* Add TOS support on other than Cray [57]

* Externalize forward options from kerberos5.c to reduce cut/paste
inheritance between kerberos5.c and main.c in telnet.

* Fix up source of error messages (telnet|telnetd) in kerberos5.c [77]

CVS:
----------------------------------------------------------------------
automatically CVS: CVS: Committing in libtelnet CVS: CVS: Modified
Files: CVS: ChangeLog Makefile.in auth.h configure.in kerberos5.c CVS:
parsetos.c CVS:
----------------------------------------------------------------------

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9280 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 67 insertions, 33 deletions

diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog
index ed46c71ff..4a994eb49 100644
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,3 +1,16 @@
+Fri Nov  1 20:32:12 1996  Sam Hartman  <hartmans@mit.edu>
+
+	* parsetos.c (proto;): Add parsetos support on all platforms which
+ 	support TOS[57]
+
+Thu Oct 31 18:29:08 1996  Sam Hartman  <hartmans@mit.edu>
+
+	* auth.h: Move constants for ticket forwarding here.
+
+	* kerberos5.c : Clarify what errors come from what programs
+ 	(telnetd|telnet); patch by John Hawkinson <jhawk@bbnplanet.com>
+ 	[77]
+
 Mon Oct 14 00:21:08 1996  Sam Hartman  <hartmans@mit.edu>
 
 	* Makefile.in (OBJS): Remove rsaencpwd aned krb4encpwd stuff as
diff --git a/src/appl/telnet/libtelnet/Makefile.in b/src/appl/telnet/libtelnet/Makefile.in
index 05fffc70e..2d6c33aa9 100644
--- a/src/appl/telnet/libtelnet/Makefile.in
+++ b/src/appl/telnet/libtelnet/Makefile.in
@@ -37,6 +37,7 @@ SRCS=   $(srcdir)/auth.c \
 	$(srcdir)/enc_des.c \
 	$(srcdir)/setenv.c \
 	$(srcdir)/getent.c \
+	$(scrdir)/parsetos.c \
 	$(srcdir)/strdup.c \
 	$(srcdir)/strcasecmp.c \
 	$(srcdir)/strchr.c \
diff --git a/src/appl/telnet/libtelnet/auth.h b/src/appl/telnet/libtelnet/auth.h
index 2ced2c9ae..b01a58dd5 100644
--- a/src/appl/telnet/libtelnet/auth.h
+++ b/src/appl/telnet/libtelnet/auth.h
@@ -83,5 +83,8 @@ typedef struct XauthP {
 
 #include "auth-proto.h"
 
+#define OPTS_FORWARD_CREDS           0x00000002
+#define OPTS_FORWARDABLE_CREDS       0x00000001
+
 extern auth_debug_mode;
 #endif
diff --git a/src/appl/telnet/libtelnet/configure.in b/src/appl/telnet/libtelnet/configure.in
index e10f2da24..01cf5d72e 100644
--- a/src/appl/telnet/libtelnet/configure.in
+++ b/src/appl/telnet/libtelnet/configure.in
@@ -3,7 +3,7 @@ CONFIG_RULES
 AC_PROG_ARCHIVE
 AC_PROG_ARCHIVE_ADD
 AC_PROG_RANLIB
-AC_REPLACE_FUNCS([strcasecmp strdup setenv setsid strerror strftime getopt herror])
+AC_REPLACE_FUNCS([strcasecmp strdup setenv setsid strerror strftime getopt herror parsetos])
 AC_FUNC_CHECK(cgetent,AC_DEFINE(HAS_CGETENT))
 AC_CHECK_HEADERS(stdlib.h string.h)
 LIBOBJS="$LIBOBJS getent.o"
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index 102e16b0b..dbf69cef8 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -65,6 +65,7 @@
 #include "com_err.h"
 #include <netdb.h>
 #include <ctype.h>
+#include <syslog.h>
 
 #ifdef HAVE_STDLIB_H
 #include <stdlib.h>
@@ -87,11 +88,6 @@ extern int net;
 #ifdef	FORWARD
 int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
 
-/* These values need to be the same as those defined in telnet/main.c. */
-/* Either define them in both places, or put in some common header file. */
-#define OPTS_FORWARD_CREDS           0x00000002
-#define OPTS_FORWARDABLE_CREDS       0x00000001
-
 void kerberos5_forward();
 
 #endif	/* FORWARD */
@@ -219,14 +215,16 @@ kerberos5_send(ap)
 
         if (!UserNameRequested) {
                 if (auth_debug_mode) {
-                        printf("Kerberos V5: no user name supplied\r\n");
+                        printf(
+			"telnet: Kerberos V5: no user name supplied\r\n");
                 }
                 return(0);
         }
 
 	if ((r = krb5_cc_default(telnet_context, &ccache))) {
 		if (auth_debug_mode) {
-			printf("Kerberos V5: could not get default ccache\r\n");
+		    printf(
+		    "telnet: Kerberos V5: could not get default ccache\r\n");
 		}
 		return(0);
 	}
@@ -236,7 +234,7 @@ kerberos5_send(ap)
 					 "host", KRB5_NT_SRV_HST,
 					 &creds.server))) {
 	    if (auth_debug_mode)
-		printf("Kerberos V5: error while constructing service name: %s\r\n", error_message(r));
+		printf("telnet: Kerberos V5: error while constructing service name: %s\r\n", error_message(r));
 	    return(0);
 	}
 
@@ -256,7 +254,8 @@ kerberos5_send(ap)
 	if ((r = krb5_cc_get_principal(telnet_context, ccache,
 				       &creds.client))) {
 		if (auth_debug_mode) {
-			printf("Kerberos V5: failure on principal (%s)\r\n",
+			printf(
+			"telnet: Kerberos V5: failure on principal (%s)\r\n",
 				error_message(r));
 		}
 		krb5_free_cred_contents(telnet_context, &creds);
@@ -267,7 +266,8 @@ kerberos5_send(ap)
 	if ((r = krb5_get_credentials(telnet_context, 0,
 				      ccache, &creds, &new_creds))) {
 		if (auth_debug_mode) {
-			printf("Kerberos V5: failure on credentials(%s)\r\n",
+			printf(
+			"telnet: Kerberos V5: failure on credentials(%s)\r\n",
 			       error_message(r));
 		}
 		krb5_free_cred_contents(telnet_context, &creds);
@@ -336,7 +336,7 @@ kerberos5_send(ap)
 	krb5_free_creds(telnet_context, new_creds);
 	if (r) {
 		if (auth_debug_mode) {
-			printf("Kerberos V5: mk_req failed (%s)\r\n",
+			printf("telnet: Kerberos V5: mk_req failed (%s)\r\n",
 			       error_message(r));
 		}
 		return(0);
@@ -344,16 +344,17 @@ kerberos5_send(ap)
 
         if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
                 if (auth_debug_mode)
-                        printf("Not enough room for user name\r\n");
+                        printf("telnet: Not enough room for user name\r\n");
                 return(0);
         }
 	if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
 		if (auth_debug_mode)
-			printf("Not enough room for authentication data\r\n");
+		    printf(
+		    "telnet: Not enough room for authentication data\r\n");
 		return(0);
 	}
 	if (auth_debug_mode) {
-		printf("Sent Kerberos V5 credentials to server\r\n");
+		printf("telnet: Sent Kerberos V5 credentials to server\r\n");
 	}
 	return(1);
 }
@@ -452,6 +453,15 @@ kerberos5_is(ap, data, cnt)
 					     cksum->checksum_type, cksum,
 					     &type_check, 2, key->contents,
 					     key->length);
+		/*
+		 * Note that krb5_verify_checksum() will fail if a pre-
+		 * MIT Kerberos Beta 5 client is attempting to connect
+		 * to this server (Beta 6 or later). There is not way to
+		 * fix this without compromising encryption. It would be
+		 * reasonable to add a -i option to telnetd to ignore
+		 * checksums (like in klogind). Such an option is not
+		 * present at this time.
+		 */
 		    if (r) {
 			(void) strcpy(errbuf,
 				      "checksum verification failed: ");
@@ -478,7 +488,8 @@ kerberos5_is(ap, data, cnt)
 			name = 0;
 		Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
 		if (auth_debug_mode) {
-			printf("Kerberos5 identifies him as ``%s''\r\n",
+			printf(
+			"telnetd: Kerberos5 identifies him as ``%s''\r\n",
 							name ? name : "");
 		}
                 auth_finished(ap, AUTH_USER);
@@ -522,26 +533,35 @@ kerberos5_is(ap, data, cnt)
 		    (void) strcat(errbuf, error_message(r));
 		    Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
 		    if (auth_debug_mode)
-		      printf("Could not read forwarded credentials\r\n");
+		      printf(
+			"telnetd: Could not read forwarded credentials\r\n");
 		}
 		else 
 		  Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
 		  if (auth_debug_mode)
-		    printf("Forwarded credentials obtained\r\n");
+		    printf("telnetd: Forwarded credentials obtained\r\n");
 		break;
 #endif	/* FORWARD */
 	default:
 		if (auth_debug_mode)
-			printf("Unknown Kerberos option %d\r\n", data[-1]);
+			printf("telnetd: Unknown Kerberos option %d\r\n",
+			data[-1]);
 		Data(ap, KRB_REJECT, 0, 0);
 		break;
 	}
 	return;
 	
     errout:
-	Data(ap, KRB_REJECT, errbuf, -1);
+	{
+	    char eerrbuf[128+9];
+
+	    strcpy(eerrbuf, "telnetd: ");
+	    strcat(eerrbuf, errbuf);
+	    Data(ap, KRB_REJECT, eerrbuf, -1);
+	}
 	if (auth_debug_mode)
-	    printf("%s\r\n", errbuf);
+	    printf("telnetd: %s\r\n", errbuf);
+	syslog(LOG_ERR, "%s", errbuf);
 	if (auth_context) {
 	    krb5_auth_con_free(telnet_context, auth_context);
 	    auth_context = 0;
diff --git a/src/appl/telnet/libtelnet/parsetos.c b/src/appl/telnet/libtelnet/parsetos.c
index eb34ddf43..1a0430dd7 100644
--- a/src/appl/telnet/libtelnet/parsetos.c
+++ b/src/appl/telnet/libtelnet/parsetos.c
@@ -1,8 +1,9 @@
 
 /*
- * The routine parsetos() for UNICOS 6.0/6.1 systems.  This
- * is part of UNICOS 7.0 and later.
+ * The routine parsetos() for UNICOS 6.0/6.1, as well as more traditional
+ * Unix systems.  This is part of UNICOS 7.0 and later.
  */
+
 #include <stdio.h>
 #include <sys/types.h>
 #include <netdb.h>
@@ -19,22 +20,18 @@ char	*proto;
 {
 	register char	*c;
 	int		tos;
+
+#ifdef HAS_GETTOS
 	struct tosent	*tosp;
 
 	tosp = gettosbyname(name, proto);
-	if (tosp) {
+	if (tosp)
 		tos = tosp->t_tos;
-	} else {
-		for (c = name; *c; c++) {
-			if (*c < '0' || *c > '9') {
-				errno = EINVAL;
-				return (-1);
-			}
-		}
+	else
+#endif
 		tos = (int)strtol(name, (char **)NULL, 0);
-	}
+
 	if (tos < MIN_TOS || tos > MAX_TOS) {
-		errno = ERANGE;
 		return (-1);
 	}
 	return (tos);