[4238] in SIPB bug reports
discuss without kerberos
daemon@ATHENA.MIT.EDU (ejb@ERA.COM)
Thu Nov 11 12:26:03 1993
Date: Thu, 11 Nov 93 12:18:21 -0500
From: ejb@ERA.COM
To: bug-discuss@MIT.EDU
Cc: bug-sipb@MIT.EDU
Cc: ejb@ERA.COM
I have managed to get discuss working without kerberos. I am
including patches here. Most of my patches are to Imakefiles.
I have also included the site.def that I have used. Although
you probably won't want to include this in your distribution,
there are some changes that I made to the "don't edit below
here" part that are relevant. Particularly, some constants
didn't have sensible values if UseKerberos wasn't defined.
Also, there was no definition for DSLIBDIR which was used in the
libds Imakefile. (The result was that the discuss libraries
would be installed in / instead of wherever they should be
installed...)
One file included in my patch was just modified to define setenv
in terms of putenv if the HasPutenv was defined in the
<host>.def file in config. Rather than including the setenv
function in that file, it would be better to have it as a
separate file that is linked in as needed much as is done in the
kerberos sources and many others as well. My site.def does not
define BuildUtils since I already have ss and com_err installed
here...
This is just another step to getting ERA to look more like
Athena. :-) If I have time, I may try to build discuss for
Solaris 2 and IRIX 4.0.5H as well as SunOS 4.1.3. These are
both System V systems, so I expect to have to make further
modifications.
Note that my patches are in the form of unified diffs. If your
patch program can't handle them, it's time to upgrade to a newer
version of patch. :-)
In case you're interested, the problem with discuss without
kerberos was that the server was ignoring the KRB_TICKET message
sent by the client. I changed the server side to accept
KRB_TICKET as a string containing user@REALM if KERBEROS is not
defined and changed the client side to send this instead of a
zero-length authenticator or nothing at all. This provides a
reasonable compromise in an environment without kerberos.
Although it is easily spoofable, users who are trying to use the
system to get work done and don't care to have all anonymous
postings can at least do so. The patches are really pretty
straight forward since most of the work of porting to a
non-kerberos environment had already been done.
Please acknowledge the receipt of these patches so I know I'm
not contributing work to the bit bucket. :-)
Jay Berkenbilt (ejb@ERA.COM)
Engineering Research Associates
Formerly qjb@MIT.EDU
--- ./source/client/Imakefile.odist Thu Jan 2 23:36:34 1992
+++ ./source/client/Imakefile Wed Nov 10 10:24:07 1993
@@ -11,7 +11,7 @@
LSRCS= $(SRCS) ../lib/llib-lcom_err.ln llib-lss.ln ../server/acl.c \
../libds/llib-lds.ln
-LIBS = ../server/acl.o -ldsk -lkrb -ldes -lusp -lss -lcom_err
+LIBS = ../server/acl.o -ldsk $(RKBLIB) $(DESLIB) -lusp -lss -lcom_err
DEPLIBS = ../server/acl.o ../libds/libdsk.a ../ets/dsc_et.o ../usp/libusp.a
/* -I../utils is a hack to find ss/ stuff */
--- ./source/config/site.def.odist Sat Feb 1 16:17:22 1992
+++ ./source/config/site.def Wed Nov 10 11:26:49 1993
@@ -18,7 +18,7 @@
/* Uncomment this line if you want to build local copies of the */
/* utilities makedepend, com_err (compile_et), and ss. */
-#define BuildUtils
+/* #define BuildUtils */
/*
* The next three macros define the directories that utility files
@@ -33,9 +33,9 @@
* You should only have to change these if are not building local
* copies and the binaries happen to be in separate directories.
*/
-#define DependCmd $(UTILBINDIR)/makedepend
-#define CompileEtCmd $(UTILBINDIR)/compile_et
-#define MkCmdsCmd $(UTILBINDIR)/mk_cmds
+#define DependCmd makedepend
+#define CompileEtCmd compile_et
+#define MkCmdsCmd mk_cmds
/* ####################################################################### */
@@ -44,10 +44,10 @@
* defined, be sure to define PanssCcOpts and PanssLdOpts so the
* compiler and linker can find the header files and libraries.
*/
-#define UseKerberos
+/* #define UseKerberos */
#define UseZephyr
-#define PanssCcOpts -I/usr/athena/include
-#define PanssLdOpts -L/usr/athena/lib
+#define PanssCcOpts -I/usr/local/include
+#define PanssLdOpts -L/usr/local/lib
/* ####################################################################### */
@@ -104,18 +104,19 @@
*/
-#define DestDir /usr/athena/bin
-#define ServerDir /usr/athena/etc
+#define DestDir /usr/local/bin
+#define LibDir /usr/local/lib
+#define ServerDir /usr/local/lib/discuss
#define Server $(DS_SERVERDIR)/disserve
-#define Realm ATHENA.MIT.EDU
-#define InfoDir /usr/athena/lib/discuss/info
-#define InfoDirParent /usr/athena/lib/discuss
+#define Realm ERA.COM
+#define InfoDir /usr/local/lib/discuss/info
+#define InfoDirParent /usr/local/lib/discuss
#define ServiceName discuss
#define ServerLocal disserve-fs
#define ServerName disserve
-#define DsPipe /usr/athena/etc/dspipe
+#define DsPipe /usr/local/lib/discuss/dspipe
#define DscSetup dsc_setup
-#define DsMainServer CHARON.MIT.EDU
+#define DsMainServer ERA.ERA.COM
/* ####################################################################### */
@@ -126,6 +127,10 @@
#define KrbDef -DKERBEROS
#define KrbLib -lkrb
#define DesLib -ldes
+#else
+#define KrbDef /**/
+#define KrbLib /**/
+#define DesLib /**/
#endif
#ifdef UseZephyr
#define ZephyrDef -DZEPHYR
@@ -175,6 +180,7 @@
#endif
DESTDIR = DestDir
+DSLIBDIR = LibDir
DS_SERVERDIR = ServerDir
DS_SERVER = Server
DS_SERVERLOCAL = ServerLocal
--- ./source/dsgrep/Imakefile.odist Thu Jul 25 23:39:59 1991
+++ ./source/dsgrep/Imakefile Wed Nov 10 11:07:10 1993
@@ -1,11 +1,15 @@
SRCS = dsgrep.c regerror.c
OBJS = dsgrep.o regerror.o
-LIBS = -ldsk -lkrb -ldes -lusp -lcom_err
+LIBS = -ldsk $(RKBLIB) $(DESLIB) -lusp -lcom_err
DEPLIBS = $(COMERRDEP) ../usp/libusp.a $(DSKDEPLIB)
INCLUDES= -I./regexp
LDFLAGS = -L../libds -L../usp -L$(UTILLIBDIR)
+
+#ifdef HasPutenv
+CCOPTIONS = -DNEED_SETENV
+#endif
all: libregexp dsgrep
--- ./source/dsgrep/dsgrep.c.odist Sat Jul 6 17:35:09 1991
+++ ./source/dsgrep/dsgrep.c Wed Nov 10 11:06:13 1993
@@ -47,6 +47,34 @@
int bsize;
char *buffer;
+#ifdef NEED_SETENV
+/* We need to write our own setenv in terms of putenv */
+#ifdef __STDC__
+int setenv(char *name, char *value, int flag)
+#else
+int setenv(name, value, flag)
+ char *name;
+ char *value;
+ int flag;
+#endif /* __STDC__ */
+{
+ int len;
+ char *envstring;
+ extern char *malloc();
+
+ len = strlen(name) + strlen(value) + strlen("=") + 1;
+ if ((envstring = malloc(len)) == NULL)
+ return (-1);
+ else {
+ memchr(envstring, '\0', len);
+ strcpy(envstring, name);
+ strcat(envstring, "=");
+ strcat(envstring, value);
+ return (putenv(envstring));
+ }
+}
+#endif /* NEED_SETENV */
+
main(argc,argv)
int argc;
char *argv[];
--- ./source/libds/Imakefile.odist Wed Sep 18 00:31:59 1991
+++ ./source/libds/Imakefile Thu Nov 11 11:32:35 1993
@@ -5,16 +5,21 @@
/* -I../utils is a hack to find ss/ss.h, etc */
INCLUDES= -I$(UTILINCDIR) -I../ets -I../utils
+#ifdef UseKerberos
+AUTH_KRBC = auth_krb.c
+AUTH_KRBO = auth_krb.o
+#endif
+
SRCS = tfile.c tunix.c tnet.c stubs.c dsname.c interface.c \
rpcall.c conv_mgr.c host.c announce.c res_module.c \
- auth_krb.c dsc_enter.c auth_dum.c tmem.c edit.c
+ $(AUTH_KRBC) dsc_enter.c auth_dum.c tmem.c edit.c
# Object files common to libds and libdsk
COMOBJS = tfile.o tunix.o tnet.o stubs.o dsname.o interface.o rpcall.o \
conv_mgr.o host.o announce.o dsc_enter.o tmem.o edit.o
# Object files specific to libds or libdsk
-DSKOBJS = res_module.k.o auth_krb.o $(KRBET)
+DSKOBJS = res_module.k.o $(AUTH_KRBO) $(KRBET)
DSOBJS = res_module.nk.o auth_dum.o
ETS = $(ETDIR)/rpc_et.o $(ETDIR)/usp_et.o $(ETDIR)/dsc_et.o
@@ -44,13 +49,13 @@
#ifdef BuildProfiledLibraries
res_module.k.o: res_module.c
rm -f res_module.k.o res_module.o profiled/res_module.k.o
- $(CC) $(CFLAGS) -DKERBEROS -c -pg res_module.c
+ $(CC) $(CFLAGS) $(KRBDEF) -c -pg res_module.c
mv res_module.o profiled/res_module.k.o
- $(CC) $(CFLAGS) -DKERBEROS -c res_module.c
+ $(CC) $(CFLAGS) $(KRBDEF) -c res_module.c
mv res_module.o res_module.k.o
#else
res_module.k.o: res_module.c
- $(CC) $(CFLAGS) -DKERBEROS -c res_module.c
+ $(CC) $(CFLAGS) $(KRBDEF) -c res_module.c
mv res_module.o res_module.k.o
#endif
--- ./source/libds/rpcall.c.odist Tue Nov 28 15:19:27 1989
+++ ./source/libds/rpcall.c Thu Nov 11 11:25:08 1993
@@ -65,6 +65,7 @@
#include <netinet/in.h>
#include <netdb.h>
#include <fcntl.h>
+#include <pwd.h>
#include <discuss/tfile.h>
#include "rpc.h"
#include "config.h"
@@ -267,6 +268,9 @@
struct hostent *hp;
int authl;
register int i, s = -1;
+#ifndef KERBEROS
+ char *user_id = NULL;
+#endif
char *server_name,*authp;
struct sockaddr_in address;
@@ -351,7 +355,30 @@
if (!us)
goto punt;
+#ifdef KERBEROS
get_authenticator(service_id, 0, &authp, &authl, code);
+#else
+ /* Just send user id. Not claiming this is secure... */
+ {
+ char *user;
+ struct passwd *user_pw = getpwuid(getuid());
+ register char *realm = local_realm();
+
+ if (user_pw == NULL) {
+ fprintf(stderr,
+ "You do not appear in /etc/passwd. Cannot continue.\n");
+ exit(1);
+ }
+ user = user_pw -> pw_name;
+ user_id = malloc((unsigned)(strlen(user)+strlen(realm)+2));
+ strcpy(user_id, user);
+ strcat(user_id, "@");
+ strcat(user_id, realm);
+ }
+ authl = strlen(user_id) + 1;
+ authp = user_id;
+ *code = 0;
+#endif
if (! *code) {
USP_begin_block(us,KRB_TICKET);
sendshort(authl);
@@ -364,6 +391,10 @@
sendshort(0);
USP_end_block(us);
}
+#ifndef KERBEROS
+ if (user_id)
+ free(user_id);
+#endif
return(conv);
punt:
if (s >= 0) close(s);
--- ./source/server/Imakefile.odist Tue Aug 13 22:08:10 1991
+++ ./source/server/Imakefile Wed Nov 10 10:13:01 1993
@@ -35,7 +35,7 @@
# I could make a macro for this, but it probably isn't necessary.
rpproc.k.o: rpproc.c
rm -f rpproc.k.o rpproc.o
- ${CC} $(CFLAGS) -DINETD -DKERBEROS -c rpproc.c
+ ${CC} $(CFLAGS) -DINETD $(KRBDEF) -c rpproc.c
mv rpproc.o rpproc.k.o
rpproc.nk.o: rpproc.c
@@ -45,7 +45,7 @@
rpproc.debug.o: rpproc.c
rm -f rpproc.debug.o rpproc.o
- ${CC} $(CFLAGS) -DKERBEROS -c rpproc.c
+ ${CC} $(CFLAGS) $(KRBDEF) -c rpproc.c
mv rpproc.o rpproc.debug.o
--- ./source/server/rpproc.c.odist Thu Jan 2 22:25:54 1992
+++ ./source/server/rpproc.c Thu Nov 11 11:02:33 1993
@@ -311,7 +311,36 @@
USP_end_block(us);
}
}
-#endif KERBEROS
+#else
+handle_kerberos(bt)
+ USPCardinal bt;
+{
+ int length;
+ int result;
+ int i;
+
+ strcpy (rpc_caller, "???@"); /* safety drop */
+ strcat (rpc_caller, REALM);
+
+ length = recvshort();
+ if ((length<=0) || (length>40)) {
+ result = RPC_PROTOCOL;
+ goto punt_kerberos;
+ }
+ for (i=0; i<length; i++) {
+ rpc_caller[i] = recvshort();
+ }
+ result = 0;
+
+punt_kerberos:
+ USP_flush_block(us);
+ if (bt == KRB_TICKET2) {
+ USP_begin_block(us,TICKET_REPLY);
+ USP_put_long_integer(us, i);
+ USP_end_block(us);
+ }
+}
+#endif /* KERBEROS */
/*
*
@@ -332,13 +361,15 @@
return;
}
-#ifdef KERBEROS
if (bt == KRB_TICKET || bt == KRB_TICKET2) {
+#ifdef KERBEROS
handle_kerberos(bt, serv_name, hostaddr);
+#else
+ handle_kerberos(bt);
+#endif
*code = 0;
return;
}
-#endif KERBEROS
procno = bt - PROC_BASE;
