[1057] in Kerberos_V5_Development
[Doug Engert ] Krlogind and ss-962301
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sun Apr 14 15:53:13 1996
To: marc@MIT.EDU, krbdev@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 14 Apr 1996 15:53:01 -0400
First, the following suggests that I can probably relax my
Irix is broken tests to deal with 5.2 only, although I'm not sure I
want to given SGI's comments about the lack of stability in their
streams driver.
So, do I want to use streams or not with HP? It does work
correctly now (see
/mit/krb5/.build.sun4m_53/hp-build/appltelnet/telnetd/telnetd). I
don't have krlogind working because Mark hasn't given us Marc's
patches to krlogind.c so it doesnt compile.
If we disable streams, we will need to coordinate between
telnetd and libpty.
------- Start of forwarded message -------
Date: Mon, 1 Apr 1996 11:45:02 -0600
Message-Id: <199604011745.LAA16094@pembroke.ctd.anl.gov>
From: Doug Engert <DEEngert@anl.gov>
To: krb5-bugs@MIT.EDU
Subject: Krlogind and ss-962301
Last week I sent some modifications to krlogind and util/pty which
would allow krlogind to work on HPUX 10, AIX 4.1.4, and Solaris 2.4.
I now have it working on IRIX 5.3.
I discovered a problem with last weeks mod, in that I miss spelled
TIOCPKT as TIOCKPT in the test inside the protocol routine. This
caused some code to always be deleted, when it should not have been.
When I corrected the mistake, I found some other problems as well. I
have attached a diff file for krlogind.c which seams to work. I don't
expect you to use it directly, but rater as an example of what might
work.
On the HPUX system, it appears to have two different pseudo terminal
drivers, a stream version, and a "pty" version. Either of these can be
used, but the streams version does not support the TIOCKPT ioctl, but,
according to the manual, the pty driver does. The choice of which
driver is used is determined by which device is opened. The getpty.c
tries to opens the /dev/ptmx device which uses the streams version. If
you want the pty version, the HP manual says open the /dev/ptym/clone.
On the IRIX 5.3 system, the getpty.c opens the /dev/ptmx device as
well, but the configure does not set the HAVE_STREAMS. So I defined
HAVE_STREAMS manually. Unlike the HP streams driver, the SGI streams
driver appears to support the TIOCKPT ioctl. (I assume I am using the
streams driver, since I defined HAVE_STREAMS, there is a /dev/ptmx, and
the init_slave.c does not complain about the push of the ptem and
ldterm.)
The main "fix" I added to krlogind.c was to add a run time test in the
protocol routine to test if the driver works with TIOCKPT. This test
appears to work on all the systems.
I am not saying that it is better to use the streams or non streams
drivers, but they do respond differently, and the configure and ifdef
processing needs to match which device is opened, or more run time
tests need to be added.
I hope this helps. If it is not clear, drop me a note.
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: DEEngert@anl.gov
---------------------------
*** ./appl/bsd/,krlogind.c Fri Jan 19 11:34:14 1996
--- ./appl/bsd/krlogind.c Thu Mar 28 13:44:10 1996
***************
*** 265,270 ****
--- 265,275 ----
#endif /* DO_NOT_USE_K_LOGIN */
#endif /* LOGIN_PROGRAM */
+ #ifdef USE_LOGIN_F
+ #undef LOGIN_PROGRAM
+ #define LOGIN_PROGRAM "/bin/login"
+ #endif
+
char *login_program = LOGIN_PROGRAM;
#define MAXRETRIES 4
***************
*** 591,600 ****
#ifdef TIOCSWINSZ
(void) ioctl(p, TIOCSWINSZ, &win);
#endif
-
-
-
-
#ifdef POSIX_SIGNALS
sa.sa_handler = cleanup;
--- 596,601 ----
***************
*** 617,625 ****
fatal(f, error_message(retval));
exit(1);
}
!
#if defined(POSIX_TERMIOS) && !defined(ultrix)
tcgetattr(t,&new_termio);
new_termio.c_lflag &= ~(ICANON|ECHO|ISIG|IEXTEN);
/* so that login can read the authenticator */
--- 618,632 ----
fatal(f, error_message(retval));
exit(1);
}
!
#if defined(POSIX_TERMIOS) && !defined(ultrix)
+
+ #ifndef USE_LOGIN_F
+ /* The pty_initialize_slave called from pty_open_slave
+ * does some of this as well. If we use the vendors
+ * login, we should not turn off the ISIG! DEE
+ */
tcgetattr(t,&new_termio);
new_termio.c_lflag &= ~(ICANON|ECHO|ISIG|IEXTEN);
/* so that login can read the authenticator */
***************
*** 629,634 ****
--- 636,642 ----
new_termio.c_cc[VMIN] = 1;
new_termio.c_cc[VTIME] = 0;
tcsetattr(t,TCSANOW,&new_termio);
+ #endif /* USE_LOGIN_F */
#else
(void)ioctl(t, TIOCGETP, &b);
b.sg_flags = RAW|ANYP;
***************
*** 708,713 ****
--- 716,739 ----
}
#endif
+ #ifdef USE_LOGIN_F
+ /* use the vendors login, which has -p and -f. Tested on
+ * AIX 4.1.4 and HPUX 10
+ */
+ {
+ char *cp;
+ if ((cp = strchr(term,'/')))
+ *cp = '\0';
+ setenv("TERM",term, 1);
+ }
+
+ if (passwd_req)
+ execl(login_program, "login", "-p", "-h", rhost_name,
+ lusername, 0);
+ else
+ execl(login_program, "login", "-p", "-h", rhost_name,
+ "-f", lusername, 0);
+ #else
#ifdef DO_NOT_USE_K_LOGIN
execl(login_program, "login", "-r", rhost_name, 0);
#else
***************
*** 716,721 ****
--- 742,748 ----
else
execl(login_program, "login", "-h", rhost_name, "-e", lusername, 0);
#endif
+ #endif /* USE_LOGIN_F */
fatalperror(2, login_program);
/*NOTREACHED*/
***************
*** 727,733 ****
** turning off echo on the slave side ...
** The master blocks here until it reads a byte.
*/
!
(void) close(syncpipe[1]);
if (read(syncpipe[0], &c, 1) != 1) {
/*
--- 754,760 ----
** turning off echo on the slave side ...
** The master blocks here until it reads a byte.
*/
!
(void) close(syncpipe[1]);
if (read(syncpipe[0], &c, 1) != 1) {
/*
***************
*** 738,744 ****
}
close(syncpipe[0]);
!
#if defined(KERBEROS)
if (do_encrypt) {
if (((*des_write)(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE))) < 0){
--- 765,771 ----
}
close(syncpipe[0]);
!
#if defined(KERBEROS)
if (do_encrypt) {
if (((*des_write)(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE))) < 0){
***************
*** 759,767 ****
(void) fcntl(p,F_SETFL,fcntl(p,F_GETFL,0) | O_NDELAY);
/*** XXX -- make this portable ***/
! #if defined(TIOCPKT) && !defined(__svr4__) || defined(solaris20)
ioctl(p, TIOCPKT, &on);
! #endif
#ifdef POSIX_SIGNALS
sa.sa_handler = SIG_IGN;
--- 786,797 ----
(void) fcntl(p,F_SETFL,fcntl(p,F_GETFL,0) | O_NDELAY);
/*** XXX -- make this portable ***/
! /* #if defined(TIOCPKT) && !defined(__svr4__) || defined(solaris20) */
! /* not clear about the __svr4__ comment above. */
! /* turn on the packet mode, see the ifdef in protocal about this */
! #ifdef TIOCPKT
ioctl(p, TIOCPKT, &on);
! #endif TIOCPKT
#ifdef POSIX_SIGNALS
sa.sa_handler = SIG_IGN;
***************
*** 770,781 ****
--- 800,816 ----
signal(SIGTSTP, SIG_IGN);
#endif
+ #if 0
+ /* this should have been done in the open_slave, not here */
#ifdef hpux
setpgrp2(0, 0);
#else
setpgrp(0, 0);
#endif
+ #endif
+ #ifndef USE_LOGIN_F
+ /* login -p -f finds TERM in environment */
#ifdef DO_NOT_USE_K_LOGIN
/* Pass down rusername and lusername to login. */
(void) write(p, rusername, strlen(rusername) +1);
***************
*** 789,794 ****
--- 824,831 ----
sprintf(buferror,"Cannot write slave pty %s ",line);
fatalperror(f,buferror);
}
+ #endif /* USE_LOGIN_F */
+
protocol(f, p);
signal(SIGCHLD, SIG_IGN);
cleanup();
***************
*** 827,834 ****
--- 864,873 ----
w.ws_xpixel = ntohs(w.ws_xpixel);
w.ws_ypixel = ntohs(w.ws_ypixel);
(void)ioctl(pty, TIOCSWINSZ, &w);
+ #ifdef TIOCGPGRP
if (ioctl(pty, TIOCGPGRP, &pgrp) >= 0)
(void) killpg(pgrp, SIGWINCH);
+ #endif /* TIOCGPGRP */
#endif
return (4+sizeof (w));
}
***************
*** 843,848 ****
--- 882,889 ----
{
unsigned char pibuf[1024], fibuf[1024], *pbp, *fbp;
register pcc = 0, fcc = 0;
+ register tiocpktisoff = 0;
+ int on = 1;
int cc;
char cntl;
#ifdef POSIX_SIGNALS
***************
*** 862,867 ****
--- 903,913 ----
#else
signal(SIGTTOU, SIG_IGN);
#endif
+ /* see comments below on TIOCPKT */
+ #ifdef TIOCPKT
+ if ( ioctl(p, TIOCPKT, &on) < 0)
+ tiocpktisoff = 1;
+ #endif
#ifdef TIOCSWINSZ
send(f, oobdata, 1, MSG_OOB); /* indicate new rlogin */
#endif
***************
*** 944,952 ****
pcc = 0;
else if (pcc <= 0)
break;
else if (pibuf[0] == 0)
pbp++, pcc--;
! #ifndef sun
else {
if (pkcontrol(pibuf[0])) {
pibuf[0] |= oobdata[0];
--- 990,1011 ----
pcc = 0;
else if (pcc <= 0)
break;
+ /* this section should only be included if TIOCPKT is in effect.
+ * Some systems have both a streams and a non stream driver, and
+ * the streams driver may or may not work with TIOCPKT mode.
+ * Depending on how the pty_getpty routine works, it may get a streams
+ * or a non streams driver. So I have added a test here to see if the
+ * TIOCPKT has worked.
+ * When in packet mode, a leading byte has the control information
+ * See the TIOCPKT comments above */
+
+ #ifdef TIOCPKT
+ else if (tiocpktisoff)
+ ;
else if (pibuf[0] == 0)
pbp++, pcc--;
!
! /* #if !defined(sun) && !defined(hpux) */
else {
if (pkcontrol(pibuf[0])) {
pibuf[0] |= oobdata[0];
***************
*** 954,960 ****
}
pcc = 0;
}
! #endif
}
if (FD_ISSET(f, &obits) && pcc > 0) {
cc = (*des_write)(f, pbp, pcc);
--- 1013,1019 ----
}
pcc = 0;
}
! #endif /* TIOCKPT */
}
if (FD_ISSET(f, &obits) && pcc > 0) {
cc = (*des_write)(f, pbp, pcc);
***************
*** 1091,1096 ****
--- 1150,1161 ----
}
#endif
}
+ #ifdef USE_LOGIN_F
+ /* can't allow lusername to look like a parameter to login */
+ if (lusername[0] == '-')
+ fatal(netf, "Invalid local user name");
+ #endif
+
/* The kerberos authenticated request must pass ruserok also
if asked for. */
------- End of forwarded message -------
