[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-130-g3a870
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-130-g3a870c0 |
|
Date: |
Mon, 16 Jul 2012 15:43:31 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via 3a870c0123b5e6eb0a9ae621a719c36724b422c4 (commit)
via 217f5157bc8022c2ab11905e838bb7f078860e2c (commit)
via bfc79fcbbde4a65fa28ec9cd49b468eeb58e15cd (commit)
from a8a2081ec4cbdfc94598203935ff840dcefbc42c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=3a870c0123b5e6eb0a9ae621a719c36724b422c4
commit 3a870c0123b5e6eb0a9ae621a719c36724b422c4
Author: Mats Erik Andersson <address@hidden>
Date: Sat Jul 14 23:31:11 2012 +0200
telnetd: Effective authentication modes.
diff --git a/ChangeLog b/ChangeLog
index 616d656..36311b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2012-07-14 Mats Erik Andersson <address@hidden>
+
+ telnetd: Activate authentication modes.
+ Send TELOPT_AUTHENTICATION based on the
+ authentication level chosen for the server.
+
+ * telnetd/utility.c (getterminaltype)
+ [AUTHENTICATION]: Choose between send_wont(),
+ send_do() and send_will() with TELOPT_AUTHENTICATION
+ depending on `auth_level'.
+
2012-07-13 Mats Erik Andersson <address@hidden>
* telnetd/telnetd.c (auth_level) [AUTHENTICATION]:
diff --git a/telnetd/utility.c b/telnetd/utility.c
index 8183a79..b96a18f 100644
--- a/telnetd/utility.c
+++ b/telnetd/utility.c
@@ -698,13 +698,27 @@ getterminaltype (char *user_name)
#if defined AUTHENTICATION
/*
* Handle the Authentication option before we do anything else.
+ * Distinguish the available modes by level:
+ *
+ * off: Authentication is forbidden.
+ * none: Volontary authentication.
+ * user, valid, other: Mandatory authentication only.
*/
- send_do (TELOPT_AUTHENTICATION, 1);
- ttloop (his_will_wont_is_changing (TELOPT_AUTHENTICATION));
+ if (auth_level < 0)
+ send_wont (TELOPT_AUTHENTICATION, 1);
+ else
+ {
+ if (auth_level > 0)
+ send_do (TELOPT_AUTHENTICATION, 1);
+ else
+ send_will (TELOPT_AUTHENTICATION, 1);
- if (his_state_is_will (TELOPT_AUTHENTICATION))
- retval = auth_wait (user_name);
-#endif
+ ttloop (his_will_wont_is_changing (TELOPT_AUTHENTICATION));
+
+ if (his_state_is_will (TELOPT_AUTHENTICATION))
+ retval = auth_wait (user_name);
+ }
+#endif /* AUTHENTICATION */
#ifdef ENCRYPTION
send_will (TELOPT_ENCRYPT, 1);
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=217f5157bc8022c2ab11905e838bb7f078860e2c
commit 217f5157bc8022c2ab11905e838bb7f078860e2c
Author: Mats Erik Andersson <address@hidden>
Date: Fri Jul 13 18:45:03 2012 +0200
telnetd: Authmode only with Kerberos.
diff --git a/ChangeLog b/ChangeLog
index 326fff6..616d656 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2012-07-13 Mats Erik Andersson <address@hidden>
+ * telnetd/telnetd.c (auth_level) [AUTHENTICATION]:
+ Use only in kerberized server builds.
+ (arpg_options, parse_opt) [AUTHENTICATION]
+ <-a/--authmode>: Likewise.
+ (parse_mode) [AUTHENTICATION]: Likewise.
+
+ * telnetd/utility.c (io_drain) <EAGAIN in read()>:
+ Silence useless logging message `ttloop: retrying'.
+
+2012-07-13 Mats Erik Andersson <address@hidden>
+
telnet, telnetd: Set service name for libshishi
in server and allow client to specify realm.
diff --git a/telnetd/telnetd.c b/telnetd/telnetd.c
index d844d37..cd57cf8 100644
--- a/telnetd/telnetd.c
+++ b/telnetd/telnetd.c
@@ -32,7 +32,10 @@
# include <libtelnet/misc.h>
#endif
+#ifdef AUTHENTICATION
static void parse_authmode (char *str);
+#endif
+
static void parse_linemode (char *str);
static void parse_debug_level (char *str);
static void telnetd_setup (int fd);
@@ -57,8 +60,6 @@ int lmodetype; /* Type of linemode (2)
*/
int hostinfo = 1; /* Print the host-specific information before
login */
-int auth_level = 0; /* Authentication level */
-
int debug_level[debug_max_mode]; /* Debugging levels */
int debug_tcp = 0; /* Should the SO_DEBUG be set? */
@@ -82,7 +83,7 @@ int flowmode; /* current flow control state */
int restartany; /* restart output on any character
state */
int diagnostic; /* telnet diagnostic capabilities */
#if defined AUTHENTICATION
-int auth_level;
+int auth_level = 0; /* Authentication level */
int autologin;
#endif
@@ -95,8 +96,10 @@ struct telnetd_clocks clocks;
�
static struct argp_option argp_options[] = {
+#ifdef AUTHENTICATION
{ "authmode", 'a', "MODE", 0,
"specify what mode to use for authentication" },
+#endif
{ "debug", 'D', "LEVEL", OPTION_ARG_OPTIONAL,
"set debugging level" },
{ "exec-login", 'E', "STRING", 0,
@@ -122,9 +125,11 @@ parse_opt (int key, char *arg, struct argp_state *state)
{
switch (key)
{
+#ifdef AUTHENTICATION
case 'a':
parse_authmode (arg);
break;
+#endif
case 'D':
parse_debug_level (arg);
@@ -201,6 +206,7 @@ parse_linemode (char *str)
fprintf (stderr, "telnetd: invalid argument to --linemode\n");
}
+#ifdef AUTHENTICATION
void
parse_authmode (char *str)
{
@@ -217,6 +223,7 @@ parse_authmode (char *str)
else
fprintf (stderr, "telnetd: unknown authorization level for -a\n");
}
+#endif /* AUTHENTICATION */
static struct
{
diff --git a/telnetd/utility.c b/telnetd/utility.c
index cdd1d9a..8183a79 100644
--- a/telnetd/utility.c
+++ b/telnetd/utility.c
@@ -412,7 +412,9 @@ again:
{
if (errno == EAGAIN)
{
- syslog (LOG_INFO, "ttloop: retrying");
+ /*
+ * syslog (LOG_INFO, "ttloop: retrying");
+ */
goto again;
}
syslog (LOG_INFO, "ttloop: read: %m\n");
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=bfc79fcbbde4a65fa28ec9cd49b468eeb58e15cd
commit bfc79fcbbde4a65fa28ec9cd49b468eeb58e15cd
Author: Mats Erik Andersson <address@hidden>
Date: Fri Jul 13 11:36:45 2012 +0200
telnet: Service and realm for libshishi.
diff --git a/ChangeLog b/ChangeLog
index 9e02eae..326fff6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2012-07-13 Mats Erik Andersson <address@hidden>
+
+ telnet, telnetd: Set service name for libshishi
+ in server and allow client to specify realm.
+
+ * libtelnet/shishi.c (dest_realm): New variable.
+ (krb5shishi_send): Call shishi_realm_default_set()
+ whenever `dest_realm' is set.
+ (krb5shishi_is_auth): New variable SERVER. Construct
+ a service name from `LocalHostName' and use it in a
+ call to shishi_hostkeys_for_server().
+ * telnet/main.c (dest_realm) [KRB4 || SHISHI]:
+ New external variable.
+ (argp_options) [AUTHENTICATION && (KRB4 || SHISHI)]:
+ Activate the option `-k/--realm' also whith SHISHI.
+ (parse_opt) [AUTHENTICATION && (KRB4 || SHISHI)]:
+ Likewise.
+
2012-07-11 Mats Erik Andersson <address@hidden>
Allow builds on OpenSolaris with libshishi.
diff --git a/libtelnet/shishi.c b/libtelnet/shishi.c
index dd1622a..17c9c3e 100644
--- a/libtelnet/shishi.c
+++ b/libtelnet/shishi.c
@@ -40,6 +40,8 @@
# include "encrypt.h"
# endif
+char *dest_realm = NULL;
+
Shishi_key *enckey = NULL;
static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
@@ -168,6 +170,10 @@ krb5shishi_send (TN_Authenticator * ap)
sprintf (tmp, "host/%s", RemoteHostName);
memset (&hint, 0, sizeof (hint));
hint.server = tmp;
+
+ if (dest_realm && *dest_realm)
+ shishi_realm_default_set (shishi_handle, dest_realm);
+
tkt = shishi_tkts_get (shishi_tkts_default (shishi_handle), &hint);
free (tmp);
if (!tkt)
@@ -398,7 +404,7 @@ krb5shishi_is_auth (TN_Authenticator * a, unsigned char
*data, int cnt,
{
Shishi_key *key, *key2;
int rc;
- char *cnamerealm;
+ char *cnamerealm, *server;
int cnamerealmlen;
# ifdef ENCRYPTION
Session_Key skey;
@@ -428,7 +434,16 @@ krb5shishi_is_auth (TN_Authenticator * a, unsigned char
*data, int cnt,
return 1;
}
- key = shishi_hostkeys_for_localservice (shishi_handle, "host");
+ server = malloc (strlen ("host/") + strlen (LocalHostName) + 1);
+ if (server)
+ {
+ sprintf (server, "host/%s", LocalHostName);
+ key = shishi_hostkeys_for_server (shishi_handle, server);
+ free (server);
+ }
+ else
+ key = shishi_hostkeys_for_localservice (shishi_handle, "host");
+
if (key == NULL)
{
snprintf (errbuf, errbuflen, "Could not find key:\n%s\n",
diff --git a/telnet/main.c b/telnet/main.c
index a112741..0c5b219 100644
--- a/telnet/main.c
+++ b/telnet/main.c
@@ -111,6 +111,10 @@ enum {
OPTION_NOASYNCNET
};
+#if defined KRB4 || defined SHISHI
+extern char *dest_realm;
+#endif
+
static struct argp_option argp_options[] = {
#define GRID 10
{ NULL, 0, NULL, 0,
@@ -160,7 +164,7 @@ static struct argp_option argp_options[] = {
"Authentication and Kerberos options:", GRID },
{ "disable-auth", 'X', "ATYPE", 0,
"disable type ATYPE authentication", GRID+1 },
-# if defined KRB4
+# if defined KRB4 || defined SHISHI
{ "realm", 'k', "REALM", 0,
"obtain tickets for the remote host in REALM "
"instead of the remote host's realm", GRID+1 },
@@ -257,7 +261,8 @@ parse_opt (int key, char *arg, struct argp_state *state)
break;
#endif
-#if defined AUTHENTICATION && defined KRB4
+#if defined AUTHENTICATION && \
+ ( defined KRB4 || defined SHISHI )
case 'k':
dest_realm = arg;
break;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 40 ++++++++++++++++++++++++++++++++++++++++
libtelnet/shishi.c | 19 +++++++++++++++++--
telnet/main.c | 9 +++++++--
telnetd/telnetd.c | 13 ++++++++++---
telnetd/utility.c | 28 ++++++++++++++++++++++------
5 files changed, 96 insertions(+), 13 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-130-g3a870c0,
Mats Erik Andersson <=