diff options
Diffstat (limited to 'src/appl')
| -rw-r--r-- | src/appl/gss-sample/ChangeLog | 5 | ||||
| -rw-r--r-- | src/appl/gss-sample/README | 39 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-client.c | 587 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-misc.c | 176 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-misc.h | 46 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-server.c | 570 | ||||
| -rw-r--r-- | src/appl/gssftp/ftp/ChangeLog | 7 | ||||
| -rw-r--r-- | src/appl/gssftp/ftp/cmds.c | 2 | ||||
| -rw-r--r-- | src/appl/gssftp/ftp/cmdtab.c | 4 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ChangeLog | 7 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ftpcmd.y | 8 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ftpd.c | 4 | ||||
| -rw-r--r-- | src/appl/telnet/libtelnet/ChangeLog | 15 | ||||
| -rw-r--r-- | src/appl/telnet/libtelnet/Makefile.in | 2 | ||||
| -rw-r--r-- | src/appl/telnet/libtelnet/enc-proto.h | 6 |
15 files changed, 731 insertions, 747 deletions
diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 100acd110..d82e360ef 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -4,6 +4,11 @@ Wed Jun 5 00:08:32 1996 Theodore Y. Ts'o <tytso@mit.edu> a file, don't free free inbuf.value until after the last place where we use it. +Wed Apr 17 20:54:37 1996 Marc Horowitz <marc@mit.edu> + + * all files: integrated changes from OpenVision as of + October 1995 + Tue Mar 12 23:46:26 1996 Ken Raeburn <raeburn@cygnus.com> * gss-server.c (timeval_subtract): Use old-style function diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README index a8d0afa7e..52b1b2143 100644 --- a/src/appl/gss-sample/README +++ b/src/appl/gss-sample/README @@ -41,26 +41,30 @@ interfaces. The server's command line usage is - gss-server [-port port] [-v2] service_name + gss-server [-port port] [-k keytab] service_name where service_name is a GSS-API service name of the form -"service@host". The server will accept TCP connections on port -(default 4444) and establish contexts as service_name. The -v2 option -means that the GSSAPI v2 calls should be used (and tested). - +"service@host" (or just "service", in which case the local host name +is used). The server will accept TCP connections on port (default +4444) and establish contexts as service_name. If you compile with +GSS_KRB5 defined and link against the MIT Kerberos libraries, the -k +option specifies a keytab to use instead of the default one. The client's command line usage is - gss-client [-port port] [-v2] [-d] host service_name msg + gss-client [-port port] [-d] host service_name msg where host is the host running the server, service_name is the service -name that the server will establish connections as, and msg is the -message. The client connects to the TCP on <host:port> (default 4444) -and performs the exchange. The "-d" option specifies delegation - -a forwardable TGT will be sent to the server, which will put it in -its credential cache (you must kinit -f for this to work). -The -v2 option means that the GSSAPI v2 calls should be used (and -tested). +name that the server will establish connections as (if you don't +specify the host name in the service name when running gss-server, and +it's running on a different machine from gss-client, make sure to +specify the server's host name in the service name you specify to +gss-client!) and msg is the message. The client connects to the TCP +on <host:port> (default 4444) and performs a context +establishment. The "-d" option specifies delegation - a forwardable +TGT will be sent to the server, which will put it in its credential +cache (you must kinit -f for this to work). The -v2 option means that +the GSSAPI v2 calls should be used (and tested). If you are using this sample application with OpenVision's Kerberos 5 GSS-API mechanism: @@ -69,9 +73,10 @@ GSS-API mechanism: -lisode -lcom_err. 2. Make sure that the principal corresponding to service_name is in -the default keytab on the server host, and that the gss-server process -can read the keytab. For example, the service name "host@server" -corresponds to the Kerberos principal "host/server.domain.com@REALM". +the default or specified keytab on the server host, and that the +gss-server process can read the keytab. For example, the service name +"host@server" corresponds to the Kerberos principal +"host/server.domain.com@REALM". This sample application uses the following GSS-API functions: @@ -85,3 +90,5 @@ This sample application uses the following GSS-API functions: Barry Jaspan, bjaspan@security.ov.com OpenVision Technologies, Inc. + +$Id$ diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index ff1bfdda1..fca0ef231 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -20,6 +20,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#if !defined(lint) && !defined(__CODECENTER__) +static char *rcsid = "$Header$"; +#endif + #include <stdio.h> #include <unistd.h> #include <stdlib.h> @@ -31,337 +35,16 @@ #include <sys/stat.h> #include <fcntl.h> -#include <gssapi/gssapi.h> #include <gssapi/gssapi_generic.h> - -#ifdef USE_STRING_H -#include <string.h> -#else -#include <strings.h> -#endif - -int establish_context(); -int connect_to_server(); -int call_server(); -int client_establish_context(); - -int send_token(); -int recv_token(); -void read_file(); - -int deleg_flag; -void display_status(); - -extern FILE *display_file; - +#include "gss-misc.h" void usage() { - fprintf(stderr, "Usage: gss-client [-port port] [-d] [-v2] host service \ + fprintf(stderr, "Usage: gss-client [-port port] [-d] host service \ msg\n"); exit(1); } -int main(argc, argv) - int argc; - char **argv; -{ - char *service_name, *server_host, *msg; - u_short port = 4444; - int v2 = 0; - int use_file = 0; - - display_file = stdout; - deleg_flag = 0; - - /* Parse arguments. */ - argc--; argv++; - while (argc) { - if (strcmp(*argv, "-port") == 0) { - argc--; argv++; - if (!argc) usage(); - port = atoi(*argv); - } else if (strcmp(*argv, "-v2") == 0) { - v2 = 1; - } else if (strcmp(*argv, "-d") == 0) { - deleg_flag = GSS_C_DELEG_FLAG; - } else if (strcmp(*argv, "-f") == 0) { - use_file = 1; - } else - break; - argc--; argv++; - } - if (argc != 3) - usage(); - - server_host = *argv++; - service_name = *argv++; - msg = *argv++; - - if (call_server(server_host, port, v2, service_name, msg, use_file) < 0) - exit(1); - - return 0; -} - -/* - * Function: call_server - * - * Purpose: Call the "sign" service. - * - * Arguments: - * - * host (r) the host providing the service - * port (r) the port to connect to on host - * service_name (r) the GSS-API service name to authenticate to - * msg (r) the message to have "signed" - * - * Returns: 0 on success, -1 on failure - * - * Effects: - * - * call_server opens a TCP connection to <host:port> and establishes a - * GSS-API context with service_name over the connection. It then - * seals msg in a GSS-API token with gss_seal, sends it to the server, - * reads back a GSS-API signature block for msg from the server, and - * verifies it with gss_verify. -1 is returned if any step fails, - * otherwise 0 is returned. - */ -int call_server(host, port, dov2, service_name, msg, use_file) - char *host; - u_short port; - int dov2; - char *service_name; - char *msg; - int use_file; -{ - gss_ctx_id_t context; - gss_buffer_desc in_buf, out_buf, context_token; - int s, state; - OM_uint32 maj_stat, min_stat; - gss_name_t src_name, targ_name; - gss_buffer_desc sname, tname; - OM_uint32 lifetime; - gss_OID mechanism, name_type; - int is_local; -#ifdef GSSAPI_V2 - OM_uint32 context_flags; - int is_open; - gss_qop_t qop_state; - gss_OID_set mech_names; - gss_buffer_desc oid_name; -#else /* GSSAPI_V2 */ - int context_flags; -#endif /* GSSAPI_V2 */ - - /* Open connection */ - if ((s = connect_to_server(host, port)) < 0) - return -1; - - /* Establish context */ - if (client_establish_context(s, service_name, &context) < 0) - return -1; - -#ifdef GSSAPI_V2 - if (dov2) { - /* - * Attempt to save and then restore the context. - */ - maj_stat = gss_export_sec_context(&min_stat, - &context, - &context_token); - if (maj_stat != GSS_S_COMPLETE) { - display_status("exporting context", maj_stat, min_stat); - return -1; - } - maj_stat = gss_import_sec_context(&min_stat, - &context_token, - &context); - if (maj_stat != GSS_S_COMPLETE) { - display_status("importing context", maj_stat, min_stat); - return -1; - } - (void) gss_release_buffer(&min_stat, &context_token); - } -#endif /* GSSAPI_V2 */ - - /* Get context information */ - maj_stat = gss_inquire_context(&min_stat, context, - &src_name, &targ_name, &lifetime, - &mechanism, &context_flags, - &is_local -#ifdef GSSAPI_V2 - , &is_open -#endif /* GSSAPI_V2 */ - ); - if (maj_stat != GSS_S_COMPLETE) { - display_status("inquiring context", maj_stat, min_stat); - return -1; - } - - maj_stat = gss_display_name(&min_stat, src_name, &sname, - &name_type); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying context", maj_stat, min_stat); - return -1; - } - maj_stat = gss_display_name(&min_stat, targ_name, &tname, - (gss_OID *) NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying context", maj_stat, min_stat); - return -1; - } - fprintf(stderr, "\"%s\" to \"%s\", lifetime %d, flags %x, %s", - (char *) sname.value, (char *) tname.value, lifetime, - context_flags, - (is_local) ? "locally initiated" : "remotely initiated"); -#ifdef GSSAPI_V2 - fprintf(stderr, " %s", (is_open) ? "open" : "closed"); -#endif /* GSSAPI_V2 */ - fprintf(stderr, "\n"); - - (void) gss_release_name(&min_stat, &src_name); - (void) gss_release_name(&min_stat, &targ_name); - (void) gss_release_buffer(&min_stat, &sname); - (void) gss_release_buffer(&min_stat, &tname); - -#ifdef GSSAPI_V2 - if (dov2) { - size_t i; - - maj_stat = gss_oid_to_str(&min_stat, - name_type, - &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - fprintf(stderr, "Name type of source name is %s.\n", - (char *) oid_name.value); - (void) gss_release_buffer(&min_stat, &oid_name); - (void) gss_release_oid(&min_stat, &name_type); - - /* Now get the names supported by the mechanism */ - maj_stat = gss_inquire_names_for_mech(&min_stat, - mechanism, - &mech_names); - if (maj_stat != GSS_S_COMPLETE) { - display_status("inquiring mech names", maj_stat, min_stat); - return -1; - } - - maj_stat = gss_oid_to_str(&min_stat, - mechanism, - &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - fprintf(stderr, "Mechanism %s supports %d names\n", - (char *) oid_name.value, mech_names->count); - (void) gss_release_buffer(&min_stat, &oid_name); - for (i=0; i<mech_names->count; i++) { - gss_OID tmpoid; - int is_present; - - maj_stat = gss_oid_to_str(&min_stat, - &mech_names->elements[i], - &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - fprintf(stderr, "%d: %s\n", i, (char *) oid_name.value); - - maj_stat = gss_str_to_oid(&min_stat, - &oid_name, - &tmpoid); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting string->oid", maj_stat, min_stat); - return -1; - } - - maj_stat = gss_test_oid_set_member(&min_stat, - tmpoid, - mech_names, - &is_present); - if (maj_stat != GSS_S_COMPLETE) { - display_status("testing oid presence", maj_stat, min_stat); - return -1; - } - if (!is_present) { - fprintf(stderr, "%s is not present in list?\n", - (char *) oid_name.value); - } - (void) gss_release_oid(&min_stat, &tmpoid); - (void) gss_release_buffer(&min_stat, &oid_name); - } - - (void) gss_release_oid_set(&min_stat, &mech_names); - (void) gss_release_oid(&min_stat, &mechanism); - } -#endif /* GSSAPI_V2 */ - - if (use_file) { - read_file(msg, &in_buf); - } else { - /* Seal the message */ - in_buf.value = msg; - in_buf.length = strlen(msg) + 1; - } -#ifdef GSSAPI_V2 - if (dov2) - maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT, - &in_buf, &state, &out_buf); - else -#endif /* GSSAPI_V2 */ - maj_stat = gss_seal(&min_stat, context, 1, GSS_C_QOP_DEFAULT, - &in_buf, &state, &out_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("sealing message", maj_stat, min_stat); - return -1; - } else if (! state) { - fprintf(stderr, "Warning! Message not encrypted.\n"); - } - - /* Send to server */ - if (send_token(s, &out_buf) < 0) - return -1; - (void) gss_release_buffer(&min_stat, &out_buf); - - /* Read signature block into out_buf */ - if (recv_token(s, &out_buf) < 0) - return -1; - - /* Verify signature block */ -#ifdef GSSAPI_V2 - if (dov2) - maj_stat = gss_verify_mic(&min_stat, context, &in_buf, - &out_buf, &qop_state); - else -#endif /* GSSAPI_V2 */ - maj_stat = gss_verify(&min_stat, context, &in_buf, &out_buf, &state); - if (maj_stat != GSS_S_COMPLETE) { - display_status("verifying signature", maj_stat, min_stat); - return -1; - } - (void) gss_release_buffer(&min_stat, &out_buf); - if (use_file) - free(in_buf.value); - - printf("Signature verified.\n"); - - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - return -1; - } - (void) gss_release_buffer(&min_stat, &out_buf); - - return 0; -} - /* * Function: connect_to_server * @@ -403,6 +86,7 @@ int connect_to_server(host, port) } if (connect(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) { perror("connecting to server"); + (void) close(s); return -1; } return s; @@ -419,6 +103,7 @@ int connect_to_server(host, port) * s (r) an established TCP connection to the service * service_name (r) the ASCII service name of the service * context (w) the established GSS-API context + * ret_flags (w) the returned flags from init_sec_context * * Returns: 0 on success, -1 on failure * @@ -434,10 +119,13 @@ int connect_to_server(host, port) * unsuccessful, the GSS-API error messages are displayed on stderr * and -1 is returned. */ -int client_establish_context(s, service_name, gss_context) +int client_establish_context(s, service_name, deleg_flag, + gss_context, ret_flags) int s; char *service_name; + OM_uint32 deleg_flag; gss_ctx_id_t *gss_context; + OM_uint32 *ret_flags; { gss_buffer_desc send_tok, recv_tok, *token_ptr; gss_name_t target_name; @@ -489,7 +177,7 @@ int client_establish_context(s, service_name, gss_context) token_ptr, NULL, /* ignore mech type */ &send_tok, - NULL, /* ignore ret_flags */ + ret_flags, NULL); /* ignore time_rec */ if (token_ptr != GSS_C_NO_BUFFER) @@ -527,7 +215,6 @@ int client_establish_context(s, service_name, gss_context) return 0; } - void read_file(file_name, in_buf) char *file_name; gss_buffer_t in_buf; @@ -566,3 +253,251 @@ void read_file(file_name, in_buf) bytes_in, count); } +/* + * Function: call_server + * + * Purpose: Call the "sign" service. + * + * Arguments: + * + * host (r) the host providing the service + * port (r) the port to connect to on host + * service_name (r) the GSS-API service name to authenticate to + * msg (r) the message to have "signed" + * + * Returns: 0 on success, -1 on failure + * + * Effects: + * + * call_server opens a TCP connection to <host:port> and establishes a + * GSS-API context with service_name over the connection. It then + * seals msg in a GSS-API token with gss_seal, sends it to the server, + * reads back a GSS-API signature block for msg from the server, and + * verifies it with gss_verify. -1 is returned if any step fails, + * otherwise 0 is returned. + */ +int call_server(host, port, service_name, deleg_flag, msg, use_file) + char *host; + u_short port; + char *service_name; + OM_uint32 deleg_flag; + char *msg; + int use_file; +{ + gss_ctx_id_t context; + gss_buffer_desc in_buf, out_buf; + int s, state; + OM_uint32 ret_flags; + OM_uint32 maj_stat, min_stat; + gss_name_t src_name, targ_name; + gss_buffer_desc sname, tname; + OM_uint32 lifetime; + gss_OID mechanism, name_type; + int is_local; + OM_uint32 context_flags; + int is_open; + gss_qop_t qop_state; + gss_OID_set mech_names; + gss_buffer_desc oid_name; + size_t i; + + /* Open connection */ + if ((s = connect_to_server(host, port)) < 0) + return -1; + + /* Establish context */ + if (client_establish_context(s, service_name, deleg_flag, &context, + &ret_flags) < 0) { + (void) close(s); + return -1; + } + + /* display the flags */ + display_ctx_flags(ret_flags); + + /* Get context information */ + maj_stat = gss_inquire_context(&min_stat, context, + &src_name, &targ_name, &lifetime, + &mechanism, &context_flags, + &is_local, + &is_open); + if (maj_stat != GSS_S_COMPLETE) { + display_status("inquiring context", maj_stat, min_stat); + return -1; + } + + maj_stat = gss_display_name(&min_stat, src_name, &sname, + &name_type); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying source name", maj_stat, min_stat); + return -1; + } + maj_stat = gss_display_name(&min_stat, targ_name, &tname, + (gss_OID *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying target name", maj_stat, min_stat); + return -1; + } + fprintf(stderr, "\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n", + (int) sname.length, (char *) sname.value, + (int) tname.length, (char *) tname.value, lifetime, + context_flags, + (is_local) ? "locally initiated" : "remotely initiated", + (is_open) ? "open" : "closed"); + + (void) gss_release_name(&min_stat, &src_name); + (void) gss_release_name(&min_stat, &targ_name); + (void) gss_release_buffer(&min_stat, &sname); + (void) gss_release_buffer(&min_stat, &tname); + + maj_stat = gss_oid_to_str(&min_stat, + name_type, + &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(stderr, "Name type of source name is %.*s.\n", + (int) oid_name.length, (char *) oid_name.value); + (void) gss_release_buffer(&min_stat, &oid_name); + + /* Now get the names supported by the mechanism */ + maj_stat = gss_inquire_names_for_mech(&min_stat, + mechanism, + &mech_names); + if (maj_stat != GSS_S_COMPLETE) { + display_status("inquiring mech names", maj_stat, min_stat); + return -1; + } + + maj_stat = gss_oid_to_str(&min_stat, + mechanism, + &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(stderr, "Mechanism %.*s supports %d names\n", + (int) oid_name.length, (char *) oid_name.value, + mech_names->count); + (void) gss_release_buffer(&min_stat, &oid_name); + + for (i=0; i<mech_names->count; i++) { + maj_stat = gss_oid_to_str(&min_stat, + &mech_names->elements[i], + &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(stderr, " %d: %.*s\n", i, + (int) oid_name.length, (char *) oid_name.value); + + (void) gss_release_buffer(&min_stat, &oid_name); + } + (void) gss_release_oid_set(&min_stat, &mech_names); + + if (use_file) { + read_file(msg, &in_buf); + } else { + /* Seal the message */ + in_buf.value = msg; + in_buf.length = strlen(msg) + 1; + } + + maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT, + &in_buf, &state, &out_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("sealing message", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } else if (! state) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + + /* Send to server */ + if (send_token(s, &out_buf) < 0) { + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } + (void) gss_release_buffer(&min_stat, &out_buf); + + /* Read signature block into out_buf */ + if (recv_token(s, &out_buf) < 0) { + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } + + /* Verify signature block */ + maj_stat = gss_verify_mic(&min_stat, context, &in_buf, + &out_buf, &qop_state); + if (maj_stat != GSS_S_COMPLETE) { + display_status("verifying signature", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } + (void) gss_release_buffer(&min_stat, &out_buf); + + if (use_file) + free(in_buf.value); + + printf("Signature verified.\n"); + + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); + return -1; + } + + (void) gss_release_buffer(&min_stat, &out_buf); + (void) close(s); + return 0; +} + +int main(argc, argv) + int argc; + char **argv; +{ + char *service_name, *server_host, *msg; + u_short port = 4444; + int use_file = 0; + OM_uint32 deleg_flag = 0; + + display_file = stdout; + + /* Parse arguments. */ + argc--; argv++; + while (argc) { + if (strcmp(*argv, "-port") == 0) { + argc--; argv++; + if (!argc) usage(); + port = atoi(*argv); + } else if (strcmp(*argv, "-d") == 0) { + deleg_flag = GSS_C_DELEG_FLAG; + } else if (strcmp(*argv, "-f") == 0) { + use_file = 1; + } else + break; + argc--; argv++; + } + if (argc != 3) + usage(); + + server_host = *argv++; + service_name = *argv++; + msg = *argv++; + + if (call_server(server_host, port, service_name, + deleg_flag, msg, use_file) < 0) + exit(1); + + return 0; +} + diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c index 446aa3087..67e898c1d 100644 --- a/src/appl/gss-sample/gss-misc.c +++ b/src/appl/gss-sample/gss-misc.c @@ -20,16 +20,21 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#if !defined(lint) && !defined(__CODECENTER__) +static char *rcsid = "$Header$"; +#endif + #include <stdio.h> #include <sys/types.h> #include <netinet/in.h> +#include <errno.h> #ifdef HAVE_UNISTD_H #include <unistd.h> #endif #include <string.h> -#include <gssapi/gssapi.h> #include <gssapi/gssapi_generic.h> +#include "gss-misc.h" #ifdef HAVE_STDLIB_H #include <stdlib.h> @@ -37,9 +42,48 @@ extern char *malloc(); #endif -static void display_status_1(); +FILE *display_file; + +static void display_status_1 + PROTOTYPE( (char *m, OM_uint32 code, int type) ); -FILE *display_file = NULL; +static int write_all(int fildes, char *buf, unsigned int nbyte) +{ + int ret; + char *ptr; + + for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { + ret = write(fildes, ptr, nbyte); + if (ret < 0) { + if (errno == EINTR) + continue; + return(ret); + } else if (ret == 0) { + return(ptr-buf); + } + } + + return(ptr-buf); +} + +static int read_all(int fildes, char *buf, unsigned int nbyte) +{ + int ret; + char *ptr; + + for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { + ret = read(fildes, ptr, nbyte); + if (ret < 0) { + if (errno == EINTR) + continue; + return(ret); + } else if (ret == 0) { + return(ptr-buf); + } + } + + return(ptr-buf); +} /* * Function: send_token @@ -67,7 +111,7 @@ int send_token(s, tok) len = htonl(tok->length); - ret = write(s, (char *) &len, 4); + ret = write_all(s, (char *) &len, 4); if (ret < 0) { perror("sending token length"); return -1; @@ -79,7 +123,7 @@ int send_token(s, tok) return -1; } - ret = write(s, tok->value, tok->length); + ret = write_all(s, tok->value, tok->length); if (ret < 0) { perror("sending token data"); return -1; @@ -120,9 +164,8 @@ int recv_token(s, tok) gss_buffer_t tok; { int ret; - int readsofar = 0; - ret = read(s, (char *) &tok->length, 4); + ret = read_all(s, (char *) &tok->length, 4); if (ret < 0) { perror("reading token length"); return -1; @@ -143,20 +186,45 @@ int recv_token(s, tok) return -1; } - while (readsofar < tok->length) { - ret = read(s, (char *) tok->value + readsofar, - tok->length - readsofar); - readsofar += ret; - if (ret < 0) { - perror("reading token data"); - free(tok->value); - return -1; - } + ret = read_all(s, (char *) tok->value, tok->length); + if (ret < 0) { + perror("reading token data"); + free(tok->value); + return -1; + } else if (ret != tok->length) { + fprintf(stderr, "sending token data: %d of %d bytes written\n", + ret, tok->length); + free(tok->value); + return -1; } return 0; } +static void display_status_1(m, code, type) + char *m; + OM_uint32 code; + int type; +{ + OM_uint32 maj_stat, min_stat; + gss_buffer_desc msg; + OM_uint32 msg_ctx; + + msg_ctx = 0; + while (1) { + maj_stat = gss_display_status(&min_stat, code, + type, GSS_C_NULL_OID, + &msg_ctx, &msg); + if (display_file) + fprintf(display_file, "GSS-API error %s: %s\n", m, + (char *)msg.value); + (void) gss_release_buffer(&min_stat, &msg); + + if (!msg_ctx) + break; + } +} + /* * Function: display_status * @@ -183,32 +251,37 @@ void display_status(msg, maj_stat, min_stat) display_status_1(msg, min_stat, GSS_C_MECH_CODE); } -static void display_status_1(m, code, type) - char *m; - OM_uint32 code; - int type; +/* + * Function: display_ctx_flags + * + * Purpose: displays the flags returned by context initation in + * a human-readable form + * + * Arguments: + * + * int ret_flags + * + * Effects: + * + * Strings corresponding to the context flags are printed on + * stdout, preceded by "context flag: " and followed by a newline + */ + +void display_ctx_flags(flags) + OM_uint32 flags; { - OM_uint32 maj_stat, min_stat; - gss_buffer_desc msg; -#ifdef GSSAPI_V2 - OM_uint32 msg_ctx; -#else /* GSSAPI_V2 */ - int msg_ctx; -#endif /* GSSAPI_V2 */ - - msg_ctx = 0; - while (1) { - maj_stat = gss_display_status(&min_stat, code, - type, GSS_C_NULL_OID, - &msg_ctx, &msg); - if (display_file) - fprintf(display_file, "GSS-API error %s: %s\n", m, - (char *)msg.value); - (void) gss_release_buffer(&min_stat, &msg); - - if (!msg_ctx) - break; - } + if (flags & GSS_C_DELEG_FLAG) + fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n"); + if (flags & GSS_C_MUTUAL_FLAG) + fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n"); + if (flags & GSS_C_REPLAY_FLAG) + fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n"); + if (flags & GSS_C_SEQUENCE_FLAG) + fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n"); + if (flags & GSS_C_CONF_FLAG ) + fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n"); + if (flags & GSS_C_INTEG_FLAG ) + fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n"); } void print_token(tok) @@ -228,24 +301,3 @@ void print_token(tok) fprintf(display_file, "\n"); fflush(display_file); } - -void display_buffer(buffer) - gss_buffer_desc buffer; -{ - char *namebuf; - - if (!display_file) - return; - namebuf = malloc(buffer.length+1); - if (!namebuf) { - fprintf(stderr, "display_buffer: couldn't allocate buffer!\n"); - exit(1); - } - strncpy(namebuf, buffer.value, buffer.length); - namebuf[buffer.length] = '\0'; - fprintf(display_file, "%s", namebuf); - free(namebuf); -} - - - diff --git a/src/appl/gss-sample/gss-misc.h b/src/appl/gss-sample/gss-misc.h new file mode 100644 index 000000000..bfdcad2f4 --- /dev/null +++ b/src/appl/gss-sample/gss-misc.h @@ -0,0 +1,46 @@ +/* + * Copyright 1994 by OpenVision Technologies, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of OpenVision not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. OpenVision makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * $Id$ + */ + +#ifndef _GSSMISC_H_ +#define _GSSMISC_H_ + +#include <gssapi/gssapi_generic.h> +#include <stdio.h> + +extern FILE *display_file; + +int send_token + PROTOTYPE( (int s, gss_buffer_t tok) ); +int recv_token + PROTOTYPE( (int s, gss_buffer_t tok) ); +void display_status + PROTOTYPE( (char *msg, OM_uint32 maj_stat, OM_uint32 min_stat) ); +void display_ctx_flags + PROTOTYPE( (OM_uint32 flags) ); +void print_token + PROTOTYPE( (gss_buffer_t tok) ); + +#endif diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index f685ab70f..bd4e7fe90 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -20,6 +20,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#if !defined(lint) && !defined(__CODECENTER__) +static char *rcsid = "$Header$"; +#endif + #include <stdio.h> #include <sys/types.h> #include <sys/socket.h> @@ -29,11 +33,9 @@ #endif #include <stdlib.h> #include <ctype.h> -#include <sys/time.h> -#include <time.h> -#include <gssapi/gssapi.h> #include <gssapi/gssapi_generic.h> +#include "gss-misc.h" #ifdef USE_STRING_H #include <string.h> @@ -41,292 +43,16 @@ #include <strings.h> #endif -int create_socket(); - -int send_token(); -int recv_token(); -void display_status(); -int test_import_export_context(); -void print_token(); - -int server_acquire_creds(); -int server_establish_context(); -int sign_server(); - -extern FILE *display_file; -FILE *log; - -int verbose = 0; - -void usage() { - fprintf(stderr, "Usage: gss-server [-port port] [-v2] [-inetd] [-logfile file] service_name\n"); + fprintf(stderr, "Usage: gss-server [-port port] [-verbose]\n"); + fprintf(stderr, " [-inetd] [-logfile file] [service_name]\n"); exit(1); } -int -main(argc, argv) - int argc; - char **argv; -{ - char *service_name; - u_short port = 4444; - int s; - int do_inetd = 0; - int dov2 = 0; - int once = 0; - - log = stdout; - display_file = stdout; - argc--; argv++; - while (argc) { - if (strcmp(*argv, "-port") == 0) { - argc--; argv++; - if (!argc) usage(); - port = atoi(*argv); - } else if (strcmp(*argv, "-inetd") == 0) { - do_inetd = 1; - display_file = 0; - } else if (strcmp(*argv, "-verbose") == 0) { - verbose = 1; - } else if (strcmp(*argv, "-v2") == 0) { - dov2 = 1; - } else if (strcmp(*argv, "-once") == 0) { - once = 1; - } else if (strcmp(*argv, "-logfile") == 0) { - argc--; argv++; - if (!argc) usage(); - log = fopen(*argv, "a"); - display_file = log; - if (!log) { - perror(*argv); - exit(1); - } - } else - break; - argc--; argv++; - } - if (argc != 1) - usage(); - - service_name = *argv; - - if (do_inetd == 0) { - if ((s = create_socket(port)) < 0) - exit(1); - } else { - s = -1; - close(1); - close(2); - } - - if (sign_server(s, service_name, dov2, once) < 0) - exit(1); - - /*NOTREACHED*/ - return 0; -} - -/* - * Function: create_socket - * - * Purpose: Opens a listening TCP socket. - * - * Arguments: - * - * port (r) the port number on which to listen - * - * Returns: the listening socket file descriptor, or -1 on failure - * - * Effects: - * - * A listening socket on the specified port and created and returned. - * On error, an error message is displayed and -1 is returned. - */ -int create_socket(port) - u_short port; -{ - struct sockaddr_in saddr; - int s; - int on = 1; - - saddr.sin_family = AF_INET; - saddr.sin_port = htons(port); - saddr.sin_addr.s_addr = INADDR_ANY; - - if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("creating socket"); - return -1; - } - /* Let the socket be reused right away */ - (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)); - if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) { - perror("binding socket"); - return -1; - } - if (listen(s, 5) < 0) { - perror("listening on socket"); - return -1; - } - return s; -} - -/* - * Function: sign_server - * - * Purpose: Performs the "sign" service. - * - * Arguments: - * - * s (r) a TCP socket on which to listen for connections. - * If s is -1, then assume that we were started out of - * inetd and use file descriptor 0. - * service_name (r) the ASCII name of the GSS-API service to - * establish a context as - * dov2 (r) a boolean indicating whether we should use GSSAPI - * V2 interfaces, if available. - * once (r) a boolean indicating whether we should - * only accept one connection, then exit. - * - * Returns: -1 on error - * - * Effects: - * - * sign_server acquires GSS-API credentials for service_name and then - * loops forever accepting TCP connections on s, establishing a - * context, and performing a single sign request. - * - * A sign request is a single GSS-API sealed token. The token is - * unsealed and a signature block, produced with gss_sign, is returned - * to the sender. The context is the destroyed and the connection - * closed. - * - * If any error occurs, -1 is returned. - */ -int sign_server(s, service_name, dov2, once) - int s; - char *service_name; - int dov2; - int once; -{ - gss_cred_id_t server_creds; - gss_buffer_desc client_name, xmit_buf, msg_buf; - gss_ctx_id_t context; - OM_uint32 maj_stat, min_stat; - int i,s2; - time_t now; - char *cp; - - if (server_acquire_creds(service_name, &server_creds) < 0) - return -1; - - while (1) { - if (s >= 0) { - /* Accept a TCP connection */ - if ((s2 = accept(s, NULL, 0)) < 0) { - perror("accepting connection"); - exit(1); - } - } else - s2 = 0; - - /* Establish a context with the client */ - if (server_establish_context(s2, server_creds, &context, - &client_name) < 0) - break; - - time(&now); - fprintf(log, "Accepted connection: \"%s\" at %s", - (char *) client_name.value, ctime(&now)); - (void) gss_release_buffer(&min_stat, &client_name); - - if (dov2) { - for (i=0; i < 3; i++) - if (test_import_export_context(&context)) - break; - if (i < 3) - break; - } - - /* Receive the sealed message token */ - if (recv_token(s2, &xmit_buf) < 0) - break; - - if (verbose && log) { - fprintf(log, "Sealed message token:\n"); - print_token(xmit_buf); - } - -#ifdef GSSAPI_V2 - if (dov2) - maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, - (int *) NULL, (gss_qop_t *) NULL); - else -#endif /* GSSAPI_V2 */ - /* Unseal the message token */ - maj_stat = gss_unseal(&min_stat, context, &xmit_buf, - &msg_buf, NULL, NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("unsealing message", maj_stat, min_stat); - break; - } - - (void) gss_release_buffer(&min_stat, &xmit_buf); - - fprintf(log, "Received message: "); - cp = msg_buf.value; - if (isprint(cp[0]) && isprint(cp[1])) - fprintf(log, "\"%s\"\n", cp); - else { - printf("\n"); - print_token(msg_buf); - } - - /* Produce a signature block for the message */ -#ifdef GSSAPI_V2 - if (dov2) - maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); - else -#endif /* GSSAPI_V2 */ - maj_stat = gss_sign(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("signing message", maj_stat, min_stat); - break; - } - - (void) gss_release_buffer(&min_stat, &msg_buf); - - /* Send the signature block to the client */ - if (send_token(s2, &xmit_buf) < 0) - break; - - (void) gss_release_buffer(&min_stat, &xmit_buf); - - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, &xmit_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - break; - } - - (void) gss_release_buffer(&min_stat, &xmit_buf); - - /* Close TCP connection */ - close(s2); - - fflush(log); - - if (s < 0 || once) - break; - } +FILE *log; - /*NOTREACHED*/ - (void) gss_release_cred(&min_stat, &server_creds); - return -1; -} +int verbose = 0; /* * Function: server_acquire_creds @@ -400,17 +126,17 @@ int server_acquire_creds(service_name, server_creds) * in client_name and 0 is returned. If unsuccessful, an error * message is displayed and -1 is returned. */ -int server_establish_context(s, server_creds, context, client_name) +int server_establish_context(s, server_creds, context, client_name, ret_flags) int s; gss_cred_id_t server_creds; gss_ctx_id_t *context; gss_buffer_t client_name; + OM_uint32 *ret_flags; { gss_buffer_desc send_tok, recv_tok; gss_name_t client; gss_OID doid; OM_uint32 maj_stat, min_stat; - OM_uint32 ret_flags; *context = GSS_C_NO_CONTEXT; @@ -432,7 +158,7 @@ int server_establish_context(s, server_creds, context, client_name) &client, &doid, &send_tok, - &ret_flags, + ret_flags, NULL, /* ignore time_rec */ NULL); /* ignore del_cred_handle */ @@ -441,8 +167,9 @@ int server_establish_context(s, server_creds, context, client_name) (void) gss_release_buffer(&min_stat, &recv_tok); return -1; } + (void) gss_release_buffer(&min_stat, &recv_tok); - + if (send_tok.length != 0) { if (verbose && log) { fprintf(log, @@ -457,15 +184,18 @@ int server_establish_context(s, server_creds, context, client_name) (void) gss_release_buffer(&min_stat, &send_tok); } - if (maj_stat == GSS_S_CONTINUE_NEEDED) - if (log) - fprintf(log, "continue needed..."); if (log) { - fprintf(log, "\n"); + if (maj_stat == GSS_S_CONTINUE_NEEDED) + fprintf(log, "\n"); + else + fprintf(log, "continue needed...\n"); fflush(log); } } while (maj_stat == GSS_S_CONTINUE_NEEDED); + /* display the flags */ + display_ctx_flags(*ret_flags); + maj_stat = gss_display_name(&min_stat, client, client_name, &doid); if (maj_stat != GSS_S_COMPLETE) { display_status("displaying name", maj_stat, min_stat); @@ -479,42 +209,232 @@ int server_establish_context(s, server_creds, context, client_name) return 0; } -static float timeval_subtract(tv1, tv2) - struct timeval *tv1, *tv2; +/* + * Function: create_socket + * + * Purpose: Opens a listening TCP socket. + * + * Arguments: + * + * port (r) the port number on which to listen + * + * Returns: the listening socket file descriptor, or -1 on failure + * + * Effects: + * + * A listening socket on the specified port and created and returned. + * On error, an error message is displayed and -1 is returned. + */ +int create_socket(port) + u_short port; { - return ((tv1->tv_sec - tv2->tv_sec) + - ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000); + struct sockaddr_in saddr; + int s; + int on = 1; + + saddr.sin_family = AF_INET; + saddr.sin_port = htons(port); + saddr.sin_addr.s_addr = INADDR_ANY; + + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("creating socket"); + return -1; + } + /* Let the socket be reused right away */ + (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)); + if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) { + perror("binding socket"); + (void) close(s); + return -1; + } + if (listen(s, 5) < 0) { + perror("listening on socket"); + (void) close(s); + return -1; + } + return s; } -int test_import_export_context(context) - gss_ctx_id_t *context; +/* + * Function: sign_server + * + * Purpose: Performs the "sign" service. + * + * Arguments: + * + * s (r) a TCP socket on which a connection has been + * accept()ed + * service_name (r) the ASCII name of the GSS-API service to + * establish a context as + * + * Returns: -1 on error + * + * Effects: + * + * sign_server establishes a context, and performs a single sign request. + * + * A sign request is a single GSS-API sealed token. The token is + * unsealed and a signature block, produced with gss_sign, is returned + * to the sender. The context is the destroyed and the connection + * closed. + * + * If any error occurs, -1 is returned. + */ +int sign_server(s, server_creds) + int s; + gss_cred_id_t server_creds; { - OM_uint32 min_stat, maj_stat; - gss_buffer_desc context_token; - struct timeval tm1, tm2; - - /* - * Attempt to save and then restore the context. - */ - gettimeofday(&tm1, (struct timezone *)0); - maj_stat = gss_export_sec_context(&min_stat, context, &context_token); - if (maj_stat != GSS_S_COMPLETE) { - display_status("exporting context", maj_stat, min_stat); - return 1; - } - gettimeofday(&tm2, (struct timezone *)0); - if (verbose && log) - fprintf(log, "Exported context: %d bytes, %7.4f seconds\n", - context_token.length, timeval_subtract(&tm2, &tm1)); - maj_stat = gss_import_sec_context(&min_stat, &context_token, context); - if (maj_stat != GSS_S_COMPLETE) { - display_status("importing context", maj_stat, min_stat); - return 1; - } - gettimeofday(&tm1, (struct timezone *)0); - if (verbose && log) - fprintf(log, "Importing context: %7.4f seconds\n", - timeval_subtract(&tm1, &tm2)); - (void) gss_release_buffer(&min_stat, &context_token); - return 0; + gss_buffer_desc client_name, xmit_buf, msg_buf; + gss_ctx_id_t context; + OM_uint32 maj_stat, min_stat; + int i, conf_state, ret_flags; + char *cp; + + /* Establish a context with the client */ + if (server_establish_context(s, server_creds, &context, + &client_name, &ret_flags) < 0) + return(-1); + + printf("Accepted connection: \"%.*s\"\n", + client_name.length, client_name.value); + (void) gss_release_buffer(&min_stat, &client_name); + + /* Receive the sealed message token */ + if (recv_token(s, &xmit_buf) < 0) + return(-1); + + if (verbose && log) { + fprintf(log, "Sealed message token:\n"); + print_token(&xmit_buf); + } + + maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, + &conf_state, (gss_qop_t *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("unsealing message", maj_stat, min_stat); + return(-1); + } else if (! conf_state) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + + (void) gss_release_buffer(&min_stat, &xmit_buf); + + fprintf(log, "Received message: "); + cp = msg_buf.value; + if (isprint(cp[0]) && isprint(cp[1])) + fprintf(log, "\"%s\"\n", cp); + else { + printf("\n"); + print_token(&msg_buf); + } + + /* Produce a signature block for the message */ + maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, + &msg_buf, &xmit_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("signing message", maj_stat, min_stat); + return(-1); + } + + (void) gss_release_buffer(&min_stat, &msg_buf); + + /* Send the signature block to the client */ + if (send_token(s, &xmit_buf) < 0) + return(-1); + + (void) gss_release_buffer(&min_stat, &xmit_buf); + + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + return(-1); + } + + fflush(log); + + return(0); +} + +int +main(argc, argv) + int argc; + char **argv; +{ + char *service_name; + gss_cred_id_t server_creds; + OM_uint32 min_stat; + u_short port = 4444; + int s; + int once = 0; + int do_inetd = 0; + + log = stdout; + display_file = stdout; + argc--; argv++; + while (argc) { + if (strcmp(*argv, "-port") == 0) { + argc--; argv++; + if (!argc) usage(); + port = atoi(*argv); + } else if (strcmp(*argv, "-verbose") == 0) { + verbose = 1; + } else if (strcmp(*argv, "-once") == 0) { + once = 1; + } else if (strcmp(*argv, "-inetd") == 0) { + do_inetd = 1; + } else if (strcmp(*argv, "-logfile") == 0) { + argc--; argv++; + if (!argc) usage(); + log = fopen(*argv, "a"); + display_file = log; + if (!log) { + perror(*argv); + exit(1); + } + } else + break; + argc--; argv++; + } + if (argc != 1) + usage(); + + if ((*argv)[0] == '-') + usage(); + + service_name = *argv; + + if (server_acquire_creds(service_name, &server_creds) < 0) + return -1; + + if (do_inetd) { + close(1); + close(2); + + sign_server(0, server_creds); + close(0); + } else { + int stmp; + + if (stmp = create_socket(port)) { + do { + /* Accept a TCP connection */ + if ((s = accept(stmp, NULL, 0)) < 0) { + perror("accepting connection"); + } else { + /* this return value is not checked, because there's + not really anything to do if it fails */ + sign_server(s, server_creds); + } + } while (!once); + } + + close(stmp); + } + + (void) gss_release_cred(&min_stat, &server_creds); + + /*NOTREACHED*/ + (void) close(s); + return 0; } diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 0d480b2c6..d73bf4c69 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,8 @@ +Wed Jul 10 16:40:19 1996 Marc Horowitz <marc@mit.edu> + + * cmdtab.c (cmdtab[]), cmds.c (delete_file): rename delete() to + delete_file() to avoid conflict with the dbm delete() function + Thu Mar 28 21:07:40 1996 Ken Raeburn <raeburn@cygnus.com> * cmds.c (setpeer): Define unix for HP-UX. @@ -13,7 +18,7 @@ Thu Mar 28 19:26:53 1996 Marc Horowitz <marc@mit.edu> Mon Mar 18 12:12:44 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * secure.c, ftp.c, ftp_var.h: Define STDARG if HAVE_STDARG_H is - defined (in addition to the other tests) + defined (in addition to the other tests) * configure.in: Add AC_HEADER_STDARG diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c index 396f317dd..d0dc5dda6 100644 --- a/src/appl/gssftp/ftp/cmds.c +++ b/src/appl/gssftp/ftp/cmds.c @@ -1243,7 +1243,7 @@ lcd(argc, argv) /* * Delete a single file. */ -delete(argc, argv) +delete_file(argc, argv) int argc; char *argv[]; { diff --git a/src/appl/gssftp/ftp/cmdtab.c b/src/appl/gssftp/ftp/cmdtab.c index 39d171d84..f20660cac 100644 --- a/src/appl/gssftp/ftp/cmdtab.c +++ b/src/appl/gssftp/ftp/cmdtab.c @@ -50,7 +50,7 @@ int setlevel(), setclear(), setsafe(); int setprivate(); #endif int disconnect(), restart(), reget(), syst(); -int cd(), lcd(), delete(), mdelete(), user(); +int cd(), lcd(), delete_file(), mdelete(), user(); int ls(), mls(), get(), mget(), help(), append(), put(), mput(); int quit(), renamefile(), status(); int quote(), rmthelp(), shell(), site(); @@ -154,7 +154,7 @@ struct cmd cmdtab[] = { { "clear", clearhelp, 0, 1, 1, setclear }, { "close", disconhelp, 0, 1, 1, disconnect }, { "cr", crhelp, 0, 0, 0, setcr }, - { "delete", deletehelp, 0, 1, 1, delete }, + { "delete", deletehelp, 0, 1, 1, delete_file }, { "debug", debughelp, 0, 0, 0, setdebug }, { "dir", dirhelp, 1, 1, 1, ls }, { "disconnect", disconhelp, 0, 1, 1, disconnect }, diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 798b51dbd..3f04d2cee 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,10 @@ +Wed Jul 10 16:38:01 1996 Marc Horowitz <marc@mit.edu> + + * ftpd.c (store), ftpcmd.y (STOR, APPE, STOU): rename store() to + store_file() to avoid conflict with dbm store() function + * ftpd.c (delete), ftpcmd.y (DELE): rename delete() to + delete_file() to avoid conflict with the dbm delete() function + Thu Jun 13 18:35:19 1996 Kevin L Mitchell <klmitch@mit.edu> * ftpd.c (authdata): misplaced braces caused server to not be able to diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index c891ab913..c014f35b2 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -338,14 +338,14 @@ cmd: USER SP username CRLF | STOR check_login SP pathname CRLF = { if ($2 && $4 != NULL) - store((char *) $4, "w", 0); + store_file((char *) $4, "w", 0); if ($4 != NULL) free((char *) $4); } | APPE check_login SP pathname CRLF = { if ($2 && $4 != NULL) - store((char *) $4, "a", 0); + store_file((char *) $4, "a", 0); if ($4 != NULL) free((char *) $4); } @@ -387,7 +387,7 @@ cmd: USER SP username CRLF | DELE check_login SP pathname CRLF = { if ($2 && $4 != NULL) - delete((char *) $4); + delete_file((char *) $4); if ($4 != NULL) free((char *) $4); } @@ -535,7 +535,7 @@ cmd: USER SP username CRLF | STOU check_login SP pathname CRLF = { if ($2 && $4 != NULL) - store((char *) $4, "w", 1); + store_file((char *) $4, "w", 1); if ($4 != NULL) free((char *) $4); } diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index c260325f3..0d7044271 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -923,7 +923,7 @@ done: (*closefunc)(fin); } -store(name, mode, unique) +store_file(name, mode, unique) char *name, *mode; int unique; { @@ -1549,7 +1549,7 @@ yyerror(s) reply(500, "'%s': command not understood.", cbuf); } -delete(name) +delete_file(name) char *name; { struct stat st; diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index 1c131f1ae..7da90002f 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,16 @@ +Tue Jul 9 14:59:19 1996 Marc Horowitz <marc@mit.edu> + + * Makefile.in (LOCALINCLUDES): use @KRB4_INCLUDES@ instead of an + explicit path to the in-tree krb4 headers + +Mon Jul 8 01:33:30 1996 Marc Horowitz <marc@mit.edu> + + * enc-proto.h (des_new_random_key, des_set_random_generator_seed, + des_key_sched, des_ecb_encrypt, des_string_to_key): removed these + declarations. these are kerberos/des symbols, and should not be + declared here. Two of these symbols (des_key_sched and + des_ecb_encrypt) conflict with CNS. + Fri Jun 14 19:09:48 1996 Sam Hartman <hartmans@mit.edu> * configure.in * Makefile.in (LOCALINCLUDES): Don't include KerberosIV; use whatever is appropriate for the withval @@ -15,7 +28,7 @@ Sat Apr 27 16:09:54 1996 Richard Basch <basch@lehman.com> Fri Apr 12 23:36:01 1996 Richard Basch <basch@lehman.com> * forward.c (rd_and_store_for_creds): Consistency with the - krlogind forwarded credentials cache naming scheme - krb5cc_p<pid> + krlogind forwarded credentials cache naming scheme - krb5cc_p<pid> Thu Apr 11 21:45:21 1996 Richard Basch <basch@lehman.com> diff --git a/src/appl/telnet/libtelnet/Makefile.in b/src/appl/telnet/libtelnet/Makefile.in index 02d4e757b..d3e9eb5a6 100644 --- a/src/appl/telnet/libtelnet/Makefile.in +++ b/src/appl/telnet/libtelnet/Makefile.in @@ -21,7 +21,7 @@ # AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -DKRB5 -DFORWARD \ -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN -LOCALINCLUDES=-I.. -I$(srcdir)/.. +LOCALINCLUDES=-I.. -I$(srcdir)/.. @KRB4_INCLUDES@ CFLAGS = $(CCOPTS) $(AUTH_DEF) $(DEFS) $(LOCALINCLUDES) LIBOBJS=@LIBOBJS@ diff --git a/src/appl/telnet/libtelnet/enc-proto.h b/src/appl/telnet/libtelnet/enc-proto.h index 996a4f5d0..48f91430f 100644 --- a/src/appl/telnet/libtelnet/enc-proto.h +++ b/src/appl/telnet/libtelnet/enc-proto.h @@ -117,10 +117,4 @@ int ofb64_reply P((unsigned char *, int)); void ofb64_session P((Session_Key *, int)); int ofb64_keyid P((int, unsigned char *, int *)); void ofb64_printsub P((unsigned char *, int, unsigned char *, int)); - -int des_new_random_key P((Block)); -void des_set_random_generator_seed P((Block)); -void des_key_sched P((Block, Schedule)); -void des_ecb_encrypt P((Block, Block, Schedule, int)); -int des_string_to_key P((char *, Block)); #endif /* ENCRYPTION */ |