[6352] in Kerberos
Diffs to k55.cdiff.951031
daemon@ATHENA.MIT.EDU (Gord Matzigkeit)
Tue Dec 12 19:18:29 1995
To: kerberos@MIT.EDU
Date: 12 Dec 1995 16:19:44 -0700
From: gord@enci.ucalgary.ca (Gord Matzigkeit)
Reply-To: Gord Matzigkeit <gord@enci.ucalgary.ca>
-----BEGIN PGP SIGNED MESSAGE-----
Hi!
I'm embarrassed to say it, but I've forgotten where I found the
k55.cdiff.951031 file that I applied to my krb5.src.B5 package... I
know it was somewhere off the Web.
Anyway, I have some patches that fix some problems with the Kerberos I
have after applying that cdiff.
Most of these patches are portability patches for NetBSD/pmax 1.1, but
some of them actually fix bugs...
ChangeLog entries can be cooked up, if anybody wants them.
Hoping this helps,
- --Gord
- --
Gord Matzigkeit | Jaques Cousteau loved programming in assembler.
gord@enci.ucalgary.ca | PGP mail preferred... finger me for my key.
Keyprint: D5 66 08 E0 4D F4 D7 7B 8A C8 8A 9C 7F 39 25 A7 - ID 339ABEB9
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBMM4MeCFsfCEzmr65AQF8ywP/Thg74i4B9AdfIOU713N7XQO6n70biKyP
8zXF5ojX/GTg6Eg9r3KDCT/BsusSFsPH1rQQCj14k9q6Lh2/CxRy/M3tQiZFp7uS
B6zMdobK9XYChvBsNt8jM3eTbRePnrcgu+/m08v35+JtxHlwE+c/e5HmtQpSm+Q8
yqI4EzLt1oI=
=01C5
-----END PGP SIGNATURE-----
diff -u krb5/doc/install.texi.orig krb5/doc/install.texi
--- krb5/doc/install.texi.orig Fri May 5 11:11:49 1995
+++ krb5/doc/install.texi Fri Dec 1 12:58:22 1995
@@ -387,7 +387,8 @@
@enumerate
-@item You login to the workstation and use the @samp{kinit} command
+@item
+ You login to the workstation and use the @samp{kinit} command
to get a ticket-granting ticket.
This command prompts you for your Kerberos password. (On some systems
which have a modified @samp{/bin/login} program, this may be done as
@@ -396,11 +397,13 @@
@enumerate A
-@item The @samp{kinit} command sends your request to the Kerberos master
+@item
+ The @samp{kinit} command sends your request to the Kerberos master
server machine. The server software looks for your principal name's
entry in the Kerberos database.
-@item If this entry exists, the Kerberos server creates and returns a
+@item
+ If this entry exists, the Kerberos server creates and returns a
ticket-granting ticket and the key which allows you to use it, encrypted
by your password. If @samp{kinit} can decrypt the Kerberos reply using
the password you provide, it stores this ticket in a credentials cache
@@ -411,7 +414,8 @@
in decimal format.
@end enumerate
-@item Now you use the @samp{rlogin} client to access the machine
+@item
+ Now you use the @samp{rlogin} client to access the machine
@samp{laughter}.
@example
@@ -420,18 +424,21 @@
@enumerate A
-@item The @samp{rlogin} client checks your ticket file to see if you
+@item
+The @samp{rlogin} client checks your ticket file to see if you
have a ticket for the @samp{host} service for @samp{laughter}.
You don't, so @samp{rlogin} uses the credential cache's ticket-granting
ticket to make a request to the master server's ticket-granting service.
-@item This ticket-granting service receives the
+@item
+This ticket-granting service receives the
@samp{host/laughter.mit.edu} request and looks in the master database
for an @samp{host/laughter.mit.edu} entry. If the entry exists, the
ticket-granting service issues you a ticket for that service. That
ticket is also cached in your credentials cache.
-@item The @samp{rlogin} client now sends that ticket to
+@item
+ The @samp{rlogin} client now sends that ticket to
the @samp{laughter} @samp{rlogind} service program. The service program
checks the ticket by using its own service key. If the ticket is valid,
it now knows your identity. If the ticket is valid and you are allowed
@@ -516,9 +523,12 @@
use the following abbreviated procedure.
@enumerate
-@item @code{cd /u1/krb5/src}
-@item @code{./configure}
-@item @code{make}
+@item
+ @code{cd /u1/krb5/src}
+@item
+ @code{./configure}
+@item
+ @code{make}
@end enumerate
That's it!
@@ -536,10 +546,14 @@
you might use the following procedure:
@enumerate
-@item @code{mkdir /u1/krb5/pmax}
-@item @code{cd /u1/krb5/pmax}
-@item @code{../src/configure}
-@item @code{make}
+@item
+ @code{mkdir /u1/krb5/pmax}
+@item
+ @code{cd /u1/krb5/pmax}
+@item
+ @code{../src/configure}
+@item
+ @code{make}
@end enumerate
@node Building using lndir, , Building with Separate Build Directories, Doing the Build
@@ -554,11 +568,16 @@
you might use the following procedure:
@enumerate
-@item @code{mkdir /u1/krb5/solaris}
-@item @code{cd /u1/krb5/solaris}
-@item @code{/u1/krb5/src/util/lndir `pwd`/../src}
-@item @code{./configure}
-@item @code{make}
+@item
+ @code{mkdir /u1/krb5/solaris}
+@item
+ @code{cd /u1/krb5/solaris}
+@item
+ @code{/u1/krb5/src/util/lndir `pwd`/../src}
+@item
+ @code{./configure}
+@item
+ @code{make}
@end enumerate
You must give an absolute pathname to lndir because it has a bug that
@@ -586,11 +605,11 @@
@table @code
-@item --with-cc=COMPILER
+@item --with-cc=COMPILER
Use @code{COMPILER} as the C compiler.
-@item --with-ccopts=FLAGS
+@item --with-ccopts=FLAGS
Use @code{FLAGS} as the default set of C compiler flags.
@@ -599,13 +618,13 @@
takes an estimated 3,469 billion years to compile if you provide neither
the @samp{-g} flag nor the @samp{-O} flag to @samp{cc}.
-@item --with-cppopts=CPPOPTS
+@item --with-cppopts=CPPOPTS
Use @code{CPPOPTS} as the default set of C preprocessor flags. The most
common use of this option is to select certain @code{#define}'s for use
with the operating system's include files.
-@item --with-krb5-root=DIR
+@item --with-krb5-root=DIR
By default, Kerberos will expect its configuration files to be in
the directory @file{/krb5}. Change it with this option.
@@ -706,11 +725,14 @@
@enumerate
-@item Supply your own resolver library.
+@item
+ Supply your own resolver library.
-@item Upgrade to Solaris 2.4
+@item
+ Upgrade to Solaris 2.4
-@item Make sure your /etc/nsswitch.conf has the line:
+@item
+ Make sure your /etc/nsswitch.conf has the line:
@example
hosts: files dns
@@ -1044,11 +1066,14 @@
running Kerberos, either as a client, a KDC, or an application server:
@itemize
-@item @file{/krb5/bin/kinit} --- This program allows you to obtain
+@item
+ @file{/krb5/bin/kinit} --- This program allows you to obtain
Kerberos credentials.
-@item @file{/krb5/bin/kdestroy} --- This program allows you to destroy
+@item
+ @file{/krb5/bin/kdestroy} --- This program allows you to destroy
Kerberos credentials which are no longer needed.
-@item @file{/krb5/bin/klist} ---- This program allows you to list the
+@item
+ @file{/krb5/bin/klist} ---- This program allows you to list the
credentials found in your credentials cache.
@end itemize
@@ -1285,20 +1310,24 @@
@enumerate
-@item The user starts @samp{sclient} and provides as arguments
+@item
+ The user starts @samp{sclient} and provides as arguments
to the command the name of the server machine and an optional port on
which to contact the server.
-@item @samp{sclient} contacts the server machine and
+@item
+ @samp{sclient} contacts the server machine and
authenticates the user to @samp{sserver}.
-@item @samp{sserver} authenticates itself to @samp{sclient} (thus
+@item
+ @samp{sserver} authenticates itself to @samp{sclient} (thus
performing mutual authentication), and
then returns a message to the client program.
This message contains the name of the Kerberos principal that was used
to authenticate to @samp{sserver}.
-@item @samp{sclient} displays the server's message on the user's
+@item
+ @samp{sclient} displays the server's message on the user's
terminal screen.
@end enumerate
@@ -1317,16 +1346,21 @@
@enumerate
-@item Add the appropriate entry to the Kerberos database using @samp{kdb_edit}
+@item
+ Add the appropriate entry to the Kerberos database using @samp{kdb_edit}
-@item Create a @file{/etc/v5srvtab} file for the server machine.
+@item
+ Create a @file{/etc/v5srvtab} file for the server machine.
-@item Install the service program and the @file{/etc/v5srvtab}
+@item
+ Install the service program and the @file{/etc/v5srvtab}
file on the server machine.
-@item Install the client program on the client machine.
+@item
+ Install the client program on the client machine.
-@item Update the @file{/etc/services} file on the client and server machines.
+@item
+ Update the @file{/etc/services} file on the client and server machines.
@end enumerate
We will use the sample application as an example, although programs
@@ -1344,7 +1378,8 @@
@enumerate
-@item Login as root or @samp{su} to root on the Kerberos server machine.
+@item
+ Login as root or @samp{su} to root on the Kerberos server machine.
Use the @samp{kdb5_edit} program to create an entry for
@code{sample} in the Kerberos database:
@@ -1356,7 +1391,8 @@
(Note: @samp{add_random_key} may be abbreviated as @samp{ark}.)
-@item Use @samp{kdb5_edit} to create a @file{srvtab} file
+@item
+ Use @samp{kdb5_edit} to create a @file{srvtab} file
for @samp{sserver}'s host machine:
@example
@@ -1377,7 +1413,8 @@
clear. This file should installed such that only the root user can read
it.
-@item Add the following line to the @file{/etc/services} file on
+@item
+ Add the following line to the @file{/etc/services} file on
@samp{jimi.mit.edu}, and on all machines that will run the
@samp{sample_client} program:
@@ -1385,7 +1422,8 @@
sample 906/tcp # Kerberos sample app server
@end example
-@item Add a line similar to the following line to the @file{/etc/inetd.conf}
+@item
+ Add a line similar to the following line to the @file{/etc/inetd.conf}
file on @samp{sample_server}'s machine:
@example
@@ -1401,14 +1439,16 @@
not have a column for the `switched' keyword, and some do not have a
column for the username (usually `root', as above).
-@item Restart @samp{inetd} by sending the current @samp{inetd} process
+@item
+ Restart @samp{inetd} by sending the current @samp{inetd} process
a hangup signal:
@example
# @b{kill -HUP} @i{process_id_number}
@end example
-@item The @samp{sserver} is now ready to take @samp{sclient} requests.
+@item
+ The @samp{sserver} is now ready to take @samp{sclient} requests.
@end enumerate
diff -u krb5/src/appl/bsd/configure.in.orig krb5/src/appl/bsd/configure.in
--- krb5/src/appl/bsd/configure.in.orig Fri Apr 28 14:38:03 1995
+++ krb5/src/appl/bsd/configure.in Thu Nov 30 16:09:24 1995
@@ -8,6 +8,7 @@
AC_CHECK_LIB(ndbm,main)
AC_CHECK_LIB(dbm,main)
AC_CHECK_LIB(util,main)
+AC_CHECK_LIB(crypt,crypt)
dnl
dnl AIX has them all; SCO might too
LOGINLIBS=
diff -u krb5/src/appl/bsd/krcp.c.orig krb5/src/appl/bsd/krcp.c
--- krb5/src/appl/bsd/krcp.c.orig Fri May 5 07:19:24 1995
+++ krb5/src/appl/bsd/krcp.c Thu Nov 30 16:06:01 1995
@@ -43,7 +43,9 @@
#include <netinet/in.h>
+#define _ANSI_SOURCE
#include <stdio.h>
+#undef _ANSI_SOURCE
#include <signal.h>
#include <pwd.h>
#include <ctype.h>
diff -u krb5/src/appl/bsd/configure.orig krb5/src/appl/bsd/configure
--- krb5/src/appl/bsd/configure.orig Mon Dec 4 16:03:32 1995
+++ krb5/src/appl/bsd/configure Mon Dec 4 16:03:56 1995
@@ -764,6 +764,45 @@
echo "$ac_t""no" 1>&4
fi
+echo $ac_n "checking for -lcrypt""... $ac_c" 1>&4
+if eval "test \"`echo '${'ac_cv_lib_crypt'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&4
+else
+ ac_save_LIBS="$LIBS"
+LIBS="$LIBS -lcrypt "
+cat > conftest.$ac_ext <<EOF
+#line 736 "configure"
+#include "confdefs.h"
+
+int main() { return 0; }
+int t() {
+crypt()
+; return 0; }
+EOF
+if eval $ac_link; then
+ rm -rf conftest*
+ eval "ac_cv_lib_crypt=yes"
+else
+ rm -rf conftest*
+ eval "ac_cv_lib_crypt=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'crypt`\" = yes"; then
+ echo "$ac_t""yes" 1>&4
+ ac_tr_lib=HAVE_LIB`echo crypt | tr '[a-z]' '[A-Z]'`
+ cat <<EOF | tr '\201-\377' '\001-\177' >> confdefs.h
+#define $ac_tr_lib 1
+EOF
+
+ LIBS="$LIBS -lcrypt"
+
+else
+ echo "$ac_t""no" 1>&4
+fi
+
LOGINLIBS=
echo $ac_n "checking for -lodm""... $ac_c" 1>&4
if eval "test \"`echo '${'ac_cv_lib_odm'+set}'`\" = set"; then
diff -u krb5/src/appl/bsd/krlogin.c.orig krb5/src/appl/bsd/krlogin.c
--- krb5/src/appl/bsd/krlogin.c.orig Fri Apr 21 13:11:00 1995
+++ krb5/src/appl/bsd/krlogin.c Thu Nov 30 15:36:14 1995
@@ -1485,12 +1485,20 @@
/* newtty.c_iflag |= (BRKINT|ISTRIP|IXON|IXANY); */
newtty.c_iflag &= ~(IXON|IXANY);
newtty.c_iflag |= (BRKINT|ISTRIP);
+#ifdef ONOCR
newtty.c_oflag &= ~(ONLCR|ONOCR);
+#else
+ newtty.c_oflag &= ~(ONLCR);
+#endif /* ONOCR */
newtty.c_oflag |= (OPOST);
}
/* preserve tab delays, but turn off XTABS */
+#ifdef OXTABS
+ newtty.c_oflag &= ~(OXTABS);
+#else
if ((newtty.c_oflag & TABDLY) == TAB3)
newtty.c_oflag &= ~TABDLY;
+#endif /* OXTABS */
if (litout)
newtty.c_oflag &= ~OPOST;
diff -u krb5/src/appl/bsd/krlogind.c.orig krb5/src/appl/bsd/krlogind.c
--- krb5/src/appl/bsd/krlogind.c.orig Wed May 3 01:46:06 1995
+++ krb5/src/appl/bsd/krlogind.c Thu Nov 30 16:05:34 1995
@@ -111,7 +111,9 @@
#include <stdlib.h>
#endif
+#define _ANSI_SOURCE
#include <stdio.h>
+#undef _ANSI_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
diff -u krb5/src/appl/bsd/login.c.orig krb5/src/appl/bsd/login.c
--- krb5/src/appl/bsd/login.c.orig Fri Apr 28 18:36:13 1995
+++ krb5/src/appl/bsd/login.c Thu Nov 30 15:42:55 1995
@@ -1329,7 +1329,11 @@
tp->c_lflag |= ECHOKE;
#endif
tp->c_iflag |= ICRNL|BRKINT;
+#ifdef TAB3
tp->c_oflag |= ONLCR|OPOST|TAB3;
+#else
+ tp->c_oflag |= ONLCR|OPOST;
+#endif /* TAB3 */
#else /* !POSIX_TERMIOS */
tp->sg_flags = ECHO|CRMOD|ANYP|XTABS;
#endif
diff -u krb5/src/appl/bsd/loginpaths.h.orig krb5/src/appl/bsd/loginpaths.h
--- krb5/src/appl/bsd/loginpaths.h.orig Thu Aug 4 17:06:44 1994
+++ krb5/src/appl/bsd/loginpaths.h Thu Nov 30 15:40:52 1995
@@ -74,6 +74,11 @@
#endif
#endif
+#ifdef __NetBSD__
+#define RPATH "/usr/bin:/bin"
+#define LPATH "/usr/bin:/bin"
+#endif
+
#ifndef LPATH
#ifdef __svr4__
/* taken from unixware, sirius... */
diff -u krb5/src/appl/sample/sserver/sserver.c.orig krb5/src/appl/sample/sserver/sserver.c
--- krb5/src/appl/sample/sserver/sserver.c.orig Wed May 3 01:46:59 1995
+++ krb5/src/appl/sample/sserver/sserver.c Fri Dec 1 13:52:50 1995
@@ -113,7 +114,6 @@
}
dup2(acc, 0);
close(sock);
- sock = 0;
} else {
/*
* To verify authenticity, we need to know the address of the
@@ -124,6 +124,7 @@
exit(1);
}
}
+ sock = 0;
peeraddr.addrtype = peername.sin_family;
peeraddr.length = sizeof(peername.sin_addr);
--- krb5/src/appl/telnet/telnet/commands.c.orig Mon Nov 7 23:42:49 1994
+++ krb5/src/appl/telnet/telnet/commands.c Thu Nov 30 16:20:05 1995
@@ -51,7 +51,9 @@
#include <stdio.h>
#include <string.h>
#ifdef HAVE_UNISTD_H
+#define setmode usetmode /* setmode is in some C libraries */
#include <unistd.h>
+#undef setmode
#endif
#include <signal.h>
#include <netdb.h>
diff -u krb5/src/lib/krb4/dest_tkt.c.orig krb5/src/lib/krb4/dest_tkt.c
--- krb5/src/lib/krb4/dest_tkt.c.orig Thu Apr 27 09:49:10 1995
+++ krb5/src/lib/krb4/dest_tkt.c Thu Nov 30 15:06:50 1995
@@ -57,7 +57,11 @@
)
goto out;
+#ifdef O_FSYNC
+ if ((fd = open(file, O_RDWR|O_FSYNC, 0)) < 0)
+#else
if ((fd = open(file, O_RDWR|O_SYNC, 0)) < 0)
+#endif /* O_FSYNC */
goto out;
memset(buf, 0, BUFSIZ);
diff -u krb5/src/lib/krb4/in_tkt.c.orig krb5/src/lib/krb4/in_tkt.c
--- krb5/src/lib/krb4/in_tkt.c.orig Thu Apr 27 09:49:41 1995
+++ krb5/src/lib/krb4/in_tkt.c Thu Nov 30 15:06:46 1995
@@ -71,7 +71,11 @@
return(KFAILURE);
}
/* file already exists, and permissions appear ok, so nuke it */
+#ifdef O_FSYNC
+ if ((fd = open(file, O_RDWR|O_FSYNC, 0)) < 0)
+#else
if ((fd = open(file, O_RDWR|O_SYNC, 0)) < 0)
+#endif /* O_FSYNC */
goto out; /* can't zero it, but we can still try truncating it */
memset(charbuf, 0, sizeof(charbuf));
diff -u krb5/src/clients/ksu/Makefile.in.orig krb5/src/clients/ksu/Makefile.in
--- krb5/src/clients/ksu/Makefile.in.orig Thu Mar 2 11:23:08 1995
+++ krb5/src/clients/ksu/Makefile.in Thu Dec 7 15:47:25 1995
@@ -1,4 +1,4 @@
-DEFINES = -DLOCAL_REALM='"."' -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
+DEFINES = -DLOCAL_REALM='"."' -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' -DTEST_FOR_COLON
CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE)
LDFLAGS = -g
