[1568] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
KerbV/rdist v6 production patches

daemon@ATHENA.MIT.EDU (John Stewart)
Mon Jul 24 14:33:15 1995

To: krb5-bugs@MIT.EDU, rdist-bugs@usc.edu
Cc: netsec@cisco.com, acs-sysadmin@cisco.com, cio-trolls@cisco.com
Date: Mon, 24 Jul 1995 11:31:42 -0700
From: John Stewart <jns@cisco.com>


Goal: allow rdist v6 to use KerbV rsh/krshd unencrypted, and encrypted
with KerbV rsh/krshd.

This message is almost senselessly long, but it includes a series of
things all of which are important. Each section is deliniated by a
line of '=' signs.



Here is a list of the contents:

	1. ChangeLog updates from kerberos krshd.c changes
        2. ChangeLog updates from rdist *.c code changes
        3. Patch listing for kerberos krshd.c code changes
        4. Patch listing for rdist *.c code changes

--John
	
John Stewart       Systems Administrator/Web Developer  Email: jns@cisco.com
Adv. Customer Systems       Where no one                Phone: +1.408.526.8499
Cisco Systems, Inc.       has gone before...            FAX:   +1.408.526.8787



=====================================================================
Mon Jul 24 15:37:09 1995  John Stewart  <jns@ghostbuster.cisco.com>

	* krshd.c: added support for -q/-Q to not output SECURE_MESSAGE

	changed select maxfdp1 to a proper maximum (as coded, it was
	consistently returning 256 as maxfdp1)

	* krshd.c: Initial revision
=====================================================================
Mon Jul 24 17:31:28 1995  John Stewart  <jns@ghostbuster.cisco.com>

	* src/common.c: added final logic for isserver calls

	* src/common.c: completed logic switches for KERBEROS sendcmdmsg
	(missing a test for isserver)

	* src/rdistd.c: added remout initialization

	* src/rdistd.c: Initial revision

	* src/common.c: unterminated #if (*sigh*)
	y

	* src/common.c: unterminated #else

	* src/rshrcmd.c: added support for an encrytion shell (KERBEROS)

	* src/rshrcmd.c: Initial revision

	* src/rdist.c: added support for _PATH_KREMSH

	* src/common.c: added support for remout, STDOUT when build with
	KERBEROS capabilities required.

	* src/common.c: Initial revision

	* src/docmd.c: added support for remout when using KERBEROS

	* src/docmd.c: *** empty log message ***

	* src/rdist.c: added support for -e flag (for Kerberos encyption)

	* src/rdist.c, src/docmd.c: Initial revision

=====================================================================
*** src/appl/bsd/krshd.c	1995/07/24 18:10:14	1.1
--- src/appl/bsd/krshd.c	1995/07/24 18:26:50
***************
*** 159,165 ****
  #include "com_err.h"
  #include "loginpaths.h"
  
! #define ARGSTR	"rRxXeEkKD:S:M:AP:?"
  
  #define SECURE_MESSAGE "This rsh session is using DES encryption for all data transmissions.\r\n"
  
--- 159,165 ----
  #include "com_err.h"
  #include "loginpaths.h"
  
! #define ARGSTR	"rRxXeEkKD:S:M:AP:Qq?"
  
  #define SECURE_MESSAGE "This rsh session is using DES encryption for all data transmissions.\r\n"
  
***************
*** 187,192 ****
--- 187,193 ----
  
  int do_encrypt = 0;
  int anyport = 0;
+ int quiet = 0;
  char *kprogdir = KPROGDIR;
  int netf;
  
***************
*** 345,350 ****
--- 346,359 ----
  	case 'P':
  	  kprogdir = optarg;
  	  break;
+ 
+ 	case 'q':
+ 	  quiet = 1;
+ 	  break;
+ 
+ 	case 'Q':
+ 	  quiet = 1;
+ 	  break;
  #endif
  	case 'D':
  	  debug_port = atoi(optarg);
***************
*** 531,537 ****
      struct hostent *hp;
      char *hostname;
      short port;
!     int pv[2], pw[2], px[2], cc;
      fd_set ready, readfrom;
      char buf[BUFSIZ], sig;
      int one = 1;
--- 540,546 ----
      struct hostent *hp;
      char *hostname;
      short port;
!     int pv[2], pw[2], px[2], cc, nfd;
      fd_set ready, readfrom;
      char buf[BUFSIZ], sig;
      int one = 1;
***************
*** 1124,1130 ****
  	    ioctl(pw[0], FIONBIO, (char *)&one);
  	    /* should set s nbio! */
  
! 	    if (do_encrypt)
  		if (((*des_write)(s, SECURE_MESSAGE, sizeof(SECURE_MESSAGE))) < 0)
  		    fatal(pw[0], "Cannot encrypt-write network.");
  	    
--- 1133,1139 ----
  	    ioctl(pw[0], FIONBIO, (char *)&one);
  	    /* should set s nbio! */
  
! 	    if (do_encrypt && !quiet)
  		if (((*des_write)(s, SECURE_MESSAGE, sizeof(SECURE_MESSAGE))) < 0)
  		    fatal(pw[0], "Cannot encrypt-write network.");
  	    
***************
*** 1133,1142 ****
  	    FD_SET(s, &readfrom);
  	    FD_SET(pv[0], &readfrom);
  	    FD_SET(pw[0], &readfrom);
  	    
  	    do {
  		ready = readfrom;
! 		if (select(8*sizeof(ready), &ready, (fd_set *)0,
  			   (fd_set *)0, (struct timeval *)0) < 0)
  		  break;
  		if (FD_ISSET(s, &ready)) {
--- 1142,1156 ----
  	    FD_SET(s, &readfrom);
  	    FD_SET(pv[0], &readfrom);
  	    FD_SET(pw[0], &readfrom);
+ 
+ 	    nfd = MAX(nfd, s);
+ 	    nfd = MAX(nfd, pv[0]);
+ 	    nfd = MAX(nfd, pw[0]);
  	    
+ 	    nfd++;
  	    do {
  		ready = readfrom;
! 		if (select(nfd, &ready, (fd_set *)0,
  			   (fd_set *)0, (struct timeval *)0) < 0)
  		  break;
  		if (FD_ISSET(s, &ready)) {

=====================================================================

*** src/common.c	1995/07/24 16:10:01	1.1
--- src/common.c	1995/07/24 17:31:28
***************
*** 33,39 ****
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: common.c,v 1.1 1995/07/24 16:10:01 jns Exp $";
  
  static char sccsid[] = "@(#)common.c";
  
--- 33,39 ----
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: common.c,v 1.6 1995/07/24 17:31:28 jns Exp $";
  
  static char sccsid[] = "@(#)common.c";
  
***************
*** 61,70 ****
--- 61,76 ----
  char		       *locuser = NULL;		/* Local User's name */
  int			isserver = FALSE;	/* We're the server */
  int     		amchild = 0;		/* This PID is a child */
+ #ifdef KERBEROS
+ int			do_encrypt = 0;		/* To encrypt or not to */
+ #endif
  int			do_fork = 1;		/* Fork child process */
  char		       *currenthost = NULL;	/* Current client hostname */
  char		       *progname = NULL;	/* Name of this program */
  int			rem = -1;		/* Client file descriptor */
+ #ifdef KERBEROS
+ int			remout = -1;		/* STDOUT when encrypting */
+ #endif
  struct passwd	       *pw = NULL;		/* Local user's pwd entry */
  int 			contimedout = FALSE;	/* Connection timed out */
  int			proto_version = -1;	/* Protocol version */
***************
*** 247,252 ****
--- 253,265 ----
  {
  	int len;
  
+ #ifdef KERBEROS
+ 	if (isserver) {
+ 		if (remout < 0)
+ 			return(-1);
+ 	}
+ 	else
+ #endif
  	if (rem < 0)
  		return(-1);
  
***************
*** 268,274 ****
  		 (cmd == C_NONE) ? len-1 : len-2,
  		 (cmd == C_NONE) ? msg : msg + 1);
  
! 	return(!(write(rem, msg, len) == len));
  }
  
  /*
--- 281,292 ----
  		 (cmd == C_NONE) ? len-1 : len-2,
  		 (cmd == C_NONE) ? msg : msg + 1);
  
! #ifdef KERBEROS
! 	if (isserver)
! 	    return(!(write(remout, msg, len) == len));
! 	else
! #endif
!     return(!(write(rem, msg, len) == len));
  }
  
  /*
***************
*** 808,814 ****
--- 826,836 ----
  				continue;
  			}
  			if (isserver)
+ #ifdef KERBEROS
+ 				(void) write(remout, sbuf, s - sbuf);
+ #else
  				(void) write(rem, sbuf, s - sbuf);
+ #endif
  			else {
  				*s = CNULL;
  				message(MT_INFO, "%s", sbuf+1);
***************
*** 819,825 ****
--- 841,851 ----
  	if (s > (char *) &sbuf[1]) {
  		*s++ = '\n';
  		if (isserver)
+ #ifdef KERBEROS
+ 			(void) write(remout, sbuf, s - sbuf);
+ #else
  			(void) write(rem, sbuf, s - sbuf);
+ #endif
  		else {
  			*s = CNULL;
  			message(MT_INFO, "%s", sbuf+1);
*** src/docmd.c	1995/07/24 15:51:45	1.1
--- src/docmd.c	1995/07/24 16:53:42
***************
*** 33,39 ****
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: docmd.c,v 1.1 1995/07/24 15:51:45 jns Exp $";
  
  static char sccsid[] = "@(#)docmd.c	5.1 (Berkeley) 6/6/85";
  
--- 33,39 ----
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: docmd.c,v 1.3 1995/07/24 16:09:03 jns Exp $";
  
  static char sccsid[] = "@(#)docmd.c	5.1 (Berkeley) 6/6/85";
  
***************
*** 72,77 ****
--- 72,89 ----
  {
  	debugmsg(DM_CALL, "closeconn() called\n");
  
+ #ifdef KERBEROS
+         if (isserver) {
+             if (remout >= 0) {
+                 signal(SIGPIPE, SIG_IGN);
+ 
+                 (void) sendcmd(C_FERRMSG, NULL);
+                 (void) close(remout);
+                 remout = -1;
+             }
+         }
+         else
+ #endif
  	if (rem >= 0) {
  		/* We don't care if the connection is still good or not */
  		signal(SIGPIPE, SIG_IGN);	
***************
*** 353,361 ****
  	 */
  	n = remline(respbuff, sizeof(respbuff), TRUE);
  	if (n <= 0 || respbuff[0] != S_VERSION) {
!           error("Unexpected input from server: \"%s\".", respbuff);
!           closeconn();
!           return(0);
  	}
  
  	/*
--- 365,373 ----
  	 */
  	n = remline(respbuff, sizeof(respbuff), TRUE);
  	if (n <= 0 || respbuff[0] != S_VERSION) {
! 		error("Unexpected input from server: \"%s\".", respbuff);
! 		closeconn();
! 		return(0);
  	}
  
  	/*
*** src/rdist.c	1995/07/24 16:02:59	1.1
--- src/rdist.c	1995/07/24 16:21:02
***************
*** 33,39 ****
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: rdist.c,v 1.1 1995/07/24 16:02:59 jns Exp $";
  
  static char sccsid[] = "@(#)main.c	5.1 (Berkeley) 6/6/85";
  
--- 33,39 ----
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: rdist.c,v 1.3 1995/07/24 16:21:02 jns Exp $";
  
  static char sccsid[] = "@(#)main.c	5.1 (Berkeley) 6/6/85";
  
***************
*** 60,69 ****
--- 60,77 ----
  struct group   *gr = NULL;			/* Static area for getgrent */
  char		localmsglist[] = "stdout=all:notify=all:syslog=nerror,ferror";
  char   	       *remotemsglist = NULL;
+ #ifdef KERBEROS
+ char		optchars[] = "A:a:bcd:DeFf:hil:L:M:m:NnOo:p:P:qRrst:Vvwxy";
+ #else
  char		optchars[] = "A:a:bcd:DFf:hil:L:M:m:NnOo:p:P:qRrst:Vvwxy";
+ #endif
  FILE   	       *opendist();
  char	       *path_rdistd = _PATH_RDISTD;
+ #ifdef KERBEROS
+ char	       *path_remsh = _PATH_KREMSH;
+ #else
  char	       *path_remsh = _PATH_REMSH;
+ #endif
  
  /*
   * Add a hostname to the host list
***************
*** 177,183 ****
  			else if (c == 't')
  				rtimeout = atoi(optarg);
  			break;
! 
  		case 'F':
  			do_fork = FALSE;
  			break;
--- 185,195 ----
  			else if (c == 't')
  				rtimeout = atoi(optarg);
  			break;
! #ifdef KERBEROS
! 		case 'e':
! 			do_encrypt = 1;
! 			break;
! #endif
  		case 'F':
  			do_fork = FALSE;
  			break;
*** src/rdistd.c	1995/07/24 16:48:40	1.1
--- src/rdistd.c	1995/07/24 16:49:28
***************
*** 33,39 ****
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: rdistd.c,v 1.1 1995/07/24 16:48:40 jns Exp $";
  
  static char sccsid[] = "@(#)rdistd.c";
  
--- 33,39 ----
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: rdistd.c,v 1.2 1995/07/24 16:49:28 jns Exp $";
  
  static char sccsid[] = "@(#)rdistd.c";
  
***************
*** 97,102 ****
--- 97,105 ----
  
  	/* Use stdin for remote descriptor */
  	rem = fileno(stdin);
+ #ifdef KERBEROS
+ 	remout = fileno(stdout);
+ #endif
  
  	/* Set logging */
  	if (cp = msgparseopts(localmsglist, TRUE))
*** src/rshrcmd.c	1995/07/24 16:22:45	1.1
--- src/rshrcmd.c	1995/07/24 16:23:08
***************
*** 6,12 ****
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: rshrcmd.c,v 1.1 1995/07/24 16:22:45 jns Exp $";
  #endif
  
  #include	"defs.h"
--- 6,12 ----
  
  #ifndef lint
  static char RCSid[] = 
! "$Id: rshrcmd.c,v 1.2 1995/07/24 16:22:52 jns Exp $";
  #endif
  
  #include	"defs.h"
***************
*** 87,92 ****
--- 87,100 ----
  			       cmd, (char *) NULL);
  			error("execlp %s failed: %s.", _PATH_BSHELL, SYSERR);
  		} else {
+ #ifdef KERBEROS
+ 			if (do_encrypt) {
+ 			    execlp(path_remsh, basename(path_remsh), 
+ 				   *ahost, ENCRYPT_FLAG, "-l", ruser, cmd, 
+ 				   (char *) NULL);
+ 			}
+ 			else
+ #endif
  			execlp(path_remsh, basename(path_remsh), 
  			       *ahost, "-l", ruser, cmd, (char *) NULL);
  			error("execlp %s failed: %s.", path_remsh, SYSERR);


=====================================================================

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[1568] in Kerberos-V5-bugs

KerbV/rdist v6 production patches

daemon@ATHENA.MIT.EDU (John Stewart)Mon Jul 24 14:33:15 1995

daemon@ATHENA.MIT.EDU (John Stewart)
Mon Jul 24 14:33:15 1995
