summaryrefslogtreecommitdiffstats
path: root/src/appl/bsd/krshd.c
Commit message (Collapse)AuthorAgeFilesLines
* Unbundle applications into separate repositoryGreg Hudson2009-11-221-2047/+0
| | | | | | | | | | | | | | | Remove libpty, gssftp, telnet, and the bsd applications from the source tree, build system, and tests. Docs still need to be updated to remove mentions of the applications. The build system should be simplified now that we're down to one configure script and don't need some of the functionality currently in aclocal.m4. ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23305 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-105/+105
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Fix krshd and krlogind to use krb5_c_verify_checksumTom Yu2009-04-021-10/+14
| | | | | | ticket: 1624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22159 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-021-2/+2
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb4 support in the applications. login's ability to run aklogGreg Hudson2008-12-151-156/+136
| | | | | | | | | | | | has been preserved and made unconditional on krb4 support, since aklog can now do krb5 auth. The config variable is now named krb_run_aklog (as it was sometimes documented), not krb4_run_aklog as it previously was. ticket: 6303 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21450 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of sprintf to snprintf or asprintfGreg Hudson2008-12-011-21/+16
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21258 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of strcpy/strcat (and sometimes sprintf) to acceptedGreg Hudson2008-11-051-24/+13
| | | | | | | | | string-handling functions. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21001 dc483132-0cff-0310-8789-dd5450dbe970
* Use strlcpy instead of strcpy in many placesGreg Hudson2008-10-241-2/+2
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdup in place of malloc/strcpy in many placesGreg Hudson2008-10-201-2/+1
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
* Remove varargs.h paths, always use stdarg.hKen Raeburn2007-01-201-5/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19088 dc483132-0cff-0310-8789-dd5450dbe970
* Include k5-int.h instead of krb5.h when 'private' functions are neededKen Raeburn2007-01-201-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19080 dc483132-0cff-0310-8789-dd5450dbe970
* Fix logic bug in string allocationKen Raeburn2006-10-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18704 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilitiesTom Yu2006-08-081-2/+8
| | | | | | | | | | | | | | | | | | | * src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive): * src/appl/bsd/v4rcp.c (main): * src/appl/bsd/krcp.c (main): * src/appl/bsd/krshd.c (doit): * src/appl/bsd/login.c (main): * src/clients/ksu/main.c (sweep_up): * src/lib/krb4/kuserok.c (kuserok): Check return values from setuid() and related functions to avoid privilege escalation vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083, VU#580124, CVE-2006-3084, VU#401660] ticket: new target_version: 1.5.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970
* Pass in the correct value for the first argument of select (one largerRuss Allbery2006-06-191-1/+25
| | | | | | | | | | | | | | than the largest file number in the select set) rather than some multiple of sizeof some struct. The latter is large enough accidentally work, but breaks on AIX. Map IPv4-mapped IPv6 addresses back to IPv4 in krshd for the purposes of connecting back to the remote system on AIX, since on AIX getnameinfo returns such addresses but connect won't accept them. Ticket: 3122 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18166 dc483132-0cff-0310-8789-dd5450dbe970
* * krlogind.c (doit): Change 0 to (char*)NULL in execl* calls. Patch providedKen Raeburn2005-04-061-2/+2
| | | | | | | | | | | by Michael Calmer. * krshd.c (doit): Likewise. * login.c (main): Likewise. ticket: 3000 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17165 dc483132-0cff-0310-8789-dd5450dbe970
* krshd hangs in linux nightly testingKen Raeburn2003-08-291-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A typical stack trace: #0 0xffffe002 in ?? () #1 0x420da75f in syslog () from /lib/tls/libc.so.6 #2 0x0804ad06 in cleanup (signumber=15) at krshd.c:567 #3 <signal handler called> #4 0xffffe000 in ?? () #5 0x4202774e in sigaction () from /lib/tls/libc.so.6 #6 0x0804ac82 in cleanup (signumber=1) at krshd.c:548 #7 <signal handler called> #8 0xffffe002 in ?? () #9 0x4202774e in sigaction () from /lib/tls/libc.so.6 #10 0x420daa21 in vsyslog () from /lib/tls/libc.so.6 #11 0x420da75f in syslog () from /lib/tls/libc.so.6 #12 0x0804b670 in doit (f=3, fromp=0xbfffda50) at krshd.c:1313 #13 0x0804ab87 in main (argc=11, argv=0xbfffdb34) at krshd.c:459 #14 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6 Yes, we're calling syslog from inside a signal handler. Yes, this is bad. And from some poking about that I did earlier, it appears that there's some locking code in vsyslog which may be deadlocking in the nested call. And this usually seems to happen when logging the "shell process completed" message. This is a quick patch to switch off the signal handlers before logging that message. I suspect the breakage happens earlier, though, so this might not fix the bug, just maybe move it around a little. * krshd.c (ignore_signals): Split out from cleanup(). (doit): Call it when the shell process has completed, before calling syslog. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15800 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-101-2/+2
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* * krshd.c (main): Use LOG_AUTH syslog facility, not LOG_DAEMON, for consistencyKen Raeburn2003-04-081-3/+3
| | | | | | | | | | | with krlogind.c. ticket: 844 status: open target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15325 dc483132-0cff-0310-8789-dd5450dbe970
* Add IPv6 support to rshd test/debug code:Ken Raeburn2003-01-011-46/+16
| | | | | | | | | | | | | | | | * compat_recv.c: Include sys/select.h and port-sockets.h. (krb5_compat_recvauth_version): Only attempt krb4 authentication if the source address is an IPv4 one. (accept_a_connection): New function, derived from old krshd.c. Listen on IPv6 as well as IPv4, if possible. * krshd.c (main): Call accept_a_connection. Change fromlen to a socklen_t. (doit): Initialize s. Change length passed to getsockname to a socklen_t. (recvauth): Change len to socklen_t. Cast peer IPv4 address before calling krb5_compat_recvauth_version. * defines.h: Include port-sockets.h. (accept_a_connection): Declare. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15075 dc483132-0cff-0310-8789-dd5450dbe970
* enable ipv6 rsh connectionsKen Raeburn2002-06-251-78/+110
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14580 dc483132-0cff-0310-8789-dd5450dbe970
* back out some changes that weren't readyKen Raeburn2002-06-251-59/+45
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14576 dc483132-0cff-0310-8789-dd5450dbe970
* Move compat_recv.c from krb5util library. Move some duplicated code intoKen Raeburn2002-06-251-84/+59
| | | | | | kcmd.c. Use getnameinfo and sockaddr_storage more. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14572 dc483132-0cff-0310-8789-dd5450dbe970
* revert accidental checkin of unfinished changesKen Raeburn2002-03-081-10/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14257 dc483132-0cff-0310-8789-dd5450dbe970
* (kcmd_connect): copy out correct remote address to callerKen Raeburn2002-03-081-13/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14256 dc483132-0cff-0310-8789-dd5450dbe970
* Change krb5 kcmd to use getaddrinfo, and add some hooks for future ipv6Ken Raeburn2002-02-111-1/+2
| | | | | | | | | | | | | | | | | support. * defines.h: Include fake-addrinfo.h. (FAI_PREFIX): Define. (getport): Update. * kcmd.c: Include fake-addrinfo.c. (kcmd): Use getaddrinfo instead of gethostbyname, but only get AF_INET addresses for now. (k4cmd): Update argument list to getport. (getport): Accept new argument, pointer to address family to use. If zero, try inet6 and then inet. * krshd.c (doit): Update argument list to getport. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14140 dc483132-0cff-0310-8789-dd5450dbe970
* * krcp.c, krlogin.c, krlogind.c, krsh.c, krshd.c, login.c,Ezra Peisach2001-12-061-4/+4
| | | | | | | | | | | | | | setenv.c, v4rcp.c: Signed v.s unsigned int cleanup. * defines.h: rcmd_stream_{read,write} take size_t as length argument. * kcmd.c: Use GETSOCKNAME_ARG3_TYPE instead of assuming int. input and output handler take size_t as length argument instead of int. Other signed vs. unsigned fixes. * configure.in: Add KRB5_GETSOCKNAME_ARGS. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14050 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: Link krshd with KRSHDLIBS instead of LOGINLIBSEzra Peisach2001-07-061-10/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.in: Creare a new variable KRSHDLIBS which differs from LOGINLIBS by not including libkrb524.a. Test for getenv. * krcp.c: Prototype lostconn(). * krlogind.c: Provide prototype for signal handler cleanup. Implied need to add extra argument to function - ensure consistant calling. * krsh.c: Provide prototype for signal handler sendsig. * krshd.c: Rewrite error() to use stdargs/varargs. (doit): When creating a tty name using getpid. Ensure that does not overflow tty string buffer. * login.c: Provide prototype for signal handler timedout. * setenv.c: Do not define getenv() unless needed. * v4rcp.c: Rewrite error() to use stdargs/varargs. Add signal number argument to lostconn(), include prototype, and ensure called consistantly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13567 dc483132-0cff-0310-8789-dd5450dbe970
* * login.c: Much cleanup to reduce globals and shadowingEzra Peisach2001-06-221-18/+18
| | | | | | | | | | | * krlogind.c (main): Change sin to sock_in. * krshd.c: Change sin to sock_in to not shadow global. Change some local variables to not shadow others. 2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13487 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in (SETENVOBJ): If setenv is not present on system,Ezra Peisach2001-06-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | define NEED_SETENV as well as linking in local sources. * defines.h: Include prototype for setenv() if NEED_SETENV defined. * krlogin.c (prf): Declare as void. Used only with one argument - get rid of pseudo-varargs behaviour. * krlogind.c (recvauth): Include k5-util.h for krb5_compat_recvauth_version() prototype. Declare sendoob() void. * krshd.c: Include k5-util.h for krb5_compat_recvauth_version() prototype. * login.c: Include setenv prototype if NEED_SETENV defined. Cast arguments to printf to match format string. * v4rcp.c (source): Cast argument to sprintf() to match format string. * krcp.c (rsource): Likewise. * forward.c (rd_and_store_for_creds): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13334 dc483132-0cff-0310-8789-dd5450dbe970
* * krshd.c: Include <grp.h>, <libpty.h>, and <sys/wait.h> forEzra Peisach2001-06-111-3/+4
| | | | | | | | | | initgroups(), pty_logwtmp()/pty_make_sane_hostname(), and wait() prototypes. For local initgroups definition, conditionalize on HAVE_INITGROUPS and not __SCO__. * krcp.c: Include <sys/wait.h> for wait()/waitpid() prototype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13321 dc483132-0cff-0310-8789-dd5450dbe970
* * login.c: Add braces around initializers. Cleanup assignments inEzra Peisach2001-06-011-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | | conditionals. Include krb524.h if KRB4_CONVERT defined. * krlogind.c (main): Cleanup unused variables. (protocol): Cleanup ambiguous if-if-else warning. * krshd.c (main): Cleanup unused variables. * krlogin.c (setsignal): Declare as void. (server_message): Cleanup unused variables. * setenv.c (setenv): Declare as returning int and clean up assignments in conditionals. * kcmd.c (kcmd, rcmd_stream_init_krb5, v5_des_read): Clean up unused variables and assignments in conditionals. * forward.c (rd_and_store_for_creds): Likewise. * krcp.c (rsource): Likewise. * v4rcp.c (answer_auth): Likewise. * krsh.c (main): Declare as retuning int. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13257 dc483132-0cff-0310-8789-dd5450dbe970
* * defines.h: Add prototypes for rcmd_stream_init_normal(),Ezra Peisach2001-03-121-23/+31
| | | | | | | | | | | | | | rcmd_stream_init_krb4(), strsave() and rd_and_store_for_creds() * Makefile.in: Add dependency of forward.o on defines.h * forward.c: Include defines.h for prototypes. * kcmd.c, krcp.c, krlogin.c, krlogind.c, krsh.c: Provide full prototype for local functions and move include of kerberosIV/krb.h before defines.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13077 dc483132-0cff-0310-8789-dd5450dbe970
* * krshd.c: Get path for NOLOGIN file from paths.h if present,Tom Yu2001-01-261-1/+11
| | | | | | | mirroring logic in login.c. [patch from David MacKenzie krb5-appl/913] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12952 dc483132-0cff-0310-8789-dd5450dbe970
* make pty_make_sane_hostname take sockaddr* arg instead of sockaddr_in*Ken Raeburn2000-12-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12883 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (DEFINES): Define HEIMDAL_FRIENDLY.Ken Raeburn2000-09-091-1/+6
| | | | | | | | * krlogind.c (recvauth): Don't complain about a subkey sent for KCMDV0.1 if HEIMDAL_FRIENDLY is defined, just quietly ignore it. * krshd.c (recvauth): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12646 dc483132-0cff-0310-8789-dd5450dbe970
* 1.2-beta4 pullupKen Raeburn2000-06-301-24/+47
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12470 dc483132-0cff-0310-8789-dd5450dbe970
* from 1.1 branch:Ken Raeburn1999-09-011-0/+2
| | | | | | | | | | | | | | | | * krlogin.c (main): Error out if -D isn't followed by another argument. Based on patch from Brad Thompson. * krshd.c (v4_kdata, v4_ticket): Don't define if KRB5_KRB4_COMPAT is not defined. Patch from Brad Thompson. * kcmd.c (kcmd): If krb5_get_credentials returns a nonzero error code, print an error message before returning. * krlogin.c (main): If ospeed is outside of compiled-in table index range but not high enough to be a baud rate, use the highest rate in the table. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11777 dc483132-0cff-0310-8789-dd5450dbe970
* Patches from Brad Thompson for building without krb4 compatibilityKen Raeburn1999-08-021-3/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11612 dc483132-0cff-0310-8789-dd5450dbe970
* * kshd.M: Resync manpageTom Yu1999-03-091-36/+80
| | | | | | * krshd.c: Rework hostname logging. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11247 dc483132-0cff-0310-8789-dd5450dbe970
* * login.c (main): Call setluid()Tom Yu1999-01-211-0/+7
| | | | | | | | | * krshd.c (doit): Call setluid(). * configure.in: Check for setluid() rather than main() in libsecurity. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11111 dc483132-0cff-0310-8789-dd5450dbe970
* Temporary patch for krb5-appl/678; avoid data from stdout being mixed to stderrSam Hartman1998-12-271-4/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11095 dc483132-0cff-0310-8789-dd5450dbe970
* krshd.c (doit): Apply ghudson's patch so that rshd passes the portTheodore Tso1998-10-081-2/+12
| | | | | | | | | | | | numbers for the local and foreign addresses so that the V4 encrypted RCP will work correctly. [krb5-appl/638] v4rcp.c (answer_auth): Apply ghudson's patch so that if KRB5LOCALPORT and KRB5REMOTEPORT are set, use them to set the foreign and local ports so that encrypted rcp for the same machine. [krb5-appl/638] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10971 dc483132-0cff-0310-8789-dd5450dbe970
* POSIX states that getopt returns -1 when it is done parsing options,Theodore Tso1998-05-061-1/+1
| | | | | | not EOF. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10547 dc483132-0cff-0310-8789-dd5450dbe970
* * kcmd.c: Integrate ghudson's changes for client-side krb4Tom Yu1998-02-241-158/+19
| | | | | | | | | | | | | | | | | | | | | compatibility. [krb5-appl/483] * krcp.c: Integrate ghudson's changes for client-side krb4 compatibility. [krb5-appl/483] * krlogin.c: Integrate ghudson's changes for client-side krb4 compatibility. [krb5-appl/483] * krlogind.c: Integrate ghudson's changes for client-side krb4 compatibility. [krb5-appl/483] * krsh.c: Integrate ghudson's changes for client-side krb4 compatibility. [krb5-appl/483] * krshd.c: Integrate ghudson's changes for client-side krb4 compatibility. [krb5-appl/483] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10472 dc483132-0cff-0310-8789-dd5450dbe970
* * krlogind.c:Tom Yu1997-12-121-2/+8
| | | | | | | | | | * krshd.c: * login.c: * v4rcp.c: Don't include netdb.h or sys/socket.h if krb.h is included; this works around an Ultrix bug where those headers aren't protected against multiple inclusion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10331 dc483132-0cff-0310-8789-dd5450dbe970
* * krshd.c: Don't set checksum_ignored to 1 if checksum_required isTom Yu1997-11-181-4/+1
| | | | | | | 0; also, if a krb5 client passes in a checksum, check it regardless of whether checksum_required is true. [krb5-appl/500] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10286 dc483132-0cff-0310-8789-dd5450dbe970
* * forward.c (rd_and_store_for_creds): Don't do the chown. AvoidsTom Yu1997-11-131-1/+16
| | | | | | | | | a security hole. [krb5-appl/494] * krshd.c (recvauth): chown the ccache explicitly, as rd_and_store_for_creds no longer does so. [krb5-appl/494] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10277 dc483132-0cff-0310-8789-dd5450dbe970
* krshd should not require a user to have a valid home directory. [krb5-appl/167]Sam Hartman1997-02-281-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9986 dc483132-0cff-0310-8789-dd5450dbe970
* kcmd.c (getport): Let the OS pick the best port rather than scanning.Richard Basch1997-02-191-5/+3
| | | | | | | | | | | krlogin.c: Fixed 8bit flow control (Solaris) krlogind.c: Whitespace cleanup krshd.c: No need to set lport before calling getport(&lport) Also, changed all occurrences of krb5_xfree to use something else. [kcmd.c still needs one free() fixed when a routine exists to replace the realm component] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9908 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_xfree from the public interfaceRichard Basch1997-02-181-1/+1
| | | | | | | Implement krb5_free_data & krb5_free_data_contents to cleanup krb5_data structures and data contents allocated by the krb5 library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9904 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-02-08 23:13:57 +0000