these four are covered by ADDRPAD */ - int aierr; - char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; - + sprintf(local_addr, "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr)); for (i = 0; envinit[i]; i++); + envinit[i] =local_addr; + + sprintf(local_port, "KRB5LOCALPORT=%d", ntohs(localaddr.sin_port)); + for (; envinit[i]; i++); + envinit[i] =local_port; - aierr = getnameinfo((struct sockaddr *)&localaddr, - socklen((struct sockaddr *)&localaddr), - hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), - NI_NUMERICHOST | NI_NUMERICSERV); - if (aierr) - goto skip_localaddr_env; - sprintf(local_addr, "KRB5LOCALADDR=%s", hbuf); - envinit[i++] =local_addr; - - sprintf(local_port, "KRB5LOCALPORT=%s", sbuf); - envinit[i++] =local_port; - skip_localaddr_env: - - aierr = getnameinfo(fromp, socklen(fromp), - hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), - NI_NUMERICHOST | NI_NUMERICSERV); - if (aierr) - goto skip_remoteaddr_env; - sprintf(remote_addr, "KRB5REMOTEADDR=%s", hbuf); - envinit[i++] =remote_addr; - - sprintf(remote_port, "KRB5REMOTEPORT=%s", sbuf); - envinit[i++] =remote_port; - - skip_remoteaddr_env: - ; + sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr)); + for (; envinit[i]; i++); + envinit[i] =remote_addr; + + sprintf(remote_port, "KRB5REMOTEPORT=%d", ntohs(fromp->sin_port)); + for (; envinit[i]; i++); + envinit[i] =remote_port; } /* If we do anything else, make sure there is space in the array. */ @@ -1763,6 +1760,7 @@ void usage() } + #ifdef KERBEROS #ifndef KRB_SENDAUTH_VLEN @@ -1775,7 +1773,7 @@ void usage() static krb5_error_code recvauth(netfd, peersin, valid_checksum) int netfd; - struct sockaddr *peersin; + struct sockaddr_in peersin; int *valid_checksum; { krb5_auth_context auth_context = NULL; @@ -1848,7 +1846,7 @@ recvauth(netfd, peersin, valid_checksum) 0, /* v4_opts */ "rcmd", /* v4_service */ v4_instance, /* v4_instance */ - peersin, /* foreign address */ + &peersin, /* foreign address */ &laddr, /* our local address */ "", /* use default srvtab */ @@ -1925,28 +1923,16 @@ recvauth(netfd, peersin, valid_checksum) return status; if (authenticator->checksum && !checksum_ignored) { - struct sockaddr_storage adr; - unsigned int adr_length = sizeof(adr); - int e; - unsigned int buflen = strlen(cmdbuf)+strlen(locuser)+32; - char * chksumbuf = (char *) malloc(buflen); + struct sockaddr_in adr; + int adr_length = sizeof(adr); + char * chksumbuf = (char *) malloc(strlen(cmdbuf)+strlen(locuser)+32); if (chksumbuf == 0) goto error_cleanup; if (getsockname(netfd, (struct sockaddr *) &adr, &adr_length) != 0) goto error_cleanup; - e = getnameinfo((struct sockaddr *)&adr, adr_length, 0, 0, - chksumbuf, buflen, NI_NUMERICSERV); - if (e) { - free(chksumbuf); - fatal(netfd, "local error: can't examine port number"); - } - if (strlen(chksumbuf) > 30) { - free(chksumbuf); - fatal(netfd, "wacky local port number?!"); - } - strcat(chksumbuf, ":"); + sprintf(chksumbuf,"%u:", ntohs(adr.sin_port)); strcat(chksumbuf,cmdbuf); strcat(chksumbuf,locuser); -- 2.26.2