diff options
| author | Marc Horowitz <marc@mit.edu> | 1996-07-22 20:49:46 +0000 |
|---|---|---|
| committer | Marc Horowitz <marc@mit.edu> | 1996-07-22 20:49:46 +0000 |
| commit | edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1 (patch) | |
| tree | 6c2974a97b448c040fa4a31708ec5e02f187526c /src/appl | |
| parent | 013bb1391582ed9e653ae706e398ddb8d08cfcc9 (diff) | |
| download | krb5-edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1.tar.gz krb5-edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1.tar.xz krb5-edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1.zip | |
this commit includes all the changes on the OV_9510_INTEGRATION and
OV_MERGE branches. This includes, but is not limited to, the new openvision
admin system, and major changes to gssapi to add functionality, and bring
the implementation in line with rfc1964. before committing, the
code was built and tested for netbsd and solaris.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl')
| -rw-r--r-- | src/appl/gss-sample/ChangeLog | 5 | ||||
| -rw-r--r-- | src/appl/gss-sample/README | 39 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-client.c | 587 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-misc.c | 176 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-misc.h | 46 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-server.c | 570 | ||||
| -rw-r--r-- | src/appl/gssftp/ftp/ChangeLog | 7 | ||||
| -rw-r--r-- | src/appl/gssftp/ftp/cmds.c | 2 | ||||
| -rw-r--r-- | src/appl/gssftp/ftp/cmdtab.c | 4 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ChangeLog | 7 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ftpcmd.y | 8 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ftpd.c | 4 | ||||
| -rw-r--r-- | src/appl/telnet/libtelnet/ChangeLog | 15 | ||||
| -rw-r--r-- | src/appl/telnet/libtelnet/Makefile.in | 2 | ||||
| -rw-r--r-- | src/appl/telnet/libtelnet/enc-proto.h | 6 |
15 files changed, 731 insertions, 747 deletions
diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 100acd110..d82e360ef 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -4,6 +4,11 @@ Wed Jun 5 00:08:32 1996 Theodore Y. Ts'o <tytso@mit.edu> a file, don't free free inbuf.value until after the last place where we use it. +Wed Apr 17 20:54:37 1996 Marc Horowitz <marc@mit.edu> + + * all files: integrated changes from OpenVision as of + October 1995 + Tue Mar 12 23:46:26 1996 Ken Raeburn <raeburn@cygnus.com> * gss-server.c (timeval_subtract): Use old-style function diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README index a8d0afa7e..52b1b2143 100644 --- a/src/appl/gss-sample/README +++ b/src/appl/gss-sample/README @@ -41,26 +41,30 @@ interfaces. The server's command line usage is - gss-server [-port port] [-v2] service_name + gss-server [-port port] [-k keytab] service_name where service_name is a GSS-API service name of the form -"service@host". The server will accept TCP connections on port -(default 4444) and establish contexts as service_name. The -v2 option -means that the GSSAPI v2 calls should be used (and tested). - +"service@host" (or just "service", in which case the local host name +is used). The server will accept TCP connections on port (default +4444) and establish contexts as service_name. If you compile with +GSS_KRB5 defined and link against the MIT Kerberos libraries, the -k +option specifies a keytab to use instead of the default one. The client's command line usage is - gss-client [-port port] [-v2] [-d] host service_name msg + gss-client [-port port] [-d] host service_name msg where host is the host running the server, service_name is the service -name that the server will establish connections as, and msg is the -message. The client connects to the TCP on <host:port> (default 4444) -and performs the exchange. The "-d" option specifies delegation - -a forwardable TGT will be sent to the server, which will put it in -its credential cache (you must kinit -f for this to work). -The -v2 option means that the GSSAPI v2 calls should be used (and -tested). +name that the server will establish connections as (if you don't +specify the host name in the service name when running gss-server, and +it's running on a different machine from gss-client, make sure to +specify the server's host name in the service name you specify to +gss-client!) and msg is the message. The client connects to the TCP +on <host:port> (default 4444) and performs a context +establishment. The "-d" option specifies delegation - a forwardable +TGT will be sent to the server, which will put it in its credential +cache (you must kinit -f for this to work). The -v2 option means that +the GSSAPI v2 calls should be used (and tested). If you are using this sample application with OpenVision's Kerberos 5 GSS-API mechanism: @@ -69,9 +73,10 @@ GSS-API mechanism: -lisode -lcom_err. 2. Make sure that the principal corresponding to service_name is in -the default keytab on the server host, and that the gss-server process -can read the keytab. For example, the service name "host@server" -corresponds to the Kerberos principal "host/server.domain.com@REALM". +the default or specified keytab on the server host, and that the +gss-server process can read the keytab. For example, the service name +"host@server" corresponds to the Kerberos principal +"host/server.domain.com@REALM". This sample application uses the following GSS-API functions: @@ -85,3 +90,5 @@ This sample application uses the following GSS-API functions: Barry Jaspan, bjaspan@security.ov.com OpenVision Technologies, Inc. + +$Id$ diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index ff1bfdda1..fca0ef231 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -20,6 +20,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#if !defined(lint) && !defined(__CODECENTER__) +static char *rcsid = "$Header$"; +#endif + #include <stdio.h> #include <unistd.h> #include <stdlib.h> @@ -31,337 +35,16 @@ #include <sys/stat.h> #include <fcntl.h> -#include <gssapi/gssapi.h> #include <gssapi/gssapi_generic.h> - -#ifdef USE_STRING_H -#include <string.h> -#else -#include <strings.h> -#endif - -int establish_context(); -int connect_to_server(); -int call_server(); -int client_establish_context(); - -int send_token(); -int recv_token(); -void read_file(); - -int deleg_flag; -void display_status(); - -extern FILE *display_file; - +#include "gss-misc.h" void usage() { - fprintf(stderr, "Usage: gss-client [-port port] [-d] [-v2] host service \ + fprintf(stderr, "Usage: gss-client [-port port] [-d] host service \ msg\n"); exit(1); } -int main(argc, argv) - int argc; - char **argv; -{ - char *service_name, *server_host, *msg; - u_short port = 4444; - int v2 = 0; - int use_file = 0; - - display_file = stdout; - deleg_flag = 0; - - /* Parse arguments. */ - argc--; argv++; - while (argc) { - if (strcmp(*argv, "-port") == 0) { - argc--; argv++; - if (!argc) usage(); - port = atoi(*argv); - } else if (strcmp(*argv, "-v2") == 0) { - v2 = 1; - } else if (strcmp(*argv, "-d") == 0) { - deleg_flag = GSS_C_DELEG_FLAG; - } else if (strcmp(*argv, "-f") == 0) { - use_file = 1; - } else - break; - argc--; argv++; - } - if (argc != 3) - usage(); - - server_host = *argv++; - service_name = *argv++; - msg = *argv++; - - if (call_server(server_host, port, v2, service_name, msg, use_file) < 0) - exit(1); - - return 0; -} - -/* - * Function: call_server - * - * Purpose: Call the "sign" service. - * - * Arguments: - * - * host (r) the host providing the service - * port (r) the port to connect to on host - * service_name (r) the GSS-API service name to authenticate to - * msg (r) the message to have "signed" - * - * Returns: 0 on success, -1 on failure - * - * Effects: - * - * call_server opens a TCP connection to <host:port> and establishes a - * GSS-API context with service_name over the connection. It then - * seals msg in a GSS-API token with gss_seal, sends it to the server, - * reads back a GSS-API signature block for msg from the server, and - * verifies it with gss_verify. -1 is returned if any step fails, - * otherwise 0 is returned. - */ -int call_server(host, port, dov2, service_name, msg, use_file) - char *host; - u_short port; - int dov2; - char *service_name; - char *msg; - int use_file; -{ - gss_ctx_id_t context; - gss_buffer_desc in_buf, out_buf, context_token; - int s, state; - OM_uint32 maj_stat, min_stat; - gss_name_t src_name, targ_name; - gss_buffer_desc sname, tname; - OM_uint32 lifetime; - gss_OID mechanism, name_type; - int is_local; -#ifdef GSSAPI_V2 - OM_uint32 context_flags; - int is_open; - gss_qop_t qop_state; - gss_OID_set mech_names; - gss_buffer_desc oid_name; -#else /* GSSAPI_V2 */ - int context_flags; -#endif /* GSSAPI_V2 */ - - /* Open connection */ - if ((s = connect_to_server(host, port)) < 0) - return -1; - - /* Establish context */ - if (client_establish_context(s, service_name, &context) < 0) - return -1; - -#ifdef GSSAPI_V2 - if (dov2) { - /* - * Attempt to save and then restore the context. - */ - maj_stat = gss_export_sec_context(&min_stat, - &context, - &context_token); - if (maj_stat != GSS_S_COMPLETE) { - display_status("exporting context", maj_stat, min_stat); - return -1; - } - maj_stat = gss_import_sec_context(&min_stat, - &context_token, - &context); - if (maj_stat != GSS_S_COMPLETE) { - display_status("importing context", maj_stat, min_stat); - return -1; - } - (void) gss_release_buffer(&min_stat, &context_token); - } -#endif /* GSSAPI_V2 */ - - /* Get context information */ - maj_stat = gss_inquire_context(&min_stat, context, - &src_name, &targ_name, &lifetime, - &mechanism, &context_flags, - &is_local -#ifdef GSSAPI_V2 - , &is_open -#endif /* GSSAPI_V2 */ - ); - if (maj_stat != GSS_S_COMPLETE) { - display_status("inquiring context", maj_stat, min_stat); - return -1; - } - - maj_stat = gss_display_name(&min_stat, src_name, &sname, - &name_type); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying context", maj_stat, min_stat); - return -1; - } - maj_stat = gss_display_name(&min_stat, targ_name, &tname, - (gss_OID *) NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying context", maj_stat, min_stat); - return -1; - } - fprintf(stderr, "\"%s\" to \"%s\", lifetime %d, flags %x, %s", - (char *) sname.value, (char *) tname.value, lifetime, - context_flags, - (is_local) ? "locally initiated" : "remotely initiated"); -#ifdef GSSAPI_V2 - fprintf(stderr, " %s", (is_open) ? "open" : "closed"); -#endif /* GSSAPI_V2 */ - fprintf(stderr, "\n"); - - (void) gss_release_name(&min_stat, &src_name); - (void) gss_release_name(&min_stat, &targ_name); - (void) gss_release_buffer(&min_stat, &sname); - (void) gss_release_buffer(&min_stat, &tname); - -#ifdef GSSAPI_V2 - if (dov2) { - size_t i; - - maj_stat = gss_oid_to_str(&min_stat, - name_type, - &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - fprintf(stderr, "Name type of source name is %s.\n", - (char *) oid_name.value); - (void) gss_release_buffer(&min_stat, &oid_name); - (void) gss_release_oid(&min_stat, &name_type); - - /* Now get the names supported by the mechanism */ - maj_stat = gss_inquire_names_for_mech(&min_stat, - mechanism, - &mech_names); - if (maj_stat != GSS_S_COMPLETE) { - display_status("inquiring mech names", maj_stat, min_stat); - return -1; - } - - maj_stat = gss_oid_to_str(&min_stat, - mechanism, - &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - fprintf(stderr, "Mechanism %s supports %d names\n", - (char *) oid_name.value, mech_names->count); - (void) gss_release_buffer(&min_stat, &oid_name); - for (i=0; i<mech_names->count; i++) { - gss_OID tmpoid; - int is_present; - - maj_stat = gss_oid_to_str(&min_stat, - &mech_names->elements[i], - &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - fprintf(stderr, "%d: %s\n", i, (char *) oid_name.value); - - maj_stat = gss_str_to_oid(&min_stat, - &oid_name, - &tmpoid); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting string->oid", maj_stat, min_stat); - return -1; - } - - maj_stat = gss_test_oid_set_member(&min_stat, - tmpoid, - mech_names, - &is_present); - if (maj_stat != GSS_S_COMPLETE) { - display_status("testing oid presence", maj_stat, min_stat); - return -1; - } - if (!is_present) { - fprintf(stderr, "%s is not present in list?\n", - (char *) oid_name.value); - } - (void) gss_release_oid(&min_stat, &tmpoid); - (void) gss_release_buffer(&min_stat, &oid_name); - } - - (void) gss_release_oid_set(&min_stat, &mech_names); - (void) gss_release_oid(&min_stat, &mechanism); - } -#endif /* GSSAPI_V2 */ - - if (use_file) { - read_file(msg, &in_buf); - } else { - /* Seal the message */ - in_buf.value = msg; - in_buf.length = strlen(msg) + 1; - } -#ifdef GSSAPI_V2 - if (dov2) - maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT, - &in_buf, &state, &out_buf); - else -#endif /* GSSAPI_V2 */ - maj_stat = gss_seal(&min_stat, context, 1, GSS_C_QOP_DEFAULT, - &in_buf, &state, &out_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("sealing message", maj_stat, min_stat); - return -1; - } else if (! state) { - fprintf(stderr, "Warning! Message not encrypted.\n"); - } - - /* Send to server */ - if (send_token(s, &out_buf) < 0) - return -1; - (void) gss_release_buffer(&min_stat, &out_buf); - - /* Read signature block into out_buf */ - if (recv_token(s, &out_buf) < 0) - return -1; - - /* Verify signature block */ -#ifdef GSSAPI_V2 - if (dov2) - maj_stat = gss_verify_mic(&min_stat, context, &in_buf, - &out_buf, &qop_state); - else -#endif /* GSSAPI_V2 */ - maj_stat = gss_verify(&min_stat, context, &in_buf, &out_buf, &state); - if (maj_stat != GSS_S_COMPLETE) { - display_status("verifying signature", maj_stat, min_stat); - return -1; - } - (void) gss_release_buffer(&min_stat, &out_buf); - if (use_file) - free(in_buf.value); - - printf("Signature verified.\n"); - - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - return -1; - } - (void) gss_release_buffer(&min_stat, &out_buf); - - return 0; -} - /* * Function: connect_to_server * @@ -403,6 +86,7 @@ int connect_to_server(host, port) } if (connect(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) { perror("connecting to server"); + (void) close(s); return -1; } return s; @@ -419,6 +103,7 @@ int connect_to_server(host, port) * s (r) an established TCP connection to the service * service_name (r) the ASCII service name of the service * context (w) the established GSS-API context + * ret_flags (w) the returned flags from init_sec_context * * Returns: 0 on success, -1 on failure * @@ -434,10 +119,13 @@ int connect_to_server(host, port) * unsuccessful, the GSS-API error messages are displayed on stderr * and -1 is returned. */ -int client_establish_context(s, service_name, gss_context) +int client_establish_context(s, service_name, deleg_flag, + gss_context, ret_flags) int s; char *service_name; + OM_uint32 deleg_flag; gss_ctx_id_t *gss_context; + OM_uint32 *ret_flags; { gss_buffer_desc send_tok, recv_tok, *token_ptr; gss_name_t target_name; @@ -489,7 +177,7 @@ int client_establish_context(s, service_name, gss_context) token_ptr, NULL, /* ignore mech type */ &send_tok, - NULL, /* ignore ret_flags */ + ret_flags, NULL); /* ignore time_rec */ if (token_ptr != GSS_C_NO_BUFFER) @@ -527,7 +215,6 @@ int client_establish_context(s, service_name, gss_context) return 0; } - void read_file(file_name, in_buf) char *file_name; gss_buffer_t in_buf; @@ -566,3 +253,251 @@ void read_file(file_name, in_buf) bytes_in, count); } +/* + * Function: call_server + * + * Purpose: Call the "sign" service. + * + * Arguments: + * + * host (r) the host providing the service + * port (r) the port to connect to on host + * service_name (r) the GSS-API service name to authenticate to + * msg (r) the message to have "signed" + * + * Returns: 0 on success, -1 on failure + * + * Effects: + * + * call_server opens a TCP connection to <host:port> and establishes a + * GSS-API context with service_name over the connection. It then + * seals msg in a GSS-API token with gss_seal, sends it to the server, + * reads back a GSS-API signature block for msg from the server, and + * verifies it with gss_verify. -1 is returned if any step fails, + * otherwise 0 is returned. + */ +int call_server(host, port, service_name, deleg_flag, msg, use_file) + char *host; + u_short port; + char *service_name; + OM_uint32 deleg_flag; + char *msg; + int use_file; +{ + gss_ctx_id_t context; + gss_buffer_desc in_buf, out_buf; + int s, state; + OM_uint32 ret_flags; + OM_uint32 maj_stat, min_stat; + gss_name_t src_name, targ_name; + gss_buffer_desc sname, tname; + OM_uint32 lifetime; + gss_OID mechanism, name_type; + int is_local; + OM_uint32 context_flags; + int is_open; + gss_qop_t qop_state; + gss_OID_set mech_names; + gss_buffer_desc oid_name; + size_t i; + + /* Open connection */ + if ((s = connect_to_server(host, port)) < 0) + return -1; + + /* Establish context */ + if (client_establish_context(s, service_name, deleg_flag, &context, + &ret_flags) < 0) { + (void) close(s); + return -1; + } + + /* display the flags */ + display_ctx_flags(ret_flags); + + /* Get context information */ + maj_stat = gss_inquire_context(&min_stat, context, + &src_name, &targ_name, &lifetime, + &mechanism, &context_flags, + &is_local, + &is_open); + if (maj_stat != GSS_S_COMPLETE) { + display_status("inquiring context", maj_stat, min_stat); + return -1; + } + + maj_stat = gss_display_name(&min_stat, src_name, &sname, + &name_type); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying source name", maj_stat, min_stat); + return -1; + } + maj_stat = gss_display_name(&min_stat, targ_name, &tname, + (gss_OID *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying target name", maj_stat, min_stat); + return -1; + } + fprintf(stderr, "\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n", + (int) sname.length, (char *) sname.value, + (int) tname.length, (char *) tname.value, lifetime, + context_flags, + (is_local) ? "locally initiated" : "remotely initiated", + (is_open) ? "open" : "closed"); + + (void) gss_release_name(&min_stat, &src_name); + (void) gss_release_name(&min_stat, &targ_name); + (void) gss_release_buffer(&min_stat, &sname); + (void) gss_release_buffer(&min_stat, &tname); + + maj_stat = gss_oid_to_str(&min_stat, + name_type, + &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(stderr, "Name type of source name is %.*s.\n", + (int) oid_name.length, (char *) oid_name.value); + (void) gss_release_buffer(&min_stat, &oid_name); + + /* Now get the names supported by the mechanism */ + maj_stat = gss_inquire_names_for_mech(&min_stat, + mechanism, + &mech_names); + if (maj_stat != GSS_S_COMPLETE) { + display_status("inquiring mech names", maj_stat, min_stat); + return -1; + } + + maj_stat = gss_oid_to_str(&min_stat, + mechanism, + &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(stderr, "Mechanism %.*s supports %d names\n", + (int) oid_name.length, (char *) oid_name.value, + mech_names->count); + (void) gss_release_buffer(&min_stat, &oid_name); + + for (i=0; i<mech_names->count; i++) { + maj_stat = gss_oid_to_str(&min_stat, + &mech_names->elements[i], + &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(stderr, " %d: %.*s\n", i, + (int) oid_name.length, (char *) oid_name.value); + + (void) gss_release_buffer(&min_stat, &oid_name); + } + (void) gss_release_oid_set(&min_stat, &mech_names); + + if (use_file) { + read_file(msg, &in_buf); + } else { + /* Seal the message */ + in_buf.value = msg; + in_buf.length = strlen(msg) + 1; + } + + maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT, + &in_buf, &state, &out_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("sealing message", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } else if (! state) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + + /* Send to server */ + if (send_token(s, &out_buf) < 0) { + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } + (void) gss_release_buffer(&min_stat, &out_buf); + + /* Read signature block into out_buf */ + if (recv_token(s, &out_buf) < 0) { + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } + + /* Verify signature block */ + maj_stat = gss_verify_mic(&min_stat, context, &in_buf, + &out_buf, &qop_state); + if (maj_stat != GSS_S_COMPLETE) { + display_status("verifying signature", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } + (void) gss_release_buffer(&min_stat, &out_buf); + + if (use_file) + free(in_buf.value); + + printf("Signature verified.\n"); + + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } + + (void) gss_release_buffer(&min_stat, &out_buf); + (void) close(s); + return 0; +} + +int main(argc, argv) + int argc; + char **argv; +{ + char *service_name, *server_host, *msg; + u_short port = 4444; + int use_file = 0; + OM_uint32 deleg_flag = 0; + + display_file = stdout; + + /* Parse arguments. */ + argc--; argv++; + while (argc) { + if (strcmp(*argv, "-port") == 0) { + argc--; argv++; + if (!argc) usage(); + port = atoi(*argv); + } else if (strcmp(*argv, "-d") == 0) { + deleg_flag = GSS_C_DELEG_FLAG; + } else if (strcmp(*argv, "-f") == 0) { + use_file = 1; + } else + break; + argc--; argv++; + } + if (argc != 3) + usage(); + + server_host = *argv++; + service_name = *argv++; + msg = *argv++; + + if (call_server(server_host, port, service_name, + deleg_flag, msg, use_file) < 0) + exit(1); + + return 0; +} + diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c index 446aa3087..67e898c1d 100644 --- a/src/appl/gss-sample/gss-misc.c +++ b/src/appl/gss-sample/gss-misc.c @@ -20,16 +20,21 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#if !defined(lint) && !defined(__CODECENTER__) +static char *rcsid = "$Header$"; +#endif + #include <stdio.h> #include <sys/types.h> #include <netinet/in.h> +#include <errno.h> #ifdef HAVE_UNISTD_H #include <unistd.h> #endif #include <string.h> -#include <gssapi/gssapi.h> #include <gssapi/gssapi_generic.h> +#include "gss-misc.h" #ifdef HAVE_STDLIB_H #include <stdlib.h> @@ -37,9 +42,48 @@ extern char *malloc(); #endif -static void display_status_1(); +FILE *display_file; + +static void display_status_1 + PROTOTYPE( (char *m, OM_uint32 code, int type) ); -FILE *display_file = NULL; +static int write_all(int fildes, char *buf, unsigned int nbyte) +{ + int ret; + char *ptr; + + for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { + ret = write(fildes, ptr, nbyte); + if (ret < 0) { + if (errno == EINTR) + continue; + return(ret); + } else if (ret == 0) { + return(ptr-buf); + } + } + + return(ptr-buf); +} + +static int read_all(int fildes, char *buf, unsigned int nbyte) +{ + int ret; + char *ptr; + + for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { + ret = read(fildes, ptr, nbyte); + if (ret < 0) { + if (errno == EINTR) + continue; + return(ret); + } else if (ret == 0) { + return(ptr-buf); + } + } + + return(ptr-buf); +} /* * Function: send_token @@ -67,7 +111,7 @@ int send_token(s, tok) len = htonl(tok->length); - ret = write(s, (char *) &len, 4); + ret = write_all(s, (char *) &len, 4); if (ret < 0) { perror("sending token length"); return -1; @@ -79,7 +123,7 @@ int send_token(s, tok) return -1; } - ret = write(s, tok->value, tok->length); + ret = write_all(s, tok->value, tok->length); if (ret < 0) { perror("sending token data"); return -1; @@ -120,9 +164,8 @@ int recv_token(s, tok) gss_buffer_t tok; { int ret; - int readsofar = 0; - ret = read(s, (char *) &tok->length, 4); + ret = read_all(s, (char *) &tok->length, 4); if (ret < 0) { perror("reading token length"); return -1; @@ -143,20 +186,45 @@ int recv_token(s, tok) return -1; } - while (readsofar < tok->length) { - ret = read(s, (char *) tok->value + readsofar, - tok->length - readsofar); - readsofar += ret; - if (ret < 0) { - perror("reading token data"); - free(tok->value); - return -1; - } + ret = read_all(s, (char *) tok->value, tok->length); + if (ret < 0) { + perror("reading token data"); + free(tok->value); + return -1; + } else if (ret != tok->length) { + fprintf(stderr, "sending token data: %d of %d bytes written\n", + ret, tok->length); + free(tok->value); + return -1; } return 0; } +static void display_status_1(m, code, type) + char *m; + OM_uint32 code; + int type; +{ + OM_uint32 maj_stat, min_stat; + gss_buffer_desc msg; + OM_uint32 msg_ctx; + + msg_ctx = 0; + while (1) { + maj_stat = gss_display_status(&min_stat, code, + type, GSS_C_NULL_OID, + &msg_ctx, &msg); + if (display_file) + fprintf(display_file, "GSS-API error %s: %s\n", m, + (char *)msg.value); + (void) gss_release_buffer(&min_stat, &msg); + + if (!msg_ctx) + break; + } +} + /* * Function: display_status * @@ -183,32 +251,37 @@ void display_status(msg, maj_stat, min_stat) display_status_1(msg, min_stat, GSS_C_MECH_CODE); } -static void display_status_1(m, code, type) - char *m; - OM_uint32 code; - int type; +/* + * Function: display_ctx_flags + * + * Purpose: displays the flags returned by context initation in + * a human-readable form + * + * Arguments: + * + * int ret_flags + * + * Effects: + * + * Strings corresponding to the context flags are printed on + * stdout, preceded by "context flag: " and followed by a newline + */ + +void display_ctx_flags(flags) + OM_uint32 flags; { - OM_uint32 maj_stat, min_stat; - gss_buffer_desc msg; -#ifdef GSSAPI_V2 - OM_uint32 msg_ctx; -#else /* GSSAPI_V2 */ - int msg_ctx; -#endif /* GSSAPI_V2 */ - - msg_ctx = 0; - while (1) { - maj_stat = gss_display_status(&min_stat, code, - type, GSS_C_NULL_OID, - &msg_ctx, &msg); - if (display_file) - fprintf(display_file, "GSS-API error %s: %s\n", m, - (char *)msg.value); - (void) gss_release_buffer(&min_stat, &msg); - - if (!msg_ctx) - break; - } + if (flags & GSS_C_DELEG_FLAG) + fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n"); + if (flags & GSS_C_MUTUAL_FLAG) + fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n"); + if (flags & GSS_C_REPLAY_FLAG) + fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n"); + if (flags & GSS_C_SEQUENCE_FLAG) + fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n"); + if (flags & GSS_C_CONF_FLAG ) + fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n"); + if (flags & GSS_C_INTEG_FLAG ) + fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n"); } void print_token(tok) @@ -228,24 +301,3 @@ void print_token(tok) fprintf(display_file, "\n"); fflush(display_file); } - -void display_buffer(buffer) - gss_buffer_desc buffer; -{ - char *namebuf; - - if (!display_file) - return; - namebuf = malloc(buffer.length+1); - if (!namebuf) { - fprintf(stderr, "display_buffer: couldn't allocate buffer!\n"); - exit(1); - } - strncpy(namebuf, buffer.value, buffer.length); - namebuf[buffer.length] = '\0'; - fprintf(display_file, "%s", namebuf); - free(namebuf); -} - - - diff --git a/src/appl/gss-sample/gss-misc.h b/src/appl/gss-sample/gss-misc.h new file mode 100644 index 000000000..bfdcad2f4 --- /dev/null +++ b/src/appl/gss-sample/gss-misc.h @@ -0,0 +1,46 @@ +/* + * Copyright 1994 by OpenVision Technologies, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of OpenVision not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. OpenVision makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * $Id$ + */ + +#ifndef _GSSMISC_H_ +#define _GSSMISC_H_ + +#include <gssapi/gssapi_generic.h> +#include <stdio.h> + +extern FILE *display_file; + +int send_token + PROTOTYPE( (int s, gss_buffer_t tok) ); +int recv_token + PROTOTYPE( (int s, gss_buffer_t tok) ); +void display_status + PROTOTYPE( (char *msg, OM_uint32 maj_stat, OM_uint32 min_stat) ); +void display_ctx_flags + PROTOTYPE( (OM_uint32 flags) ); +void print_token + PROTOTYPE( (gss_buffer_t tok) ); + +#endif diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index f685ab70f..bd4e7fe90 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -20,6 +20,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#if !defined(lint) && !defined(__CODECENTER__) +static char *rcsid = "$Header$"; +#endif + #include <stdio.h> #include <sys/types.h> #include <sys/socket.h> @@ -29,11 +33,9 @@ #endif #include <stdlib.h> #include <ctype.h> -#include <sys/time.h> -#include <time.h> -#include <gssapi/gssapi.h> #include <gssapi/gssapi_generic.h> +#include "gss-misc.h" #ifdef USE_STRING_H #include <string.h> @@ -41,292 +43,16 @@ #include <strings.h> #endif -int create_socket(); - -int send_token(); -int recv_token(); -void display_status(); -int test_import_export_context(); -void print_token(); - -int server_acquire_creds(); -int server_establish_context(); -int sign_server(); - -extern FILE *display_file; -FILE *log; - -int verbose = 0; - -void usage() { - fprintf(stderr, "Usage: gss-server [-port port] [-v2] [-inetd] [-logfile file] service_name\n"); + fprintf(stderr, "Usage: gss-server [-port port] [-verbose]\n"); + fprintf(stderr, " [-inetd] [-logfile file] [service_name]\n"); exit(1); } -int -main(argc, argv) - int argc; - char **argv; -{ - char *service_name; - u_short port = 4444; - int s; - int do_inetd = 0; - int dov2 = 0; - int once = 0; - - log = stdout; - display_file = stdout; - argc--; argv++; - while (argc) { - if (strcmp(*argv, "-port") == 0) { - argc--; argv++; - if (!argc) usage(); - port = atoi(*argv); - } else if (strcmp(*argv, "-inetd") == 0) { - do_inetd = 1; - display_file = 0; - } else if (strcmp(*argv, "-verbose") == 0) { - verbose = 1; - } else if (strcmp(*argv, "-v2") == 0) { - dov2 = 1; - } else if (strcmp(*argv, "-once") == 0) { - once = 1; - } else if (strcmp(*argv, "-logfile") == 0) { - argc--; argv++; - if (!argc) usage(); - log = fopen(*argv, "a"); - display_file = log; - if (!log) { - perror(*argv); - exit(1); - } - } else - break; - argc--; argv++; - } - if (argc != 1) - usage(); - - service_name = *argv; - - if (do_inetd == 0) { - if ((s = create_socket(port)) < 0) - exit(1); - } else { - s = -1; - close(1); - close(2); - } - - if (sign_server(s, service_name, dov2, once) < 0) - exit(1); - - /*NOTREACHED*/ - return 0; -} - -/* - * Function: create_socket - * - * Purpose: Opens a listening TCP socket. - * - * Arguments: - * - * port (r) the port number on which to listen - * - * Returns: the listening socket file descriptor, or -1 on failure - * - * Effects: - * - * A listening socket on the specified port and created and returned. - * On error, an error message is displayed and -1 is returned. - */ -int create_socket(port) - u_short port; -{ - struct sockaddr_in saddr; - int s; - int on = 1; - - saddr.sin_family = AF_INET; - saddr.sin_port = htons(port); - saddr.sin_addr.s_addr = INADDR_ANY; - - if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("creating socket"); - return -1; - } - /* Let the socket be reused right away */ - (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)); - if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) { - perror("binding socket"); - return -1; - } - if (listen(s, 5) < 0) { - perror("listening on socket"); - return -1; - } - return s; -} - -/* - * Function: sign_server - * - * Purpose: Performs the "sign" service. - * - * Arguments: - * - * s (r) a TCP socket on which to listen for connections. - * If s is -1, then assume that we were started out of - * inetd and use file descriptor 0. - * service_name (r) the ASCII name of the GSS-API service to - * establish a context as - * dov2 (r) a boolean indicating whether we should use GSSAPI - * V2 interfaces, if available. - * once (r) a boolean indicating whether we should - * only accept one connection, then exit. - * - * Returns: -1 on error - * - * Effects: - * - * sign_server acquires GSS-API credentials for service_name and then - * loops forever accepting TCP connections on s, establishing a - * context, and performing a single sign request. - * - * A sign request is a single GSS-API sealed token. The token is - * unsealed and a signature block, produced with gss_sign, is returned - * to the sender. The context is the destroyed and the connection - * closed. - * - * If any error occurs, -1 is returned. - */ -int sign_server(s, service_name, dov2, once) - int s; - char *service_name; - int dov2; - int once; -{ - gss_cred_id_t server_creds; - gss_buffer_desc client_name, xmit_buf, msg_buf; - gss_ctx_id_t context; - OM_uint32 maj_stat, min_stat; - int i,s2; - time_t now; - char *cp; - - if (server_acquire_creds(service_name, &server_creds) < 0) - return -1; - - while (1) { - if (s >= 0) { - /* Accept a TCP connection */ - if ((s2 = accept(s, NULL, 0)) < 0) { - perror("accepting connection"); - exit(1); - } - } else - s2 = 0; - - /* Establish a context with the client */ - if (server_establish_context(s2, server_creds, &context, - &client_name) < 0) - break; - - time(&now); - fprintf(log, "Accepted connection: \"%s\" at %s", - (char *) client_name.value, ctime(&now)); - (void) gss_release_buffer(&min_stat, &client_name); - - if (dov2) { - for (i=0; i < 3; i++) - if (test_import_export_context(&context)) - break; - if (i < 3) - break; - } - - /* Receive the sealed message token */ - if (recv_token(s2, &xmit_buf) < 0) - break; - - if (verbose && log) { - fprintf(log, "Sealed message token:\n"); - print_token(xmit_buf); - } - -#ifdef GSSAPI_V2 - if (dov2) - maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, - (int *) NULL, (gss_qop_t *) NULL); - else -#endif /* GSSAPI_V2 */ - /* Unseal the message token */ - maj_stat = gss_unseal(&min_stat, context, &xmit_buf, - &msg_buf, NULL, NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("unsealing message", maj_stat, min_stat); - break; - } - - (void) gss_release_buffer(&min_stat, &xmit_buf); - - fprintf(log, "Received message: "); - cp = msg_buf.value; - if (isprint(cp[0]) && isprint(cp[1])) - fprintf(log, "\"%s\"\n", cp); - else { - printf("\n"); - print_token(msg_buf); - } - - /* Produce a signature block for the message */ -#ifdef GSSAPI_V2 - if (dov2) - maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); - else -#endif /* GSSAPI_V2 */ - maj_stat = gss_sign(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("signing message", maj_stat, min_stat); - break; - } - - (void) gss_release_buffer(&min_stat, &msg_buf); - - /* Send the signature block to the client */ - if (send_token(s2, &xmit_buf) < 0) - break; - - (void) gss_release_buffer(&min_stat, &xmit_buf); - - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, &xmit_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - break; - } - - (void) gss_release_buffer(&min_stat, &xmit_buf); - - /* Close TCP connection */ - close(s2); - - fflush(log); - - if (s < 0 || once) - break; - } +FILE *log; - /*NOTREACHED*/ - (void) gss_release_cred(&min_stat, &server_creds); - return -1; -} +int verbose = 0; /* * Function: server_acquire_creds @@ -400,17 +126,17 @@ int server_acquire_creds(service_name, server_creds) * in client_name and 0 is returned. If unsuccessful, an error * message is displayed and -1 is returned. */ -int server_establish_context(s, server_creds, context, client_name) +int server_establish_context(s, server_creds, context, client_name, ret_flags) int s; gss_cred_id_t server_creds; gss_ctx_id_t *context; gss_buffer_t client_name; + OM_uint32 *ret_flags; { gss_buffer_desc send_tok, recv_tok; gss_name_t client; gss_OID doid; OM_uint32 maj_stat, min_stat; - OM_uint32 ret_flags; *context = GSS_C_NO_CONTEXT; @@ -432,7 +158,7 @@ int server_establish_context(s, server_creds, context, client_name) &client, &doid, &send_tok, - &ret_flags, + ret_flags, NULL, /* ignore time_rec */ NULL); /* ignore del_cred_handle */ @@ -441,8 +167,9 @@ int server_establish_context(s, server_creds, context, client_name) (void) gss_release_buffer(&min_stat, &recv_tok); return -1; } + (void) gss_release_buffer(&min_stat, &recv_tok); - + if (send_tok.length != 0) { if (verbose && log) { fprintf(log, @@ -457,15 +184,18 @@ int server_establish_context(s, server_creds, context, client_name) (void) gss_release_buffer(&min_stat, &send_tok); } - if (maj_stat == GSS_S_CONTINUE_NEEDED) - if (log) - fprintf(log, "continue needed..."); if (log) { - fprintf(log, "\n"); + if (maj_stat == GSS_S_CONTINUE_NEEDED) + fprintf(log, "\n"); + else + fprintf(log, "continue needed...\n"); fflush(log); } } while (maj_stat == GSS_S_CONTINUE_NEEDED); + /* display the flags */ + display_ctx_flags(*ret_flags); + maj_stat = gss_display_name(&min_stat, client, client_name, &doid); if (maj_stat != GSS_S_COMPLETE) { display_status("displaying name", maj_stat, min_stat); @@ -479,42 +209,232 @@ int server_establish_context(s, server_creds, context, client_name) return 0; } -static float timeval_subtract(tv1, tv2) - struct timeval *tv1, *tv2; +/* + * Function: create_socket + * + * Purpose: Opens a listening TCP socket. + * + * Arguments: + * + * port (r) the port number on which to listen + * + * Returns: the listening socket file descriptor, or -1 on failure + * + * Effects: + * + * A listening socket on the specified port and created and returned. + * On error, an error message is displayed and -1 is returned. + */ +int create_socket(port) + u_short port; { - return ((tv1->tv_sec - tv2->tv_sec) + - ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000); + struct sockaddr_in saddr; + int s; + int on = 1; + + saddr.sin_family = AF_INET; + saddr.sin_port = htons(port); + saddr.sin_addr.s_addr = INADDR_ANY; + + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("creating socket"); + return -1; + } + /* Let the socket be reused right away */ + (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)); + if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) { + perror("binding socket"); + (void) close(s); + return -1; + } + if (listen(s, 5) < 0) { + perror("listening on socket"); + (void) close(s); + return -1; + } + return s; } -int test_import_export_context(context) - gss_ctx_id_t *context; +/* + * Function: sign_server + * + * Purpose: Performs the "sign" service. + * + * Arguments: + * + * s (r) a TCP socket on which a connection has been + * accept()ed + * service_name (r) the ASCII name of the GSS-API service to + * establish a context as + * + * Returns: -1 on error + * + * Effects: + * + * sign_server establishes a context, and performs a single sign request. + * + * A sign request is a single GSS-API sealed token. The token is + * unsealed and a signature block, produced with gss_sign, is returned + * to the sender. The context is the destroyed and the connection + * closed. + * + * If any error occurs, -1 is returned. + */ +int sign_server(s, server_creds) + int s; + gss_cred_id_t server_creds; { - OM_uint32 min_stat, maj_stat; - gss_buffer_desc context_token; - struct timeval tm1, tm2; - - /* - * Attempt to save and then restore the context. - */ - gettimeofday(&tm1, (struct timezone *)0); - maj_stat = gss_export_sec_context(&min_stat, context, &context_token); - if (maj_stat != GSS_S_COMPLETE) { - display_status("exporting context", maj_stat, min_stat); - return 1; - } - gettimeofday(&tm2, (struct timezone *)0); - if (verbose && log) - fprintf(log, "Exported context: %d bytes, %7.4f seconds\n", - context_token.length, timeval_subtract(&tm2, &tm1)); - maj_stat = gss_import_sec_context(&min_stat, &context_token, context); - if (maj_stat != GSS_S_COMPLETE) { - display_status("importing context", maj_stat, min_stat); - return 1; - } - gettimeofday(&tm1, (struct timezone *)0); - if (verbose && log) - fprintf(log, "Importing context: %7.4f seconds\n", - timeval_subtract(&tm1, &tm2)); - (void) gss_release_buffer(&min_stat, &context_token); - return 0; + gss_buffer_desc client_name, xmit_buf, msg_buf; + gss_ctx_id_t context; + OM_uint32 maj_stat, min_stat; + int i, conf_state, ret_flags; + char *cp; + + /* Establish a context with the client */ + if (server_establish_context(s, server_creds, &context, + &client_name, &ret_flags) < 0) + return(-1); + + printf("Accepted connection: \"%.*s\"\n", + client_name.length, client_name.value); + (void) gss_release_buffer(&min_stat, &client_name); + + /* Receive the sealed message token */ + if (recv_token(s, &xmit_buf) < 0) + return(-1); + + if (verbose && log) { + fprintf(log, "Sealed message token:\n"); + print_token(&xmit_buf); + } + + maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, + &conf_state, (gss_qop_t *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("unsealing message", maj_stat, min_stat); + return(-1); + } else if (! conf_state) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + + (void) gss_release_buffer(&min_stat, &xmit_buf); + + fprintf(log, "Received message: "); + cp = msg_buf.value; + if (isprint(cp[0]) && isprint(cp[1])) + fprintf(log, "\"%s\"\n", cp); + else { + printf("\n"); + print_token(&msg_buf); + } + + /* Produce a signature block for the message */ + maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, + &msg_buf, &xmit_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("signing message", maj_stat, min_stat); + return(-1); + } + + (void) gss_release_buffer(&min_stat, &msg_buf); + + /* Send the signature block to the client */ + if (send_token(s, &xmit_buf) < 0) + return(-1); + + (void) gss_release_buffer(&min_stat, &xmit_buf); + + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + return(-1); + } + + fflush(log); + + return(0); +} + +int +main(argc, argv) + int argc; + char **argv; +{ + char *service_name; + gss_cred_id_t server_creds; + OM_uint32 min_stat; + u_short port = 4444; + int s; + int once = 0; + int do_inetd = 0; + + log = stdout; + display_file = stdout; + argc--; argv++; + while (argc) { + if (strcmp(*argv, "-port") == 0) { + argc--; argv++; + if (!argc) usage(); + port = atoi(*argv); + } else if (strcmp(*argv, "-verbose") == 0) { + verbose = 1; + } else if (strcmp(*argv, "-once") == 0) { + once = 1; + } else if (strcmp(*argv, "-inetd") == 0) { + do_inetd = 1; + } else if (strcmp(*argv, "-logfile") == 0) { + argc--; argv++; + if (!argc) usage(); + log = fopen(*argv, "a"); + display_file = log; + if (!log) { + perror(*argv); + exit(1); + } + } else + break; + argc--; argv++; + } + if (argc != 1) + usage(); + + if ((*argv)[0] == '-') + usage(); + + service_name = *argv; + + if (server_acquire_creds(service_name, &server_creds) < 0) + return -1; + + if (do_inetd) { + close(1); + close(2); + + sign_server(0, server_creds); + close(0); + } else { + int stmp; + + if (stmp = create_socket(port)) { + do { + /* Accept a TCP connection */ + if ((s = accept(stmp, NULL, 0)) < 0) { + perror("accepting connection"); + } else { + /* this return value is not checked, because there's + not really anything to do if it fails */ + sign_server(s, server_creds); + } + } while (!once); + } + + close(stmp); + } + + (void) gss_release_cred(&min_stat, &server_creds); + + /*NOTREACHED*/ + (void) close(s); + return 0; } diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 0d480b2c6..d73bf4c69 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,8 @@ +Wed Jul 10 16:40:19 1996 Marc Horowitz <marc@mit.edu> + + * cmdtab.c (cmdtab[]), cmds.c (delete_file): rename delete() to + delete_file() to avoid conflict with the dbm delete() function + Thu Mar 28 21:07:40 1996 Ken Raeburn <raeburn@cygnus.com> * cmds.c (setpeer): Define unix for HP-UX. @@ -13,7 +18,7 @@ Thu Mar 28 19:26:53 1996 Marc Horowitz <marc@mit.edu> Mon Mar 18 12:12:44 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * secure.c, ftp.c, ftp_var.h: Define STDARG if HAVE_STDARG_H is - defined (in addition to the other tests) + defined (in addition to the other tests) * configure.in: Add AC_HEADER_STDARG diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c index 396f317dd..d0dc5dda6 100644 --- a/src/appl/gssftp/ftp/cmds.c +++ b/src/appl/gssftp/ftp/cmds.c @@ -1243,7 +1243,7 @@ lcd(argc, argv) /* * Delete a single file. */ -delete(argc, argv) +delete_file(argc, argv) int argc; char *argv[]; { diff --git a/src/appl/gssftp/ftp/cmdtab.c b/src/appl/gssftp/ftp/cmdtab.c index 39d171d84..f20660cac 100644 --- a/src/appl/gssftp/ftp/cmdtab.c +++ b/src/appl/gssftp/ftp/cmdtab.c @@ -50,7 +50,7 @@ int setlevel(), setclear(), setsafe(); int setprivate(); #endif int disconnect(), restart(), reget(), syst(); -int cd(), lcd(), delete(), mdelete(), user(); +int cd(), lcd(), delete_file(), mdelete(), user(); int ls(), mls(), get(), mget(), help(), append(), put(), mput(); int quit(), renamefile(), status(); int quote(), rmthelp(), shell(), site(); @@ -154,7 +154,7 @@ struct cmd cmdtab[] = { { "clear", clearhelp, 0, 1, 1, setclear }, { "close", disconhelp, 0, 1, 1, disconnect }, { "cr", crhelp, 0, 0, 0, setcr }, - { "delete", deletehelp, 0, 1, 1, delete }, + { "delete", deletehelp, 0, 1, 1, delete_file }, { "debug", debughelp, 0, 0, 0, setdebug }, { "dir", dirhelp, 1, 1, 1, ls }, { "disconnect", disconhelp, 0, 1, 1, disconnect }, diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 798b51dbd..3f04d2cee 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,10 @@ +Wed Jul 10 16:38:01 1996 Marc Horowitz <marc@mit.edu> + + * ftpd.c (store), ftpcmd.y (STOR, APPE, STOU): rename store() to + store_file() to avoid conflict with dbm store() function + * ftpd.c (delete), ftpcmd.y (DELE): rename delete() to + delete_file() to avoid conflict with the dbm delete() function + Thu Jun 13 18:35:19 1996 Kevin L Mitchell <klmitch@mit.edu> * ftpd.c (authdata): misplaced braces caused server to not be able to diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index c891ab913..c014f35b2 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -338,14 +338,14 @@ cmd: USER SP username CRLF | STOR check_login SP pathname CRLF = { if ($2 && $4 != NULL) - store((char *) $4, "w", 0); + store_file((char *) $4, "w", 0); if ($4 != NULL) free((char *) $4); } | APPE check_login SP pathname CRLF = { if ($2 && $4 != NULL) - store((char *) $4, "a", 0); + store_file((char *) $4, "a", 0); if ($4 != NULL) free((char *) $4); } @@ -387,7 +387,7 @@ cmd: USER SP username CRLF | DELE check_login SP pathname CRLF = { if ($2 && $4 != NULL) - delete((char *) $4); + delete_file((char *) $4); if ($4 != NULL) free((char *) $4); } @@ -535,7 +535,7 @@ cmd: USER SP username CRLF | STOU check_login SP pathname CRLF = { if ($2 && $4 != NULL) - store((char *) $4, "w", 1); + store_file((char *) $4, "w", 1); if ($4 != NULL) free((char *) $4); } diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index c260325f3..0d7044271 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -923,7 +923,7 @@ done: (*closefunc)(fin); } -store(name, mode, unique) +store_file(name, mode, unique) char *name, *mode; int unique; { @@ -1549,7 +1549,7 @@ yyerror(s) reply(500, "'%s': command not understood.", cbuf); } -delete(name) +delete_file(name) char *name; { struct stat st; diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index 1c131f1ae..7da90002f 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,16 @@ +Tue Jul 9 14:59:19 1996 Marc Horowitz <marc@mit.edu> + + * Makefile.in (LOCALINCLUDES): use @KRB4_INCLUDES@ instead of an + explicit path to the in-tree krb4 headers + +Mon Jul 8 01:33:30 1996 Marc Horowitz <marc@mit.edu> + + * enc-proto.h (des_new_random_key, des_set_random_generator_seed, + des_key_sched, des_ecb_encrypt, des_string_to_key): removed these + declarations. these are kerberos/des symbols, and should not be + declared here. Two of these symbols (des_key_sched and + des_ecb_encrypt) conflict with CNS. + Fri Jun 14 19:09:48 1996 Sam Hartman <hartmans@mit.edu> * configure.in * Makefile.in (LOCALINCLUDES): Don't include KerberosIV; use whatever is appropriate for the withval @@ -15,7 +28,7 @@ Sat Apr 27 16:09:54 1996 Richard Basch <basch@lehman.com> Fri Apr 12 23:36:01 1996 Richard Basch <basch@lehman.com> * forward.c (rd_and_store_for_creds): Consistency with the - krlogind forwarded credentials cache naming scheme - krb5cc_p<pid> + krlogind forwarded credentials cache naming scheme - krb5cc_p<pid> Thu Apr 11 21:45:21 1996 Richard Basch <basch@lehman.com> diff --git a/src/appl/telnet/libtelnet/Makefile.in b/src/appl/telnet/libtelnet/Makefile.in index 02d4e757b..d3e9eb5a6 100644 --- a/src/appl/telnet/libtelnet/Makefile.in +++ b/src/appl/telnet/libtelnet/Makefile.in @@ -21,7 +21,7 @@ # AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -DKRB5 -DFORWARD \ -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN -LOCALINCLUDES=-I.. -I$(srcdir)/.. +LOCALINCLUDES=-I.. -I$(srcdir)/.. @KRB4_INCLUDES@ CFLAGS = $(CCOPTS) $(AUTH_DEF) $(DEFS) $(LOCALINCLUDES) LIBOBJS=@LIBOBJS@ diff --git a/src/appl/telnet/libtelnet/enc-proto.h b/src/appl/telnet/libtelnet/enc-proto.h index 996a4f5d0..48f91430f 100644 --- a/src/appl/telnet/libtelnet/enc-proto.h +++ b/src/appl/telnet/libtelnet/enc-proto.h @@ -117,10 +117,4 @@ int ofb64_reply P((unsigned char *, int)); void ofb64_session P((Session_Key *, int)); int ofb64_keyid P((int, unsigned char *, int *)); void ofb64_printsub P((unsigned char *, int, unsigned char *, int)); - -int des_new_random_key P((Block)); -void des_set_random_generator_seed P((Block)); -void des_key_sched P((Block, Schedule)); -void des_ecb_encrypt P((Block, Block, Schedule, int)); -int des_string_to_key P((char *, Block)); #endif /* ENCRYPTION */ |