[1009] in Kerberos-V5-bugs
longish patch and usage report
daemon@ATHENA.MIT.EDU (Paul Pomes)
Tue Dec 27 20:14:26 1994
Date: Tue, 27 Dec 1994 19:13:51 -0600
From: Paul Pomes <p-pomes@mirage.cso.uiuc.edu>
To: krb5-bugs@MIT.EDU
Greetings,
I hope that this rather massive message is not inappropriate. I've installed
the distribution on AIX 4.1, 3.2.5, SunOs 4.1 and 5.2. I'm including first
my notes followed by the diffs. Many of the diff files are proceeded by some
commentary on them.
Thanks for all the hard work that's gone into this package! Any guesstimate
when the next patch/beta will be released?
/pbp
====
To build Kerberos V5 for use at UIUC
Verify that your make program will process all targets of the same name, e.g.,
clean::
rm *.o
clean::
rm -f libcrypto.a
SunOS 4.1's /usr/bin/make will only process the first stanza. Those
and similarly behaving make programs should be replaced with GNU make.
Next obtain and build the Cygnus Network Security (CNS) package. CNS
is simply the last MIT v4 Kerberos distribution (patch level 10) ported
to some additional platforms. It uses the GNU configure package rather
than imake, a huge improvement. See the CNS.notes file for further help.
Unpack the krb5b4p3-uiuc.tar.gz file into a directory whose parent filesystem
has at least 65 Mb free space.
cd krb5-b4.3/src
./configure --with-krb4=/usr/local --with-cc="xlc -D_ALL_SOURCE"
--with-krb5-root=/usr/local --with-ccopts=-O
xlc is the AIX C compiler in ANSI mode. You can substitute cc or gcc.
Executeables built with -g are debuggable but huge (1-2 Mb each). If
you're the gambling kind, or don't want to bother debugging errors, use
-O instead. N.B., I cannot offer *any* assistance in fixing problems
unless the error is reproduceable with executeables built with -g.
After configure is done, some hand editting of the generated Makefiles
is required to get full functionality out of telnet and telnetd (v4
compatibility and encryption).
edit lib/krb5/krb/Makefile and add
-I/usr/local/include/kerberosIV to *end* of the DEFS line
edit appl/bsd/Makefile
to delete the "-Dsrandom-srand48 -Drandom=rand48" if cc dies with
complaints about prototype mismatches or function redeclaration. Add
-DHAVE_STDLIB_H -I/usr/local/include/kerberosIV to DEFS line.
On Suns with shadow password files, add
-DHAVE_SHADOW_H to DEFS line.
edit appl/telnet/libtelnet/Makefile and add
-I/usr/local/include/kerberosIV to DEFS
-DKRB4 -DENCRYPTION -DDES_ENCRYPTION to AUTH_DEFS
edit appl/telnet/telnet/Makefile and add
-L/usr/local/lib -lkrb -ldes to LIBS
On AIX systems, change -ltermcap to -lcurses .
-DKRB4 -DENCRYPTION to AUTH_DEFS
edit appl/telnet/telnetd/Makefile and add
-L/usr/local/lib -lkrb -ldes to LIBS
On AIX systems, change -ltermcap to -lcurses .
-DKRB4 -DENCRYPTION to AUTH_DEFS
cd back to krb5-b4.3/src and type "make". This should build the complete
package.
Prior to installation, if rlogin, rsh, and quota are *not* installed in
/usr/ucb, cd /usr/ucb and make symlinks there to the true location.
NOTE to CCSO master source tree maintainers. The changes wrought upon the
source code distribution from MIT to create the krb5b4p3-uiuc.tar.gz file
are described below. They'll provide a good starting point for creating
the next UIUC version whenever MIT releases a new source snapshot.
cd krb5-b4.3/src/include
mv kerberosIV kerberosIV-
This is done to make sure that the v5 package is built with the same
include files for v4 compatibilty that were used to build the v4 libraries.
cd krb5/stock
patch osconf.h with the following:
*** osconf.h- Tue Oct 18 14:46:50 1994
--- osconf.h Wed Oct 19 09:14:42 1994
***************
*** 51,63 ****
#define USE_DBM_LNAME /* Use a DBM database for the aname/lname
conversion */
! #define DEFAULT_CONFIG_FILENAME "@KRB5ROOT/krb.conf"
! #define DEFAULT_TRANS_FILENAME "@KRB5ROOT/krb.realms"
! #define DEFAULT_LNAME_FILENAME "@KRB5ROOT/aname"
#define DEFAULT_KEYTAB_NAME "FILE:@KRB5SRVTABDIR/v5srvtab"
! #define DEFAULT_KDB_FILE "@KDB5DIR/principal"
! #define DEFAULT_ADMIN_ACL "@KDB5DIR/admin_acl_file"
#define DEFAULT_KDC_ETYPE ETYPE_DES_CBC_CRC
#define DEFAULT_KDC_KEYTYPE KEYTYPE_DES
--- 51,63 ----
#define USE_DBM_LNAME /* Use a DBM database for the aname/lname
conversion */
! #define DEFAULT_CONFIG_FILENAME "@KRB5SRVTABDIR/krb.conf"
! #define DEFAULT_TRANS_FILENAME "@KRB5SRVTABDIR/krb.realms"
! #define DEFAULT_LNAME_FILENAME "@KRB5SRVTABDIR/aname"
#define DEFAULT_KEYTAB_NAME "FILE:@KRB5SRVTABDIR/v5srvtab"
! #define DEFAULT_KDB_FILE "/var/apps/kerberos/principal"
! #define DEFAULT_ADMIN_ACL "/var/apps/kerberos/admin_acl_file"
#define DEFAULT_KDC_ETYPE ETYPE_DES_CBC_CRC
#define DEFAULT_KDC_KEYTYPE KEYTYPE_DES
***************
*** 79,85 ****
#define RCTMPDIR "/usr/tmp" /* directory to store replay caches */
#define KRB5_PATH_TTY "/dev/tty"
! #define KRB5_PATH_LOGIN "@KRB5ROOT/sbin/login.krb5"
#define KRB5_PATH_RLOGIN "@KRB5ROOT/bin/rlogin"
#define KRB5_ENV_CCNAME "KRB5CCNAME"
--- 79,85 ----
#define RCTMPDIR "/usr/tmp" /* directory to store replay caches */
#define KRB5_PATH_TTY "/dev/tty"
! #define KRB5_PATH_LOGIN "@KRB5ROOT/libexec/login.krb5"
#define KRB5_PATH_RLOGIN "@KRB5ROOT/bin/rlogin"
#define KRB5_ENV_CCNAME "KRB5CCNAME"
***************
*** 89,98 ****
*/
/* the default syslog file */
! #define KADM_SYSLOG "@KRB5ROOT/admin_server.syslog"
/* where to find the bad password table */
! #define PW_CHECK_FILE "@KRB5ROOT/bad_passwd"
! #define DEFAULT_ACL_DIR "@KDB5DIR"
#endif /* KRB5_OSCONF__ */
--- 89,98 ----
*/
/* the default syslog file */
! #define KADM_SYSLOG "/var/log/admin_server.syslog"
/* where to find the bad password table */
! #define PW_CHECK_FILE "@KRB5SRVTABDIR/bad_passwd"
! #define DEFAULT_ACL_DIR "/var/apps/kerberos"
#endif /* KRB5_OSCONF__ */
This puts the v5srvtab, krb.realms, and krb.conf files in /etc which is
what v4 also uses for krb.realms and krb.conf. v4 uses srvtab instead
of v5srvtab. Log files are put into /var/log. KDC files are put into
/var/apps/kerberos . Programs intended to be executed by other programs
or system control files (/etc/rc*, cron, etc), as opposed by users directly,
are installed into /usr/local/libexec
The next set of changes makes attempting Kerberos autologin and session
encryption the default in telnet.
cd krb5-b4.3/src/appl/telnet/telnet
patch main.c with the following
*** main.c- Thu Aug 18 16:07:40 1994
--- main.c Tue Oct 18 20:57:36 1994
***************
*** 136,141 ****
--- 136,149 ----
rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
autologin = -1;
+ #ifdef AUTHENTICATION
+ autologin = 1;
+ #endif
+ #ifdef ENCRYPTION
+ encrypt_auto(1);
+ decrypt_auto(1);
+ #endif
+
while ((ch = getopt(argc, argv, "8EKLS:X:acde:fFk:l:n:rt:x")) != EOF) {
switch(ch) {
Paul Pomes
Wed Oct 19 09:15:56 CDT 1994
================================================
Now for the diff section of the program.
I needed a bulk version of kdb5_edit, specifically the ability to read
passwords from a file or pipe and not from /dev/tty. This is required
because the KDC database is built at the moment from our CCSO white pages
server (ph). Eventually Kerberos will be the only authentication agent
and our need for this will be eliminated. However many other sites have
expressed a need for this as well in the past.
diff -r -c -b ../src/security/krb5-b4.3/src/admin/edit/kdb5_edit.c krb5-b4.3/src/admin/edit/kdb5_edit.c
*** ../src/security/krb5-b4.3/src/admin/edit/kdb5_edit.c Thu Sep 29 15:50:48 1994
--- krb5-b4.3/src/admin/edit/kdb5_edit.c Tue Nov 29 17:01:29 1994
***************
*** 50,55 ****
--- 50,56 ----
char *Err_no_master_msg = "Master key not entered!\n";
char *Err_no_database = "Database not currently opened!\n";
char *current_dbname = NULL;
+ krb5_boolean pipe_input = FALSE;
/*
***************
*** 117,123 ****
progname = argv[0];
! while ((optchar = getopt(argc, argv, "d:r:R:k:M:e:m")) != EOF) {
switch(optchar) {
case 'd': /* set db name */
dbname = optarg;
--- 118,124 ----
progname = argv[0];
! while ((optchar = getopt(argc, argv, "d:r:R:k:M:e:mp")) != EOF) {
switch(optchar) {
case 'd': /* set db name */
dbname = optarg;
***************
*** 148,153 ****
--- 149,157 ----
case 'm':
manual_mkey = TRUE;
break;
+ case 'p':
+ pipe_input = TRUE;
+ break;
case '?':
default:
usage(progname, 1);
***************
*** 1284,1290 ****
krb5_data pwd;
struct saltblock salt;
! if (retval = krb5_read_password(krb5_default_pwd_prompt1,
krb5_default_pwd_prompt2,
password, &pwsize)) {
com_err(cmdname, retval, "while reading password for '%s'", newprinc);
--- 1288,1301 ----
krb5_data pwd;
struct saltblock salt;
! if (pipe_input) {
! printf("Enter New Password: ");
! (void) fgets(password, BUFSIZ, stdin);
! printf("\n");
! password[strlen(password) - 1] = '\0';
! pwsize = strlen(password);
! }
! else if (retval = krb5_read_password(krb5_default_pwd_prompt1,
krb5_default_pwd_prompt2,
password, &pwsize)) {
com_err(cmdname, retval, "while reading password for '%s'", newprinc);
A typo (HAS_ vs HAVE_), some systems don't have ONOCR or TABDLY.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/bsd/krlogin.c krb5-b4.3/src/appl/bsd/krlogin.c
*** ../src/security/krb5-b4.3/src/appl/bsd/krlogin.c Thu Sep 29 16:57:36 1994
--- krb5-b4.3/src/appl/bsd/krlogin.c Fri Nov 18 17:51:33 1994
***************
*** 60,66 ****
#include <setjmp.h>
#include <netdb.h>
! #ifdef HAS_STDLIB_H
#include <stdlib.h>
#endif
--- 60,66 ----
#include <setjmp.h>
#include <netdb.h>
! #ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
***************
*** 1356,1367 ****
--- 1356,1373 ----
/* newtty.c_iflag |= (BRKINT|ISTRIP|IXON|IXANY); */
newtty.c_iflag &= ~(IXON|IXANY);
newtty.c_iflag |= (BRKINT|ISTRIP);
+ #ifdef ONOCR
newtty.c_oflag &= ~(ONLCR|ONOCR);
+ #else
+ newtty.c_oflag &= ~(ONLCR);
+ #endif
newtty.c_oflag |= (OPOST);
}
+ #ifdef TABDLY
/* preserve tab delays, but turn off XTABS */
if ((newtty.c_oflag & TABDLY) == TAB3)
newtty.c_oflag &= ~TABDLY;
+ #endif
if (litout)
newtty.c_oflag &= ~OPOST;
Add support for SUN shadow password files. This will require a configure
test for the presence of both /usr/include/shadow.h and whether the shadow
files are in use.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/bsd/krshd.c krb5-b4.3/src/appl/bsd/krshd.c
*** ../src/security/krb5-b4.3/src/appl/bsd/krshd.c Fri Sep 30 16:07:15 1994
--- krb5-b4.3/src/appl/bsd/krshd.c Thu Nov 10 11:23:26 1994
***************
*** 125,130 ****
--- 125,133 ----
#include <stdio.h>
#include <errno.h>
#include <pwd.h>
+ #ifdef HAVE_SHADOW_H
+ #include <shadow.h>
+ #endif
#include <ctype.h>
#include <string.h>
***************
*** 452,457 ****
--- 455,463 ----
register char *p;
char *crypt();
+ #ifdef HAVE_SHADOW_H
+ struct spwd *spwd;
+ #endif
#ifndef CRAY
struct passwd *pwd;
#else
***************
*** 654,659 ****
--- 660,669 ----
#endif /* CRAY */
pwd = getpwnam(locuser);
+ #ifdef HAVE_SHADOW_H
+ if (spwd = getspnam(locuser))
+ pwd->pw_passwd = spwd->sp_pwdp;
+ #endif
if (pwd == (struct passwd *) 0 ) {
syslog(LOG_ERR ,
"Principal %s (%s@%s) for local user %s has no account.\n",
Add support for Solaris' utmpx (mis-)feature. It's important as it's where
the system records the host name or IP address of the calling host. Also
SUN's shadow passwords are added. The include of stdlib.h is made more
consistent by wrapping it with #ifdef HAVE_STDLIB_H rather than POSIX.
I found that I had to specify the literal value of some control characters
('\032' rather than CSUSP) as on AIX 3.2.5 and 4.1 at least under
"xlc -D_ALL_SOURCE", they all were set to ^C otherwise. The entire business
of who updates /etc/utmp and /etc/wtmp when needs to be rationalized.
telnetd/sys_term.c does some as does bsd/login.c. Solaris takes care
of showing /etc/motd via global shell initialization files, e.g.,
/etc/profile. How to test for this is a toughie. I use "SOLARIS"
for now and edit the Makefile by hand after configure is run. Not all
systems had TAB3 defined.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/bsd/login.c krb5-b4.3/src/appl/bsd/login.c
*** ../src/security/krb5-b4.3/src/appl/bsd/login.c Thu Aug 18 16:05:15 1994
--- krb5-b4.3/src/appl/bsd/login.c Tue Dec 27 14:09:57 1994
***************
*** 62,69 ****
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
! #include <utmp.h>
#include <signal.h>
#ifdef HAVE_LASTLOG_H
--- 62,76 ----
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
+ #ifdef HAVE_SYS_TTYCHARS_H
+ #include <sys/ttychars.h>
+ #endif
! #ifdef UTMPX
! # include <utmpx.h>
! #else
! # include <utmp.h>
! #endif /* UTMPX */
#include <signal.h>
#ifdef HAVE_LASTLOG_H
***************
*** 84,89 ****
--- 91,99 ----
#include <syslog.h>
#include <grp.h>
#include <pwd.h>
+ #ifdef HAVE_SHADOW_H
+ #include <shadow.h>
+ #endif
#include <setjmp.h>
#include <stdio.h>
#include <string.h>
***************
*** 98,104 ****
#endif /* KRB4 */
#include "loginpaths.h"
! #ifdef POSIX
#include <stdlib.h>
#endif
#ifdef POSIX_TERMIOS
--- 108,114 ----
#endif /* KRB4 */
#include "loginpaths.h"
! #ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
#ifdef POSIX_TERMIOS
***************
*** 158,164 ****
--- 168,178 ----
#define GET_MOTD "/bin/athena/get_message"
#ifndef NO_UT_HOST
+ #ifdef UTMPX
+ #define UT_HOSTSIZE sizeof(((struct utmpx *)0)->ut_host)
+ #else /* !UTMPX */
#define UT_HOSTSIZE sizeof(((struct utmp *)0)->ut_host)
+ #endif /* UTMPX */
#endif
#ifndef UT_NAMESIZE
/* linux defines it directly in <utmp.h> */
***************
*** 174,179 ****
--- 188,196 ----
int timeout = 300;
struct passwd *pwd;
+ #ifdef HAVE_SHADOW_H
+ struct spwd *spwd;
+ #endif
char term[64], *hostname, *username;
#ifndef POSIX_TERMIOS
***************
*** 423,443 ****
--- 440,466 ----
#endif
#endif
tc.c_cc[VSUSP] = CSUSP;
+ tc.c_cc[VSUSP] = '\032';
#endif
#ifdef VDSUSP
tc.c_cc[VDSUSP] = CDSUSP;
+ tc.c_cc[VDSUSP] = '\031';
#endif
#ifdef VLNEXT
tc.c_cc[VLNEXT] = CLNEXT;
+ tc.c_cc[VLNEXT] = '\026';
#endif
#ifdef VREPRINT
tc.c_cc[VREPRINT] = CRPRNT;
+ tc.c_cc[VREPRINT] = '\022';
#endif
#ifdef VDISCRD
tc.c_cc[VDISCRD] = CFLUSH;
+ tc.c_cc[VDISCRD] = '\017';
#endif
#ifdef VWERSE
tc.c_cc[VWERSE] = CWERASE;
+ tc.c_cc[VWERSE] = '\027';
#endif
#endif /* NO_INIT_CC */
tcsetattr(0, TCSANOW, &tc);
***************
*** 501,506 ****
--- 524,535 ----
if (pwd = getpwnam(username))
salt = pwd->pw_passwd;
+ #ifdef HAVE_SHADOW_H
+ if (spwd = getspnam(username)) {
+ salt = spwd->sp_pwdp;
+ pwd->pw_passwd = spwd->sp_pwdp;
+ }
+ #endif
else
salt = "xx";
***************
*** 736,742 ****
--- 765,775 ----
/* nothing else left to fail -- really log in */
{
+ #ifdef UTMPX
+ struct utmpx utmp;
+ #else /* !UTMPX */
struct utmp utmp;
+ #endif /* UTMPX */
memset((char *)&utmp, 0, sizeof(utmp));
login_time = time(&utmp.ut_time);
***************
*** 922,928 ****
--- 955,963 ----
if (!krbflag)
printf("\nWarning: No Kerberos tickets obtained.\n\n");
#endif /* KRB4 */
+ #ifndef SOLARIS
motd();
+ #endif
(void)sprintf(tbuf, "%s/%s", MAILDIR, pwd->pw_name);
if (stat(tbuf, &st) == 0 && st.st_size != 0)
printf("You have %smail.\n",
***************
*** 1276,1282 ****
--- 1311,1321 ----
tp->c_lflag |= ECHOKE;
#endif
tp->c_iflag |= ICRNL|BRKINT;
+ #ifdef TAB3
tp->c_oflag |= ONLCR|OPOST|TAB3;
+ #else /* !TAB3 */
+ tp->c_oflag |= ONLCR|OPOST;
+ #endif /* TAB3 */
#else /* !POSIX_TERMIOS */
tp->sg_flags = ECHO|CRMOD|ANYP|XTABS;
#endif
Added paths for BSDI.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/bsd/loginpaths.h krb5-b4.3/src/appl/bsd/loginpaths.h
*** ../src/security/krb5-b4.3/src/appl/bsd/loginpaths.h Thu Aug 4 18:06:44 1994
--- krb5-b4.3/src/appl/bsd/loginpaths.h Fri Nov 18 17:54:58 1994
***************
*** 53,58 ****
--- 53,63 ----
#define RPATH "/usr/bin:/bin"
#endif
+ #ifdef __bsdi__
+ #define LPATH "/usr/bin:/bin"
+ #define RPATH "/usr/bin:/bin"
+ #endif
+
#ifdef __alpha
#ifdef __osf__
#define LPATH "/usr/bin:."
Rather extensive changes to handle utmpx under Solaris and others. The
test for NO_UT_HOST will have to check for /usr/include/utmpx.h as well.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/bsd/logutil.c krb5-b4.3/src/appl/bsd/logutil.c
*** ../src/security/krb5-b4.3/src/appl/bsd/logutil.c Mon Oct 3 18:35:32 1994
--- krb5-b4.3/src/appl/bsd/logutil.c Tue Oct 18 16:03:21 1994
***************
*** 17,23 ****
#include <sys/types.h>
#include <sys/file.h>
! #include <utmp.h>
#include <stdio.h>
#include <string.h>
#include <sys/time.h>
--- 17,48 ----
#include <sys/types.h>
#include <sys/file.h>
! #ifdef UTMPX
! # include <utmpx.h>
! # define setutent setutxent
! # define getutid getutxid
! # define pututline pututxline
! # define endutent endutxent
! # define XX_UT_FILE UTMPX_FILE
! # define XX_WT_FILE WTMPX_FILE
! # define XX_UT_SIZE (sizeof(struct utmpx))
! #else
! # include <utmp.h>
! # ifndef UTMP_FILE
! # define UTMP_FILE "/etc/utmp"
! # endif /* !UTMP_FILE */
! # ifndef WTMP_FILE
! # ifdef SYSV
! # define WTMPFILE "/etc/wtmp"
! # else /* !SYSV */
! # define WTMP_FILE "/usr/adm/wtmp"
! # endif /* SYSV */
! # endif /* !WTMP_FILE */
! # define XX_UT_FILE UTMP_FILE
! # define XX_WT_FILE WTMP_FILE
! # define XX_UT_SIZE (sizeof(struct utmp))
! #endif /* UTMPX */
!
#include <stdio.h>
#include <string.h>
#include <sys/time.h>
***************
*** 29,55 ****
#include <unistd.h>
#endif
- #ifndef UTMP_FILE
- #define UTMP_FILE "/etc/utmp"
- #endif
- #ifndef WTMP_FILE
- #ifdef SYSV
- #define WTMPFILE "/etc/wtmp"
- #else
- #define WTMP_FILE "/usr/adm/wtmp"
- #endif
- #endif
-
#ifndef EMPTY
/* linux has UT_UNKNOWN but not EMPTY */
#define EMPTY UT_UNKNOWN
#endif
void login(ut)
struct utmp *ut;
{
register int fd;
! struct utmp utmp;
int tty;
#if defined(HAVE_GETUTENT) && !defined(NO_UT_PID)
--- 54,77 ----
#include <unistd.h>
#endif
#ifndef EMPTY
/* linux has UT_UNKNOWN but not EMPTY */
#define EMPTY UT_UNKNOWN
#endif
void login(ut)
+ #ifdef UTMPX
+ struct utmpx *ut;
+ #else /* !UTMPX */
struct utmp *ut;
+ #endif /* UTMPX */
{
register int fd;
! #ifdef UTMPX
! struct utmpx utmp;
! #else /* !UTMPX */
! struct utmp utmp;
! #endif /* UTMPX */
int tty;
#if defined(HAVE_GETUTENT) && !defined(NO_UT_PID)
***************
*** 59,65 ****
(void) strncpy(ut->ut_id, ut->ut_line, sizeof(ut->ut_id));
(void) setutent();
! (void) memset((char *)&utmp, 0, sizeof(utmp));
(void) strncpy(utmp.ut_id, ut->ut_id, sizeof(utmp.ut_id));
utmp.ut_type = DEAD_PROCESS;
(void) getutid(&utmp);
--- 81,87 ----
(void) strncpy(ut->ut_id, ut->ut_line, sizeof(ut->ut_id));
(void) setutent();
! (void) memset((char *)&utmp, 0, XX_UT_SIZE);
(void) strncpy(utmp.ut_id, ut->ut_id, sizeof(utmp.ut_id));
utmp.ut_type = DEAD_PROCESS;
(void) getutid(&utmp);
***************
*** 68,81 ****
(void) endutent();
#else
tty = ttyslot();
! if (tty > 0 && (fd = open(UTMP_FILE, O_WRONLY, 0)) >= 0) {
! (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
! (void)write(fd, (char *)ut, sizeof(struct utmp));
(void)close(fd);
}
#endif
! if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) >= 0) {
! (void)write(fd, (char *)ut, sizeof(struct utmp));
(void)close(fd);
}
}
--- 90,103 ----
(void) endutent();
#else
tty = ttyslot();
! if (tty > 0 && (fd = open(XX_UT_FILE, O_WRONLY, 0)) >= 0) {
! (void)lseek(fd, (off_t)(tty * XX_UT_SIZE), SEEK_SET);
! (void)write(fd, (char *)ut, XX_UT_SIZE);
(void)close(fd);
}
#endif
! if ((fd = open(XX_WT_FILE, O_WRONLY|O_APPEND, 0)) >= 0) {
! (void)write(fd, (char *)ut, XX_UT_SIZE);
(void)close(fd);
}
}
***************
*** 84,96 ****
register char *line;
{
register FILE *fp;
struct utmp ut;
int rval;
! if (!(fp = fopen(UTMP_FILE, "r+")))
return(0);
rval = 1;
! while (fread((char *)&ut, sizeof(struct utmp), 1, fp) == 1) {
if (!ut.ut_name[0] ||
strncmp(ut.ut_line, line, sizeof(ut.ut_line)))
continue;
--- 106,122 ----
register char *line;
{
register FILE *fp;
+ #ifdef UTMPX
+ struct utmpx ut;
+ #else /* !UTMPX */
struct utmp ut;
+ #endif /* UTMPX */
int rval;
! if (!(fp = fopen(XX_UT_FILE, "r+")))
return(0);
rval = 1;
! while (fread((char *)&ut, XX_UT_SIZE, 1, fp) == 1) {
if (!ut.ut_name[0] ||
strncmp(ut.ut_line, line, sizeof(ut.ut_line)))
continue;
***************
*** 98,104 ****
--- 124,134 ----
#ifndef NO_UT_HOST
memset(ut.ut_host,0, sizeof(ut.ut_host));
#endif
+ #ifdef UTMPX
+ (void)time(&ut.ut_xtime);
+ #else /* !UTMPX */
(void)time(&ut.ut_time);
+ #endif
#if defined(HAVE_GETUTENT) && !defined(NO_UT_PID)
memset(ut.ut_id, 0, sizeof(ut.ut_id));
ut.ut_pid = 0;
***************
*** 107,114 ****
#endif
ut.ut_type = EMPTY;
#endif
! (void)fseek(fp, (off_t)-sizeof(struct utmp), SEEK_CUR);
! (void)fwrite((char *)&ut, sizeof(struct utmp), 1, fp);
(void)fseek(fp, (off_t)0, SEEK_CUR);
rval = 0;
}
--- 137,144 ----
#endif
ut.ut_type = EMPTY;
#endif
! (void)fseek(fp, (off_t)-XX_UT_SIZE, SEEK_CUR);
! (void)fwrite((char *)&ut, XX_UT_SIZE, 1, fp);
(void)fseek(fp, (off_t)0, SEEK_CUR);
rval = 0;
}
***************
*** 129,138 ****
int logingin;
#endif
{
struct utmp ut;
struct stat buf;
! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0)
return;
if (!fstat(fd, &buf)) {
(void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
--- 159,172 ----
int logingin;
#endif
{
+ #ifdef UTMPX
+ struct utmpx ut;
+ #else /* !UTMPX */
struct utmp ut;
+ #endif /* UTMPX */
struct stat buf;
! if (fd < 0 && (fd = open(XX_WT_FILE, O_WRONLY|O_APPEND, 0)) < 0)
return;
if (!fstat(fd, &buf)) {
(void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
***************
*** 146,152 ****
--- 180,190 ----
ut.ut_type = logingin ? USER_PROCESS : DEAD_PROCESS;
ut.ut_pid = getpid();
#endif
+ #ifdef UTMPX
+ (void)time(&ut.ut_xtime);
+ #else /* !UTMPX */
(void)time(&ut.ut_time);
+ #endif
#if defined(HAVE_GETUTENT) && !defined(NO_UT_PID)
if (*name) {
if (!ut.ut_pid)
***************
*** 156,163 ****
ut.ut_type = EMPTY;
}
#endif
! if (write(fd, (char *)&ut, sizeof(struct utmp)) !=
! sizeof(struct utmp))
(void)ftruncate(fd, buf.st_size);
}
if ( !keep_open)
--- 194,200 ----
ut.ut_type = EMPTY;
}
#endif
! if (write(fd, (char *)&ut, XX_UT_SIZE) != XX_UT_SIZE)
(void)ftruncate(fd, buf.st_size);
}
if ( !keep_open)
None of the *.o files were removed during a clean.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/gss-sample/Makefile.in krb5-b4.3/src/appl/gss-sample/Makefile.in
*** ../src/security/krb5-b4.3/src/appl/gss-sample/Makefile.in Thu Sep 29 21:56:14 1994
--- krb5-b4.3/src/appl/gss-sample/Makefile.in Tue Nov 8 16:58:02 1994
***************
*** 25,31 ****
gss-server.o: $(srcdir)/gss-server.c
clean::
! $(RM) gss-server gss-client
install::
$(INSTALL_PROGRAM) gss-client ${DESTDIR}$(CLIENT_BINDIR)/gss-client
--- 25,31 ----
gss-server.o: $(srcdir)/gss-server.c
clean::
! $(RM) gss-server gss-client gss-misc.o gss-server.o gss-client.o
install::
$(INSTALL_PROGRAM) gss-client ${DESTDIR}$(CLIENT_BINDIR)/gss-client
xlc complained about mismatch of pointer and integer as NULL is defined as
(char *) 0 or (void *) 0.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/mailquery/poplib.c krb5-b4.3/src/appl/mailquery/poplib.c
*** ../src/security/krb5-b4.3/src/appl/mailquery/poplib.c Thu Aug 18 16:05:28 1994
--- krb5-b4.3/src/appl/mailquery/poplib.c Fri Nov 4 10:03:20 1994
***************
*** 376,384 ****
return (DONE);
}
! *p = NULL;
! if (*--p == '\n') *p = NULL;
! if (*--p == '\r') *p = NULL;
return(OK);
}
--- 376,384 ----
return (DONE);
}
! *p = '\0';;
! if (*--p == '\n') *p = '\0';;
! if (*--p == '\r') *p = '\0';;
return(OK);
}
***************
*** 389,395 ****
{
if (getline(buf, n, f) != OK) return (NOTOK);
if (*buf == '.') {
! if (*(buf+1) == NULL) {
return (DONE);
} else {
strcpy(buf, buf+1);
--- 389,395 ----
{
if (getline(buf, n, f) != OK) return (NOTOK);
if (*buf == '.') {
! if (*(buf+1) == '\0') {
return (DONE);
} else {
strcpy(buf, buf+1);
Our install programs use -g for group rather than -O.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/popper/orig-makefiles/Makefile krb5-b4.3/src/appl/popper/orig-makefiles/Makefile
*** ../src/security/krb5-b4.3/src/appl/popper/orig-makefiles/Makefile Wed Mar 20 12:12:16 1991
--- krb5-b4.3/src/appl/popper/orig-makefiles/Makefile Fri Nov 11 13:08:11 1994
***************
*** 86,97 ****
# ${SCCS} clean
install: ${TARGET}
! install -c -m 700 -o root -g staff ${TARGET} ${INSTALLDIR}
installman:
rm -f ${CATPAGE}
nroff -man ${MANPAGE} > ${CATPAGE}
! install -c -m 644 -o root -g staff ${CATPAGE} ${MANDIR}
edit:
${SCCS} edit ${REL} ${SRCS}
--- 86,97 ----
# ${SCCS} clean
install: ${TARGET}
! install -c -m 700 -o root -O staff ${TARGET} ${INSTALLDIR}
installman:
rm -f ${CATPAGE}
nroff -man ${MANPAGE} > ${CATPAGE}
! install -c -m 644 -o root -O staff ${CATPAGE} ${MANDIR}
edit:
${SCCS} edit ${REL} ${SRCS}
Added SUN shadow password file support.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/popper/pop_pass.c krb5-b4.3/src/appl/popper/pop_pass.c
*** ../src/security/krb5-b4.3/src/appl/popper/pop_pass.c Thu Aug 18 16:05:58 1994
--- krb5-b4.3/src/appl/popper/pop_pass.c Thu Nov 10 11:46:04 1994
***************
*** 17,22 ****
--- 17,25 ----
#include <string.h>
#endif
#include <pwd.h>
+ #ifdef HAVE_SHADOW_H
+ #include <shadow.h>
+ #endif
#include "popper.h"
#ifdef KERBEROS
***************
*** 59,64 ****
--- 62,70 ----
#endif /* KRB5 */
#else
register struct passwd * pw;
+ #ifdef HAVE_SHADOW_H
+ struct spwd *spwd;
+ #endif
char *crypt();
#endif /* KERBEROS */
***************
*** 154,159 ****
--- 160,170 ----
#endif
return (pop_msg(p,POP_FAILURE,
"Password supplied for \"%s\" is incorrect.",p->user));
+
+ #if defined(HAVE_SHADOW_H) && !defined(POP_PASSFILE)
+ if (spwd = getspnam(p->user))
+ pw->pw_passwd = spwd->sp_pwdp;
+ #endif
/* We don't accept connections from users with null passwords */
if (pw->pw_passwd == NULL)
Test for MAXHOSTNAMELEN before possibly re-defining it. Also Qualcomm has
done a lot of work integrating the latest patches into a unified version.
Check on ftp.qualcomm.com in /quest/unix/servers/popper. The latest
version is qpop2.1.3-r5.tar.Z. Mark Erikson <mark@qualcomm.com> is the
maintainer.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/popper/popper.h krb5-b4.3/src/appl/popper/popper.h
*** ../src/security/krb5-b4.3/src/appl/popper/popper.h Thu Aug 18 16:06:15 1994
--- krb5-b4.3/src/appl/popper/popper.h Fri Nov 4 09:51:01 1994
***************
*** 24,30 ****
#define FALSE 0
#define NEWLINE '\n'
! #define MAXHOSTNAMELEN 256
#define MAXUSERNAMELEN 65
#define MAXDROPLEN 64
#define MAXLINELEN 1024
--- 24,32 ----
#define FALSE 0
#define NEWLINE '\n'
! #ifndef MAXHOSTNAMELEN
! # define MAXHOSTNAMELEN 256
! #endif
#define MAXUSERNAMELEN 65
#define MAXDROPLEN 64
#define MAXLINELEN 1024
More SUN shadow password mods.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/telnet/libtelnet/krb4encpwd.c krb5-b4.3/src/appl/telnet/libtelnet/krb4encpwd.c
*** ../src/security/krb5-b4.3/src/appl/telnet/libtelnet/krb4encpwd.c Thu Aug 18 16:07:07 1994
--- krb5-b4.3/src/appl/telnet/libtelnet/krb4encpwd.c Thu Nov 10 11:50:46 1994
***************
*** 71,76 ****
--- 71,79 ----
#include <sys/types.h>
#include <arpa/telnet.h>
#include <pwd.h>
+ #ifdef HAVE_SHADOW_H
+ #include <shadow.h>
+ #endif
#include <stdio.h>
#include <des.h>
***************
*** 413,422 ****
--- 416,434 ----
char *crypt();
char *salt, *p;
struct passwd *pwd;
+ #ifdef HAVE_SHADOW_H
+ struct spwd *spwd;
+ #endif
int passwdok_status = 0;
if (pwd = getpwnam(name))
salt = pwd->pw_passwd;
+ #ifdef HAVE_SHADOW_H
+ if (spwd = getspnam(name)) {
+ salt = spwd->sp_pwdp;
+ pwd->pw_passwd = spwd->sp_pwdp;
+ }
+ #endif
else salt = "xx";
p = crypt(passwd, salt);
diff -r -c -b ../src/security/krb5-b4.3/src/appl/telnet/libtelnet/rsaencpwd.c krb5-b4.3/src/appl/telnet/libtelnet/rsaencpwd.c
*** ../src/security/krb5-b4.3/src/appl/telnet/libtelnet/rsaencpwd.c Thu Aug 18 16:07:14 1994
--- krb5-b4.3/src/appl/telnet/libtelnet/rsaencpwd.c Thu Nov 10 11:51:36 1994
***************
*** 70,75 ****
--- 70,78 ----
#include <sys/types.h>
#include <arpa/telnet.h>
#include <pwd.h>
+ #ifdef HAVE_SHADOW_H
+ #include <shadow.h>
+ #endif
#include <stdio.h>
#ifdef __STDC__
***************
*** 458,467 ****
--- 461,479 ----
char *crypt();
char *salt, *p;
struct passwd *pwd;
+ #ifdef HAVE_SHADOW_H
+ struct spwd *spwd;
+ #endif
int passwdok_status = 0;
if (pwd = getpwnam(name))
salt = pwd->pw_passwd;
+ #ifdef HAVE_SHADOW_H
+ if (spwd = getspnam(name)) {
+ salt = spwd->sp_pwdp;
+ pwd->pw_passwd = spwd->sp_pwdp;
+ }
+ #endif
else salt = "xx";
p = crypt(passwd, salt);
setmode() conflicted with a library function on one platform or another.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/telnet/telnet/commands.c krb5-b4.3/src/appl/telnet/telnet/commands.c
*** ../src/security/krb5-b4.3/src/appl/telnet/telnet/commands.c Thu Aug 18 16:07:37 1994
--- krb5-b4.3/src/appl/telnet/telnet/commands.c Fri Nov 18 18:00:35 1994
***************
*** 1143,1149 ****
}
int
! setmode(bit)
int bit;
{
return dolmmode(bit, 1);
--- 1143,1149 ----
}
int
! xsetmode(bit)
int bit;
{
return dolmmode(bit, 1);
***************
*** 1177,1193 ****
#endif
{ "", "", 0 },
{ "", "These require the LINEMODE option to be enabled", 0 },
! { "isig", "Enable signal trapping", setmode, 1, MODE_TRAPSIG },
! { "+isig", 0, setmode, 1, MODE_TRAPSIG },
{ "-isig", "Disable signal trapping", clearmode, 1, MODE_TRAPSIG },
! { "edit", "Enable character editing", setmode, 1, MODE_EDIT },
! { "+edit", 0, setmode, 1, MODE_EDIT },
{ "-edit", "Disable character editing", clearmode, 1, MODE_EDIT },
! { "softtabs", "Enable tab expansion", setmode, 1, MODE_SOFT_TAB },
! { "+softtabs", 0, setmode, 1, MODE_SOFT_TAB },
{ "-softtabs", "Disable character editing", clearmode, 1, MODE_SOFT_TAB },
! { "litecho", "Enable literal character echo", setmode, 1, MODE_LIT_ECHO },
! { "+litecho", 0, setmode, 1, MODE_LIT_ECHO },
{ "-litecho", "Disable literal character echo", clearmode, 1, MODE_LIT_ECHO },
{ "help", 0, modehelp, 0 },
#ifdef KLUDGELINEMODE
--- 1177,1193 ----
#endif
{ "", "", 0 },
{ "", "These require the LINEMODE option to be enabled", 0 },
! { "isig", "Enable signal trapping", xsetmode, 1, MODE_TRAPSIG },
! { "+isig", 0, xsetmode, 1, MODE_TRAPSIG },
{ "-isig", "Disable signal trapping", clearmode, 1, MODE_TRAPSIG },
! { "edit", "Enable character editing", xsetmode, 1, MODE_EDIT },
! { "+edit", 0, xsetmode, 1, MODE_EDIT },
{ "-edit", "Disable character editing", clearmode, 1, MODE_EDIT },
! { "softtabs", "Enable tab expansion", xsetmode, 1, MODE_SOFT_TAB },
! { "+softtabs", 0, xsetmode, 1, MODE_SOFT_TAB },
{ "-softtabs", "Disable character editing", clearmode, 1, MODE_SOFT_TAB },
! { "litecho", "Enable literal character echo", xsetmode, 1, MODE_LIT_ECHO },
! { "+litecho", 0, xsetmode, 1, MODE_LIT_ECHO },
{ "-litecho", "Disable literal character echo", clearmode, 1, MODE_LIT_ECHO },
{ "help", 0, modehelp, 0 },
#ifdef KLUDGELINEMODE
AIX has the charming mis-feature of limiting core dumps which makes debugging
iffy. Also we want encryption and auto-login the default behavior.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/telnet/telnet/main.c krb5-b4.3/src/appl/telnet/telnet/main.c
*** ../src/security/krb5-b4.3/src/appl/telnet/telnet/main.c Thu Aug 18 16:07:40 1994
--- krb5-b4.3/src/appl/telnet/telnet/main.c Fri Nov 4 17:27:56 1994
***************
*** 119,124 ****
--- 119,136 ----
#ifdef FORWARD
extern int forward_flags;
#endif /* FORWARD */
+ #ifdef SA_FULLDUMP
+ /* AIX does not provide the data section in a core dump by default. */
+ struct sigaction handlr;
+
+ handlr.sa_handler = NULL;
+ handlr.sa_flags = SA_FULLDUMP;
+ sigaction(SIGQUIT, &handlr, NULL);
+ sigaction(SIGILL, &handlr, NULL);
+ sigaction(SIGBUS, &handlr, NULL);
+ sigaction(SIGSEGV, &handlr, NULL);
+ sigaction(SIGIOT, &handlr, NULL);
+ #endif /* SA_FULLDUMP */
tninit(); /* Clear out things */
#if defined(CRAY) && !defined(__STDC__)
***************
*** 136,141 ****
--- 148,161 ----
rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
autologin = -1;
+ #ifdef AUTHENTICATION
+ autologin = 1;
+ #endif
+ #ifdef ENCRYPTION
+ encrypt_auto(1);
+ decrypt_auto(1);
+ #endif
+
while ((ch = getopt(argc, argv, "8EKLS:X:acde:fFk:l:n:rt:x")) != EOF) {
switch(ch) {
The biggest can of worms in the package. Numerous changes here for utmp
handling.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/telnet/telnetd/sys_term.c krb5-b4.3/src/appl/telnet/telnetd/sys_term.c
*** ../src/security/krb5-b4.3/src/appl/telnet/telnetd/sys_term.c Thu Aug 18 16:08:11 1994
--- krb5-b4.3/src/appl/telnet/telnetd/sys_term.c Tue Dec 27 13:09:36 1994
***************
*** 102,107 ****
--- 102,108 ----
#define SCMPN(a, b) strncmp(a, b, sizeof(a))
#ifdef STREAMS
+ #include <sys/user.h>
#include <sys/stream.h>
#endif
#ifdef __hpux
***************
*** 476,487 ****
*
* Returns the file descriptor of the opened pty.
*/
- #ifndef __GNUC__
- char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
- #else
static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
char *line = Xline;
- #endif
#ifdef CRAY
char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
#endif /* CRAY */
--- 477,484 ----
***************
*** 512,520 ****
--- 509,527 ----
#endif
#ifndef __hpux
+ #ifdef _AIX
+ p = open ("/dev/ptc",O_RDWR);
+ if (p>0) {
+ line=ttyname(p);
+ chown(line, 0, 0);
+ chmod(line, 0600);
+ return p;
+ }
+ #else /* ! _AIX */
(void) sprintf(line, "/dev/ptyXX");
p1 = &line[8];
p2 = &line[9];
+ #endif /* _AIX */
#else
(void) sprintf(line, "/dev/ptym/ptyXX");
p1 = &line[13];
***************
*** 1352,1358 ****
char *autoname;
{
register int i;
- long time();
#ifdef NEWINIT
extern char *ptyip;
struct init_request request;
--- 1359,1364 ----
***************
*** 1387,1393 ****
register int pid = i;
void sigjob P((int));
! setpgrp();
utmp_sig_reset(); /* reset handler to default */
/*
* Create utmp entry for child
--- 1393,1399 ----
register int pid = i;
void sigjob P((int));
! setpgrp(0, 0);
utmp_sig_reset(); /* reset handler to default */
/*
* Create utmp entry for child
***************
*** 1711,1716 ****
--- 1721,1753 ----
if (pty > 2)
close(pty);
#endif
+ #ifdef NEED_UTMP
+ /* hmmm... AIX, solaris, hpux - good start use HAVE_GETUTENT code */
+ {
+ struct utmp ut;
+ char **argp = argv;
+
+ ut.ut_pid=getpid();
+ ut.ut_type=LOGIN_PROCESS;
+ SCPYN(ut.ut_user,".telnet");
+ SCPYN(ut.ut_id, line + 5);
+ SCPYN(ut.ut_line, line + 5);
+ SCPYN(ut.ut_host, host);
+ ut.ut_time=time(0);
+ (void) setutent();
+ (void) getutid(&ut);
+ (void) pututline(&ut);
+ (void) endutent();
+ #ifdef DEBUG
+ printf("ut_user %s, ut_id %s, ut_line %s, ut_type %d, ut_pid %d, ut_exit.e_exit %d, ut_time %d, ut_host %s\n",
+ ut.ut_user, ut.ut_id, ut.ut_line, ut.ut_type, ut.ut_pid, ut.ut_exit.e_exit, ut.ut_time, ut.ut_host);
+ printf("%s", LOGIN_PROGRAM);
+ while (*argp)
+ printf(" %s", *argp++);
+ printf("\n");
+ #endif
+ }
+ #endif
closelog();
execv(LOGIN_PROGRAM, argv);
***************
*** 1879,1885 ****
(void) signal(SIGUSR1, func); /* reset handler to default */
}
! # ifdef __hpux
# define sigoff() /* do nothing */
# define sigon() /* do nothing */
# endif
--- 2006,2012 ----
(void) signal(SIGUSR1, func); /* reset handler to default */
}
! # if defined(__hpux)
# define sigoff() /* do nothing */
# define sigon() /* do nothing */
# endif
***************
*** 2116,2122 ****
} /* end of rmut */
#endif /* CRAY */
! #ifdef __hpux
rmut (line)
char *line;
{
--- 2243,2249 ----
} /* end of rmut */
#endif /* CRAY */
! #if defined(__hpux)
rmut (line)
char *line;
{
Again AIX changes to get full core dumps.
diff -r -c -b ../src/security/krb5-b4.3/src/appl/telnet/telnetd/telnetd.c krb5-b4.3/src/appl/telnet/telnetd/telnetd.c
*** ../src/security/krb5-b4.3/src/appl/telnet/telnetd/telnetd.c Thu Aug 18 16:08:17 1994
--- krb5-b4.3/src/appl/telnet/telnetd/telnetd.c Fri Nov 4 17:30:43 1994
***************
*** 171,176 ****
--- 171,188 ----
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif
+ #ifdef SA_FULLDUMP
+ /* AIX does not provide the data section in a core dump by default. */
+ struct sigaction handlr;
+
+ handlr.sa_handler = NULL;
+ handlr.sa_flags = SA_FULLDUMP;
+ sigaction(SIGQUIT, &handlr, NULL);
+ sigaction(SIGILL, &handlr, NULL);
+ sigaction(SIGBUS, &handlr, NULL);
+ sigaction(SIGSEGV, &handlr, NULL);
+ sigaction(SIGIOT, &handlr, NULL);
+ #endif /* SA_FULLDUMP */
pfrontp = pbackp = ptyobuf;
netip = netibuf;
Changes in some destinations as explained in the notes at the beginning.
diff -r -c -b ../src/security/krb5-b4.3/src/config/pre.in krb5-b4.3/src/config/pre.in
*** ../src/security/krb5-b4.3/src/config/pre.in Thu Sep 22 20:13:18 1994
--- krb5-b4.3/src/config/pre.in Wed Nov 9 14:43:58 1994
***************
*** 17,24 ****
INSTALL_SETUID=$(INSTALL) -s -m 4755
KRB5MANROOT = $(KRB5ROOT)/man
! ADMIN_BINDIR = $(KRB5ROOT)/admin
! SERVER_BINDIR = $(KRB5ROOT)/sbin
CLIENT_BINDIR = $(KRB5ROOT)/bin
ADMIN_MANDIR = $(KRB5MANROOT)/man8
SERVER_MANDIR = $(KRB5MANROOT)/man8
--- 17,24 ----
INSTALL_SETUID=$(INSTALL) -s -m 4755
KRB5MANROOT = $(KRB5ROOT)/man
! ADMIN_BINDIR = $(KRB5ROOT)/sbin
! SERVER_BINDIR = $(KRB5ROOT)/libexec
CLIENT_BINDIR = $(KRB5ROOT)/bin
ADMIN_MANDIR = $(KRB5MANROOT)/man8
SERVER_MANDIR = $(KRB5MANROOT)/man8
I've found it necessary to use the kerberosIV include files from the
CNS package to insure consistency between the libraries and the include
files common to application and library.
diff -r -c -b ../src/security/krb5-b4.3/src/include/configure krb5-b4.3/src/include/configure
*** ../src/security/krb5-b4.3/src/include/configure Tue Oct 4 22:45:04 1994
--- krb5-b4.3/src/include/configure Tue Oct 18 21:18:13 1994
***************
*** 337,343 ****
config_guess=${srcdir}/config.guess
fi
! SUBDIRS="krb5 kerberosIV"
if [ -z "${norecursion}" ] ; then
recurse_args=
recur_state=
--- 337,343 ----
config_guess=${srcdir}/config.guess
fi
! SUBDIRS="krb5 # kerberosIV"
if [ -z "${norecursion}" ] ; then
recurse_args=
recur_state=
More changes to pathnames to reflect our practice of separating user
executeables from those invoked by the system or other programs.
diff -r -c -b ../src/security/krb5-b4.3/src/include/krb5/stock/osconf.h krb5-b4.3/src/include/krb5/stock/osconf.h
*** ../src/security/krb5-b4.3/src/include/krb5/stock/osconf.h Thu Aug 18 16:20:00 1994
--- krb5-b4.3/src/include/krb5/stock/osconf.h Tue Nov 29 16:20:19 1994
***************
*** 51,63 ****
#define USE_DBM_LNAME /* Use a DBM database for the aname/lname
conversion */
! #define DEFAULT_CONFIG_FILENAME "@KRB5ROOT/krb.conf"
! #define DEFAULT_TRANS_FILENAME "@KRB5ROOT/krb.realms"
! #define DEFAULT_LNAME_FILENAME "@KRB5ROOT/aname"
#define DEFAULT_KEYTAB_NAME "FILE:@KRB5SRVTABDIR/v5srvtab"
! #define DEFAULT_KDB_FILE "@KDB5DIR/principal"
! #define DEFAULT_ADMIN_ACL "@KDB5DIR/admin_acl_file"
#define DEFAULT_KDC_ETYPE ETYPE_DES_CBC_CRC
#define DEFAULT_KDC_KEYTYPE KEYTYPE_DES
--- 51,63 ----
#define USE_DBM_LNAME /* Use a DBM database for the aname/lname
conversion */
! #define DEFAULT_CONFIG_FILENAME "@KRB5SRVTABDIR/krb.conf"
! #define DEFAULT_TRANS_FILENAME "@KRB5SRVTABDIR/krb.realms"
! #define DEFAULT_LNAME_FILENAME "@KRB5SRVTABDIR/aname"
#define DEFAULT_KEYTAB_NAME "FILE:@KRB5SRVTABDIR/v5srvtab"
! #define DEFAULT_KDB_FILE "/var/apps/krb5/principal"
! #define DEFAULT_ADMIN_ACL "/var/apps/krb5/admin_acl_file"
#define DEFAULT_KDC_ETYPE ETYPE_DES_CBC_CRC
#define DEFAULT_KDC_KEYTYPE KEYTYPE_DES
***************
*** 79,85 ****
#define RCTMPDIR "/usr/tmp" /* directory to store replay caches */
#define KRB5_PATH_TTY "/dev/tty"
! #define KRB5_PATH_LOGIN "@KRB5ROOT/sbin/login.krb5"
#define KRB5_PATH_RLOGIN "@KRB5ROOT/bin/rlogin"
#define KRB5_ENV_CCNAME "KRB5CCNAME"
--- 79,85 ----
#define RCTMPDIR "/usr/tmp" /* directory to store replay caches */
#define KRB5_PATH_TTY "/dev/tty"
! #define KRB5_PATH_LOGIN "@KRB5ROOT/libexec/login.krb5"
#define KRB5_PATH_RLOGIN "@KRB5ROOT/bin/rlogin"
#define KRB5_ENV_CCNAME "KRB5CCNAME"
***************
*** 89,98 ****
*/
/* the default syslog file */
! #define KADM_SYSLOG "@KRB5ROOT/admin_server.syslog"
/* where to find the bad password table */
! #define PW_CHECK_FILE "@KRB5ROOT/bad_passwd"
! #define DEFAULT_ACL_DIR "@KDB5DIR"
#endif /* KRB5_OSCONF__ */
--- 89,98 ----
*/
/* the default syslog file */
! #define KADM_SYSLOG "/var/log/admin_server.syslog"
/* where to find the bad password table */
! #define PW_CHECK_FILE "@KRB5SRVTABDIR/bad_passwd"
! #define DEFAULT_ACL_DIR "/var/apps/krb5"
#endif /* KRB5_OSCONF__ */
fputs() returns EOF (-1) on error, not NULL ((void *) 0).
diff -r -c -b ../src/security/krb5-b4.3/src/kadmin/v4server/acl_files.c krb5-b4.3/src/kadmin/v4server/acl_files.c
*** ../src/security/krb5-b4.3/src/kadmin/v4server/acl_files.c Thu Aug 18 16:30:31 1994
--- krb5-b4.3/src/kadmin/v4server/acl_files.c Thu Nov 3 13:56:49 1994
***************
*** 492,498 ****
/* It isn't there yet, copy the file and put it in */
for(i = 0; i < acl_cache[idx].acl->size; i++) {
if(acl_cache[idx].acl->tbl[i] != NULL) {
! if(fputs(acl_cache[idx].acl->tbl[i], new) == NULL
|| putc('\n', new) != '\n') {
acl_abort(acl, new);
return(-1);
--- 492,498 ----
/* It isn't there yet, copy the file and put it in */
for(i = 0; i < acl_cache[idx].acl->size; i++) {
if(acl_cache[idx].acl->tbl[i] != NULL) {
! if(fputs(acl_cache[idx].acl->tbl[i], new) == EOF
|| putc('\n', new) != '\n') {
acl_abort(acl, new);
return(-1);
Removed declaration of sleep().
diff -r -c -b ../src/security/krb5-b4.3/src/kdc/kerberos_v4.c krb5-b4.3/src/kdc/kerberos_v4.c
*** ../src/security/krb5-b4.3/src/kdc/kerberos_v4.c Wed Sep 14 23:24:05 1994
--- krb5-b4.3/src/kdc/kerberos_v4.c Tue Oct 18 15:31:28 1994
***************
*** 395,401 ****
static krb5_error_code retval;
static krb5_data *response;
! void com_err(), sleep();
void kerberos_v4(), kerb_err_reply();
#ifdef HAS_STDLIB_H
#include <stdlib.h>
--- 395,401 ----
static krb5_error_code retval;
static krb5_data *response;
! void com_err();
void kerberos_v4(), kerb_err_reply();
#ifdef HAS_STDLIB_H
#include <stdlib.h>
Remove libcrypto.a during a "make clean".
diff -r -c -b ../src/security/krb5-b4.3/src/lib/crypto/Makefile.in krb5-b4.3/src/lib/crypto/Makefile.in
*** ../src/security/krb5-b4.3/src/lib/crypto/Makefile.in Mon Oct 3 20:23:07 1994
--- krb5-b4.3/src/lib/crypto/Makefile.in Wed Nov 9 11:07:10 1994
***************
*** 20,22 ****
--- 20,25 ----
install:: libcrypto.a
$(INSTALL_DATA) libcrypto.a $(DESTDIR)$(KRB5_LIBDIR)/libcrypto.a
$(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/libcrypto.a
+
+ clean::
+ $(RM) libcrypto.a
For reasons I no longer have notes for, the include of <kerberosIV/krb.h>
needed to proceed the krb5 include files.
diff -r -c -b ../src/security/krb5-b4.3/src/lib/krb5/krb/compat_recv.c krb5-b4.3/src/lib/krb5/krb/compat_recv.c
*** ../src/security/krb5-b4.3/src/lib/krb5/krb/compat_recv.c Thu Aug 18 17:05:10 1994
--- krb5-b4.3/src/lib/krb5/krb/compat_recv.c Wed Oct 19 10:06:22 1994
***************
*** 34,46 ****
*/
#include <krb5/krb5.h>
#include <krb5/osconf.h>
#include <krb5/kdb.h>
#include <krb5/kdb_dbm.h>
#include <krb5/ext-proto.h>
#include <krb5/los-proto.h>
- #include <kerberosIV/krb.h>
#include <com_err.h>
#include <errno.h>
--- 34,46 ----
*/
+ #include <kerberosIV/krb.h>
#include <krb5/krb5.h>
#include <krb5/osconf.h>
#include <krb5/kdb.h>
#include <krb5/kdb_dbm.h>
#include <krb5/ext-proto.h>
#include <krb5/los-proto.h>
#include <com_err.h>
#include <errno.h>
Local practice here. With three level domain names, the mapping to realm
is not obvious. So we don't bother.
diff -r -c -b ../src/security/krb5-b4.3/src/lib/krb5/krb/conv_princ.c krb5-b4.3/src/lib/krb5/krb/conv_princ.c
*** ../src/security/krb5-b4.3/src/lib/krb5/krb/conv_princ.c Thu Aug 18 17:05:12 1994
--- krb5-b4.3/src/lib/krb5/krb/conv_princ.c Tue Oct 18 21:08:52 1994
***************
*** 56,62 ****
*/
static struct krb_convert sconv_list[] = {
"kadmin", "kadmin", 0,
! "rcmd", "host", DO_REALM_CONVERSION,
"discuss", "discuss", DO_REALM_CONVERSION,
"rvdsrv", "rvdsrv", DO_REALM_CONVERSION,
"sample", "sample", DO_REALM_CONVERSION,
--- 56,63 ----
*/
static struct krb_convert sconv_list[] = {
"kadmin", "kadmin", 0,
! /* "rcmd", "host", DO_REALM_CONVERSION, */
! "rcmd", "rcmd", 0,
"discuss", "discuss", DO_REALM_CONVERSION,
"rvdsrv", "rvdsrv", DO_REALM_CONVERSION,
"sample", "sample", DO_REALM_CONVERSION,
IBM retained the present ioctl flag, but it longer does the right thing.
Use the replacement if defined.
diff -r -c -b ../src/security/krb5-b4.3/src/lib/krb5/os/localaddr.c krb5-b4.3/src/lib/krb5/os/localaddr.c
*** ../src/security/krb5-b4.3/src/lib/krb5/os/localaddr.c Thu Aug 18 17:07:35 1994
--- krb5-b4.3/src/lib/krb5/os/localaddr.c Fri Nov 11 12:57:07 1994
***************
*** 107,113 ****
--- 107,118 ----
if (s < 0)
return errno;
+ #ifdef CSIOCGIFCONF
+ /* Why does IBM change things? */
+ code = ioctl (s, CSIOCGIFCONF, (char *)&ifc);
+ #else
code = ioctl (s, SIOCGIFCONF, (char *)&ifc);
+ #endif
if (code < 0) {
int retval = errno;
close(s);
My attempt at configure script changes. Needed was a test for two args
to setpgrp() and presence of setsid().
diff -r -c -b ../src/security/krb5-b4.3/src/lib/krb5/posix/configure krb5-b4.3/src/lib/krb5/posix/configure
*** ../src/security/krb5-b4.3/src/lib/krb5/posix/configure Tue Oct 4 22:46:47 1994
--- krb5-b4.3/src/lib/krb5/posix/configure Fri Nov 18 16:17:56 1994
***************
*** 544,549 ****
--- 544,601 ----
fi
rm -f conftest*
+ test -n "$silent" || echo "checking for number of arguments to setpgrp"
+ cat > conftest.${ac_ext} <<EOF
+ #include "confdefs.h"
+ #include <unistd.h>
+ int main() { return 0; }
+ int t() { setpgrp(0,0); return 0; }
+ EOF
+ if eval $ac_compile; then
+ rm -rf conftest*
+
+ {
+ test -n "$verbose" && \
+ echo " defining SETPGRP_TWOARG"
+ echo "#define" SETPGRP_TWOARG "1" >> confdefs.h
+ DEFS="$DEFS -DSETPGRP_TWOARG=1"
+ }
+
+
+ fi
+ rm -f conftest*
+
+
+ test -n "$silent" || echo "checking for setsid"
+ cat > conftest.${ac_ext} <<EOF
+ #include "confdefs.h"
+ #include <ctype.h>
+ int main() { return 0; }
+ int t() {
+ /* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+ #if defined (__stub_setsid) || defined (__stub___setsid)
+ choke me
+ #else
+ /* Override any gcc2 internal prototype to avoid an error. */
+ extern int setsid(); setsid();
+ #endif
+ ; return 0; }
+ EOF
+ if eval $ac_compile; then
+ rm -rf conftest*
+ {
+ test -n "$verbose" && \
+ echo " defining HAS_SETSID"
+ echo "#define" HAS_SETSID "1" >> confdefs.h
+ DEFS="$DEFS -DHAS_SETSID=1"
+ }
+
+
+ fi
+ rm -f conftest*
+
ac_top=../../../
case $ac_top in
Removing the awk scripts was awkward.
diff -r -c -b ../src/security/krb5-b4.3/src/util/et/Makefile.in krb5-b4.3/src/util/et/Makefile.in
*** ../src/security/krb5-b4.3/src/util/et/Makefile.in Mon Oct 3 18:39:03 1994
--- krb5-b4.3/src/util/et/Makefile.in Wed Oct 19 07:06:56 1994
***************
*** 59,65 ****
$(CP) $(srcdir)/et_h.awk et_h.awk
clean::
! $(RM) compile_et compile_et.o error_table.o et_c.awk et_h.awk
depend::
--- 59,65 ----
$(CP) $(srcdir)/et_h.awk et_h.awk
clean::
! $(RM) compile_et compile_et.o error_table.o
depend::
Ditto for the sed scripts.
diff -r -c -b ../src/security/krb5-b4.3/src/util/ss/Makefile.in krb5-b4.3/src/util/ss/Makefile.in
*** ../src/security/krb5-b4.3/src/util/ss/Makefile.in Mon Oct 3 18:39:10 1994
--- krb5-b4.3/src/util/ss/Makefile.in Wed Oct 19 07:04:34 1994
***************
*** 91,97 ****
ss_err.c: ss_err.et
clean::
! $(RM) ss_err.o ss_err.c ss_err.h std_rqs.c ct_c.awk ct_c.sed
depend:: ss_err.h
--- 91,97 ----
ss_err.c: ss_err.et
clean::
! $(RM) ss_err.o ss_err.c ss_err.h std_rqs.c
depend:: ss_err.h
