[8062] in Athena Bugs
fixes for zshutdown_notify
daemon@ATHENA.MIT.EDU (Barr3y Jaspan)
Wed Aug 28 16:33:31 1991
Date: Wed, 28 Aug 91 16:33:51 -0400
From: "Barr3y Jaspan" <bjaspan@MIT.EDU>
To: bugs@ATHENA.MIT.EDU
I am very confused as to how zshutdown_notify is supposed to be
working. I had always thought that it did not try to send authentic
messages since, presumably, getting the message out at all was of
prime importance. However, that's not exactly what the source in the
zephyr locker do. It tries to acquire a ticket as rcmd.<hostname>,
aborts if it cannot (for example, if there is no srvtab), and then
sends the message as root, ignoring the tickets it just acquired.
Thus, it DOES send unauthentic messages, but still requires the
ability to get tickets. Or something like that. (I am unclear as to
why a message sent with ZAUTH with no tickets available was not
generating an error.)
The following patch makes it do what, to me, seems most reasonable.
It tries to get tickets but merely logs an error if it fails. If it
got tickets, it attempts to send an authentic message, and if it the
send fails with ZERR_AUTHFAIL, it will send a non-authentic message.
If it did not get tickets, it just sends a non-authentic message.
This has only been lightly tested.
*** zshutdown_notify.c~ Wed Aug 28 15:13:01 1991
--- zshutdown_notify.c Wed Aug 28 16:15:45 1991
***************
*** 56,61 ****
--- 56,62 ----
char msgbuff[BUFSIZ], message[Z_MAXPKTLEN], *ptr;
char *msg[N_FIELD_CNT];
#ifdef KERBEROS
+ int have_tickets;
char tkt_filename[MAXPATHLEN];
char rlm[REALM_SZ];
char hn2[MAXHOSTNAMELEN];
***************
*** 67,77 ****
msg[1] = message;
msg[2] = warning;
- if ((retval = ZInitialize()) != ZERR_NONE) {
- com_err(argv[0], retval, "while initializing");
- exit(1);
- }
-
if (gethostname(hostname, MAXHOSTNAMELEN) < 0) {
com_err(argv[0], errno, "while finding hostname");
exit(1);
--- 68,73 ----
***************
*** 81,110 ****
(void) strcpy(hostname, hp->h_name);
#ifdef KERBEROS
(void) sprintf(tkt_filename, "/tmp/tkt_zshut_%d", getpid());
krb_set_tkt_string(tkt_filename);
!
cp = krb_get_phost(hostname);
if (cp)
(void) strcpy(hn2, cp);
else {
fprintf(stderr, "%s: can't figure out canonical hostname\n",argv[0]);
! exit(1);
! }
if (retval = krb_get_lrealm(rlm, 1)) {
fprintf(stderr, "%s: can't get local realm: %s\n",
argv[0], krb_err_txt[retval]);
! exit(1);
}
if (retval = krb_get_svc_in_tkt(SVC_NAME, hn2, rlm,
SERVER_SERVICE, SERVER_INSTANCE, 1,
KEYFILE)) {
! fprintf(stderr, "%s: can't get tickets: %s\n",
! argv[0], krb_err_txt[retval]);
! exit(1);
}
#endif
ptr = message;
for (;;) {
--- 77,120 ----
(void) strcpy(hostname, hp->h_name);
#ifdef KERBEROS
+ /* Tickets must be acquired first because ZInitialize uses the */
+ /* ticket file to determine the (cached) value of ZGetSender(). */
+ have_tickets = 0;
(void) sprintf(tkt_filename, "/tmp/tkt_zshut_%d", getpid());
+ setenv("KRBTKFILE", tkt_filename, 1);
krb_set_tkt_string(tkt_filename);
!
cp = krb_get_phost(hostname);
if (cp)
(void) strcpy(hn2, cp);
else {
fprintf(stderr, "%s: can't figure out canonical hostname\n",argv[0]);
! goto krb_failed;
! }
if (retval = krb_get_lrealm(rlm, 1)) {
fprintf(stderr, "%s: can't get local realm: %s\n",
argv[0], krb_err_txt[retval]);
! goto krb_failed;
}
if (retval = krb_get_svc_in_tkt(SVC_NAME, hn2, rlm,
SERVER_SERVICE, SERVER_INSTANCE, 1,
KEYFILE)) {
! fprintf(stderr, "%s: can't get tickets: %s. Continuing.\n",
! argv[0], krb_err_txt[retval]);
! goto krb_failed;
}
+
+ /* We succeeded in getting tickets */
+ have_tickets = 1;
+
+ krb_failed:
#endif
+ if ((retval = ZInitialize()) != ZERR_NONE) {
+ com_err(argv[0], retval, "while initializing");
+ exit(1);
+ }
+
ptr = message;
for (;;) {
***************
*** 129,142 ****
notice.z_recipient = "";
notice.z_default_format = N_DEF_FORMAT;
- if ((retval = ZSendList(¬ice, msg, N_FIELD_CNT, ZAUTH)) != ZERR_NONE) {
- com_err(argv[0], retval, "while sending notice");
#ifdef KERBEROS
! (void) dest_tkt();
! #endif
! exit(1);
}
- #ifdef KERBEROS
- (void) dest_tkt();
#endif
}
--- 139,164 ----
notice.z_recipient = "";
notice.z_default_format = N_DEF_FORMAT;
#ifdef KERBEROS
! if (have_tickets) {
! retval = ZSendList(¬ice, msg, N_FIELD_CNT, ZAUTH);
! if (retval == ZERR_AUTHFAIL) {
! com_err(argv[0], retval, "while sending authentic notice");
! retval = ZSendList(¬ice, msg, N_FIELD_CNT, ZNOAUTH);
! }
! } else
! retval = ZSendList(¬ice, msg, N_FIELD_CNT, ZNOAUTH);
!
! if (retval != ZERR_NONE) {
! com_err(argv[0], retval, "while sending notice");
! if (have_tickets) (void) dest_tkt();
! exit(1);
! }
! if (have_tickets) (void) dest_tkt();
! #else
! if ((retval = ZSendList(¬ice, msg, N_FIELD_CNT, ZAUTH)) != ZERR_NONE) {
! com_err(argv[0], retval, "while sending notice");
! exit(1);
}
#endif
}
