| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
rather than just kconf_val before passing *kconf_val to
conf_affirmative (where strcasecmp will choke on it
if it is in fact null).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11039 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
adjust them after consildating the configure.in scripts.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11034 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
to buildtop and thisconfigdir, respectively.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11033 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to buildtop and thisconfigdir, respectively.) Add a MY_SUBDIRS
definition to control the directories which are recursively descended
by the Makefile.
configure.in: Fold the autoconf tests from the sample, simple,
gss-sample, and user_user directories into this higher-level
configure.in file.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11032 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
to buildtop and thisconfigdir, respectively.) Add a MY_SUBDIRS macro
set to '.' to indicate that there are no subdirectories to be
processed by the Makefile.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11031 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
Makefile.in: Set the myfulldir and mydir variables (which are relative
to buildtop and thisconfigdir, respectively.) Add a MY_SUBDIRS macro
set to '.' to indicate that there are no subdirectories to be
processed by the Makefile.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11030 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
to buildtop and thisconfigdir, respectively.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11029 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
-C (user wants local credentials) flags to ftpd.
If -C is set, write out forwarded credentials to disk and use krb524 to
get krb4 tickets as well. If user doesn't forward credentials, require
a password even if auth was successful and use that to get credentials.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10993 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Also, add previously omitted command line options -u and -t and
"passive" command to the man page.
* main.c (main): Print out a usage message instead of just
"unknown option."
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10992 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
incorrect", and only allow three bad passwords. Then
return an 421 reply code before closing the connection and
going away.
ftpcmd.y (cmd): Don't allow the PORT command to accept a port
number lower than 1024; this prevents some nasty ftp
"bounce attacks" to SMTP ports, etc.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10990 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10973 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
for encryption to be negotiated..." so that the response
"[ Kerberos V5 accepts you as ``gjking@ATHENA.MIT.EDU'' ]" doesn't
run off the end of the line.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10972 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
numbers for the local and foreign addresses so that the V4 encrypted
RCP will work correctly. [krb5-appl/638]
v4rcp.c (answer_auth): Apply ghudson's patch so that if KRB5LOCALPORT
and KRB5REMOTEPORT are set, use them to set the foreign and
local ports so that encrypted rcp for the same machine.
[krb5-appl/638]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10971 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
[krb5-appl/481]. Users that appear in /etc/ftpusers, followed
by the keyword "restrict" will be granted access, but a chroot()
will be done to their home directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10970 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
indicates that the "passive" command toggles passive mode.
main.c (main): Make passive mode off by default.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10956 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10949 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
example HPUX), and it's just not worth the effort to disambiguate
between the different reasons why gethostbyname() might have failed.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10948 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
not the pass function:
Don't reply 230 "User logged in" if the user didn't send a PASS
command; this causes the client to get a bit confused.
ChangeLog:
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10900 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
function has been split into its two logical components, pass and
login.
(pass): If auth_ok is true, reply with code 202 to tell the
user that a PASS command is not necessary. Also, don't reply
230 "User logged in" if the user didn't send a PASS command;
this causes the client to get a bit confused.
(auth_ok): New function that returns true if either gss_ok or
kerb_ok is true (all the #ifdefs were beginning to clutter things,
and it's a good abstraction in case other auth types are ever
added in the future).
(user): If GSSAPI or Kerberos v4 authentication succeeds, call
login immediately, instead of waiting for the client to send "PASS
dummy." Also, use #ifdef PARANOID instead of "some paranoid sites
may wish to uncomment this"
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10899 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
"oldclevel". Also, replace all occurrences of "dlevel" in this
function with "clevel".
* ftp.c (login): Test whether or not the server actually requires
"PASS dummy" by first sending "PWD" and checking the return value.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10898 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This command is dangerous, since it allows commands to be transmitted
without integrity checking, so the default behavior without the -c
option is still for the server to refuse to accept unprotected
commands.
* ftpd.c: Add a new command line option, -c, which tells the
server to accept the CCC command.
* ftpcmd.y: If the -c option was given, check to make sure the CCC
command itself was integrity protected, and then set ccc_ok to
allow future commands to be transmitted as cleartext.
(getline): Now that CCC is potentially allowed, we must check to
see if we are parsing an unprotected command even if a security
context is established (i.e. auth_type is set).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10846 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
char, to agree with its definition in libtelnet/kerberos.c. This was
causing dst_realm_sz to be zero unexpectedly, and so strncpy was not
copying the -k realm argument into dest_realm. [krb5-appl/616]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10837 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
set, because it expects a valid file descriptor [krb5-appl/359].
Also, remove mistakenly duplicated comment above the function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10826 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
dlevel to allow independence of command and data channel
protection levels.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10805 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
global variable level with separate variables clevel and dlevel
for the control channel and data channel protection levels,
respectively, so that the user may specify separate protection
levels for each channel. Similarly, functions such as getlevel
and setlevel are now getclevel/getdlevel, and setclevel/setdlevel.
* cmdtab.c: Add new FTP commands "cprotect" to allow the user to
set the control channel protection level (similar to "protect"),
and "ccc" (Clear Command Channel) which sets the control channel
protection level to clear (per the RFC).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10804 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
* Makefile.in (AUTH_DEF): Undefine LOGIN_CAP_F so that telnetd
runs login with -f rather than -F for preauthenticated login,
following the changes in appl/bsd/.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10803 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
* ftpd.c: Add support for extended logging as per PR#481. Using
the 'l' command line option twice now logs the major file commands,
and using it thrice logs bytecounts for RETR and STOR as well.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10801 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
* ftpcmd.y: Replace old KERBEROS #ifdef's with KRB5_KRB4_COMPAT
so that K4 compatibility support actually gets compiled in.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10792 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10791 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
* ftp.c (do_auth): Make verbosity not disappear if GSSAPI fails.
(getreply): Move 'S:' and 'P:' from verbose to debug.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10790 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
was previously being set to the value of code rather than to the
boolean expression (code == 631), which it had been previously.
The bug resulted in all replies from the server being parsed as
krb_safe messages even when they were krb_priv messages.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10788 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
* ftpd.c: (pass): Make daemon not lose for homedirs on
root-squashing filesystems.
(auth_data): Fix that godawful "error: No error" message
when gss_acquire_cred() fails.
(user): Fix getusershell() code so it works more than once.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10785 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
[krb5-appl/612]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10750 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
* Fix static libs on platforms using .a for shared libs
* Fix utmp handling for non-hpux platforms with ut_exit different from utmpx.
* Include librarymacros in ss configure.in
* Remove declarations of h_errno
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10632 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
WTMPFILE.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10594 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10593 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
_PATH_UTMP if defined to determine location of the wtmp and utmp
files.
configure.in: Add check for utmp.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10592 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
define struct lastlog somewhere. Included from Dima Ruban's FreeBSD
patches.
krlogin.c: Include sys/ioctl_compat.h if it is present (instead of
just for 386BSD).
loginpaths.h (LPATH): If the OS provides _PATH_DEFPATH, use it to
define LPATH and RPATH.
login.c: #include paths.h if present, and use it to set the pathnames
for certain common files.
configure.in (withval): Check for <sys/ioctl_compat.h> and <paths.h>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10586 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
setupterm is defined in libtermcap or libcurses.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10584 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
termination to some existing invocations of strncpy.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10572 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
telnetd-ktd.c (main): POSIX states that getopt returns -1 when it
is done parsing options, not EOF.
configure.in: Rename HAS_* to HAVE_* for the following tests: sac.h,
sys/ptyvar.h, sys/filio.h, sys/stream.h, gettosbyname(), and make
appropriate adjustments in the rest of the .c files. Remove tests
which aren't being used anymore: vhangup, utmpx.h, utmp.h, etc.
defs.h: Use HAVE_SYS_FILIO_H instead of FILIO_H
sys_term.c: Use HAVE_SAC_H and HAVE_SYS_STREAM_H instead of
HAS_SAC and STREAMS.
telnetd.c, telnetd-ktd.c: Use HAVE_GETTOSBYNAME instead of
HAS_GETTOS
telnetd.c: Use HAVE_SYS_PTYVAR_H instead of HAS_PTYVAR.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10571 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
parsing options, not EOF.
configure.in: Use standard autoconf test names. Change tests to define
standard autoconf CPP macro names, not the non-standard HAS_GETTOS,
etc.
main.c, commands.c: Use HAVE_GETTOSBYNAME instead of HAS_GETTOS
ring.c, externs.h: Use HAVE_SYS_FILIO_H instead of FILIO_H
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10570 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
and add a test for gettosbyname().
getent.c: Use HAVE_CGETENT instead of HAS_CGETENT
parsetos.c: Use HAVE_GETTOSBYNAME instead of HAS_GETTOS
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10569 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10554 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
tests for /etc/environment and /etc/TIMEZONE with K5_AC_CHECK_FILES.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10553 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
not EOF.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10550 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
not EOF.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10548 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
not EOF.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10547 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10543 dc483132-0cff-0310-8789-dd5450dbe970
|
