diff options
| author | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
| commit | 02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b (patch) | |
| tree | 61b9147863cd8be3eff63903dc36cae168254bd5 /src/appl/bsd | |
| parent | 162ab371748cba0cc6f172419bd6e71fa04bb878 (diff) | |
| download | krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.gz krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.xz krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.zip | |
make mark-cstyle
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl/bsd')
| -rw-r--r-- | src/appl/bsd/defines.h | 12 | ||||
| -rw-r--r-- | src/appl/bsd/forward.c | 14 | ||||
| -rw-r--r-- | src/appl/bsd/kcmd.c | 56 | ||||
| -rw-r--r-- | src/appl/bsd/krcp.c | 124 | ||||
| -rw-r--r-- | src/appl/bsd/krlogin.c | 140 | ||||
| -rw-r--r-- | src/appl/bsd/krlogind.c | 164 | ||||
| -rw-r--r-- | src/appl/bsd/krsh.c | 30 | ||||
| -rw-r--r-- | src/appl/bsd/krshd.c | 210 | ||||
| -rw-r--r-- | src/appl/bsd/login.c | 38 | ||||
| -rw-r--r-- | src/appl/bsd/loginpaths.h | 2 | ||||
| -rw-r--r-- | src/appl/bsd/rpaths.h | 1 |
11 files changed, 395 insertions, 396 deletions
diff --git a/src/appl/bsd/defines.h b/src/appl/bsd/defines.h index d04182bb9c..b565cd87d4 100644 --- a/src/appl/bsd/defines.h +++ b/src/appl/bsd/defines.h @@ -48,7 +48,7 @@ extern void rcmd_stream_init_normal(void); extern char *strsave(const char *sp); #endif -krb5_error_code rd_and_store_for_creds(krb5_context context, +krb5_error_code rd_and_store_for_creds(krb5_context context, krb5_auth_context auth_context, krb5_data *inbuf, krb5_ticket *ticket, krb5_ccache *ccache); @@ -65,20 +65,20 @@ extern int setenv(char *, char *, int); #ifdef KRB_DEFS krb5_error_code krb5_compat_recvauth(krb5_context, krb5_auth_context *, - krb5_pointer, char *, krb5_principal, + krb5_pointer, char *, krb5_principal, krb5_int32, krb5_keytab, krb5_int32, char *, char *, - struct sockaddr_in *, + struct sockaddr_in *, struct sockaddr_in *, char *, - krb5_ticket **, krb5_int32 *, + krb5_ticket **, krb5_int32 *, AUTH_DAT **, Key_schedule, char *); krb5_error_code krb5_compat_recvauth_version(krb5_context, krb5_auth_context *, - krb5_pointer, krb5_principal, krb5_int32, + krb5_pointer, krb5_principal, krb5_int32, krb5_keytab, krb5_int32, char *, char *, struct sockaddr_in *, struct sockaddr_in *, - char *, krb5_ticket **, krb5_int32*, + char *, krb5_ticket **, krb5_int32*, AUTH_DAT **, Key_schedule, krb5_data *); #endif diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c index 1ac2a2a2e4..ad0680cd76 100644 --- a/src/appl/bsd/forward.c +++ b/src/appl/bsd/forward.c @@ -45,19 +45,19 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket, ccache) *ccache = NULL; retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL); - if (retval) + if (retval) return(retval); - /* Set the KRB5CCNAME ENV variable to keep sessions - * seperate. Use the process id of this process which is + /* Set the KRB5CCNAME ENV variable to keep sessions + * seperate. Use the process id of this process which is * the rlogind or rshd. Set the environment variable as well. */ - + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_p%ld", (long) getpid()); setenv("KRB5CCNAME", ccname, 1); - + retval = krb5_cc_resolve(context, ccname, ccache); - if (retval) + if (retval) goto cleanup; retval = krb5_cc_initialize(context, *ccache, ticket->enc_part2->client); @@ -65,7 +65,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket, ccache) goto cleanup; retval = krb5_cc_store_cred(context, *ccache, *creds); - if (retval) + if (retval) goto cleanup; cleanup: diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 16c8e04388..276c7038f3 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -21,14 +21,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -39,14 +39,14 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* derived from @(#)rcmd.c 5.17 (Berkeley) 6/27/88 */ - + #ifdef HAVE_UNISTD_H #include <unistd.h> #endif @@ -63,7 +63,7 @@ #define _TYPES_ #endif #include <fcntl.h> - + #ifndef MAXPATHLEN #define MAXPATHLEN 1024 #endif @@ -80,7 +80,7 @@ #define sigmask(m) (1 << ((m)-1)) #endif #endif - + #ifndef roundup #define roundup(x,y) ((((x)+(y)-1)/(y))*(y)) #endif @@ -110,7 +110,7 @@ char *default_service = "host"; * Note that the encrypted rlogin packets take the form of a four-byte * length followed by encrypted data. On writing the data out, a significant * performance penalty is suffered (at least one RTT per character, two if we - * are waiting for a shell to echo) by writing the data separately from the + * are waiting for a shell to echo) by writing the data separately from the * length. So, unlike the input buffer, which just contains the output * data, the output buffer represents the entire packet. */ @@ -132,7 +132,7 @@ static char storage[2*RCMD_BUFSIZ]; /* storage for the decryption */ static size_t nstored = 0; static char *store_ptr = storage; static int twrite(int, char *, size_t, int); -static int v5_des_read(int, char *, size_t, int), +static int v5_des_read(int, char *, size_t, int), v5_des_write(int, char *, size_t, int); static int do_lencheck; @@ -405,9 +405,9 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, } cksumdat.data = cksumbuf; cksumdat.length = strlen(cksumbuf); - + block_urgent(&oldmask); - + if (!laddr) laddr = &local_laddr; if (kcmd_connect(&s, &addrfamily, &sockin, *ahost, &host_save, rport, 0, laddr) == -1) { restore_sigs(&oldmask); @@ -416,7 +416,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, *ahost = host_save; /* If no service is given set to the default service */ if (!service) service = default_service; - + if (!(get_cred = (krb5_creds *)calloc(1, sizeof(krb5_creds)))) { fprintf(stderr,"kcmd: no memory\n"); return(-1); @@ -433,7 +433,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, status = krb5_set_principal_realm(bsd_context, get_cred->server, realm); if (status) { - fprintf(stderr, "kcmd: krb5_set_principal_realm failed %s\n", + fprintf(stderr, "kcmd: krb5_set_principal_realm failed %s\n", error_message(status)); return(-1); } @@ -470,12 +470,12 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, authopts &= (~OPTS_FORWARD_CREDS); authopts &= (~OPTS_FORWARDABLE_CREDS); - if (krb5_auth_con_init(bsd_context, &auth_context)) + if (krb5_auth_con_init(bsd_context, &auth_context)) goto bad2; if (krb5_auth_con_set_req_cksumtype(bsd_context, auth_context, CKSUMTYPE_RSA_MD5) !=0 ) goto bad2; - if (krb5_auth_con_setflags(bsd_context, auth_context, + if (krb5_auth_con_setflags(bsd_context, auth_context, KRB5_AUTH_CONTEXT_RET_TIME)) goto bad2; @@ -523,7 +523,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, if (!suppress_err) { fprintf(stderr, "Server returned error code %d (%s)\n", error->error, - error_message(ERROR_TABLE_BASE_krb5 + + error_message(ERROR_TABLE_BASE_krb5 + (int) error->error)); if (error->text.length) { fprintf(stderr, "Error text sent from server: %s\n", @@ -533,17 +533,17 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, krb5_free_error(bsd_context, error); error = 0; } - } + } if (status) goto bad2; if (rep_ret && server_seqno) { *server_seqno = rep_ret->seq_number; krb5_free_ap_rep_enc_part(bsd_context, rep_ret); } - + (void) write(s, remuser, strlen(remuser)+1); (void) write(s, cmd, strlen(cmd)+1); (void) write(s, locuser, strlen(locuser)+1); - + if (options & OPTS_FORWARD_CREDS) { /* Forward credentials */ status = krb5_fwd_tgt_creds(bsd_context, auth_context, host_save, @@ -589,13 +589,13 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, restore_sigs(&oldmask); *sock = s; *protonump = protonum; - + /* pass back credentials if wanted */ if (cred) krb5_copy_creds(bsd_context, ret_cred, cred); krb5_free_creds(bsd_context, ret_cred); if (authconp) *authconp = auth_context; - + return (0); bad2: if (lport) @@ -723,7 +723,7 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck, am_client, use_ivecs = 1; switch (in_keyblock->enctype) { - /* + /* * For the DES-based enctypes and the 3DES enctype we want to use * a non-zero IV because that's what we did. In the future we * use different keyusage for each channel and direction and a fresh @@ -733,7 +733,7 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck, am_client, case ENCTYPE_DES_CBC_MD4: case ENCTYPE_DES_CBC_MD5: case ENCTYPE_DES3_CBC_SHA1: - + status = krb5_c_block_size(bsd_context, keyblock->enctype, &blocksize); if (status) { @@ -829,7 +829,7 @@ static int v5_des_read(fd, buf, len, secondary) krb5_error_code ret; krb5_data plain; krb5_enc_data cipher; - + if (nstored >= len) { memcpy(buf, store_ptr, len); store_ptr += len; @@ -991,7 +991,7 @@ strsave(sp) const char *sp; { register char *ret; - + if((ret = strdup(sp)) == NULL) { fprintf(stderr, "no memory for saving args\n"); exit(1); @@ -1002,7 +1002,7 @@ strsave(sp) /* Server side authentication, etc */ -int princ_maps_to_lname(principal, luser) +int princ_maps_to_lname(principal, luser) krb5_principal principal; char *luser; { @@ -1020,7 +1020,7 @@ int default_realm(principal) { char *def_realm; int retval; - + if ((retval = krb5_get_default_realm(bsd_context, &def_realm))) { return 0; } @@ -1029,7 +1029,7 @@ int default_realm(principal) def_realm)) { free(def_realm); return 0; - } + } free(def_realm); return 1; } diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c index eed615ffab..0d9089a476 100644 --- a/src/appl/bsd/krcp.c +++ b/src/appl/bsd/krcp.c @@ -47,9 +47,9 @@ char copyright[] = #include <sys/stat.h> #include <sys/time.h> #include <sys/ioctl.h> - + #include <netinet/in.h> - + #include <stdio.h> #include <signal.h> #include <pwd.h> @@ -71,7 +71,7 @@ char copyright[] = #include "defines.h" #define RCP_BUFSIZ 4096 - + int sock; char *krb_realm = NULL; char *krb_cache = NULL; @@ -86,9 +86,9 @@ char *strsave(); #endif int rcmd_stream_write(), rcmd_stream_read(); void usage(void), sink(int, char **), - source(int, char **), rsource(char *, struct stat *), verifydir(char *), + source(int, char **), rsource(char *, struct stat *), verifydir(char *), answer_auth(char *, char *); -int response(void), hosteq(char *, char *), okname(char *), +int response(void), hosteq(char *, char *), okname(char *), susystem(char *); int encryptflag = 0; @@ -118,7 +118,7 @@ struct buffer { struct buffer *allocbuf(struct buffer *, int, int); #define NULLBUF (struct buffer *) 0 - + void error (char *fmt, ...) #if !defined (__cplusplus) && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)) __attribute__ ((__format__ (__printf__, 1, 2))) @@ -143,7 +143,7 @@ int main(argc, argv) #endif #ifdef KERBEROS krb5_flags authopts; - krb5_error_code status; + krb5_error_code status; int euid; char **orig_argv = save_argv(argc, argv); krb5_auth_context auth_context; @@ -161,19 +161,19 @@ int main(argc, argv) fprintf(stderr, "who are you?\n"); exit(1); } - + for (argc--, argv++; argc > 0 && **argv == '-'; argc--, argv++) { (*argv)++; while (**argv) switch (*(*argv)++) { - + case 'r': iamrecursive++; break; - + case 'p': /* preserve mtimes and atimes */ pflag++; break; - + case 'D': argc--, argv++; if (argc == 0) @@ -191,7 +191,7 @@ int main(argc, argv) break; case 'k': /* Change kerberos realm */ argc--, argv++; - if (argc == 0) + if (argc == 0) usage(); if(!(krb_realm = strdup(*argv))){ fprintf(stderr, "rcp: Cannot malloc.\n"); @@ -200,7 +200,7 @@ int main(argc, argv) goto next_arg; case 'c': /* Change default ccache file */ argc--, argv++; - if (argc == 0) + if (argc == 0) usage(); if(!(krb_cache = strdup(*argv))){ fprintf(stderr, "rcp: Cannot malloc.\n"); @@ -209,7 +209,7 @@ int main(argc, argv) goto next_arg; case 'C': /* Change default config file */ argc--, argv++; - if (argc == 0) + if (argc == 0) usage(); if(!(krb_config = strdup(*argv))){ fprintf(stderr, "rcp: Cannot malloc.\n"); @@ -229,7 +229,7 @@ int main(argc, argv) case 'd': targetshouldbedirectory = 1; break; - + case 'f': /* "from" */ iamremote = 1; rcmd_stream_init_normal(); @@ -241,7 +241,7 @@ int main(argc, argv) (void) response(); source(--argc, ++argv); exit(errs); - + case 't': /* "to" */ iamremote = 1; rcmd_stream_init_normal(); @@ -252,13 +252,13 @@ int main(argc, argv) sink(--argc, ++argv); exit(errs); - + default: usage(); } next_arg: ; } - + if (argc < 2) usage(); if (argc > 2) @@ -272,7 +272,7 @@ int main(argc, argv) #else sp = getservbyname("shell", "tcp"); #endif /* KERBEROS */ - + if (sp == NULL) { #ifdef KERBEROS fprintf(stderr, "rcp: kshell/tcp: unknown service\n"); @@ -289,7 +289,7 @@ int main(argc, argv) if (asprintf(&cmd, "%srcp %s%s%s%s%s%s%s%s%s", encryptflag ? "-x " : "", - iamrecursive ? " -r" : "", pflag ? " -p" : "", + iamrecursive ? " -r" : "", pflag ? " -p" : "", targetshouldbedirectory ? " -d" : "", krb_realm != NULL ? " -k " : "", krb_realm != NULL ? krb_realm : "", @@ -303,10 +303,10 @@ int main(argc, argv) #else /* !KERBEROS */ (void) snprintf(cmd, sizeof(cmdbuf), "rcp%s%s%s", - iamrecursive ? " -r" : "", pflag ? " -p" : "", + iamrecursive ? " -r" : "", pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); #endif /* KERBEROS */ - + #ifdef POSIX_SIGNALS (void) sigemptyset(&sa.sa_mask); sa.sa_flags = 0; @@ -316,19 +316,19 @@ int main(argc, argv) (void) signal(SIGPIPE, lostconn); #endif targ = colon(argv[argc - 1]); - + /* Check if target machine is the current machine. */ - + gethostname(curhost, sizeof(curhost)); if (targ) { /* ... to remote */ *targ++ = 0; if (hosteq(argv[argc - 1], curhost)) { - + /* If so, pretend there wasn't even one given * check for an argument of just "host:", it * should become "." */ - + if (*targ == 0) { targ = "."; argv[argc - 1] = targ; @@ -407,7 +407,7 @@ int main(argc, argv) 0, "host", krb_realm, - &cred, + &cred, 0, /* No seq # */ 0, /* No server seq # */ (struct sockaddr_in *) 0, @@ -469,9 +469,9 @@ int main(argc, argv) if (src) { *src++ = 0; if (hosteq(argv[i], curhost)) { - + /* If so, pretend src machine never given */ - + if (*src == 0) { error("rcp: no path given in arg: %s:\n", argv[i]); @@ -518,7 +518,7 @@ int main(argc, argv) 0, "host", krb_realm, - &cred, + &cred, 0, /* No seq # */ 0, /* No server seq # */ (struct sockaddr_in *) 0, @@ -553,8 +553,8 @@ int main(argc, argv) rcmd_stream_init_krb5(key, encryptflag, 0, 1, kcmd_proto); } - rem = sock; - + rem = sock; + euid = geteuid(); if (euid == 0) { if (setuid(0)) { @@ -611,7 +611,7 @@ void verifydir(cp) char *cp; { struct stat stb; - + if (stat(cp, &stb) >= 0) { if ((stb.st_mode & S_IFMT) == S_IFDIR) return; @@ -626,7 +626,7 @@ void verifydir(cp) char *colon(cp) char *cp; { - + while (*cp) { if (*cp == ':') return (cp); @@ -644,7 +644,7 @@ int okname(cp0) { register char *cp = cp0; register int c; - + do { c = *cp; if (c & 0200) @@ -671,7 +671,7 @@ int susystem(s) #else register krb5_sigtype (bsd_context, *istat)(), (*qstat)(); #endif - + if ((pid = vfork()) == 0) { execl("/bin/sh", "sh", "-c", s, (char *)0); _exit(127); @@ -687,7 +687,7 @@ int susystem(s) istat = signal(SIGINT, SIG_IGN); qstat = signal(SIGQUIT, SIG_IGN); #endif - + #ifdef HAVE_WAITPID w = waitpid(pid, &status, 0); #else @@ -699,11 +699,11 @@ int susystem(s) #ifdef POSIX_SIGNALS (void) sigaction(SIGINT, &isa, (struct sigaction *)0); (void) sigaction(SIGQUIT, &qsa, (struct sigaction *)0); -#else +#else (void) signal(SIGINT, istat); (void) signal(SIGQUIT, qstat); #endif - + return (status); } @@ -719,7 +719,7 @@ void source(argc, argv) unsigned int amt; off_t i; char buf[RCP_BUFSIZ]; - + for (x = 0; x < argc; x++) { name = argv[x]; if ((f = open(name, 0)) < 0) { @@ -729,10 +729,10 @@ void source(argc, argv) if (fstat(f, &stb) < 0) goto notreg; switch (stb.st_mode&S_IFMT) { - + case S_IFREG: break; - + case S_IFDIR: if (iamrecursive) { (void) close(f); @@ -814,7 +814,7 @@ void rsource(name, statp) #endif char buf[RCP_BUFSIZ]; char *bufv[1]; - + if (d == 0) { error("rcp: %s: %s\n", name, error_message(errno)); return; @@ -866,10 +866,10 @@ int response() if (rcmd_stream_read(rem, &resp, 1, 0) != 1) lostconn(0); switch (resp) { - + case 0: /* ok */ return (0); - + default: *cp++ = resp; /* fall into... */ @@ -947,7 +947,7 @@ void sink(argc, argv) #define atime tv[0] #define mtime tv[1] #define SCREWUP(str) { whopp = str; goto screwup; } - + if (!pflag) (void) umask(mask); if (argc != 1) { @@ -985,7 +985,7 @@ void sink(argc, argv) ga(); return; } - + #define getnum(t) (t) = 0; while (isdigit((int) *cp)) (t) = (t) * 10 + (*cp++ - '0'); if (*cp == 'T') { setimes++; @@ -1123,7 +1123,7 @@ void sink(argc, argv) if (utimes(nambuf, tv) < 0) error("rcp: can't set times on %s: %s\n", nambuf, error_message(errno)); - } + } if (wrerr) error("rcp: %s: %s\n", nambuf, error_message(errno)); else @@ -1142,7 +1142,7 @@ struct buffer *allocbuf(bp, fd, blksize) { struct stat stb; int size; - + if (fstat(fd, &stb) < 0) { error("rcp: fstat: %s\n", error_message(errno)); return (NULLBUF); @@ -1212,21 +1212,21 @@ int hosteq(h1, h2) { struct hostent *h_ptr; char hname1[256]; - + if (forcenet) return(0); /* get the official names for the two hosts */ - + if ((h_ptr = gethostbyname(h1)) == NULL) return(0); strncpy(hname1, h_ptr->h_name, sizeof (hname1)); hname1[sizeof (hname1) - 1] = '\0'; if ((h_ptr = gethostbyname(h2)) == NULL) return(0); - + /*return if they are equal (strcmp returns 0 for equal - I return 1) */ - + return(!strcmp(hname1, h_ptr->h_name)); } @@ -1259,7 +1259,7 @@ char **save_argv(argc, argv) char **argv; { register int i; - + char **local_argv = (char **)calloc((unsigned) argc+1, (unsigned) sizeof(char *)); /* allocate an extra pointer, so that it is initialized to NULL @@ -1292,7 +1292,7 @@ void krb5_ccache cc; krb5_error_code status; krb5_auth_context auth_context = NULL; - + if (config_file) { const char * filenames[2]; filenames[1] = NULL; @@ -1300,17 +1300,17 @@ void if ((status = krb5_set_config_files(bsd_context, filenames))) exit(1); } - + memset (&creds, 0, sizeof(creds)); if ((status = krb5_read_message(bsd_context, (krb5_pointer)&rem, &pname_data))) exit(1); - + if ((status = krb5_read_message(bsd_context, (krb5_pointer) &rem, &creds.second_ticket))) exit(1); - + if (ccache_file == NULL) { if ((status = krb5_cc_default(bsd_context, &cc))) exit(1); @@ -1328,7 +1328,7 @@ void krb5_free_data_contents(bsd_context, &pname_data); - if ((status = krb5_get_credentials(bsd_context, KRB5_GC_USER_USER, cc, + if ((status = krb5_get_credentials(bsd_context, KRB5_GC_USER_USER, cc, &creds, &new_creds))) exit(1); @@ -1336,16 +1336,16 @@ void AP_OPTS_USE_SESSION_KEY, NULL, new_creds, &msg))) exit(1); - + if ((status = krb5_write_message(bsd_context, (krb5_pointer) &rem, &msg))) { krb5_free_data_contents(bsd_context, &msg); exit(1); } - + rcmd_stream_init_krb5(&new_creds->keyblock, encryptflag, 0, 0, KCMD_OLD_PROTOCOL); - + /* cleanup */ krb5_free_cred_contents(bsd_context, &creds); krb5_free_creds(bsd_context, new_creds); diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c index 0272b44aa3..0a00e37e3d 100644 --- a/src/appl/bsd/krlogin.c +++ b/src/appl/bsd/krlogin.c @@ -21,14 +21,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -39,7 +39,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -53,11 +53,11 @@ char copyright[] = /* based on @(#)rlogin.c 5.12 (Berkeley) 9/19/88 */ - + /* * rlogin - remote login */ - + #ifdef HAVE_UNISTD_H #include <unistd.h> #endif @@ -86,7 +86,7 @@ char copyright[] = #include <signal.h> #include <setjmp.h> #include <netdb.h> - + #ifdef HAVE_SYS_FILIO_H /* Solaris needs <sys/filio.h> for FIONREAD */ #include <sys/filio.h> @@ -158,7 +158,7 @@ char copyright[] = #include <krb5.h> #include <com_err.h> #include "defines.h" - + #define RLOGIN_BUFSIZ 5120 void try_normal(); @@ -319,7 +319,7 @@ struct winsize *wp; if ((error = ioctl(0, TIOCGSIZE, &ts)) != 0) return (error); #endif - + wp->ws_row = ts.ts_lines; wp->ws_col = ts.ts_cols; wp->ws_xpixel = 0; @@ -535,12 +535,12 @@ main(argc, argv) #ifdef KERBEROS /* * if there is an entry in /etc/services for Kerberos login, - * attempt to login with Kerberos. + * attempt to login with Kerberos. * If we fail at any step, use the standard rlogin */ if (encrypt_flag) sp = getservbyname("eklogin","tcp"); - else + else sp = getservbyname("klogin","tcp"); if (sp == 0) { sp = &defaultservent; /* ANL */ @@ -590,7 +590,7 @@ main(argc, argv) } #endif (void) get_window_size(0, &winsize); - + #ifdef POSIX_TERMIOS tcgetattr(0, &defmodes); tcgetattr(0, &ixon_state); @@ -610,7 +610,7 @@ main(argc, argv) sa.sa_flags = 0; sa.sa_handler = lostpeer; (void) sigaction(SIGPIPE, &sa, (struct sigaction *)0); - + (void) sigemptyset(&urgmask); (void) sigaddset(&urgmask, SIGUSR1); oldmask = &omask; @@ -667,9 +667,9 @@ main(argc, argv) rcmd_stream_init_krb5(key, encrypt_flag, 1, 1, kcmd_proto); } - + rem = sock; - + #else rem = rcmd(&host, port, null_local_username ? "" : pwd->pw_name, @@ -678,7 +678,7 @@ main(argc, argv) if (rem < 0) exit(1); - + if (options & SO_DEBUG && setsockopt(rem, SOL_SOCKET, SO_DEBUG, (char*)&on, sizeof (on)) < 0) perror("rlogin: setsockopt (SO_DEBUG)"); @@ -711,12 +711,12 @@ static int confirm_death () char input; int answer; if (!confirm) return (1); /* no confirm, just die */ - + if (gethostname (hostname, sizeof(hostname)-1) != 0) strlcpy (hostname, "???", sizeof(hostname)); else hostname[sizeof(hostname)-1] = '\0'; - + fprintf (stderr, "\r\nKill session on %s from %s (y/n)? ", host, hostname); fflush (stderr); @@ -800,7 +800,7 @@ static void doit(oldmask) #else struct sgttyb sb; #endif - + (void) ioctl(0, TIOCGETP, (char *)&sb); defflags = sb.sg_flags; #ifdef USE_TERMIO @@ -857,13 +857,13 @@ static void doit(oldmask) prf("\007Connection closed."); exit(3); } - + #ifdef POSIX_SIGNALS /* "sa" has already been initialized above. */ sa.sa_handler = writeroob; (void) sigaction(SIGUSR1, &sa, (struct sigaction *)0); - + sigprocmask(SIG_SETMASK, oldmask, (sigset_t*)0); sa.sa_handler = catchild; @@ -893,7 +893,7 @@ setsignal(sig, act) #ifdef POSIX_SIGNALS sigset_t omask, igmask; struct sigaction sa; - + sigemptyset(&igmask); sigaddset(&igmask, sig); sigprocmask(SIG_BLOCK, &igmask, &omask); @@ -904,7 +904,7 @@ setsignal(sig, act) int omask = sigblock(sigmask(sig)); #endif #endif /* POSIX_SIGNALS */ - + #ifdef POSIX_SIGNALS (void) sigaction(sig, (struct sigaction *)0, &sa); if (sa.sa_handler != SIG_IGN) { @@ -914,7 +914,7 @@ setsignal(sig, act) (void) sigaction(sig, &sa, (struct sigaction *)0); } sigprocmask(SIG_SETMASK, &omask, (sigset_t*)0); -#else +#else if (signal(sig, act) == SIG_IGN) (void) signal(sig, SIG_IGN); #ifndef sgi @@ -935,7 +935,7 @@ done(status) #ifndef HAVE_WAITPID pid_t w; #endif - + mode(0); if (child > 0) { /* make sure catchild does not snap it up */ @@ -947,7 +947,7 @@ done(status) #else (void) signal(SIGCHLD, SIG_DFL); #endif - + if (kill(child, SIGKILL) >= 0) { #ifdef HAVE_WAITPID (void) waitpid(child, 0, 0); @@ -976,7 +976,7 @@ int signo; #ifdef POSIX_SIGNALS struct sigaction sa; #endif - + if (dosigwinch == 0) { sendwindow(); #ifdef POSIX_SIGNALS @@ -1003,7 +1003,7 @@ int signo; union wait status; #endif int pid; - + again: #ifdef HAVE_WAITPID pid = waitpid(-1, &status, WNOHANG|WUNTRACED); @@ -1041,10 +1041,10 @@ static void writer() was encountered */ char c; -#ifdef ultrix +#ifdef ultrix fd_set waitread; register n; - + /* we need to wait until the reader() has set up the terminal, else the read() below may block and not unblock when the terminal state is reset. @@ -1067,11 +1067,11 @@ static void writer() /* This loop works as follows. Call read_wrapper to get data until we would block or until we read a cmdchar at the beginning of a line. - If got_esc is false, we just send everything we got back. If got_esc - is true, we send everything except the cmdchar at the end and look at + If got_esc is false, we just send everything we got back. If got_esc + is true, we send everything except the cmdchar at the end and look at the next char. If its a "." we break out of the loop and terminate. If its ^Z or ^Y we call stop with the value of the char and continue. - If its none of those, we send the cmdchar and then send the char we + If its none of those, we send the cmdchar and then send the char we just read, unless that char is also the cmdchar (in which case we are only supposed to send one of them). When this loop ends, so does the program. @@ -1081,12 +1081,12 @@ static void writer() /* read until we would block or we get a cmdchar */ n_read = read_wrapper(0,buf,sizeof(buf),&got_esc); - + /* if read returns an error or 0 bytes, just quit */ if (n_read <= 0) { break; } - + if (!got_esc) { if (rcmd_stream_write(rem, buf, (unsigned) n_read, 0) == 0) { prf("line gone"); @@ -1108,22 +1108,22 @@ static void writer() } #ifdef POSIX_TERMIOS - if (c == '.' || c == deftty.c_cc[VEOF]) + if (c == '.' || c == deftty.c_cc[VEOF]) #else - if (c == '.' || c == deftc.t_eofc) + if (c == '.' || c == deftc.t_eofc) #endif { if (confirm_death()) { echo(c); - break; + break; } } #ifdef POSIX_TERMIOS if ( ( - (c == deftty.c_cc[VSUSP]) + (c == deftty.c_cc[VSUSP]) #ifdef VDSUSP - || (c == deftty.c_cc[VDSUSP]) + || (c == deftty.c_cc[VDSUSP]) #endif ) && !no_local_escape) { @@ -1142,7 +1142,7 @@ static void writer() #endif /*TIOCGLTC*/ #endif - + if (c != cmdchar) { rcmd_stream_write(rem, &cmdchar, 1, 0); } @@ -1160,15 +1160,15 @@ static void writer() copy more than size bytes. In addition, if it encounters a cmdchar at the beginning of a line, it will copy everything up to and including the cmdchar, but nothing after that. In this instance *esc_char is set - to true and any remaining data is buffered and copied on a subsequent + to true and any remaining data is buffered and copied on a subsequent call. Otherwise, *esc_char will be set to false and the minimum of size, 1024, and the number of bytes that can be read without blocking will - be copied. In all cases, a non-negative return value indicates the number + be copied. In all cases, a non-negative return value indicates the number of bytes actually copied and a return value of -1 indicates that there - was a read error (other than EINTR) and errno is set appropriately. + was a read error (other than EINTR) and errno is set appropriately. */ -static int read_wrapper(fd,buf,size,got_esc) +static int read_wrapper(fd,buf,size,got_esc) int fd; char *buf; int size; @@ -1201,7 +1201,7 @@ static int read_wrapper(fd,buf,size,got_esc) */ while (data_start+return_length < data_end && return_length < size) { - + c = *(data_start+return_length); return_length++; @@ -1215,14 +1215,14 @@ static int read_wrapper(fd,buf,size,got_esc) bol = (c == deftty.c_cc[VKILL] || c == deftty.c_cc[VINTR] || c == '\r' || c == '\n'); - + #else /* !POSIX_TERMIOS */ bol = c == defkill || c == deftc.t_eofc || c == deftc.t_intrc || c == defltc.t_suspc || c == '\r' || c == '\n'; #endif } - + memcpy(buf, data_start, return_length); data_start = data_start + return_length; return return_length; @@ -1233,7 +1233,7 @@ static void echo(c) { char buf[8]; register char *p = buf; - + c &= 0177; *p++ = cmdchar; if (c < ' ') { @@ -1257,7 +1257,7 @@ static void stop(cmdc) #ifdef POSIX_SIGNALS struct sigaction sa; #endif - + mode(0); #ifdef POSIX_SIGNALS @@ -1268,7 +1268,7 @@ static void stop(cmdc) #else (void) signal(SIGCHLD, SIG_IGN); #endif - + #ifdef POSIX_TERMIOS (void) kill(cmdc == deftty.c_cc[VSUSP] ? 0 : getpid(), SIGTSTP); #else @@ -1282,7 +1282,7 @@ static void stop(cmdc) #else (void) signal(SIGCHLD, catchild); #endif - + mode(1); sigwinch(SIGWINCH); /* check for size changes */ } @@ -1294,7 +1294,7 @@ krb5_sigtype int signo; { struct winsize ws; - + if (dosigwinch && get_window_size(0, &ws) == 0 && memcmp(&winsize, &ws, sizeof (ws))) { winsize = ws; @@ -1311,7 +1311,7 @@ static void sendwindow() { char obuf[4 + sizeof (struct winsize)]; struct winsize *wp = (struct winsize *)(void *)(obuf+4); - + obuf[0] = 0377; obuf[1] = 0377; obuf[2] = 's'; @@ -1424,7 +1424,7 @@ void oob() int atmark, n; mark = 0; - + recv(rem, &mark, 1, MSG_OOB); if (server_message(mark)) { @@ -1445,7 +1445,7 @@ void oob() /* two control messages are defined: a double flag byte of 'o' indicates a one-byte message which is - identical to what was once carried out of band. + identical to what was once carried out of band. a double flag byte of 'q' indicates a zero-byte message. This message is interpreted as two \377 data bytes. This is just a @@ -1471,9 +1471,9 @@ static int control(cp, n) } /* - * reader: read from remote: line -> 1 + * reader: read from remote: line -> 1 */ -static int +static int reader(oldmask) #ifdef POSIX_SIGNALS sigset_t *oldmask; @@ -1495,10 +1495,10 @@ reader(oldmask) sa.sa_handler = SIG_IGN; (void) sigaction(SIGTTOU, &sa, (struct sigaction *)0); -#else +#else (void) signal(SIGTTOU, SIG_IGN); #endif - + ppid = getppid(); FD_ZERO(&readset); FD_ZERO(&excset); @@ -1606,7 +1606,7 @@ int f; /* there's a POSIX way of doing this, but do we need it general? */ newtty.c_cc[VLNEXT] = _POSIX_VDISABLE; #endif - + newtty.c_lflag &= ~(ICANON|ISIG|ECHO|IEXTEN); newtty.c_iflag &= ~(ISTRIP|INLCR|ICRNL); @@ -1648,10 +1648,10 @@ int f; int lflags; (void) ioctl(0, TIOCLGET, (char *)&lflags); #endif - + (void) ioctl(0, TIOCGETP, (char *)&sb); switch (f) { - + case 0: #ifdef USE_TERMIO /* @@ -1674,7 +1674,7 @@ int f; #endif ltc = &defltc; break; - + case 1: #ifdef USE_TERMIO /* @@ -1722,10 +1722,10 @@ int f; tc = ¬c; sb.sg_flags &= ~defflags; #endif /* USE_TERMIO */ - + ltc = &noltc; break; - + default: return; } @@ -1758,7 +1758,7 @@ void try_normal(argv) #ifdef POSIX_SIGNALS sigset_t mask; #endif - + #ifndef KRB5_ATHENA_COMPAT if (encrypt_flag) exit(1); @@ -1766,7 +1766,7 @@ void try_normal(argv) fprintf(stderr,"trying normal rlogin (%s)\n", UCB_RLOGIN); fflush(stderr); - + nhost = strrchr(argv[0], '/'); if (nhost) nhost++; @@ -1774,7 +1774,7 @@ void try_normal(argv) nhost = argv[0]; if (!strcmp(nhost, "rlogin") || !strcmp(nhost, "rsh")) argv[0] = UCB_RLOGIN; - + #ifdef POSIX_SIGNALS sigemptyset(&mask); sigprocmask(SIG_SETMASK, &mask, NULL); @@ -1801,7 +1801,7 @@ krb5_sigtype lostpeer(signo) #else (void) signal(SIGPIPE, SIG_IGN); #endif - + prf("\007Connection closed."); done(1); } diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index 09aeaad21c..cc7acad643 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -21,14 +21,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -39,7 +39,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -52,7 +52,7 @@ char copyright[] = #endif /* not lint */ /* based on @(#)rlogind.c 5.17 (Berkeley) 8/31/88 */ - + /* * remote login server: * remuser\0 @@ -60,45 +60,45 @@ char copyright[] = * terminal info\0 * data */ - + /* - * This is the rlogin daemon. The very basic protocol for checking + * This is the rlogin daemon. The very basic protocol for checking * authentication and authorization is: * 1) Check authentication. - * 2) Check authorization via the access-control files: + * 2) Check authorization via the access-control files: * ~/.k5login (using krb5_kuserok) and/or * 3) Prompt for password if any checks fail, or if so configured. - * Allow login if all goes well either by calling the accompanying - * login.krb5 or /bin/login, according to the definition of + * Allow login if all goes well either by calling the accompanying + * login.krb5 or /bin/login, according to the definition of * DO_NOT_USE_K_LOGIN.l - * - * The configuration is done either by command-line arguments passed by + * + * The configuration is done either by command-line arguments passed by * inetd, or by the name of the daemon. If command-line arguments are * present, they take priority. The options are: * -k means trust krb5 * -p and -P means prompt for password. - * If the -P option is passed, then the password is verified in + * If the -P option is passed, then the password is verified in * addition to all other checks. If -p is not passed with -k or -r, * and both checks fail, then login permission is denied. * - -e means use encryption. * - * If no command-line arguments are present, then the presence of the - * letters kKrRexpP in the program-name before "logind" determine the + * If no command-line arguments are present, then the presence of the + * letters kKrRexpP in the program-name before "logind" determine the * behaviour of the program exactly as with the command-line arguments. * * If the ruserok check is to be used, then the client should connect * from a privileged port, else deny permission. - */ - + */ + /* DEFINES: * KERBEROS - Define this if application is to be kerberised. * CRYPT - Define this if encryption is to be an option. * DO_NOT_USE_K_LOGIN - Define this if you want to use /bin/login - * instead of the accompanying login.krb5. + * instead of the accompanying login.krb5. * LOG_ALL_LOGINS - Define this if you want to log all logins. * LOG_OTHER_USERS - Define this if you want to log all principals * that do not map onto the local user. - * LOG_REMOTE_REALM - Define this if you want to log all principals from + * LOG_REMOTE_REALM - Define this if you want to log all principals from * remote realms. * Note: Root logins are always logged. */ @@ -139,14 +139,14 @@ char copyright[] = #include <netinet/in.h> #include <errno.h> #include <pwd.h> - + #ifdef HAVE_SYS_LABEL_H /* only SunOS 4? */ #include <sys/label.h> #include <sys/audit.h> #include <pwdadj.h> #endif - + #include <signal.h> #if defined(hpux) || defined(__hpux) @@ -219,7 +219,7 @@ struct winsize { unsigned short ws_xpixel, ws_ypixel; }; #endif /* NO_WINSIZE */ - + #ifndef roundup #define roundup(x,y) ((((x)+(y)-1)/(y))*(y)) #endif @@ -227,7 +227,7 @@ struct winsize { #include "fake-addrinfo.h" #ifdef KERBEROS - + #include "k5-int.h" #include <libpty.h> #ifdef HAVE_UTMP_H @@ -240,7 +240,7 @@ int non_privileged = 0; /* set when connection is seen to be from */ #include "com_err.h" #include "defines.h" - + #define SECURE_MESSAGE "This rlogin session is encrypting all data transmissions.\r\n" krb5_authenticator *kdata; @@ -338,21 +338,21 @@ int main(argc, argv) #ifdef KERBEROS krb5_error_code status; #endif - + progname = *argv; - + pty_init(); - + #ifndef LOG_NDELAY #define LOG_NDELAY 0 #endif - + #ifndef LOG_AUTH /* 4.2 syslog */ openlog(progname, LOG_PID | LOG_NDELAY); #else openlog(progname, LOG_PID | LOG_NDELAY, LOG_AUTH); #endif /* 4.2 syslog */ - + #ifdef KERBEROS status = krb5_init_context(&bsd_context); if (status) { @@ -361,7 +361,7 @@ int main(argc, argv) exit(1); } #endif - + /* Analyse parameters. */ opterr = 0; while ((ch = getopt(argc, argv, ARGSTR)) != -1) @@ -369,7 +369,7 @@ int main(argc, argv) #ifdef KERBEROS case 'k': break; - + case '5': break; case 'c': @@ -378,7 +378,7 @@ int main(argc, argv) case 'i': checksum_ignored = 1; break; - + #ifdef CRYPT case 'x': /* Use encryption. */ case 'X': @@ -442,7 +442,7 @@ int main(argc, argv) } argc -= optind; argv += optind; - + fromlen = sizeof (from); if (debug_port || do_fork) { @@ -582,10 +582,10 @@ void doit(f, fromp) syslog( LOG_CRIT, "Checksums are required and ignored; these options are mutually exclusive--check the documentation."); fatal(f, "Configuration error: mutually exclusive options specified"); } - + alarm(60); read(f, &c, 1); - + if (c != 0){ exit(1); } @@ -594,7 +594,7 @@ void doit(f, fromp) /* Initialize syncpipe */ if (pipe( syncpipe ) < 0 ) fatalperror ( f , ""); - + #ifdef POSIX_SIGNALS /* Initialize "sa" structure. */ @@ -608,7 +608,7 @@ void doit(f, fromp) fatal(f, gai_strerror(retval)); strncpy(rhost_addra, hname, sizeof(rhost_addra)); rhost_addra[sizeof (rhost_addra) -1] = '\0'; - + retval = getnameinfo(fromp, socklen(fromp), hname, sizeof(hname), 0, 0, 0); if (retval) fatal(f, gai_strerror(retval)); @@ -620,16 +620,16 @@ void doit(f, fromp) /* Not a real problem, we just haven't bothered to update the port number checking code to handle ipv6. */ fatal(f, "Permission denied - Malformed from address\n"); - + if (fromp->sin_port >= IPPORT_RESERVED || fromp->sin_port < IPPORT_RESERVED/2) fatal(f, "Permission denied - Connection from bad port"); #endif /* KERBEROS */ - + /* Set global netf to f now : we may need to drop everything in do_krb_login. */ netf = f; - + #if defined(KERBEROS) /* All validation, and authorization goes through do_krb_login() */ do_krb_login(rhost_addra, rhost_name); @@ -639,18 +639,18 @@ void doit(f, fromp) getstr(f, term, sizeof(term), "Terminal type"); rcmd_stream_init_normal(); #endif - + write(f, "", 1); if ((retval = pty_getpty(&p,line, sizeof(line)))) { com_err(progname, retval, "while getting master pty"); exit(2); } - + Pfd = p; #ifdef TIOCSWINSZ (void) ioctl(p, TIOCSWINSZ, &win); #endif - + #ifdef POSIX_SIGNALS sa.sa_handler = cleanup; (void) sigaction(SIGCHLD, &sa, (struct sigaction *)0); @@ -672,7 +672,7 @@ void doit(f, fromp) fatal(f, error_message(retval)); exit(1); } - + #if defined(POSIX_TERMIOS) && !defined(ultrix) tcgetattr(t,&new_termio); @@ -697,7 +697,7 @@ void doit(f, fromp) #endif /* POSIX_TERMIOS */ pid = 0; /*reset pid incase exec fails*/ - + /* ** signal the parent that we have turned off echo ** on the slave side of the pty ... he's waiting @@ -709,16 +709,16 @@ void doit(f, fromp) (void) write(syncpipe[1], &c, 1); (void) close(syncpipe[1]); (void) close(syncpipe[0]); - + close(f), close(p); dup2(t, 0), dup2(t, 1), dup2(t, 2); if (t > 2) close(t); - + #if defined(sysvimp) setcompat (COMPAT_CLRPGROUP | (getcompat() & ~COMPAT_BSDTTY)); #endif - + /* Log access to account */ pwd = (struct passwd *) getpwnam(lusername); if (pwd && (pwd->pw_uid == 0)) { @@ -727,7 +727,7 @@ void doit(f, fromp) krusername ? krusername : "", rusername, rhost_addra, rhost_name); else - syslog(LOG_NOTICE, "ROOT login by %s (%s@%s (%s))", + syslog(LOG_NOTICE, "ROOT login by %s (%s@%s (%s))", krusername ? krusername : "", rusername, rhost_addra, rhost_name); } @@ -736,8 +736,8 @@ void doit(f, fromp) /* Log if principal is from a remote realm */ else if (client && !default_realm(client)) #endif /* LOG_REMOTE_REALM */ - -#if defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS) + +#if defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS) /* Log if principal name does not map to local username */ else if (client && !princ_maps_to_lname(client, lusername)) #endif /* LOG_OTHER_USERS */ @@ -753,11 +753,11 @@ void doit(f, fromp) "login by %s (%s@%s (%s)) as %s forcing password access", krusername ? krusername : "", rusername, rhost_addra, rhost_name, lusername); - else + else syslog(LOG_NOTICE, "login by %s (%s@%s (%s)) as %s", krusername ? krusername : "", rusername, - rhost_addra, rhost_name, lusername); + rhost_addra, rhost_name, lusername); } #endif /* LOG_REMOTE_REALM || LOG_OTHER_USERS || LOG_ALL_LOGINS */ #endif /* KERBEROS */ @@ -771,8 +771,8 @@ void doit(f, fromp) #endif #ifdef USE_LOGIN_F -/* use the vendors login, which has -p and -f. Tested on - * AIX 4.1.4 and HPUX 10 +/* use the vendors login, which has -p and -f. Tested on + * AIX 4.1.4 and HPUX 10 */ { char *cp; @@ -807,7 +807,7 @@ void doit(f, fromp) ** turning off echo on the slave side ... ** The master blocks here until it reads a byte. */ - + (void) close(syncpipe[1]); if (read(syncpipe[0], &c, 1) != 1) { /* @@ -818,8 +818,8 @@ void doit(f, fromp) } close(syncpipe[0]); - -#if defined(KERBEROS) + +#if defined(KERBEROS) if (do_encrypt) { if (rcmd_stream_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE), 0) < 0){ snprintf(buferror, sizeof(buferror), @@ -827,7 +827,7 @@ void doit(f, fromp) fatal(p,buferror); } } - else + else /* * if encrypting, don't turn on NBIO, else the read/write routines * will fail to work properly @@ -846,7 +846,7 @@ void doit(f, fromp) signal(SIGTSTP, SIG_IGN); #endif - + #if !defined(USE_LOGIN_F) /* Pass down rusername and lusername to login. */ (void) write(p, rusername, strlen(rusername) +1); @@ -877,7 +877,7 @@ unsigned char oobdata[] = {TIOCPKT_WINDOW}; char oobdata[] = {0}; #endif -static +static void sendoob(fd, byte) int fd; char *byte; @@ -915,7 +915,7 @@ static int control(pty, cp, n) { struct winsize w; int pgrp, got_pgrp; - + if (n < (int) 4+sizeof (w) || cp[2] != 's' || cp[3] != 's') return (0); #ifdef TIOCSWINSZ @@ -956,11 +956,11 @@ void protocol(f, p) register int tiocpkt_on = 0; int on = 1; #endif - + #if defined(TIOCPKT) && !(defined(__svr4__) || defined(HAVE_STREAMS)) \ || defined(solaris20) /* if system has TIOCPKT, try to turn it on. Some drivers - * may not support it. Save flag for later. + * may not support it. Save flag for later. */ if ( ioctl(p, TIOCPKT, &on) < 0) tiocpkt_on = 0; @@ -1016,11 +1016,11 @@ void protocol(f, p) register unsigned char *cp; int n; size_t left; - + if (fcc <= 0) break; fbp = fibuf; - + for (cp = fibuf; cp < fibuf+fcc-1; cp++) { if (cp[0] == magic[0] && cp[1] == magic[1]) { @@ -1037,7 +1037,7 @@ void protocol(f, p) } } } - + if (FD_ISSET(p, &obits) && fcc > 0) { cc = write(p, fbp, fcc); if (cc > 0) { @@ -1045,7 +1045,7 @@ void protocol(f, p) fbp += cc; } } - + if (FD_ISSET(p, &ibits)) { pcc = read(p, pibuf, sizeof (pibuf)); pbp = pibuf; @@ -1134,7 +1134,7 @@ void fatal(f, msg) #ifdef POSIX_SIGNALS struct sigaction sa; #endif - + buf[0] = '\01'; /* error indicator */ (void) snprintf(buf + 1, sizeof(buf) - 1, "%s: %s.\r\n", progname, msg); if ((f == netf) && (pid > 0)) @@ -1169,7 +1169,7 @@ void fatalperror(f, msg) const char *msg; { char buf[512]; - + (void) snprintf(buf, sizeof(buf), "%s: %s", msg, error_message(errno)); fatal(f, buf); } @@ -1199,10 +1199,10 @@ do_krb_login(host_addr, hostname) fatal(netf, "Kerberos authentication failed"); return; } - + /* OK we have authenticated this user - now check authorization. */ /* The Kerberos authenticated programs must use krb5_kuserok or kuserok*/ - + /* krb5_kuserok returns 1 if OK */ if (!client || !krb5_kuserok(bsd_context, client, lusername)) { if (asprintf(&msg_fail, @@ -1216,7 +1216,7 @@ do_krb_login(host_addr, hostname) if (checksum_required && !valid_checksum) { syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected."); - + fatal(netf, "You are using an old Kerberos5 without initial connection support; only newer clients are authorized."); } } @@ -1231,9 +1231,9 @@ void getstr(fd, buf, cnt, err) int cnt; char *err; { - + char c; - + do { if (read(fd, &c, 1) != 1) { exit(1); @@ -1251,10 +1251,10 @@ void getstr(fd, buf, cnt, err) void usage() { #ifdef KERBEROS - syslog(LOG_ERR, + syslog(LOG_ERR, "usage: klogind [-ePf] [-D port] [-w[ip|maxhostlen[,[no]striplocal]]] or [r/R][k/K][x/e][p/P]logind"); #else - syslog(LOG_ERR, + syslog(LOG_ERR, "usage: rlogind [-rPf] [-D port] or [r/R][p/P]logind"); #endif } @@ -1290,7 +1290,7 @@ recvauth(valid_checksum) if (getsockname(netf, (struct sockaddr *)&laddr, &len)) { exit(1); } - + len = sizeof(peersin); if (getpeername(netf, (struct sockaddr *)&peersin, &len)) { syslog(LOG_ERR, "get peer name failed %d", netf); @@ -1299,7 +1299,7 @@ recvauth(valid_checksum) if ((status = krb5_auth_con_init(bsd_context, &auth_context))) return status; - + /* Only need remote address for rd_cred() to verify client */ if ((status = krb5_auth_con_genaddrs(bsd_context, auth_context, netf, KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR))) @@ -1387,7 +1387,7 @@ recvauth(valid_checksum) krb5_free_authenticator(bsd_context, authenticator); } - if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, + if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, &client))) return status; @@ -1415,12 +1415,12 @@ recvauth(valid_checksum) if ((status = krb5_unparse_name(bsd_context, client, &krusername))) return status; - + if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf))) fatal(netf, "Error reading message"); if ((inbuf.length) && /* Forwarding being done, read creds */ - (status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf, + (status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf, ticket, &ccache))) { fatal(netf, "Can't get forwarded credentials"); } diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c index 1999bb5e1f..028d3dd62b 100644 --- a/src/appl/bsd/krsh.c +++ b/src/appl/bsd/krsh.c @@ -73,7 +73,7 @@ char copyright[] = #define SECURE_MESSAGE "This rsh session is encrypting input/output data transmissions.\r\n" int error(); - + int options; int rfd2; int nflag; @@ -104,11 +104,11 @@ void try_normal(char **); #define RLOGIN_PROGRAM UCB_RLOGIN #endif /* KERBEROS */ #endif /* !RLOGIN_PROGRAM */ - + #ifndef POSIX_SIGNALS #define mask(s) (1 << ((s) - 1)) #endif /* POSIX_SIGNALS */ - + int main(argc, argv0) int argc; @@ -142,12 +142,12 @@ main(argc, argv0) memset(&defaultservent, 0, sizeof(struct servent)); if (strrchr(argv[0], '/')) - argv[0] = strrchr(argv[0], '/')+1; + argv[0] = strrchr(argv[0], '/')+1; if ( argc < 2 ) goto usage; argc--; argv++; - + another: if (argc > 0 && host == 0 && strncmp(*argv, "-", 1)) { host = *argv; @@ -316,14 +316,14 @@ main(argc, argv0) if(debug_port == 0) { #ifdef KERBEROS sp = getservbyname("kshell", "tcp"); -#else +#else sp = getservbyname("shell", "tcp"); #endif /* KERBEROS */ if (sp == 0) { #ifdef KERBEROS sp = &defaultservent; sp->s_port = htons(544); -#else +#else fprintf(stderr, "rsh: shell/tcp: unknown service\n"); exit(1); #endif /* KERBEROS */ @@ -345,7 +345,7 @@ main(argc, argv0) if (fflag || Fflag) authopts |= OPTS_FORWARD_CREDS; if (Fflag) - authopts |= OPTS_FORWARDABLE_CREDS; + authopts |= OPTS_FORWARDABLE_CREDS; #ifdef HAVE_ISATTY suppress = !isatty(fileno(stderr)); #endif @@ -391,7 +391,7 @@ main(argc, argv0) write(2,SECURE_MESSAGE, strlen(SECURE_MESSAGE)); } #endif - + #else /* !KERBEROS */ rem = rcmd(&host, debug_port, pwd->pw_name, user ? user : pwd->pw_name, args, &rfd2); @@ -461,7 +461,7 @@ main(argc, argv0) char *bp; int wc; fd_set rembits; - + (void) close(rfd2); reread: errno = 0; @@ -493,7 +493,7 @@ main(argc, argv0) goto rewrite; done: (void) shutdown(rem, 1); -#ifdef KERBEROS +#ifdef KERBEROS krb5_free_context(bsd_context); #endif exit(0); @@ -538,7 +538,7 @@ main(argc, argv0) } while (FD_ISSET(rem, &readfrom) || FD_ISSET(rfd2, &readfrom)); if (nflag == 0) (void) kill(pid, SIGKILL); -#ifdef KERBEROS +#ifdef KERBEROS krb5_free_context(bsd_context); #endif exit(0); @@ -565,7 +565,7 @@ void try_normal(argv) char **argv; { char *host; - + #ifndef KRB5_ATHENA_COMPAT if (encrypt_flag) exit(1); @@ -581,10 +581,10 @@ void try_normal(argv) host++; else host = argv[0]; - + if (!strcmp(host, "rsh")) argv++; - + fprintf(stderr,"trying normal rsh (%s)\n", UCB_RSH); fflush(stderr); diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 59a088ef1b..d491e6e35a 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -34,35 +34,35 @@ char copyright[] = * command\0 * data */ - + /* - * This is the rshell daemon. The very basic protocol for checking + * This is the rshell daemon. The very basic protocol for checking * authentication and authorization is: * 1) Check authentication. * 2) Check authorization via the access-control files: * ~/.k5login (using krb5_kuserok) - * Execute command if configured authoriztion checks pass, else deny + * Execute command if configured authoriztion checks pass, else deny * permission. */ - + /* DEFINES: * KERBEROS - Define this if application is to be kerberised. * LOG_ALL_LOGINS - Define this if you want to log all logins. * LOG_OTHER_USERS - Define this if you want to log all principals that do * not map onto the local user. - * LOG_REMOTE_REALM - Define this if you want to log all principals from + * LOG_REMOTE_REALM - Define this if you want to log all principals from * remote realms. * LOG_CMD - Define this if you want to log not only the user but also the * command executed. This only decides the type of information - * logged. Whether or not to log is still decided by the above + * logged. Whether or not to log is still decided by the above * three DEFINES. * Note: Root account access is always logged. */ - -#define SERVE_NON_KRB + +#define SERVE_NON_KRB #define LOG_REMOTE_REALM #define LOG_CMD - + #ifdef HAVE_UNISTD_H #include <unistd.h> #endif @@ -86,10 +86,10 @@ char copyright[] = #ifdef HAVE_SYS_SELECT_H #include <sys/select.h> #endif - + #include <netinet/in.h> #include <arpa/inet.h> - + #include <stdio.h> #include <grp.h> #include <errno.h> @@ -98,7 +98,7 @@ char copyright[] = #include <string.h> #include <libpty.h> #include <sys/wait.h> - + #ifdef HAVE_SYS_LABEL_H /* only SunOS 4? */ #include <sys/label.h> @@ -126,13 +126,13 @@ char copyright[] = #include <sys/unistd.h> #include <path.h> #endif /* CRAY */ - + #include <syslog.h> #ifdef POSIX_TERMIOS #include <termios.h> #endif - + #ifdef HAVE_SYS_FILIO_H /* get FIONBIO from sys/filio.h, so what if it is a compatibility feature */ #include <sys/filio.h> @@ -194,12 +194,12 @@ static krb5_error_code recvauth(int netfd, struct sockaddr *peersin, #else /* !KERBEROS */ #define ARGSTR "RD:?" - + #endif /* KERBEROS */ static int accept_a_connection (int debug_port, struct sockaddr *from, socklen_t *fromlenp); - + #ifndef HAVE_KILLPG #define killpg(pid, sig) kill(-(pid), (sig)) #endif @@ -226,7 +226,7 @@ void error (char *fmt, ...) #endif ; -void usage(void), getstr(int, char *, int, char *), +void usage(void), getstr(int, char *, int, char *), doit(int, struct sockaddr *); #ifndef HAVE_INITGROUPS @@ -263,10 +263,10 @@ int main(argc, argv) #ifdef CRAY secflag = sysconf(_SC_CRAY_SECURE_SYS); #endif - + progname = strrchr (*argv, '/'); progname = progname ? progname + 1 : *argv; - + #ifndef LOG_ODELAY /* 4.2 syslog */ openlog(progname, LOG_PID); #else @@ -275,7 +275,7 @@ int main(argc, argv) #endif openlog(progname, LOG_PID | LOG_ODELAY, LOG_AUTH); #endif /* 4.2 syslog */ - + #ifdef KERBEROS status = krb5_init_context(&bsd_context); if (status) { @@ -284,7 +284,7 @@ int main(argc, argv) exit(1); } #endif - + /* Analyze parameters. */ opterr = 0; while ((ch = getopt(argc, argv, ARGSTR)) != -1) @@ -292,7 +292,7 @@ int main(argc, argv) #ifdef KERBEROS case 'k': break; - + case '5': break; case 'c': @@ -301,7 +301,7 @@ int main(argc, argv) case 'i': checksum_ignored = 1; break; - + case 'e': require_encrypt = 1; break; @@ -332,7 +332,7 @@ int main(argc, argv) if(!save_env[num_env++]) { com_err(progname, ENOMEM, "in saving environment"); exit(2); - } + } } else { fprintf(stderr, "%s: Only %d -L arguments allowed\n", progname, MAXENV); @@ -376,10 +376,10 @@ int main(argc, argv) usage(); exit(1); } - + argc -= optind; argv += optind; - + fromlen = sizeof (from); if (debug_port) @@ -454,16 +454,16 @@ char local_port[64+NI_MAXSERV]; /* = "KRB5LOCALPORT=" */ /* The following include extra space for TZ and MAXENV pointers... */ #define COMMONVARS homedir, shell, 0/*path*/, username, term #ifdef CRAY -char *envinit[] = +char *envinit[] = {COMMONVARS, "TZ=GMT0", tmpdir, SAVEENVPAD, KRBPAD, ADDRPAD, 0}; #define TMPDIRENV 6 char *getenv(); #else /* CRAY */ #ifdef KERBEROS -char *envinit[] = +char *envinit[] = {COMMONVARS, 0/*tz*/, SAVEENVPAD, KRBPAD, ADDRPAD, 0}; #else /* KERBEROS */ -char *envinit[] = +char *envinit[] = {COMMONVARS, 0/*tz*/, SAVEENVPAD, ADDRPAD, 0}; #endif /* KERBEROS */ #endif /* CRAY */ @@ -486,7 +486,7 @@ int maxlogs; #define NCARGS 1024 #endif -#define NMAX 16 +#define NMAX 16 int pid; char locuser[NMAX+1]; @@ -518,7 +518,7 @@ ignore_signals() signal(SIGTERM, SIG_IGN); signal(SIGPIPE, SIG_IGN); signal(SIGHUP, SIG_IGN); - + killpg(pid, SIGTERM); #endif } @@ -529,7 +529,7 @@ cleanup(signumber) { ignore_signals(); wait(0); - + pty_logwtmp(ttyn,"",""); syslog(LOG_INFO ,"Daemon terminated via signal %d.", signumber); if (ccache) @@ -569,7 +569,7 @@ void doit(f, fromp) int packet_level; /* Packet classification level */ long packet_compart; /* Packet compartments */ #endif /* CRAY */ - + int s = -1; char hostname[NI_MAXHOST]; char *sane_host; @@ -599,8 +599,8 @@ void doit(f, fromp) #endif #endif #endif /* IP_TOS */ - - { + + { socklen_t sin_len = sizeof (localaddr); if (getsockname(f, (struct sockaddr*)&localaddr, &sin_len) < 0) { perror("getsockname"); @@ -649,9 +649,9 @@ void doit(f, fromp) } } #endif /* KERBEROS */ - + #ifdef CRAY - + /* If this is a secure system then get the packet classification of f. ( Note IP_SECURITY is checked in get_packet_classification: if it's not set then the user's (root) default @@ -680,10 +680,10 @@ void doit(f, fromp) exit(1); } } - + } #endif /* CRAY */ - + (void) alarm(60); port = 0; for (;;) { @@ -772,7 +772,7 @@ void doit(f, fromp) getstr(f, cmdbuf, sizeof(cmdbuf), "command"); rcmd_stream_init_normal(); #endif /* KERBEROS */ - + #ifdef CRAY paddr = inet_addr(inet_ntoa(fromp->sin_addr)); if(secflag){ @@ -788,7 +788,7 @@ void doit(f, fromp) } } #endif /* CRAY */ - + pwd = getpwnam(locuser); if (pwd == (struct passwd *) 0 ) { syslog(LOG_ERR , @@ -798,9 +798,9 @@ void doit(f, fromp) error("Login incorrect.\n"); exit(1); } - + #ifdef CRAY - /* Setup job entry, and validate udb entry. + /* Setup job entry, and validate udb entry. ( against packet level also ) */ if ((jid = setjob(pwd->pw_uid, 0)) < 0) { error("Unable to create new job.\n"); @@ -836,7 +836,7 @@ void doit(f, fromp) } #ifndef NO_UDB (void)getsysudb(); - + if ((ue = getudbnam(pwd->pw_name)) == (struct udb *)NULL) { error("Unable to fetch account id.\n"); exit(1); @@ -883,7 +883,7 @@ void doit(f, fromp) open so close it here. */ #endif /* !NO_UDB */ #endif /*CRAY*/ - + /* Setup wtmp entry : we do it here so that if this is a CRAY the Process Id is correct and we have not lost our trusted privileges. */ @@ -898,13 +898,13 @@ void doit(f, fromp) else { pty_logwtmp(ttyn,locuser,sane_host); } - + #ifdef CRAY - + /* If we are a secure system then we need to get rid of our trusted facility, so that MAC on the chdir we work. Before we do this make an entry into wtmp, and any other audit recording. */ - + if (secflag) { if (getusrv(&usrv)){ syslog(LOG_ERR,"Cannot getusrv"); @@ -922,10 +922,10 @@ void doit(f, fromp) error("Permission denied.\n"); goto signout_please; } - + loglogin(sane_host, SLG_OKLOG, ue->ue_logfails,ue); - - /* Setup usrv structure with user udb info and + + /* Setup usrv structure with user udb info and packet_level and packet_compart. */ usrv.sv_actlvl = packet_level; usrv.sv_actcmp = packet_compart; /*Note get_packet_level sets @@ -938,7 +938,7 @@ void doit(f, fromp) usrv.sv_valcat = ue->ue_valcat; usrv.sv_savcmp = 0; usrv.sv_savlvl = 0; - + /* * Set user values to workstation boundaries */ @@ -948,12 +948,12 @@ void doit(f, fromp) #ifdef MAX #undef MAX #endif - + #define MIN(a,b) ((a) < (b) ? (a) : (b)) #define MAX(a,b) ((a) > (b) ? (a) : (b)) - + nal_error = 0; - + if (nal.na_sort) { if ((ue->ue_minlvl > nal.na_smax) || (ue->ue_maxlvl < nal.na_smin)) @@ -961,14 +961,14 @@ void doit(f, fromp) else { usrv.sv_minlvl=MAX(ue->ue_minlvl, nal.na_smin); usrv.sv_maxlvl=MIN(ue->ue_maxlvl, nal.na_smax); - + #ifndef IP_SECURITY if (usrv.sv_actlvl < usrv.sv_minlvl) usrv.sv_actlvl = usrv.sv_minlvl; if (usrv.sv_actlvl > usrv.sv_maxlvl) usrv.sv_actlvl = usrv.sv_maxlvl; - + #else /*IP_SECURITY*/ if (usrv.sv_actlvl < usrv.sv_minlvl) nal_error++; @@ -976,7 +976,7 @@ void doit(f, fromp) nal_error++; if (usrv.sv_actlvl != ue->ue_deflvl) nal_error++; - + usrv.sv_valcmp = ue->ue_comparts & nal.na_scmp; usrv.sv_actcmp &= nal.na_scmp; #endif /*IP_SECURITY*/ @@ -1016,7 +1016,7 @@ void doit(f, fromp) #undef MAX /* Before the setusrv is done then do a sethost for paddr */ sethost(paddr); - + if (setusrv(&usrv) == -1) { loglogin(sane_host, SLG_LVERR, ue->ue_logfails,ue); error("Permission denied.\n"); @@ -1026,10 +1026,10 @@ void doit(f, fromp) error("Getusrv Permission denied.\n"); goto signout_please; } - + } #endif /*CRAY*/ - + if (chdir(pwd->pw_dir) < 0) { if(chdir("/") < 0) { error("No remote directory.\n"); @@ -1066,17 +1066,17 @@ void doit(f, fromp) error("You must use encryption.\n"); goto signout_please; } - + if (pwd->pw_uid && !access(NOLOGIN, F_OK)) { error("Logins currently disabled.\n"); goto signout_please; } - + /* Log access to account */ pwd = (struct passwd *) getpwnam(locuser); if (pwd && (pwd->pw_uid == 0)) { #ifdef LOG_CMD - syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as ROOT", + syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as ROOT", cmdbuf, kremuser, remuser, hostaddra, hostname); #else syslog(LOG_NOTICE ,"Access as ROOT by principal %s (%s@%s (%s))", @@ -1087,20 +1087,20 @@ void doit(f, fromp) /* Log if principal is from a remote realm */ else if (client && !default_realm(client)) #endif - -#if defined(KERBEROS) && defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS) + +#if defined(KERBEROS) && defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS) /* Log if principal name does not map to local username */ else if (client && !princ_maps_to_lname(client, locuser)) #endif /* LOG_OTHER_USERS */ - + #ifdef LOG_ALL_LOGINS /* Log everything */ - else -#endif - + else +#endif + #if defined(LOG_REMOTE_REALM) || defined(LOG_OTHER_USERS) || defined(LOG_ALL_LOGINS) { #ifdef LOG_CMD - syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as local user %s", + syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as local user %s", cmdbuf, kremuser, remuser, hostaddra, hostname, locuser); #else syslog(LOG_NOTICE ,"Access as %s by principal %s (%s@%s (%s))", @@ -1108,9 +1108,9 @@ void doit(f, fromp) #endif } #endif - + (void) write(2, "", 1); - + if (port||do_encrypt) { if (port&&(pipe(pv) < 0)) { error("Can't make pipe.\n"); @@ -1139,7 +1139,7 @@ void doit(f, fromp) (void)sigaction(SIGHUP, &sa, (struct sigaction *)0); sa.sa_handler = SIG_IGN; - /* SIGPIPE is a crutch that we don't need if we check + /* SIGPIPE is a crutch that we don't need if we check the exit status of write. */ (void)sigaction(SIGPIPE, &sa, (struct sigaction *)0); (void)sigaction(SIGCHLD, &sa, (struct sigaction *)0); @@ -1148,20 +1148,20 @@ void doit(f, fromp) signal(SIGQUIT, cleanup); signal(SIGTERM, cleanup); signal(SIGHUP, cleanup); - /* SIGPIPE is a crutch that we don't need if we check + /* SIGPIPE is a crutch that we don't need if we check the exit status of write. */ signal(SIGPIPE, SIG_IGN); signal(SIGCHLD,SIG_IGN); #endif - + (void) close(0); (void) close(1); (void) close(2); if(port) (void) close(pv[1]); (void) close(pw[1]); (void) close(px[0]); - - - + + + FD_ZERO(&readfrom); FD_SET(f, &readfrom); maxfd = f; @@ -1176,7 +1176,7 @@ void doit(f, fromp) FD_SET(pw[0], &readfrom); if (pw[0] > maxfd) maxfd = pw[0]; - + /* read from f, write to px[1] -- child stdin */ /* read from s, signal child */ /* read from pv[0], write to s -- child stderr */ @@ -1246,7 +1246,7 @@ void doit(f, fromp) (void) close(px[1]); FD_CLR(f, &readfrom); } else if (wcc != cc) { - syslog(LOG_INFO, "only wrote %d/%d to child", + syslog(LOG_INFO, "only wrote %d/%d to child", wcc, cc); } } @@ -1293,14 +1293,14 @@ void doit(f, fromp) if(port) (void) close(pv[1]); } - - /* We are simply execing a program over rshd : log entry into wtmp, + + /* We are simply execing a program over rshd : log entry into wtmp, as kexe(pid), then finish out the session right after that. Syslog should have the information as to what was exec'd */ else { pty_logwtmp(ttyn,"",""); } - + if (*pwd->pw_shell == '\0') pwd->pw_shell = "/bin/sh"; (void) close(f); @@ -1317,7 +1317,7 @@ void doit(f, fromp) #ifdef HAVE_SETLUID /* * If we're on a system which keeps track of login uids, then - * set the login uid. + * set the login uid. */ if (setluid((uid_t) pwd->pw_uid) < 0) { perror("setluid"); @@ -1404,7 +1404,7 @@ void doit(f, fromp) char *buf2; if(getenv(save_env[cnt])) { - if (asprintf(&buf2, "%s=%s", save_env[cnt], + if (asprintf(&buf2, "%s=%s", save_env[cnt], getenv(save_env[cnt])) >= 0) { for (i = 0; envinit[i]; i++); envinit[i] = buf2; @@ -1415,7 +1415,7 @@ void doit(f, fromp) /* XXX - If we do anything else, make sure there is space in the array. */ environ = envinit; - + #ifdef KERBEROS /* To make Kerberos rcp work correctly, we must ensure that we invoke Kerberos rcp on this end, not normal rcp, even if the @@ -1453,7 +1453,7 @@ void doit(f, fromp) cp++; else cp = pwd->pw_shell; - + if (do_encrypt && !strncmp(cmdbuf, "-x ", 3)) { execl(pwd->pw_shell, cp, "-c", (char *)cmdbuf + 3, (char *)NULL); } @@ -1463,7 +1463,7 @@ void doit(f, fromp) perror(pwd->pw_shell); perror(cp); exit(1); - + signout_please: if (ccache) krb5_cc_destroy(bsd_context, ccache); @@ -1485,7 +1485,7 @@ error(fmt, va_alist) { va_list ap; char buf[RCMD_BUFSIZ], *cp = buf; - + #ifdef HAVE_STDARG_H va_start(ap, fmt); #else @@ -1508,7 +1508,7 @@ void getstr(fd, buf, cnt, err) char *err; { char c; - + do { if (read(fd, &c, 1) != 1) exit(1); @@ -1526,11 +1526,11 @@ char *makejtmp(uid, gid, jid) { register char *endc, *tdp = &tmpdir[strlen(tmpdir)]; register int i; - + snprintf(tdp, sizeof(tmpdir) - (tdp - tmpdir), "%s/jtmp.%06d", JTMPDIR, jid); endc = &tmpdir[strlen(tmpdir)]; - + endc[1] = '\0'; for (i = 0; i < 26; i++) { endc[0] = 'a' + i; @@ -1595,7 +1595,7 @@ static int get_packet_classification(fd,useruid,level,comp) struct udb *udb; int retval; int sockoptlen; - + retval = 0; getsysudb (); udb = getudbuid ((int) useruid); @@ -1631,8 +1631,8 @@ static int get_packet_classification(fd,useruid,level,comp) } #endif /* IP_SECURITY */ - - + + /* * Make a security log entry for the login attempt. @@ -1655,7 +1655,7 @@ loglogin(host, flag, failures, ue) char urec[sizeof(struct slghdr) + sizeof(struct slglogin)]; struct slghdr *uhdr = (struct slghdr *)urec; struct slglogin *ulogin=(struct slglogin *)&urec[sizeof(struct slghdr)]; - + strncpy(ulogin->sl_line, ttyn, sizeof(ulogin->sl_line)); strncpy(ulogin->sl_host, host, sizeof(ulogin->sl_host)); ulogin->sl_failures = failures; @@ -1671,7 +1671,7 @@ loglogin(host, flag, failures, ue) /* uhdr->sl_scls = ue->ue_defcls; enable for integrity policy */ uhdr->sl_olvl = 0; uhdr->sl_len = sizeof(urec); - + #ifdef CRAY2 slgentry(SLG_LOGN, (word *)urec); #else /* ! CRAY2 */ @@ -1681,7 +1681,7 @@ loglogin(host, flag, failures, ue) } #endif /* CRAY */ - + void usage() @@ -1728,7 +1728,7 @@ recvauth(netfd, peersin, valid_checksum) if (getsockname(netfd, (struct sockaddr *)&laddr, &len)) { exit(1); } - + #ifdef unicos61 #define SIZEOF_INADDR SIZEOF_in_addr #else @@ -1784,7 +1784,7 @@ recvauth(netfd, peersin, valid_checksum) getstr(netfd, cmdbuf, sizeof(cmdbuf), "command"); /* Must be V5 */ - + kcmd_proto = KCMD_UNKNOWN_PROTOCOL; if (version.length != 9) fatal (netfd, "bad application version length"); @@ -1795,17 +1795,17 @@ recvauth(netfd, peersin, valid_checksum) getstr(netfd, remuser, sizeof(locuser), "remuser"); - if ((status = krb5_unparse_name(bsd_context, ticket->enc_part2->client, + if ((status = krb5_unparse_name(bsd_context, ticket->enc_part2->client, &kremuser))) return status; - - if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, + + if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, &client))) return status; if ((status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator))) return status; - + if (authenticator->checksum && !checksum_ignored) { struct sockaddr_storage adr; unsigned int adr_length = sizeof(adr); diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index 57680ad3ca..fc6198c148 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -352,7 +352,7 @@ static void login_get_kconf(k) kconf_names[0] = "login"; kconf_names[1] = login_conf_set[i].flagname; kconf_names[2] = 0; - retval = profile_get_values(k->profile, + retval = profile_get_values(k->profile, kconf_names, &kconf_val); if (retval) { /* ignore most (all?) errors */ @@ -445,7 +445,7 @@ void k_init (ttyn) { #ifdef KRB5_GET_TICKETS krb5_error_code retval; - + retval = krb5_init_secure_context(&kcontext); if (retval) { com_err("login", retval, "while initializing krb5"); @@ -482,7 +482,7 @@ static int k5_get_password (user_pwstring, pwsize) unsigned int pwsize; { krb5_error_code code; - char prompt[255]; + char prompt[255]; snprintf(prompt, sizeof(prompt), "Password for %s", username); /* reduce opportunities to be swapped out */ @@ -521,7 +521,7 @@ static int try_krb5 (me_p, pass) if (code) { if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) fprintf (stderr, - "%s: Kerberos password incorrect\n", + "%s: Kerberos password incorrect\n", username); else com_err ("login", code, @@ -749,8 +749,8 @@ int main(argc, argv) /* * -p is used by getty to tell login not to destroy the environment * -r is used by rlogind to cause the autologin protocol; - * -f is used to skip a second login authentication - * -F is used to skip a second login authentication, allows login as root + * -f is used to skip a second login authentication + * -F is used to skip a second login authentication, allows login as root * -e is used to skip a second login authentication, but allows * login as root. * -h is used by other servers to pass the name of the @@ -835,11 +835,11 @@ int main(argc, argv) /* Only do this we we're not using POSIX_TERMIOS */ (void)ioctl(0, TIOCLSET, (char *)&ioctlval); #endif - + #ifdef TIOCNXCL (void)ioctl(0, TIOCNXCL, (char *)0); #endif - + ioctlval = fcntl(0, F_GETFL); #ifdef O_NONBLOCK ioctlval &= ~O_NONBLOCK; @@ -861,7 +861,7 @@ int main(argc, argv) term[sizeof(term) - 1] = '\0'; } } - + term_init (rflag || kflag || Kflag || eflag); for (cnt = getdtablesize(); cnt > 2; cnt--) @@ -877,7 +877,7 @@ int main(argc, argv) else tty = ttyn; -#ifndef LOG_ODELAY /* 4.2 syslog ... */ +#ifndef LOG_ODELAY /* 4.2 syslog ... */ openlog("login", 0); #else openlog("login", LOG_ODELAY, LOG_AUTH); @@ -1106,7 +1106,7 @@ int main(argc, argv) controlling tty, which is the case (under SunOS at least.) */ { - int pid = getpid(); + int pid = getpid(); struct sigaction sa2, osa; /* this will set the PGID to the PID. */ @@ -1251,14 +1251,14 @@ int main(argc, argv) #ifdef KRB5_GET_TICKETS if (got_v5_tickets) { - /* set up credential cache -- obeying KRB5_ENV_CCNAME + /* set up credential cache -- obeying KRB5_ENV_CCNAME set earlier */ /* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */ if ((retval = krb5_cc_default(kcontext, &ccache))) { com_err(argv[0], retval, "while getting default ccache"); } else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) { com_err(argv[0], retval, "when initializing cache"); - } else if ((retval = krb5_cc_store_cred(kcontext, ccache, + } else if ((retval = krb5_cc_store_cred(kcontext, ccache, &my_creds))) { com_err(argv[0], retval, "while storing credentials"); } else if (xtra_creds && @@ -1279,7 +1279,7 @@ int main(argc, argv) syslog(LOG_ERR, "%s while re-storing V5 credentials as user", error_message(retval)); - + } krb5_free_cred_contents(kcontext, &save_v5creds); } @@ -1672,7 +1672,7 @@ void dolastlog(hostname, quiet, tty) printf("Last login: %.*s ", 24-5, (char *)ctime(&lltime)); if (*ll.ll_host != '\0') - printf("from %.*s\n", (int) sizeof(ll.ll_host), + printf("from %.*s\n", (int) sizeof(ll.ll_host), ll.ll_host); else printf("on %.*s\n", (int) sizeof(ll.ll_line), ll.ll_line); @@ -1790,7 +1790,7 @@ dofork() int syncpipe[2]; char c; int n; - + #ifdef _IBMR2 update_ref_count(1); #endif @@ -1826,7 +1826,7 @@ dofork() /* Setup stuff? This would be things we could do in parallel with login */ (void) chdir("/"); /* Let's not keep the fs busy... */ - + /* If we're the parent, watch the child until it dies */ while (1) { @@ -1849,7 +1849,7 @@ dofork() if (pid == child) break; } - + /* Cleanup stuff */ /* Run destroy_tickets to destroy tickets */ (void) destroy_tickets(); /* If this fails, we lose quietly */ @@ -1873,7 +1873,7 @@ char *strsave(sp) char *sp; { register char *ret; - + if ((ret = strdup(sp)) == NULL) { fprintf(stderr, "no memory for saving args\n"); exit(1); diff --git a/src/appl/bsd/loginpaths.h b/src/appl/bsd/loginpaths.h index 0f2580bb92..8124e1abe9 100644 --- a/src/appl/bsd/loginpaths.h +++ b/src/appl/bsd/loginpaths.h @@ -34,7 +34,7 @@ #endif #ifdef _IBMR2 -/* 3.2.0 */ +/* 3.2.0 */ #define LPATH "/usr/bin:/usr/ucb:/usr/bin/X11" #define RPATH "/usr/bin:/usr/ucb:/usr/bin/X11" #endif diff --git a/src/appl/bsd/rpaths.h b/src/appl/bsd/rpaths.h index 4925ea33a1..b3946772c7 100644 --- a/src/appl/bsd/rpaths.h +++ b/src/appl/bsd/rpaths.h @@ -28,4 +28,3 @@ #undef UCB_RSH #define UCB_RSH "/usr/bin/remsh" #endif - |