summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/sample
diff options
context:
space:
mode:
authorTheodore Tso <tytso@mit.edu>1993-06-03 19:29:40 +0000
committerTheodore Tso <tytso@mit.edu>1993-06-03 19:29:40 +0000
commit746386f12e01102acbe5637aac6f1259c74bb552 (patch)
tree715df6527f739854dc978c588047607e1907e9e9 /src/lib/gssapi/sample
parentacbed92e113f54d33789d427e697a23a0f07ab64 (diff)
downloadkrb5-746386f12e01102acbe5637aac6f1259c74bb552.tar.gz
krb5-746386f12e01102acbe5637aac6f1259c74bb552.tar.xz
krb5-746386f12e01102acbe5637aac6f1259c74bb552.zip
Initial revision
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2611 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/sample')
-rw-r--r--src/lib/gssapi/sample/Imakefile59
-rw-r--r--src/lib/gssapi/sample/MAIL.KANNAN114
-rw-r--r--src/lib/gssapi/sample/Makefile.bak396
-rw-r--r--src/lib/gssapi/sample/gssapi.mail54
-rw-r--r--src/lib/gssapi/sample/kitest.c742
-rw-r--r--src/lib/gssapi/sample/logutil.c140
6 files changed, 1505 insertions, 0 deletions
diff --git a/src/lib/gssapi/sample/Imakefile b/src/lib/gssapi/sample/Imakefile
new file mode 100644
index 000000000..045f87eca
--- /dev/null
+++ b/src/lib/gssapi/sample/Imakefile
@@ -0,0 +1,59 @@
+# $Source$
+# $Author$
+# $Id$
+#
+# Copyright 1991 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# For copying and distribution information, please see the file
+# <krb5/copyright.h>.
+#
+
+ DEPLIBS = ../libgssapi.a $(DEPKLIB)
+LOCAL_LIBRARIES = ../libgssapi.a $(KLIB)
+ DEFINES = -DDEBUG
+
+SRCS = flogin.c fcmd.c flogind.c fsh.c fcp.c login.c logutil.c
+OBJS = flogin.o fcmd.o flogind.o fsh.o fcp.o login.o logutil.o
+
+FLOGINSRCS = flogin.c fcmd.c
+FLOGINOBJS = flogin.o fcmd.o
+
+LOGINSRCS = login.c logutil.c
+LOGINOBJS = login.o logutil.o
+
+FLOGINDSRCS = flogind.c logutil.c
+FLOGINDOBJS = flogind.o logutil.o
+
+FSHSRCS = fsh.c fcmd.c
+FSHOBJS = fsh.o fcmd.o
+
+FSHDSRCS = fshd.c
+FSHDOBJS = fshd.o
+
+FCPSRCS = fcp.c fcmd.c
+FCPOBJS = fcp.o fcmd.o
+
+all:: flogin login.gssapi flogind
+
+NormalProgramTarget(flogin,$(FLOGINOBJS),$(DEPLIBS),$(LOCAL_LIBRARIES),)
+NormalProgramTarget(login.gssapi,$(LOGINOBJS),$(DEPLIBS),$(LOCAL_LIBRARIES),)
+NormalProgramTarget(flogind,$(FLOGINDOBJS),$(DEPLIBS),$(LOCAL_LIBRARIES),)
+NormalProgramTarget(fsh,$(FSHOBJS),$(DEPLIBS),$(LOCAL_LIBRARIES),)
+NormalProgramTarget(fshd,$(FSHDOBJS),$(DEPLIBS),$(LOCAL_LIBRARIES),)
+NormalProgramTarget(fcp,$(FCPOBJS),$(DEPLIBS),$(LOCAL_LIBRARIES),)
+
+SaberProgramTarget(flogin, $(FLOGINSRCS), $(FLOGINOBJS),
+ $(DEPLIBS) $(LOCAL_LIBRARIES),)
+SaberProgramTarget(login.gssapi, $(LOGINSRCS), $(LOGINOBJS),
+ $(DEPLIBS) $(LOCAL_LIBRARIES),)
+SaberProgramTarget(flogind, $(FLOGINDSRCS), $(FLOGINDOBJS),
+ $(DEPLIBS) $(LOCAL_LIBRARIES),)
+SaberProgramTarget(fsh, $(FSHSRCS), $(FSHOBJS),
+ $(DEPLIBS) $(LOCAL_LIBRARIES),)
+SaberProgramTarget(fshd, $(FSHDSRCS), $(FSHDOBJS),
+ $(DEPLIBS) $(LOCAL_LIBRARIES),)
+SaberProgramTarget(fcp, $(FCPSRCS), $(FCPOBJS),
+ $(DEPLIBS) $(LOCAL_LIBRARIES),)
+
+DependTarget()
diff --git a/src/lib/gssapi/sample/MAIL.KANNAN b/src/lib/gssapi/sample/MAIL.KANNAN
new file mode 100644
index 000000000..0bd0f0a8c
--- /dev/null
+++ b/src/lib/gssapi/sample/MAIL.KANNAN
@@ -0,0 +1,114 @@
+Received: by E40-PO.MIT.EDU (5.45/4.7) id AA17675; Fri, 24 May 91 14:58:47 EDT
+Received: from uucp-gw-1.pa.dec.com by ATHENA.MIT.EDU with SMTP
+ id AA18573; Fri, 24 May 91 14:58:33 EDT
+Received: by uucp-gw-1.pa.dec.com; id AA01785; Fri, 24 May 91 11:56:31 -0700
+Received: by sejour.lkg.dec.com (5.57/Ultrix4.0)
+ id AA15569; Fri, 24 May 91 15:00:01 -0400
+Message-Id: <9105241900.AA15569@sejour.lkg.dec.com>
+To: tytso@ATHENA.MIT.EDU
+Cc: kannan@sejour.lkg.dec.com
+Subject: GSS API for SPX ready for testing
+Date: Fri, 24 May 91 15:00:00 EDT
+From: kannan@sejour.lkg.dec.com
+
+Ted,
+
+I have completed the initial implementation of the GSS API for the SPX
+mechanism and I've modified the flogin program to use this new
+interface. My "standard" GSS library includes the following routines:
+
+/*
+ * Offering "standard" GSS API for following mechanism(s) : SPX
+ *
+ * Supported jacket routines :
+ *
+ * gss_acquire_cred Assume a global identity
+ *
+ * gss_release_cred Discard credentials
+ *
+ * gss_init_sec_context Initiate a security context with a
+ * peer application
+ *
+ * gss_accept_sec_context Accept a security context from a
+ * peer application
+ *
+ * gss_display_status Convert an API status code to text
+ *
+ * gss_indicate_mechs Determine underlying mechanism
+ *
+ * gss_display_name Convert opaque name to text
+ *
+ * gss_import_name Convert a textual name to API-format
+ *
+ * gss_release_name Deallocate API internal name
+ *
+ * gss_release_buffer Deallocate a buffer descriptor
+ *
+ * gss_release_oid_set Deallocate a set of object identifiers
+ *
+ * Unofficial jacket routines :
+ *
+ * gss__stash_default_cred Bind credential handle as default
+ *
+ * gss__check_authorization Check authorization rights for principal
+ *
+ */
+
+As you can tell, I have two unofficial routines referred to as "gss__"
+instead of "gss_".
+
+The first, gss__stash_default_cred will set the specified credential as
+the default for a process. After calling this routine, GSS_C_NULL_CREDENTIAL
+can be used by the calling application to reference the stashed credentials.
+Note, if GSS_C_NULL_CREDENTIAL is passed to this routine, success is returned.
+
+/*
+ * WARNING: UNOFFICIAL GSSAPI ROUTINE!!
+ *
+ * gss__stash_default_cred() - Allows remote peer to bind delegated credential
+ * handle with remote application. Called by applications to set the
+ * delegated credentials as the default credentials for a process.
+ *
+ * OM_uint32 *minor_status (output) - mechanism specific status code
+ * gss_cred_id_t delegated_cred_handle (input) - handle for credentials
+ * received from context initiator.
+ *
+ */
+
+The second, gss__check_authorization is a bit more controversial. This
+routine will check access rights for a principal against an ACL file.
+I've added a few additional arguments to make this routine more robust
+so that access control decisions can be based on a per service and
+possible per resource basis.
+
+/*
+ * WARNING: UNOFFICIAL GSSAPI ROUTINE!!
+ *
+ * gss__check_authorization() - Check authorization rights for principal
+ * using the ACL file specified.
+ *
+ * OM_uint32 *minor_status (output) - mechanism specific status code
+ * gss_buffer_t fullname_buffer (input) - principal's printable name
+ * gss_buffer_t luser_buffer (input) - local user name
+ * gss_buffer_t acl_file_buffer (input) - acl file name
+ * gss_buffer_t service_buffer (input) - service name
+ * int access_mode (input) - type of access (rwx, etc.)
+ * gss_buffer_t resource_buffer (input) - resource name
+ *
+ */
+
+I've also defined 3 unofficial constants to describe the access modes.
+
+#define GSS_C_READ (1 << 0)
+#define GSS_C_WRITE (1 << 1)
+#define GSS_C_EXECUTE (1 << 2)
+
+You look at the application source code to see how these routines are
+being used. The next message will contain the following files:
+
+ - Makefile, flogin.c fcmd.c flogind.c login.c
+
+Talk to you later.
+
+ -kannan
+
diff --git a/src/lib/gssapi/sample/Makefile.bak b/src/lib/gssapi/sample/Makefile.bak
new file mode 100644
index 000000000..3dd42fbb1
--- /dev/null
+++ b/src/lib/gssapi/sample/Makefile.bak
@@ -0,0 +1,396 @@
+# Makefile generated by imake - do not edit!
+# $XConsortium: imake.c,v 1.51 89/12/12 12:37:30 jim Exp $
+
+# $Source$
+# $Author$
+# $Id$
+#
+
+###########################################################################
+# Makefile generated from "Imake.tmpl" and </tmp/IIf.002934>
+# $XConsortium: Imake.tmpl,v 1.77 89/12/18 17:01:37 jim Exp $
+#
+# Platform-specific parameters may be set in the appropriate .cf
+# configuration files. Site-wide parameters may be set in the file
+# site.def. Full rebuilds are recommended if any parameters are changed.
+#
+# If your C preprocessor doesn't define any unique symbols, you'll need
+# to set BOOTSTRAPCFLAGS when rebuilding imake (usually when doing
+# "make Makefile", "make Makefiles", or "make World").
+#
+# If you absolutely can't get imake to work, you'll need to set the
+# variables at the top of each Makefile as well as the dependencies at the
+# bottom (makedepend will do this automatically).
+#
+
+###########################################################################
+# platform-specific configuration parameters - edit vaxbsd.cf to change
+
+# $Source$
+# $Author$
+# $Id$
+#
+
+###########################################################################
+# site-specific configuration parameters - edit site.def to change
+
+# $Source$
+# $Author$
+# $Id$
+#
+
+# site: $XConsortium: site.def,v 1.21 89/12/06 11:46:50 jim Exp $
+
+ SHELL = /bin/sh
+
+ TOP = ../../../.
+ CURRENT_DIR = ./lib/gssapi/sample
+
+ AR = ar cq
+ BOOTSTRAPCFLAGS =
+ CC = gcc -fstrength-reduce -fpcc-struct-return -pedantic -ansi -Wall -Dunix -Dvax
+
+ COMPRESS = compress
+ CPP = /lib/cpp $(STD_CPP_DEFINES)
+ PREPROCESSCMD = gcc -fstrength-reduce -fpcc-struct-return -pedantic -ansi -Wall -Dunix -Dvax -E $(STD_CPP_DEFINES)
+ INSTALL = install
+ LD = ld
+ LDLOCATIONS =
+ LINT = lint
+ LINTLIBFLAG = -C
+ LINTOPTS = -axz
+ LN = ln -s
+ MAKE = make
+ MV = mv
+ CP = cp
+ RANLIB = ranlib
+ RANLIBINSTFLAGS =
+ RM = rm -f
+ STD_INCLUDES =
+ STD_CPP_DEFINES =
+ STD_DEFINES =
+ SABER_DEFINES = -I/mit/gnu/vaxlib/gcc-include -Dconst=
+ EXTRA_LOAD_FLAGS = -Z
+ EXTRA_LIBRARIES =
+ TAGS = ctags
+ ETAGS = etags
+STDC_TOP_INCLUDES = -I$(TOP)/include/stdc-incl
+
+ SIGNAL_DEFINES = -DSIGNALRETURNSINT
+
+ INSTPGMFLAGS = -s
+
+ INSTSCRFLAGS =
+ INSTBINFLAGS = -m 0755
+ INSTUIDFLAGS = -o root -m 4755
+ INSTLIBFLAGS = -m 0664
+ INSTINCFLAGS = -m 0444
+ INSTMANFLAGS = -m 0444
+ INSTDATFLAGS = -m 0444
+ INSTKMEMFLAGS = -o root -m 4755
+
+ DESTDIR =
+
+ TOP_INCLUDES = -I$(TOP)
+
+ CDEBUGFLAGS = -O
+ CCOPTIONS =
+ COMPATFLAGS =
+
+ ALLINCLUDES = $(INCLUDES) $(STD_INCLUDES) $(TOP_INCLUDES) $(EXTRA_INCLUDES)
+ ALLDEFINES = $(ALLINCLUDES) $(STD_DEFINES) $(PROTO_DEFINES) $(DEFINES) $(COMPATFLAGS)
+ CFLAGS = $(CDEBUGFLAGS) $(CCOPTIONS) $(ALLDEFINES)
+ LINTFLAGS = $(LINTOPTS) -DLINT $(ALLDEFINES)
+ LDLIBS = $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+ LDOPTIONS = $(CDEBUGFLAGS) $(CCOPTIONS) $(LDLOCATIONS)
+ LDCOMBINEFLAGS = -X -r
+ MDFLAGS = -D__STDC__ -I/mit/gnu/vaxlib/gcc-include
+
+ MACROFILE = vaxbsd.cf
+ RM_CMD = $(RM) *.CKP *.ln *.BAK *.bak *.o core errs ,* *~ *.a .emacs_* tags TAGS make.log MakeOut
+
+ IMAKE_DEFINES =
+
+ IRULESRC = $(CONFIGSRC)
+
+ IMAKE_CMD = $(IMAKE) -I$(NEWTOP)$(IRULESRC) $(IMAKE_DEFINES)
+
+ ICONFIGFILES = $(IRULESRC)/Imake.tmpl $(IRULESRC)/Imake.rules \
+ $(IRULESRC)/Project.tmpl $(IRULESRC)/site.def \
+ $(IRULESRC)/$(MACROFILE) $(EXTRA_ICONFIGFILES)
+
+# Kerberos version 5 Build Parameters
+#
+# $Source$
+# $Author$
+# $Id$
+
+P_TERMIOS=-UHasPosixTermiosTrue
+
+P_FLOCKS=-UHasPosixFileLocksTrue
+
+P_TYPES=-UHasPosixTypesTrue
+
+P_SIGTYPE=-UHasVoidSignalReturnTrue
+
+P_STRINGH=-DHasStringHTrue
+
+P_BITSIZE=-DBitsize32 -UBitsize16 -UBitsize64
+
+P_DBM=-DHasNdbmTrue
+
+P_INET=-DHasInetTrue
+
+P_STDLIBH=-UHasStdlibHTrue -UForceStdlibH
+
+P_TIME_DEFS=-DUseSysTimeH -UUseTimeH
+
+P_PROTOS=-UProvidePrototypes
+
+P_NPROTO=-UUseNarrowPrototypes
+
+P_STDARG=-UUseStdarg
+
+ ARADD = ar cruv
+ TOP_INCLUDES = -I$(TOP)/include $(STDC_TOP_INCLUDES)
+ CONFIGSRC = $(TOP)/config
+ ISODE = /mit/isode/isode-6.8
+ PSYFLAGS = -f -h0 -a -s
+ PEPSY = $(ISODE)/@sys/bin/pepsy
+ TOUCH = touch
+ IMAKE = imake
+ DEPEND = makedepend
+ UNIFDEF = unifdef
+ HESDEFS = -DHESIOD
+ HESLIBS = -lhesiod
+
+ PROCESS_DEFINES = $(P_TERMIOS) $(P_FLOCKS) $(P_TYPES) $(P_SIGTYPE) $(P_STRINGH) $(P_BITSIZE) $(P_DBM) $(P_INET) $(P_STDLIBH) $(P_TIME_DEFS) $(P_PROTOS) $(P_NPROTO) $(P_STDARG) -DUnifdefRan
+ DESDEFINES = -DBIG -DLSBFIRST
+ TOPLIBD = $(TOP)/lib
+ OSLIB = os
+ OSDEPLIB = $(TOPLIBD)/libos.a
+ DESLIB = des5
+ DESDEPLIB = $(TOPLIBD)/libdes5.a
+ RSAMD4LIB = md4
+ RSAMD4DEPLIB = $(TOPLIBD)/libmd4.a
+ KRB5LIB = krb5
+ KRB5DEPLIB = $(TOPLIBD)/libkrb5.a
+ CRCLIB = crc32
+ CRCDEPLIB = $(TOPLIBD)/libcrc32.a
+ ISODELIB = -L/mit/isode/isode-6.8/@sys/lib -lisode
+
+ DBMLIB =
+ DEPKLIB = $(KRB5DEPLIB) $(DESDEPLIB) $(OSDEPLIB)
+ KLIBLOC = -L$(TOPLIBD)
+ KLIB = $(KLIBLOC) -l$(KRB5LIB) -l$(DESLIB) -l$(OSLIB) $(ISODELIB) $(COMERRLIB) $(DBMLIB)
+ KDBDEPLIB = $(TOPLIBD)/libkdb.a
+ KDBLIB = $(KLIBLOC) -lkdb
+ KRB425DEPLIB = $(TOPLIBD)/libkrb425.a
+ KRB425LIB = krb425
+ DES425DEPLIB = $(TOPLIBD)/libdes425.a
+ DES425LIB = des425
+ KRB4LIB = -lkrb $(KLIBLOC) -l$(DES425LIB)
+ KRB4INCLUDES = -I$(TOP)/include/kerberosIV
+ KRB4DEPLIB = $(DES425DEPLIB)
+
+ SSLIB = -lss
+ MK_CMDS = mk_cmds
+ COMERRLIB = -lcom_err
+ COMPILE_ET = compile_et
+
+ ADMIN_BINDIR = /krb5/admin
+ ADMIN_MANSUFFIX = 8
+ ADMIN_MANDIR = /krb5/man/man8
+ SERVER_BINDIR = /krb5/sbin
+ SERVER_MANSUFFIX = 8
+ SERVER_MANDIR = /krb5/man/man8
+ CLIENT_BINDIR = /krb5/bin
+ CLIENT_MANSUFFIX = 1
+ CLIENT_MANDIR = /krb5/man/man1
+
+# $Source$
+# $Author$
+# $Id$
+#
+
+###########################################################################
+# Imake rules for building libraries, programs, scripts, and data files
+# rules: $XConsortium: Imake.rules,v 1.67 89/12/18 17:14:15 jim Exp $
+
+###########################################################################
+# start of Imakefile
+
+# $Source$
+# $Author$
+# $Id$
+#
+# Copyright 1991 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# For copying and distribution information, please see the file
+# <krb5/copyright.h>.
+#
+
+ DEPLIBS = $(DEPKLIB) ../libgssapi.a
+LOCAL_LIBRARIES = $(KLIB) ../libgssapi.a
+ DEFINES = -DDEBUG
+
+SRCS = flogin.c fcmd.c flogind.c fsh.c fcp.c login.c logutil.c
+OBJS = flogin.o fcmd.o flogind.o fsh.o fcp.o login.o logutil.o
+
+FLOGINSRCS = flogin.c fcmd.c
+FLOGINOBJS = flogin.o fcmd.o
+
+LOGINSRCS = login.c logutil.c
+LOGINOBJS = login.o logutil.o
+
+FLOGINDSRCS = flogind.c logutil.c
+FLOGINDOBJS = flogind.o logutil.o
+
+FSHSRCS = fsh.c fcmd.c
+FSHOBJS = fsh.o fcmd.o
+
+FSHDSRCS = fshd.c
+FSHDOBJS = fshd.o
+
+FCPSRCS = fcp.c fcmd.c
+FCPOBJS = fcp.o fcmd.o
+
+all:: flogin login.gssapi flogind
+
+flogin: $(FLOGINOBJS) $(DEPLIBS)
+ $(RM) $@
+ $(CC) -o $@ $(FLOGINOBJS) $(LDOPTIONS) $(LOCAL_LIBRARIES) $(LDLIBS) $(EXTRA_LOAD_FLAGS)
+
+clean::
+ $(RM) flogin
+
+login.gssapi: $(LOGINOBJS) $(DEPLIBS)
+ $(RM) $@
+ $(CC) -o $@ $(LOGINOBJS) $(LDOPTIONS) $(LOCAL_LIBRARIES) $(LDLIBS) $(EXTRA_LOAD_FLAGS)
+
+clean::
+ $(RM) login.gssapi
+
+flogind: $(FLOGINDOBJS) $(DEPLIBS)
+ $(RM) $@
+ $(CC) -o $@ $(FLOGINDOBJS) $(LDOPTIONS) $(LOCAL_LIBRARIES) $(LDLIBS) $(EXTRA_LOAD_FLAGS)
+
+clean::
+ $(RM) flogind
+
+fsh: $(FSHOBJS) $(DEPLIBS)
+ $(RM) $@
+ $(CC) -o $@ $(FSHOBJS) $(LDOPTIONS) $(LOCAL_LIBRARIES) $(LDLIBS) $(EXTRA_LOAD_FLAGS)
+
+clean::
+ $(RM) fsh
+
+fshd: $(FSHDOBJS) $(DEPLIBS)
+ $(RM) $@
+ $(CC) -o $@ $(FSHDOBJS) $(LDOPTIONS) $(LOCAL_LIBRARIES) $(LDLIBS) $(EXTRA_LOAD_FLAGS)
+
+clean::
+ $(RM) fshd
+
+fcp: $(FCPOBJS) $(DEPLIBS)
+ $(RM) $@
+ $(CC) -o $@ $(FCPOBJS) $(LDOPTIONS) $(LOCAL_LIBRARIES) $(LDLIBS) $(EXTRA_LOAD_FLAGS)
+
+clean::
+ $(RM) fcp
+
+saber_flogin:
+ #load $(ALLDEFINES) $(FLOGINSRCS) $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+osaber_flogin:
+ #load $(ALLDEFINES) $(FLOGINOBJS)
+ $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+saber_login.gssapi:
+ #load $(ALLDEFINES) $(LOGINSRCS) $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+osaber_login.gssapi:
+ #load $(ALLDEFINES) $(LOGINOBJS)
+ $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+saber_flogind:
+ #load $(ALLDEFINES) $(FLOGINDSRCS) $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+osaber_flogind:
+ #load $(ALLDEFINES) $(FLOGINDOBJS)
+ $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+saber_fsh:
+ #load $(ALLDEFINES) $(FSHSRCS) $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+osaber_fsh:
+ #load $(ALLDEFINES) $(FSHOBJS)
+ $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+saber_fshd:
+ #load $(ALLDEFINES) $(FSHDSRCS) $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+osaber_fshd:
+ #load $(ALLDEFINES) $(FSHDOBJS)
+ $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+saber_fcp:
+ #load $(ALLDEFINES) $(FCPSRCS) $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+osaber_fcp:
+ #load $(ALLDEFINES) $(FCPOBJS)
+ $(DEPLIBS) $(LOCAL_LIBRARIES) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+
+SRCS=$(SERVERSRCS) $(CLIENTSRCS)
+
+depend::
+ $(DEPEND) -s "# DO NOT DELETE" -- $(ALLDEFINES) $(MDFLAGS) -- $(SRCS)
+
+###########################################################################
+# common rules for all Makefiles - do not edit
+
+emptyrule::
+
+clean::
+ $(RM_CMD) \#*
+
+Makefile:: Imakefile
+ $(IMAKE_CMD) -DTOPDIR=$(TOP) -DCURDIR=$(CURRENT_DIR) -s Makefile.new
+ $(MAKE) -f Makefile.new noop
+ -@if [ -f Makefile ]; then \
+ echo "$(RM) Makefile.bak; $(MV) Makefile Makefile.bak"; \
+ $(RM) Makefile.bak; $(MV) Makefile Makefile.bak; \
+ fi
+ $(MV) Makefile.new Makefile
+
+noop::
+
+tags::
+ $(TAGS) -w *.[ch]
+ $(ETAGS) *.[ch]
+
+saber:
+ #load $(ALLDEFINES) $(SABER_DEFINES) $(SRCS)
+ #setopt load_flags $(ALLDEFINES) $(SABER_DEFINES)
+
+osaber:
+ #load $(ALLDEFINES) $(OBJS)
+
+###########################################################################
+# empty rules for directories that do not have SUBDIRS - do not edit
+
+install::
+ @echo "install in $(CURRENT_DIR) done"
+
+install.man::
+ @echo "install.man in $(CURRENT_DIR) done"
+
+Makefiles::
+
+includes::
+
+###########################################################################
+# dependencies generated by makedepend
+
+# DO NOT DELETE
diff --git a/src/lib/gssapi/sample/gssapi.mail b/src/lib/gssapi/sample/gssapi.mail
new file mode 100644
index 000000000..fce920904
--- /dev/null
+++ b/src/lib/gssapi/sample/gssapi.mail
@@ -0,0 +1,54 @@
+BABYL OPTIONS:
+Version: 5
+Labels:
+Note: This is the header of an rmail file.
+Note: If you are seeing it in rmail,
+Note: it means the file has no messages in it.
+
+1,,
+Received: by E40-PO.MIT.EDU (5.45/4.7) id AA21631; Fri, 31 May 91 18:18:51 EDT
+Received: from uucp-gw-1.pa.dec.com by ATHENA.MIT.EDU with SMTP
+ id AA27178; Fri, 31 May 91 18:16:24 EDT
+Received: by uucp-gw-1.pa.dec.com; id AA17698; Fri, 31 May 91 10:48:08 -0700
+Received: by sejour.lkg.dec.com (5.57/Ultrix4.0)
+ id AA11377; Fri, 31 May 91 13:51:46 -0400
+Message-Id: <9105311751.AA11377@sejour.lkg.dec.com>
+To: tytso@ATHENA.MIT.EDU
+Cc: kannan@sejour.lkg.dec.com
+Subject: Re: testing GSS API
+In-Reply-To: Your message of Thu, 30 May 91 18:25:28 -0400.
+ <9105302225.AA24140@tsx-11.MIT.EDU>
+Date: Fri, 31 May 91 13:51:44 EDT
+From: kannan@sejour.lkg.dec.com
+
+*** EOOH ***
+To: tytso@ATHENA.MIT.EDU
+Cc: kannan@sejour.lkg.dec.com
+Subject: Re: testing GSS API
+In-Reply-To: Your message of Thu, 30 May 91 18:25:28 -0400.
+ <9105302225.AA24140@tsx-11.MIT.EDU>
+Date: Fri, 31 May 91 13:51:44 EDT
+From: kannan@sejour.lkg.dec.com
+
+Here is the new rlogin code. BTW, it is also being distributed with
+the SPX v2.1 kit.
+
+I'm sending you the following files:
+
+ Makefile, flogin.c, flogind.c, and login.c
+
+> The real test is whether or not the application runs.
+
+I agree. Does this mean that you will implement the "unofficial" GSS API
+routines used in the flogin code?
+
+ -kannan
+
+========== Makefile ======================
+
+===================== flogin.c ========================
+
+===================== flogind.c ================
+
+===================== login.c ======================
+ \ No newline at end of file
diff --git a/src/lib/gssapi/sample/kitest.c b/src/lib/gssapi/sample/kitest.c
new file mode 100644
index 000000000..0ec048ce1
--- /dev/null
+++ b/src/lib/gssapi/sample/kitest.c
@@ -0,0 +1,742 @@
+/* KITEST-MASTER.C */
+/* */
+/* Program to build GSSAPI-compliant Kerberos authentication packets, using */
+/* the Kerberos V5 (Beta 2) GSSAPI implementation, and attempt to */
+/* authenticate to a DCE/GSSAPI implementation. */
+/* */
+/* Since both GSSAPI implementations share the same routine names, two */
+/* executables are built by linking against either the DCE/GSSAPI or the */
+/* Kerberos V5 GSSAPI library. This file is compiled with the preprocessor */
+/* name KERBEROS defined if it is to invoke the Kerberos API, and with DCE */
+/* defined if it is to link against the DCE/GSSAPI. */
+/* */
+/* Invocation should specify two parameters - */
+/* 1) Name of initiating principal */
+/* 2) Name of accepting principal */
+/* */
+/* A flag '-S' is used to specify the name of the file that process will */
+/* activate as a slave. */
+/* */
+/* So to test, for example, Kerberos against Kerberos, and assuming that */
+/* the executable is called kitest-krb, you'd set up a Kerberos credential */
+/* for <client-name> using kinit, and arrange for a server Kerberos */
+/* credential for <server-name> to be available in a keytable, and issue */
+/* the command: */
+/* kitest-krb -S kitest-krb <client-name> <server-name> */
+/* */
+/* The original process becomes the context initiator, while the spawned */
+/* subprocess (running the executable specified after the -S flag) is */
+/* expected to act as the context acceptor. */
+
+#if defined(KERBEROS) && defined(DCE)
+#error "Both KERBEROS and DCE specified"
+#endif
+
+#if !defined(KERBEROS) && !defined(DCE)
+#error "Neither KERBEROS nor DCE defined"
+#endif
+
+/* You need to create links from krb-gssapi.h to the Kerberos gssapi.h, and */
+/* from dce-gssapi.h to the DCE gssapi.h. */
+#ifdef KERBEROS
+#include "krb-gssapi.h"
+#endif
+
+#ifdef DCE
+#include "dce-gssapi.h"
+#endif
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <netdb.h>
+
+#ifndef GSS_ERROR
+#define GSS_ERROR(x) (x & 0xffff0000)
+/* The Kerberos gssapi.h doesn't define this macro. */
+#endif
+
+#define DOWN_CHANNEL 3
+/* Don't understand why stdin doesn't work here, but channel 3 seems to */
+/* work fine. */
+
+#define INITIAL_CHILD_MESSAGES 7
+
+extern int errno;
+
+int master = 0;
+int inpipe[2];
+int outpipe[2];
+int errpipe[2];
+
+gss_name_t source_internal_name;
+gss_name_t target_internal_name;
+gss_name_t source_authenticated_name;
+gss_buffer_desc source_name_buffer;
+gss_buffer_desc target_name_buffer;
+
+gss_cred_id_t my_cred_handle;
+gss_cred_id_t delegated_cred_handle;
+gss_ctx_id_t my_ctx_handle;
+gss_OID_set actual_cred_mech_set;
+gss_OID actual_ctx_mech_type;
+OM_uint32 actual_cred_time_rec;
+OM_uint32 actual_ctx_time_rec;
+gss_buffer_desc token_to_send;
+gss_buffer_desc token_received;
+int actual_ret_flags;
+struct gss_channel_bindings_struct my_channel_bindings;
+
+char source_name[512];
+char target_name[512];
+
+char my_host_name[50];
+char my_internet_address[4];
+struct hostent * my_hostent;
+
+unsigned char received_token_buffer[2048];
+unsigned received_length;
+
+OM_uint32 major_status;
+OM_uint32 kept_status;
+OM_uint32 minor_status;
+
+int subprocess_pid = 0;
+
+char line_buffer[128];
+int chars_read;
+
+void indicate_data(void) {
+ fprintf(stderr, "\a\n");
+ fflush(stderr);
+}
+
+void send_data(void * ptr, unsigned length) {
+ unsigned char length_buf[2];
+ unsigned char * char_ptr;
+ int data_sent;
+
+ char_ptr = (unsigned char *)ptr;
+
+ length_buf[0] = length & 0xff;
+ length_buf[1] = (length & 0xff00) >> 8;
+
+ if (master) {
+/* Data is sent via inpipe. */
+ errno = 0;
+ if ((data_sent = write(inpipe[1], length_buf, 2)) != 2) {
+ fprintf(stderr,
+ "Write of length sent %d bytes, expected 2\n",
+ data_sent);
+ fflush(stderr);
+ if (data_sent == -1) {
+ fprintf(stderr,
+ "Errno: %d\n",
+ errno);
+ fflush(stderr);
+ };
+ };
+ errno = 0;
+ if ((data_sent =write(inpipe[1], ptr, length)) != length) {
+ fprintf(stderr,
+ "Write of length sent %d bytes, expected 2\n",
+ data_sent);
+ fflush(stderr);
+ if (data_sent == -1) {
+ fprintf(stderr,
+ "Errno: %d\n",
+ errno);
+ fflush(stderr);
+ };
+ };
+ fprintf(stderr, "Sending data (length = %d):\n", length);
+ fprintf(stderr, " %2.2X %2.2X %2.2X %2.2X %2.2X...\n",
+ char_ptr[0], char_ptr[1], char_ptr[2],
+ char_ptr[3], char_ptr[4]);
+ } else {
+/* Data is sent via stdout, and a data indication on stderr. */
+ fwrite(length_buf, 2, 1, stdout);
+ fwrite(ptr, length, 1, stdout);
+ fflush(stdout);
+ indicate_data();
+ };
+}
+
+void receive_data(void * ptr, unsigned * length) {
+ unsigned char length_buf[2];
+ unsigned char * char_ptr;
+ int data_read;
+
+ char_ptr = (unsigned char *)ptr;
+
+ if (master) {
+/* Data is received via outpipe. A data indication is assumed to have been */
+/* received on errpipe, otherwise this routine will hang. */
+ read(outpipe[0], length_buf, 2);
+ *length = length_buf[0] | (length_buf[1]<<8);
+ read(outpipe[0], ptr, *length);
+ } else {
+/* Data is received on fd3 */
+ errno = 0;
+ if ((data_read = read(DOWN_CHANNEL, length_buf, 2)) != 2) {
+ fprintf(stderr,
+ "Error: received %d bytes for length, expecting 2\n",
+ data_read);
+ fflush(stderr);
+ if (data_read == -1) {
+ fprintf(stderr, "errno: %d\n", errno);
+ fflush(stderr);
+ };
+ };
+
+ *length = length_buf[0] | (length_buf[1]<<8);
+
+ errno = 0;
+ if ((data_read = read(DOWN_CHANNEL, ptr, *length)) != *length) {
+ fprintf(stderr,
+ "Error: received %d bytes for data, expecting %d\n",
+ data_read, *length);
+ fflush(stderr);
+ if (data_read == -1) {
+ fprintf(stderr, "errno: %d\n", errno);
+ fflush(stderr);
+ };
+ };
+
+ fprintf(stderr, "Received data (length = %d):\n", *length);
+ fprintf(stderr, " %2.2X %2.2X %2.2X %2.2X %2.2X...\n",
+ char_ptr[0], char_ptr[1], char_ptr[2],
+ char_ptr[3], char_ptr[4]);
+
+ };
+}
+
+int read_subproc_line(char * ptr, unsigned buf_length) {
+/* Returns length of data read, or zero if binary data waiting. */
+ int bytes_read = 0;
+ int finished = 0;
+ if (!master) {
+ fprintf(stderr, "Error: Child called read_subproc_data\n");
+ fflush(stderr);
+ exit(2);
+ } else {
+ while (!finished) {
+ read(errpipe[0], &ptr[bytes_read], 1);
+ if (ptr[bytes_read] == '\n') finished = 1;
+ if (bytes_read >= buf_length) finished = 1;
+ bytes_read ++;
+ };
+ if (bytes_read == 2 && ptr[0] == '\a') return 0;
+ else return bytes_read;
+ };
+}
+
+void display_error(char * where, OM_uint32 maj_stat, OM_uint32 min_stat) {
+ int context = 0;
+ OM_uint32 major_status, minor_status;
+ gss_buffer_desc message_buffer;
+
+ fprintf(stderr, "Error: %s\n", where);
+ fprintf(stderr, "Major status (%d) (min = %d):\n", maj_stat, min_stat);
+ fflush(stderr);
+ do {
+ message_buffer.length = 0;
+ message_buffer.value = NULL;
+ major_status = gss_display_status(&minor_status,
+ maj_stat,
+ GSS_C_GSS_CODE,
+ GSS_C_NULL_OID,
+ &context,
+ &message_buffer);
+ fprintf(stderr,
+ " message_buffer.length = %u, message_buffer.value = %p\n",
+ message_buffer.length, message_buffer.value);
+ fflush(stderr);
+ if (message_buffer.length = 0) {
+ fprintf(stderr,
+ " %.*s\n",
+ message_buffer.length,
+ message_buffer.value);
+ major_status = gss_release_buffer(&minor_status, &message_buffer);
+ } else {
+ fprintf(stderr, "-- no message --\n");
+ /* If we've been asked to translate an invalid status code */
+ };
+ fflush(stderr);
+
+ } while (context != 0);
+ fprintf(stderr, "Minor status:\n");
+ fflush(stderr);
+ major_status = gss_display_status(&minor_status,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NULL_OID,
+ &context,
+ &message_buffer);
+ fprintf(stderr,
+ " %.*s\n",
+ message_buffer.length,
+ message_buffer.value);
+ fflush(stderr);
+
+ major_status = gss_release_buffer(&minor_status, &message_buffer);
+
+}
+
+void import_names(void) {
+
+ source_name_buffer.value = (void *)&source_name[0];
+ source_name_buffer.length = strlen(source_name);
+
+ major_status = gss_import_name(&minor_status,
+ &source_name_buffer,
+ GSS_C_NULL_OID,
+ &source_internal_name);
+
+ if (major_status != GSS_S_COMPLETE)
+ display_error("Importing source principal", major_status, minor_status);
+
+ target_name_buffer.value = (void *)&target_name[0];
+ target_name_buffer.length = strlen(target_name);
+
+ major_status = gss_import_name(&minor_status,
+ &target_name_buffer,
+ GSS_C_NULL_OID,
+ &target_internal_name);
+
+ if (major_status != GSS_S_COMPLETE)
+ display_error("Importing target principal", major_status, minor_status);
+
+}
+
+
+void alarm_handler(int sig) {
+ fprintf(stderr, "SIGALRM received, terminating subprocess\n");
+ fflush(stderr);
+ kill(subprocess_pid, SIGTERM);
+ exit(0);
+}
+
+
+void flush_subprocess_message_queue_and_exit(void) {
+
+ signal(SIGALRM, alarm_handler);
+ alarm(10);
+
+ do {
+ chars_read = read_subproc_line(line_buffer,
+ sizeof(line_buffer));
+ if (chars_read == 0) {
+ fprintf(stderr,
+ "Unexpected binary data received from child\n");
+ fflush(stderr);
+ receive_data(received_token_buffer,
+ &received_length);
+ } else {
+ fprintf(stderr,"CHILD> %.*s", chars_read, line_buffer);
+ };
+ fflush(stderr);
+ } while (1);
+}
+
+void sigpipe_handler(int sig) {
+ fprintf(stderr, "SIGPIPE received, flushing subprocess message queue\n");
+ fflush(stderr);
+ flush_subprocess_message_queue_and_exit();
+}
+
+int main(int argc, char *argv[]) {
+
+ int c;
+ int errflg = 0;
+ char * image_name;
+ int pid;
+
+ int i;
+
+ extern int optind, opterr;
+ extern char * optarg;
+
+ int blocking;
+
+ while ((c = getopt(argc, argv, "S:")) != EOF) {
+ switch (c) {
+ case 'S' : master = 1;
+ image_name = optarg;
+ break;
+ case '?' : errflg++;
+ break;
+ };
+ };
+
+ if (optind < argc) {
+ strncpy(source_name, argv[optind++], sizeof(source_name)-1);
+ } else {
+ fprintf(stderr, "Error: Source name (prin-1) missing\n");
+ errflg++;
+ };
+
+ if (optind < argc) {
+ strncpy(target_name, argv[optind++], sizeof(source_name)-1);
+ } else {
+ fprintf(stderr, "Error: Target name (prin-2) missing\n");
+ errflg++;
+ };
+
+ if (optind < argc) {
+ fprintf(stderr, "Error: too many parameters\n");
+ errflg++;
+ };
+
+ if (errflg) {
+ fprintf(stderr, "Usage: %s -S <subprocess> <princ-1> <princ-2>\n", argv[0]);
+ exit(2);
+ };
+
+ gethostname(my_host_name, sizeof(my_host_name));
+ my_hostent = gethostbyname(my_host_name);
+ memcpy(&my_internet_address, my_hostent->h_addr_list[0], 4);
+
+ fprintf(stderr,"Host: '%s', %u.%u.%u.%u\n",
+ my_host_name,
+ my_internet_address[0],
+ my_internet_address[1],
+ my_internet_address[2],
+ my_internet_address[3]);
+
+ my_channel_bindings.initiator_addrtype = GSS_C_AF_INET;
+ my_channel_bindings.initiator_address.length = 4;
+ my_channel_bindings.initiator_address.value = my_internet_address;
+
+ my_channel_bindings.acceptor_addrtype = GSS_C_AF_INET;
+ my_channel_bindings.acceptor_address.length = 4;
+ my_channel_bindings.acceptor_address.value = my_internet_address;
+
+ my_channel_bindings.application_data.length = 0;
+ my_channel_bindings.application_data.value = NULL;
+
+ my_ctx_handle = GSS_C_NO_CONTEXT;
+
+ if (!master) {
+
+/* Subprocess. */
+
+ fprintf(stderr, "Importing names\n");
+ fflush(stderr);
+
+ import_names();
+
+ fprintf(stderr, "Calling acquire_cred\n");
+ fflush(stderr);
+
+ major_status = gss_acquire_cred(&minor_status,
+ target_internal_name,
+ 60 * 60 * 24,
+ GSS_C_NULL_OID_SET,
+ GSS_C_ACCEPT,
+ &my_cred_handle,
+ &actual_cred_mech_set,
+ &actual_cred_time_rec);
+
+ if (major_status != GSS_S_COMPLETE) {
+ display_error("Acquiring ACCEPT credential for target principal",
+ major_status, minor_status);
+ while (1) ;
+ };
+
+ fprintf(stderr, "Returned from acquire_cred, waiting for token from parent\n");
+ fflush(stderr);
+
+ do {
+
+ receive_data(received_token_buffer,
+ &received_length);
+ token_received.value = (void *)received_token_buffer;
+ token_received.length = received_length;
+
+ fprintf(stderr, "Got token, calling accept_sec_context\n");
+ fflush(stderr);
+
+ major_status = gss_accept_sec_context(&minor_status,
+ &my_ctx_handle,
+ my_cred_handle,
+ &token_received,
+ &my_channel_bindings,
+ &source_authenticated_name,
+ &actual_ctx_mech_type,
+ &token_to_send,
+ &actual_ret_flags,
+ &actual_ctx_time_rec,
+ &delegated_cred_handle);
+ kept_status = major_status;
+
+ if (GSS_ERROR(major_status)) {
+ display_error("ACCEPT_SEC_CONTEXT",
+ major_status, minor_status);
+ while (1) ;
+ };
+
+ if (token_to_send.length != 0) {
+ send_data(token_to_send.value, token_to_send.length);
+ major_status = gss_release_buffer(&minor_status,
+ &token_to_send);
+ };
+
+ if (kept_status & GSS_S_CONTINUE_NEEDED) {
+ receive_data(received_token_buffer,
+ &received_length);
+ token_received.value = (void *)received_token_buffer;
+ token_received.length = received_length;
+ };
+
+ } while (kept_status & GSS_S_CONTINUE_NEEDED);
+
+ if (!GSS_ERROR(kept_status)) {
+ fprintf(stderr, "Authenticated context established\n");
+ } else {
+ fprintf(stderr, "Context not established\n");
+ };
+ fflush(stderr);
+ while (1) ;
+ } else {
+/* We need to create three pipes - inpipe, outpipe and errpipe, to which */
+/* the subprocess will connect its fd3, stdout and stderr channels. */
+
+ if (pipe(inpipe) < 0) {
+ fprintf(stderr, "Error: Can't make inpipe\n");
+ exit(2);
+ };
+ if (pipe(outpipe) < 0) {
+ fprintf(stderr, "Error: Can't make outpipe\n");
+ exit(2);
+ };
+ if (pipe(errpipe) < 0) {
+ fprintf(stderr, "Error: Can't make errpipe\n");
+ exit(2);
+ };
+
+ if ((subprocess_pid = fork()) == 0) {
+/* This is the slave subprocess in a two-process chain. Connect inpipe, */
+/* outpipe and errpipe to fd3, stderr and stdout, and then exec the slave */
+/* image. */
+ fprintf(stderr, "CHILD: forked, closing pipes\n");
+ fflush(stderr);
+
+ close(inpipe[1]); /* Close write end of inpipe */
+ close(outpipe[0]); /* Close read end of outpipe */
+ close(errpipe[0]); /* Close read end of errpipe */
+
+
+ write (errpipe[1],
+ "Child process forked (write to errpipe[1])\n",
+ strlen("Child process forked (write to errpipe[1])\n")
+ );
+
+ if (dup2(inpipe[0], DOWN_CHANNEL) == -1) {
+ fprintf(stderr, "CHILD: Can't dup2 inpipe[0]\n");
+ fflush(stderr);
+ };
+ /* Attach inpipe to fd3 */
+ if (dup2(outpipe[1], 1) == -1) {
+ fprintf(stderr, "CHILD: Can't dup2 outpipe[1]\n");
+ fflush(stderr);
+ };
+ /* Attach outpipe to stdout */
+ if (dup2(errpipe[1], 2) == -1) {
+ fprintf(stderr, "CHILD: Can't dup2 errpipe[1]\n");
+ fflush(stderr);
+ };
+ /* Attach errpipe to stderr */
+
+ write (2,
+ "Child process forked (write to fd2)\n",
+ strlen("Child process forked (write to fd2)\n")
+ );
+
+ fprintf(stderr, "Execing %s\n", image_name);
+ fflush(stderr);
+
+ execl(image_name, image_name, source_name, target_name, (char *)0);
+
+ fprintf(stderr, "Error: Couldn't exec %s\n", image_name);
+ exit(2);
+
+ } else if (subprocess_pid < 0) {
+ fprintf(stderr, "Error: Fork returned %d\n", subprocess_pid);
+ exit(2);
+ } else {
+/* This is the master process in a two-process chain. The slave process */
+/* has connected inpipe, outpipe and errpipe to its fd3, stdout and */
+/* stderr. We have to use the other ends. */
+
+
+ close(inpipe[0]); /* Close read end of inpipe */
+ close(outpipe[1]); /* Close write end of outpipe */
+ close(errpipe[1]); /* Close write end of errpipe */
+
+/* A simple protocol will be used between master and slave processes. The */
+/* subprocess (slave) will always expect that data received on its inpipe */
+/* will be binary messages, preceeded by a two-byte count. Messages from */
+/* slave to master will be sent on the errpipe channel if they are text */
+/* messages, and on outpipe if they are binary data (preceeded as above by */
+/* a two-byte count field). The presence of a binary message in the */
+/* outpipe will be indicated by writing the sequence "\a\n" to errpipe. */
+/* This protocol is implemented in the master by the routine */
+/* read_subproc_line, which reads a single line of text from the */
+/* subprocess, returning either its length, or zero to indicate that binary */
+/* data is waiting. Binary data is received by either process by invoking */
+/* the receive_data routine, and sent by invoking the send_data routine. */
+/* The receive_data routine will block until the data is available, so */
+/* care should be taken in the master not to call this routine unless a */
+/* data indication has already been received. */
+
+/* Master: */
+ signal(SIGPIPE, sigpipe_handler);
+
+/* The child will send us messages on start-up (at least */
+/* INITIAL_CHILD_MESSAGES of them), so we'll read them here to make sure we */
+/* catch a sleepy child early. */
+
+ fprintf(stderr, "Parent waiting for wake-up call from child...\n");
+ fflush(stderr);
+
+ signal(SIGALRM, alarm_handler);
+ alarm(10);
+
+ for (i=0; i<INITIAL_CHILD_MESSAGES; i++) {
+ chars_read = read_subproc_line(line_buffer,
+ sizeof(line_buffer));
+
+ if (chars_read == 0) {
+ fprintf(stderr,
+ "Unexpected binary data received from child\n");
+ fflush(stderr);
+ receive_data(received_token_buffer,
+ &received_length);
+ } else {
+ fprintf(stderr,"CHILD> %.*s", chars_read, line_buffer);
+ };
+ fflush(stderr);
+
+ };
+
+ alarm(0);
+
+ fprintf(stderr, "Parent continuing, importing names...\n");
+ fflush(stderr);
+
+ import_names();
+
+ fprintf(stderr, "Parent got names...\n");
+ fflush(stderr);
+
+#ifdef KERBEROS
+
+/* This version of the acquire_cred code requests the client credential */
+/* explicitly by name; the DCE version uses no name, meaning "give me a */
+/* to the default credential. */
+
+ fprintf(stderr, "Parent calling acquire_cred...\n");
+ fflush(stderr);
+
+ major_status = gss_acquire_cred(&minor_status,
+ source_internal_name,
+ 60 * 60 * 24,
+ GSS_C_NULL_OID_SET,
+ GSS_C_INITIATE,
+ &my_cred_handle,
+ &actual_cred_mech_set,
+ &actual_cred_time_rec);
+
+ fprintf(stderr, "Parent returned from acquire_cred.\n");
+ fflush(stderr);
+
+#endif
+#ifdef DCE
+ major_status = gss_acquire_cred(&minor_status,
+ GSS_C_NO_NAME,
+ 60 * 60 * 24,
+ GSS_C_NULL_OID_SET,
+ GSS_C_INITIATE,
+ &my_cred_handle,
+ &actual_cred_mech_set,
+ &actual_cred_time_rec);
+#endif
+ if (major_status != GSS_S_COMPLETE)
+ display_error("Acquiring INITIATE credential for source principal",
+ major_status, minor_status);
+
+
+ token_received.length = 0;
+ token_received.value = NULL;
+
+ do {
+
+ fprintf(stderr, "Parent calling init_sec_ctx...\n");
+ fflush(stderr);
+
+ major_status = gss_init_sec_context(&minor_status,
+ my_cred_handle,
+ &my_ctx_handle,
+ target_internal_name,
+ GSS_C_NULL_OID,
+ GSS_C_MUTUAL_FLAG,
+ 60 * 60 * 23,
+ &my_channel_bindings,
+ &token_received,
+ &actual_ctx_mech_type,
+ &token_to_send,
+ &actual_ret_flags,
+ &actual_ctx_time_rec);
+
+ fprintf(stderr, "Parent returned from init_sec_ctx...\n");
+ fflush(stderr);
+
+ kept_status = major_status;
+
+ if (GSS_ERROR(major_status))
+ display_error("INIT_SEC_CONTEXT",
+ major_status, minor_status);
+
+ if (token_to_send.length != 0) {
+
+ fprintf(stderr, "Parent transmitting token...\n");
+ fflush(stderr);
+
+ send_data(token_to_send.value, token_to_send.length);
+ major_status = gss_release_buffer(&minor_status,
+ &token_to_send);
+ };
+
+ if (kept_status & GSS_S_CONTINUE_NEEDED) {
+ signal(SIGALRM, alarm_handler);
+ alarm(30);
+ while ((chars_read = read_subproc_line(line_buffer,
+ sizeof(line_buffer))
+ ) != 0) {
+ fprintf(stderr, "CHILD> %.*s", chars_read, line_buffer);
+ };
+ alarm(0);
+ receive_data(received_token_buffer,
+ &received_length);
+ token_received.value = (void *)received_token_buffer;
+ token_received.length = received_length;
+ };
+
+ } while (kept_status & GSS_S_CONTINUE_NEEDED);
+
+ if (!GSS_ERROR(kept_status)) {
+ fprintf(stderr, "Authenticated context established\n");
+ } else {
+ fprintf(stderr, "Context not established\n");
+ };
+ fflush(stderr);
+
+ flush_subprocess_message_queue_and_exit();
+
+ };
+ };
+}
diff --git a/src/lib/gssapi/sample/logutil.c b/src/lib/gssapi/sample/logutil.c
new file mode 100644
index 000000000..d1a535010
--- /dev/null
+++ b/src/lib/gssapi/sample/logutil.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)login.c 5.1 (Berkeley) 9/27/88";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include <utmp.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+
+#define UTMPFILE "/etc/utmp"
+#define WTMPFILE "/usr/adm/wtmp"
+
+void
+login(ut)
+ struct utmp *ut;
+{
+ register int fd;
+ int tty;
+ off_t lseek();
+
+ tty = ttyslot();
+ if (tty > 0 && (fd = open(UTMPFILE, O_WRONLY, 0)) >= 0) {
+ (void)lseek(fd, (long)(tty * sizeof(struct utmp)), L_SET);
+ (void)write(fd, (char *)ut, sizeof(struct utmp));
+ (void)close(fd);
+ }
+ if ((fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) >= 0) {
+ (void)write(fd, (char *)ut, sizeof(struct utmp));
+ (void)close(fd);
+ }
+}
+/*
+ * Copyright (c) 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)logout.c 5.1 (Berkeley) 8/31/88";
+#endif /* LIBC_SCCS and not lint */
+
+logout(line)
+ register char *line;
+{
+ register FILE *fp;
+ struct utmp ut;
+ int rval;
+ time_t time();
+
+ if (!(fp = fopen(UTMPFILE, "r+")))
+ return(0);
+ rval = 1;
+ while (fread((char *)&ut, sizeof(struct utmp), 1, fp) == 1) {
+ if (!ut.ut_name[0] ||
+ strncmp(ut.ut_line, line, sizeof(ut.ut_line)))
+ continue;
+ bzero(ut.ut_name, sizeof(ut.ut_name));
+ bzero(ut.ut_host, sizeof(ut.ut_host));
+ (void)time(&ut.ut_time);
+ (void)fseek(fp, (long)-sizeof(struct utmp), L_INCR);
+ (void)fwrite((char *)&ut, sizeof(struct utmp), 1, fp);
+ (void)fseek(fp, (long)0, L_INCR);
+ rval = 0;
+ }
+ (void)fclose(fp);
+ return(rval);
+}
+/*
+ * Copyright (c) 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)logwtmp.c 5.2 (Berkeley) 9/20/88";
+#endif /* LIBC_SCCS and not lint */
+
+logwtmp(line, name, host)
+ char *line, *name, *host;
+{
+ struct utmp ut;
+ struct stat buf;
+ int fd;
+ time_t time();
+ char *strncpy();
+
+ if ((fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (!fstat(fd, &buf)) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+ (void)strncpy(ut.ut_name, name, sizeof(ut.ut_name));
+ (void)strncpy(ut.ut_host, host, sizeof(ut.ut_host));
+ (void)time(&ut.ut_time);
+ if (write(fd, (char *)&ut, sizeof(struct utmp)) !=
+ sizeof(struct utmp))
+ (void)ftruncate(fd, buf.st_size);
+ }
+ (void)close(fd);
+}
generated by cgit (git 2.34.1) at 2026-01-31 00:40:44 +0000