[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-137-gc239b
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-137-gc239b98 |
|
Date: |
Thu, 26 Jul 2012 02:17:08 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via c239b983175eacc8b82dcba61313a91e49646fb7 (commit)
via 81acda2919c5e4507dba0ceaa2565adc55524d57 (commit)
via 6c7b2815daa5e50add254d522a69a7a20c549cb1 (commit)
via a78e5df5a6cb2347cc7a56c4bb98e95229026579 (commit)
via 598e9a9ecf2563c78d1477019a9c68a7edf80771 (commit)
via 7de0a6859990a97a3190e8c398d57e9a8e023d28 (commit)
via f0bea21c7e58ffb7251cdda4f1f7ad39913d4cff (commit)
from 3a870c0123b5e6eb0a9ae621a719c36724b422c4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=c239b983175eacc8b82dcba61313a91e49646fb7
commit c239b983175eacc8b82dcba61313a91e49646fb7
Author: Mats Erik Andersson <address@hidden>
Date: Tue Jul 24 23:21:18 2012 +0200
rcp: Non-encrypting libshishi support.
diff --git a/ChangeLog b/ChangeLog
index b71678d..e117652 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,32 @@
+2012-07-24 Mats Erik Andersson <address@hidden>
+
+ rcp: Non-encrypting libshishi support.
+
+ * src/rcp.c [SHISHI]: Include <shishi.h>, `shishi_def.h'.
+ [ENCRYPTION]: Replace obsolete conditionals on CRYPT.
+ (dest_realm, use_kerberos, doencrypt) [KERBEROS || SHISHI]:
+ Always declare variables.
+ (h, enckey, iv1, iv2, iv3, iv4, ivtab, keytype, keylen)
+ (rc, wlen) [SHISHI]: New variables.
+ (options, parse_opt) [KERBEROS || SHISHI]: Make `-K', '-k'
+ and `-x' available with libshishi.
+ (main) [KERBEROS || SHISHI]: If `doencrypt && !use_kerberos'
+ then exit with failure.
+ (toremot): Invalidate descriptor `rem'.
+ [SHISHI]: Call shishi_done() at completion.
+ (tolocal) [SHISHI]: Likewise.
+ (kerberos) [KERBEROS || SHISHI]: New variable KRB_ERRNO,
+ used to capture error conditions better. New code for
+ libshishi support.
+ (oldw) [KERBEROS || SHISHI]: Extend to libshishi.
+
+ * libinetutils/shishi.c (shishi_auth) <missing ticket>:
+ Add realm to error message, call shishi_realm_default().
+
+ * src/rsh.c (talk) [KERBEROS && ENCRYPTION]: Replace
+ obsolete macro CRYPT. Replace non-existent variable
+ `doenencryption' by `doencrypt'.
+
2012-07-23 Mats Erik Andersson <address@hidden>
rcp, rlogin, rlogind: IP_TOS mending.
diff --git a/libinetutils/shishi.c b/libinetutils/shishi.c
index e49718e..27c72f0 100644
--- a/libinetutils/shishi.c
+++ b/libinetutils/shishi.c
@@ -126,7 +126,8 @@ shishi_auth (Shishi ** handle, int verbose, char **cname,
tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
if (!tkt)
{
- fprintf (stderr, "cannot find ticket for \"%s\"\n", tmpserver);
+ fprintf (stderr, "cannot find ticket for \"address@hidden"\n",
+ tmpserver, shishi_realm_default (h));
free (tmpserver);
return SHISHI_INVALID_TICKET;
}
diff --git a/src/rcp.c b/src/rcp.c
index 540f8e6..c0460a2 100644
--- a/src/rcp.c
+++ b/src/rcp.c
@@ -101,6 +101,11 @@ void run_err (const char *, ...);
int susystem (char *, int);
void verifydir (char *);
+#ifdef SHISHI
+# include <shishi.h>
+# include "shishi_def.h"
+#endif /* SHISHI */
+
#ifdef KERBEROS
# ifdef HAVE_KERBEROSIV_DES_H
# include <kerberosIV/des.h>
@@ -108,17 +113,30 @@ void verifydir (char *);
# ifdef HAVE_KERBEROSIV_KRB_H
# include <kerberosIV/krb.h>
# endif
+#endif /* KERBEROS */
+#if defined KERBEROS || defined SHISHI
char *dest_realm = NULL;
int use_kerberos = 1;
+int doencrypt = 0;
+
+# ifdef KERBEROS
CREDENTIALS cred;
Key_schedule schedule;
extern char *krb_realmofhost ();
-# ifdef CRYPT
-int doencrypt = 0;
-# endif
-#endif /* KERBEROS */
+# elif defined SHISHI /* !KERBEROS */
+Shishi *h;
+Shishi_key *enckey;
+shishi_ivector iv1, iv2, iv3, iv4;
+shishi_ivector *ivtab[4];
+
+int keytype;
+int keylen;
+int rc;
+int wlen;
+# endif /* SHISHI */
+#endif /* KERBEROS || SHISHI */
const char doc[] = "Remote copy SOURCE to DEST, or multiple SOURCE(s) to
DIRECTORY.";
const char arg_doc[] = "SOURCE DEST\n"
@@ -143,7 +161,7 @@ static struct argp_option options[] = {
"attempt to preserve (duplicate) in its copies the"
" modification times and modes of the source files",
GRID+1 },
-#ifdef KERBEROS
+#if defined KERBEROS || defined SHISHI
{ "kerberos", 'K', NULL, 0,
"turns off all Kerberos authentication",
GRID+1 },
@@ -151,19 +169,19 @@ static struct argp_option options[] = {
"obtain tickets for the remote host in REALM instead of the remote host's
realm",
GRID+1 },
#endif
-#ifdef CRYPT
+#ifdef ENCRYPTION
{ "encrypt", 'x', NULL, 0,
- "encrypt all data using DES",
+ "encrypt all data transfer",
GRID+1 },
#endif
{ "target-directory", 'd', "DIRECTORY", 0,
"copy all SOURCE arguments into DIRECTORY",
GRID+1 },
{ "from", 'f', NULL, 0,
- "copying from remote host",
+ "copying from remote host (server use only)",
GRID+1 },
{ "to", 't', NULL, 0,
- "copying to remote host",
+ "copying to remote host (server use only)",
GRID+1 },
#if defined WITH_ORCMD_AF || defined WITH_RCMD_AF
{ "ipv4", '4', NULL, 0,
@@ -190,24 +208,24 @@ parse_opt (int key, char *arg, struct argp_state *state)
break;
#endif /* WITH_ORCMD_AF || WITH_RCMD_AF */
-#ifdef KERBEROS
+#if defined KERBEROS || defined SHISHI
case 'K':
use_kerberos = 0;
break;
-#endif
-#ifdef KERBEROS
case 'k':
dest_realm = arg;
break;
-#endif
-#ifdef CRYPT
+# ifdef ENCRYPTION
case 'x':
doencrypt = 1;
- /* des_set_key(cred.session, schedule); */
+# ifdef KERBEROS
+ des_set_key(cred.session, schedule);
+# endif
break;
-#endif
+# endif /* ENCRYPTION */
+#endif /* KERBEROS || SHISHI */
case 'p':
preserve_option = 1;
@@ -256,10 +274,11 @@ int errs, rem;
char *command;
-#ifdef KERBEROS
+#if defined KERBEROS || defined SHISHI
int kerberos (char **, char *, char *, char *);
void oldw (const char *, ...);
-#endif
+#endif /* KERBEROS || SHISHI */
+
int response (void);
void rsource (char *, struct stat *);
void sink (int, char *[]);
@@ -283,13 +302,13 @@ main (int argc, char *argv[])
argc -= index;
argv += index;
-#ifdef KERBEROS
+#if defined KERBEROS || defined SHISHI
if (use_kerberos)
{
-# ifdef CRYPT
+# if defined ENCRYPTION && defined KERBEROS
shell = doencrypt ? "ekshell" : "kshell";
# else
- shell = "kshell";
+ shell = "kshell"; /* Libshishi uses a single service. */
# endif
if ((sp = getservbyname (shell, "tcp")) == NULL)
{
@@ -300,7 +319,7 @@ main (int argc, char *argv[])
}
else
sp = getservbyname (shell = "shell", "tcp");
-#else
+#else /* !KERBEROS && !SHISHI */
sp = getservbyname (shell = "shell", "tcp");
#endif
if (sp == NULL)
@@ -333,23 +352,28 @@ main (int argc, char *argv[])
if (argc > 2)
targetshouldbedirectory = 1;
-#ifndef KERBEROS
+#if defined KERBEROS || defined SHISHI
+ if (doencrypt && !use_kerberos)
+ error (EXIT_FAILURE, 0, "encryption must use Kerberos");
+#endif
+
+#if !defined KERBEROS && !defined SHISHI
/* We must be setuid root. */
if (geteuid ())
error (EXIT_FAILURE, 0, "must be setuid root.");
#endif
/* Command to be executed on remote system using "rsh". */
-#ifdef KERBEROS
+#if defined KERBEROS || defined SHISHI
rc = asprintf (&command, "rcp%s%s%s%s", iamrecursive ? " -r" : "",
-# ifdef CRYPT
+# ifdef ENCRYPTION
(doencrypt && use_kerberos ? " -x" : ""),
-# else
+# else /* No encryption */
"",
# endif
preserve_option ? " -p" : "",
targetshouldbedirectory ? " -d" : "");
-#else
+#else /* !KERBEROS && !SHISHI */
rc = asprintf (&command, "rcp%s%s%s",
iamrecursive ? " -r" : "", preserve_option ? " -p" : "",
targetshouldbedirectory ? " -d" : "");
@@ -360,7 +384,7 @@ main (int argc, char *argv[])
rem = -1;
signal (SIGPIPE, lostconn);
- targ = colon (argv[argc - 1]); /* Dest is remote host. */
+ targ = colon (argv[argc - 1]);
if (targ) /* Dest is remote host. */
toremote (targ, argc, argv);
else
@@ -447,12 +471,12 @@ toremote (char *targ, int argc, char *argv[])
if (asprintf (&bp, "%s -t %s", command, targ) < 0)
xalloc_die ();
host = thost;
-#ifdef KERBEROS
+#if defined KERBEROS || defined SHISHI
if (use_kerberos)
rem = kerberos (&host, bp, pwd->pw_name,
tuser ? tuser : pwd->pw_name);
else
-#endif
+#endif /* KERBEROS || SHISHI */
#ifdef WITH_ORCMD_AF
rem = orcmd_af (&host, port, pwd->pw_name,
tuser ? tuser : pwd->pw_name,
@@ -486,6 +510,12 @@ toremote (char *targ, int argc, char *argv[])
setuid (userid);
}
source (1, argv + i);
+ close (rem);
+ rem = -1;
+#ifdef SHISHI
+ if (use_kerberos)
+ shishi_done (h);
+#endif
}
}
}
@@ -508,7 +538,8 @@ tolocal (int argc, char *argv[])
strlen (argv[argc - 1]) + 20;
if (asprintf (&bp, "exec %s%s%s %s %s",
PATH_CP,
- iamrecursive ? " -r" : "", preserve_option ? " -p" : "",
+ iamrecursive ? " -r" : "",
+ preserve_option ? " -p" : "",
argv[i], argv[argc - 1]) < 0)
xalloc_die ();
if (susystem (bp, userid))
@@ -535,17 +566,19 @@ tolocal (int argc, char *argv[])
}
if (asprintf (&bp, "%s -f %s", command, src) < 0)
xalloc_die ();
- rem =
-#ifdef KERBEROS
- use_kerberos ? kerberos (&host, bp, pwd->pw_name, suser) :
+
+#if defined KERBEROS || defined SHISHI
+ if (use_kerberos)
+ rem = kerberos (&host, bp, pwd->pw_name, suser);
+ else
#elif defined WITH_ORCMD_AF
- orcmd_af (&host, port, pwd->pw_name, suser, bp, 0, family);
+ rem = orcmd_af (&host, port, pwd->pw_name, suser, bp, 0, family);
#elif defined WITH_RCMD_AF
- rcmd_af (&host, port, pwd->pw_name, suser, bp, 0, family);
+ rem = rcmd_af (&host, port, pwd->pw_name, suser, bp, 0, family);
#elif defined WITH_ORCMD
- orcmd (&host, port, pwd->pw_name, suser, bp, 0);
+ rem = orcmd (&host, port, pwd->pw_name, suser, bp, 0);
#else /* !WITH_ORCMD_AF && !WITH_RCMD_AF && !WITH_ORCMD */
- rcmd (&host, port, pwd->pw_name, suser, bp, 0);
+ rem = rcmd (&host, port, pwd->pw_name, suser, bp, 0);
#endif
free (bp);
if (rem < 0)
@@ -568,6 +601,10 @@ tolocal (int argc, char *argv[])
seteuid (0);
close (rem);
rem = -1;
+#ifdef SHISHI
+ if (use_kerberos)
+ shishi_done (h);
+#endif
}
}
@@ -1057,34 +1094,56 @@ screwup:
exit (EXIT_FAILURE);
}
-#ifdef KERBEROS
+#if defined KERBEROS || defined SHISHI
int
kerberos (char **host, char *bp, char *locuser, char *user)
{
+ int krb_errno = 0;
struct servent *sp;
again:
if (use_kerberos)
{
- rem = KSUCCESS;
errno = 0;
+# ifdef KERBEROS
+ rem = KSUCCESS;
if (dest_realm == NULL)
dest_realm = krb_realmofhost (*host);
- rem =
-# ifdef CRYPT
- doencrypt ?
- krcmd_mutual (host, port, user, bp, 0, dest_realm, &cred, schedule) :
+# elif defined SHISHI
+ rem = SHISHI_OK;
# endif
- krcmd (host, port, user, bp, 0, dest_realm);
+# ifdef ENCRYPTION
+ if (doencrypt)
+ {
+# ifdef KERBEROS
+ rem = krcmd_mutual (host, port, user, bp, 0, dest_realm,
+ &cred, schedule) :
+# elif defined SHISHI
+ /* Not yet supported. */
+ rem = -1; /* krcmd_mutual () */
+ errno = ENOENT;
+# endif
+ krb_errno = errno;
+ }
+ else
+# endif /* ENCRYPTION */
+ {
+# ifdef KERBEROS
+ rem = krcmd (host, port, user, bp, 0, dest_realm);
+# else /* SHISHI */
+ rem = krcmd (&h, host, port, &user, bp, NULL, dest_realm, family);
+# endif
+ krb_errno = errno;
+ }
if (rem < 0)
{
use_kerberos = 0;
if ((sp = getservbyname ("shell", "tcp")) == NULL)
error (EXIT_FAILURE, 0, "unknown service shell/tcp");
- if (errno == ECONNREFUSED)
+ if (krb_errno == ECONNREFUSED)
oldw ("remote host doesn't support Kerberos");
- else if (errno == ENOENT)
+ else if (krb_errno == ENOENT)
oldw ("can't provide Kerberos authentication data");
port = sp->s_port;
goto again;
@@ -1092,7 +1151,7 @@ again:
}
else
{
-# ifdef CRYPT
+# ifdef ENCRYPTION
if (doencrypt)
error (EXIT_FAILURE, 0, "the -x option requires Kerberos
authentication");
# endif
@@ -1108,7 +1167,7 @@ again:
}
return rem;
}
-#endif /* KERBEROS */
+#endif /* KERBEROS || SHISHI */
int
response (void)
@@ -1145,7 +1204,7 @@ response (void)
}
}
-#ifdef KERBEROS
+#if defined KERBEROS || defined SHISHI
void
oldw (const char *fmt, ...)
{
@@ -1157,7 +1216,7 @@ oldw (const char *fmt, ...)
fprintf (stderr, ", using standard rcp\n");
va_end (ap);
}
-#endif
+#endif /* KERBEROS || SHISHI */
void
run_err (const char *fmt, ...)
diff --git a/src/rsh.c b/src/rsh.c
index 08ea480..d2dbe99 100644
--- a/src/rsh.c
+++ b/src/rsh.c
@@ -102,15 +102,14 @@ sa_family_t family = AF_UNSPEC;
#if defined KERBEROS || defined SHISHI
int use_kerberos = 1, doencrypt;
-# ifdef KERBEROS
char *dest_realm = NULL;
+
+# ifdef KERBEROS
CREDENTIALS cred;
Key_schedule schedule;
extern char *krb_realmofhost ();
# elif defined(SHISHI)
-char *dest_realm = NULL;
-
Shishi *h;
Shishi_key *enckey;
shishi_ivector iv1, iv2, iv3, iv4;
@@ -155,7 +154,7 @@ static struct argp_option options[] = {
"obtain tickets for the remote host in REALM "
"instead of the remote host's realm" },
{ "encrypt", 'x', NULL, 0,
- "encrypt all data using DES" },
+ "encrypt all data transfer" },
#endif
#if defined WITH_ORCMD_AF || defined WITH_RCMD_AF
{ "ipv4", '4', NULL, 0, "use only IPv4" },
@@ -195,9 +194,7 @@ parse_opt (int key, char *arg, struct argp_state *state)
case 'K':
use_kerberos = 0;
break;
-#endif
-#if defined KERBEROS || defined SHISHI
case 'k':
dest_realm = arg;
break;
@@ -210,7 +207,7 @@ parse_opt (int key, char *arg, struct argp_state *state)
# endif
break;
# endif
-#endif
+#endif /* KERBEROS || SHISHI */
case 'n':
null_input_option = 1;
@@ -655,8 +652,8 @@ talk (int null_input_option, sigset_t * osigs, pid_t pid,
int rem)
{
errno = 0;
#ifdef KERBEROS
-# ifdef CRYPT
- if (doenencryption)
+# ifdef ENCRYPTION
+ if (doencrypt)
cc = des_read (rfd2, buf, sizeof buf);
else
# endif
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=81acda2919c5e4507dba0ceaa2565adc55524d57
commit 81acda2919c5e4507dba0ceaa2565adc55524d57
Author: Mats Erik Andersson <address@hidden>
Date: Mon Jul 23 01:11:40 2012 +0200
rcp, rlogin, rlogind: IP_TOS mending.
diff --git a/ChangeLog b/ChangeLog
index 51ae8f9..b71678d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2012-07-23 Mats Erik Andersson <address@hidden>
+
+ rcp, rlogin, rlogind: IP_TOS mending.
+
+ * src/rcp.c (toremote, tolocal)
+ [IP_TOS && IPPROTO_IP && IPTOS_THROUGHPUT]: New variables
+ SS and SSLEN. Call getpeername() to determine domain and
+ call setsockopt(IP_TOS) only for family AF_INET.
+ * src/rlogin.c (main): Likewise.
+ * src/rlogind.c (rlogind_mainloop)
+ [IP_TOS && IPPROTO_IP && IPTOS_THROUGHPUT]: Set socket
+ option IP_TOS only for family AF_INET.
+
2012-07-22 Mats Erik Andersson <address@hidden>
rlogin, rsh: Find official host name.
diff --git a/src/rcp.c b/src/rcp.c
index f5d5e67..540f8e6 100644
--- a/src/rcp.c
+++ b/src/rcp.c
@@ -377,6 +377,10 @@ toremote (char *targ, int argc, char *argv[])
{
int i, tos;
char *bp, *host, *src, *suser, *thost, *tuser;
+#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+ struct sockaddr_storage ss;
+ socklen_t sslen;
+#endif
*targ++ = 0;
if (*targ == 0)
@@ -467,8 +471,11 @@ toremote (char *targ, int argc, char *argv[])
if (rem < 0)
exit (EXIT_FAILURE);
#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+ sslen = sizeof (ss);
+ (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
tos = IPTOS_THROUGHPUT;
- if (setsockopt (rem, IPPROTO_IP, IP_TOS,
+ if (ss.ss_family == AF_INET &&
+ setsockopt (rem, IPPROTO_IP, IP_TOS,
(char *) &tos, sizeof (int)) < 0)
if (errno != ENOPROTOOPT)
error (0, errno, "TOS (ignored)");
@@ -488,6 +495,10 @@ tolocal (int argc, char *argv[])
{
int i, len, tos;
char *bp, *host, *src, *suser;
+#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+ struct sockaddr_storage ss;
+ socklen_t sslen;
+#endif
for (i = 0; i < argc - 1; i++)
{
@@ -544,9 +555,12 @@ tolocal (int argc, char *argv[])
}
seteuid (userid);
#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+ sslen = sizeof (ss);
+ (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
tos = IPTOS_THROUGHPUT;
- if (setsockopt (rem, IPPROTO_IP, IP_TOS, (char *) &tos, sizeof (int)) <
- 0)
+ if (ss.ss_family == AF_INET &&
+ setsockopt (rem, IPPROTO_IP, IP_TOS,
+ (char *) &tos, sizeof (int)) < 0)
if (errno != ENOPROTOOPT)
error (0, errno, "TOS (ignored)");
#endif
diff --git a/src/rlogin.c b/src/rlogin.c
index 0ee1f1a..a7cea19 100644
--- a/src/rlogin.c
+++ b/src/rlogin.c
@@ -596,8 +596,14 @@ try_connect:
#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_LOWDELAY
{
+ struct sockaddr_storage ss;
+ socklen_t sslen = sizeof (ss);
int one = IPTOS_LOWDELAY;
- if (setsockopt (rem, IPPROTO_IP, IP_TOS, (char *) &one, sizeof (int)) < 0)
+
+ (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
+ if (ss.ss_family == AF_INET &&
+ setsockopt (rem, IPPROTO_IP, IP_TOS,
+ (char *) &one, sizeof (int)) < 0)
error (0, errno, "setsockopt TOS (ignored)");
}
#endif
diff --git a/src/rlogind.c b/src/rlogind.c
index 4340dcf..b5d8ea6 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -867,7 +867,9 @@ rlogind_mainloop (int infd, int outfd)
#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_LOWDELAY
true = IPTOS_LOWDELAY;
- if (setsockopt (infd, IPPROTO_IP, IP_TOS, (char *) &true, sizeof true) < 0)
+ if (auth_data.from.ss_family == AF_INET &&
+ setsockopt (infd, IPPROTO_IP, IP_TOS,
+ (char *) &true, sizeof true) < 0)
syslog (LOG_WARNING, "setsockopt (IP_TOS): %m");
#endif
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=6c7b2815daa5e50add254d522a69a7a20c549cb1
commit 6c7b2815daa5e50add254d522a69a7a20c549cb1
Author: Mats Erik Andersson <address@hidden>
Date: Sun Jul 22 01:39:24 2012 +0200
rlogin, rsh: Host lookup.
diff --git a/ChangeLog b/ChangeLog
index f64e91c..51ae8f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2012-07-22 Mats Erik Andersson <address@hidden>
+ rlogin, rsh: Find official host name.
+
+ * libinetutils/kcmd.c (kcmd) [HAVE_DECL_GETADDRINFO]:
+ New variable FQDN. Establish official host name by
+ calling getnameinfo() on requested host.
+
+2012-07-22 Mats Erik Andersson <address@hidden>
+
rsh, rlogin: Working IPv6 with libshishi.
* libinetutils/kcmd.c (kcmd) [SHISHI]: Add a
diff --git a/libinetutils/kcmd.c b/libinetutils/kcmd.c
index 0e6fe94..4b61c41 100644
--- a/libinetutils/kcmd.c
+++ b/libinetutils/kcmd.c
@@ -122,7 +122,7 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned short
rport, char *locuser,
# endif
# ifdef HAVE_DECL_GETADDRINFO
struct addrinfo hints, *ai, *res;
- char portstr[8];
+ char portstr[8], fqdn[NI_MAXHOST];
# else /* !HAVE_DECL_GETADDRINFO */
struct hostent *hp;
# endif
@@ -152,10 +152,23 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned
short rport, char *locuser,
ai = res;
- host_save = malloc (strlen (ai->ai_canonname) + 1);
- if (host_save == NULL)
- return (-1);
- strcpy (host_save, ai->ai_canonname);
+ /* Attempt back resolving into the official host name. */
+ rc = getnameinfo (ai->ai_addr, ai->ai_addrlen, fqdn, sizeof (fqdn),
+ NULL, 0, NI_NAMEREQD);
+ if (!rc)
+ {
+ host_save = malloc (strlen (fqdn) + 1);
+ if (host_save == NULL)
+ return (-1);
+ strcpy (host_save, fqdn);
+ }
+ else
+ {
+ host_save = malloc (strlen (ai->ai_canonname) + 1);
+ if (host_save == NULL)
+ return (-1);
+ strcpy (host_save, ai->ai_canonname);
+ }
# else /* !HAVE_DECL_GETADDRINFO */
/* Often the following rejects non-IPv4.
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=a78e5df5a6cb2347cc7a56c4bb98e95229026579
commit a78e5df5a6cb2347cc7a56c4bb98e95229026579
Author: Mats Erik Andersson <address@hidden>
Date: Sun Jul 22 00:09:18 2012 +0200
rlogin, rsh: IPv6 with libshishi.
diff --git a/ChangeLog b/ChangeLog
index f4f3b77..f64e91c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+2012-07-22 Mats Erik Andersson <address@hidden>
+
+ rsh, rlogin: Working IPv6 with libshishi.
+
+ * libinetutils/kcmd.c (kcmd) [SHISHI]: Add a
+ parameter `int af' to signature. Apply as
+ `hints.ai_family = af'.
+ * libinetutils/krcmd.c (kcmd) [SHISHI]: Update.
+ (krcmd) [SHISHI]: Add parameter `int af'. Pass
+ this to kcmd().
+ (krcmd_mutual) [SHISHI]: Likewise.
+ * libinetutils/shishi_def.h (krcmd, krcmd_mutual):
+ Update signatures.
+ * src/rlogin.c (main) [SHISHI] <try_connect>:
+ Add parameter `family' to krcmd() and krcmd_mutual().
+ * src/rsh.c (main) [SHISHI] <try_connect>: Likewise.
+
2012-07-21 Mats Erik Andersson <address@hidden>
r-commands: Partial IPv6 support.
diff --git a/libinetutils/kcmd.c b/libinetutils/kcmd.c
index 130b9e5..0e6fe94 100644
--- a/libinetutils/kcmd.c
+++ b/libinetutils/kcmd.c
@@ -102,7 +102,7 @@ int
kcmd (Shishi ** h, int *sock, char **ahost, unsigned short rport, char
*locuser,
char **remuser, char *cmd, int *fd2p, char *service, char *realm,
Shishi_key ** key, struct sockaddr_storage *laddr,
- struct sockaddr_storage *faddr, long authopts)
+ struct sockaddr_storage *faddr, long authopts, int af)
# endif
{
int s, timo = 1, pid;
@@ -138,7 +138,7 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned short
rport, char *locuser,
# ifdef HAVE_DECL_GETADDRINFO
memset (&hints, 0, sizeof (hints));
- hints.ai_family = AF_UNSPEC;
+ hints.ai_family = af;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_CANONNAME;
snprintf (portstr, sizeof (portstr), "%hu", ntohs (rport));
diff --git a/libinetutils/krcmd.c b/libinetutils/krcmd.c
index 08b3402..4435f0d 100644
--- a/libinetutils/krcmd.c
+++ b/libinetutils/krcmd.c
@@ -76,7 +76,8 @@
# if defined SHISHI
int kcmd (Shishi **, int *, char **, unsigned short, char *, char **,
char *, int *, char *, char *, Shishi_key **,
- struct sockaddr_storage *, struct sockaddr_storage *, long);
+ struct sockaddr_storage *, struct sockaddr_storage *,
+ long, int);
# else
int kcmd (int *, char **, unsigned short, char *, char *, char *, int *,
KTEXT, char *, char *, CREDENTIALS *, Key_schedule,
@@ -92,7 +93,7 @@ int kcmd (int *, char **, unsigned short, char *, char *,
char *, int *,
# if defined SHISHI
int
krcmd (Shishi ** h, char **ahost, unsigned short rport, char **remuser, char
*cmd,
- int *fd2p, char *realm)
+ int *fd2p, char *realm, int af)
{
int sock = -1, err = 0;
long authopts = 0L;
@@ -101,7 +102,7 @@ krcmd (Shishi ** h, char **ahost, unsigned short rport,
char **remuser, char *cm
remuser, cmd, fd2p, SERVICE_NAME, realm, NULL, /* key schedule
not used */
NULL, /* local addr not used */
NULL, /* foreign addr not used */
- authopts);
+ authopts, af);
if (err > SHISHI_OK)
{
@@ -146,7 +147,7 @@ krcmd (char **ahost, unsigned short rport, char *remuser,
char *cmd, int *fd2p,
# if defined SHISHI
int
krcmd_mutual (Shishi ** h, char **ahost, unsigned short rport, char **remuser,
- char *cmd, int *fd2p, char *realm, Shishi_key ** key)
+ char *cmd, int *fd2p, char *realm, Shishi_key ** key, int af)
{
int sock = -1, err = 0;
struct sockaddr_storage laddr, faddr;
@@ -156,7 +157,7 @@ krcmd_mutual (Shishi ** h, char **ahost, unsigned short
rport, char **remuser,
remuser, cmd, fd2p, SERVICE_NAME, realm, key, /* filled in */
&laddr, /* filled in */
&faddr, /* filled in */
- authopts);
+ authopts, af);
if (err > SHISHI_OK)
{
diff --git a/libinetutils/shishi_def.h b/libinetutils/shishi_def.h
index bd8b9d6..4970cd9 100644
--- a/libinetutils/shishi_def.h
+++ b/libinetutils/shishi_def.h
@@ -71,10 +71,11 @@ extern int writeenc (Shishi * h, int sock, char *buf, int
wlen, int *len,
shishi_ivector * iv, Shishi_key * enckey, int proto);
extern int krcmd (Shishi ** h, char **ahost, unsigned short rport,
- char **remuser, char *cmd, int *fd2p, char *realm);
+ char **remuser, char *cmd, int *fd2p,
+ char *realm, int af);
extern int krcmd_mutual (Shishi ** h, char **ahost, unsigned short rport,
char **remuser, char *cmd, int *fd2p, char *realm,
- Shishi_key ** key);
+ Shishi_key ** key, int af);
#endif
diff --git a/src/rlogin.c b/src/rlogin.c
index f240352..0ee1f1a 100644
--- a/src/rlogin.c
+++ b/src/rlogin.c
@@ -472,7 +472,7 @@ try_connect:
int i;
rem = krcmd_mutual (&handle, &host, sp->s_port, &user, term, 0,
- dest_realm, &key);
+ dest_realm, &key, family);
if (rem > 0)
{
keytype = shishi_key_type (key);
@@ -523,7 +523,7 @@ try_connect:
}
else
-# else
+# else /* KERBEROS */
rem = krcmd_mutual (&host, sp->s_port, user, term, 0,
dest_realm, &cred, schedule);
else
@@ -531,8 +531,9 @@ try_connect:
# endif /* CRYPT */
# if defined SHISHI
- rem = krcmd (&handle, &host, sp->s_port, &user, term, 0, dest_realm);
-# else
+ rem = krcmd (&handle, &host, sp->s_port, &user, term, 0,
+ dest_realm, family);
+# else /* KERBEROS */
rem = krcmd (&host, sp->s_port, user, term, 0, dest_realm);
# endif
if (rem < 0)
diff --git a/src/rsh.c b/src/rsh.c
index 50c2a0a..08ea480 100644
--- a/src/rsh.c
+++ b/src/rsh.c
@@ -360,7 +360,7 @@ try_connect:
krb_errno = 0;
if (dest_realm == NULL)
dest_realm = krb_realmofhost (host);
-# elif defined (SHISHI)
+# elif defined SHISHI
rem = SHISHI_OK;
krb_errno = 0;
# endif
@@ -377,7 +377,7 @@ try_connect:
strcat (term, args);
rem = krcmd_mutual (&h, &host, sp->s_port, &user, term, &rfd2,
- dest_realm, &enckey);
+ dest_realm, &enckey, family);
krb_errno = errno;
if (rem > 0)
{
@@ -444,7 +444,8 @@ try_connect:
# endif
{
# if defined SHISHI
- rem = krcmd (&h, &host, sp->s_port, &user, args, &rfd2, dest_realm);
+ rem = krcmd (&h, &host, sp->s_port, &user, args, &rfd2,
+ dest_realm, family);
# else /* KERBEROS */
rem = krcmd (&host, sp->s_port, user, args, &rfd2, dest_realm);
# endif
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=598e9a9ecf2563c78d1477019a9c68a7edf80771
commit 598e9a9ecf2563c78d1477019a9c68a7edf80771
Author: Mats Erik Andersson <address@hidden>
Date: Sat Jul 21 20:12:22 2012 +0200
r-commands: Partial IPv6 support.
diff --git a/ChangeLog b/ChangeLog
index 2d5c619..f4f3b77 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,29 @@
+2012-07-21 Mats Erik Andersson <address@hidden>
+
+ r-commands: Partial IPv6 support.
+ Adapt host resolution to cope with IPv6,
+ in particular for libshishi related code.
+
+ * libinetutils/kcmd.c (getport): New signature
+ `(int *, int)', adding address family parameter.
+ Update code to use `struct sockaddr_storage'.
+ New variable LEN.
+ (kcmd): New alternate code using getaddrinfo(),
+ instead of gethostbyname().
+ [HAVE_DECL_GETADDRINFO]: New variables HINTS, AI, RES.
+
+ * libinetutils/shishi_def.h <struct auth_data>: Changed
+ type of FROM to `struct sockaddr_storage'.
+ * src/rlogind.c <struct auth_data> [!SHISHI]: Likewise.
+ (rlogind_auth): New variables ADDRP, PORT. Adapt to new
+ type of `auth_data.from'.
+ [!KERBEROS]: Accept families AF_INET and AF_INET6.
+ (rlogind_mainloop): Adapt to new `auth_data.from'.
+ (do_rlogin): Likewise.
+ [WITH_IRUSEROK_AF || WITH_IRUSEROK]: New variable ADDRP.
+ (do_shishi_login): New type `struct sockaddr_storage'
+ for SOCK.
+
2012-07-18 Mats Erik Andersson <address@hidden>
rlogin: Close libshishi handle.
diff --git a/libinetutils/kcmd.c b/libinetutils/kcmd.c
index c3f079e..130b9e5 100644
--- a/libinetutils/kcmd.c
+++ b/libinetutils/kcmd.c
@@ -88,7 +88,7 @@
# define START_PORT 5120 /* arbitrary */
-int getport (int *);
+int getport (int *, int);
# if defined KERBEROS
int
@@ -120,7 +120,12 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned short
rport, char *locuser,
# else
int lport = START_PORT;
# endif
+# ifdef HAVE_DECL_GETADDRINFO
+ struct addrinfo hints, *ai, *res;
+ char portstr[8];
+# else /* !HAVE_DECL_GETADDRINFO */
struct hostent *hp;
+# endif
int rc;
char *host_save;
int status;
@@ -131,7 +136,29 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned short
rport, char *locuser,
pid = getpid ();
- /* FIXME: Often the following rejects non-IPv4.
+# ifdef HAVE_DECL_GETADDRINFO
+ memset (&hints, 0, sizeof (hints));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_CANONNAME;
+ snprintf (portstr, sizeof (portstr), "%hu", ntohs (rport));
+
+ rc = getaddrinfo (*ahost, portstr, &hints, &res);
+ if (rc)
+ {
+ fprintf (stderr, "kcmd: host %s: %s\n", *ahost, gai_strerror (rc));
+ return (-1);
+ }
+
+ ai = res;
+
+ host_save = malloc (strlen (ai->ai_canonname) + 1);
+ if (host_save == NULL)
+ return (-1);
+ strcpy (host_save, ai->ai_canonname);
+
+# else /* !HAVE_DECL_GETADDRINFO */
+ /* Often the following rejects non-IPv4.
* This is dependent on system implementation. */
hp = gethostbyname (*ahost);
if (hp == NULL)
@@ -144,6 +171,8 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned short
rport, char *locuser,
if (host_save == NULL)
return -1;
strcpy (host_save, hp->h_name);
+# endif /* !HAVE_DECL_GETADDRINFO */
+
*ahost = host_save;
# ifdef KERBEROS
@@ -161,7 +190,11 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned short
rport, char *locuser,
# endif /* !HAVE_SIGACTION */
for (;;)
{
- s = getport (&lport);
+# ifdef HAVE_DECL_GETADDRINFO
+ s = getport (&lport, ai->ai_family);
+# else /* !HAVE_DECL_GETADDRINFO */
+ s = getport (&lport, hp->h_addrtype);
+# endif
if (s < 0)
{
if (errno == EAGAIN)
@@ -176,14 +209,19 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned
short rport, char *locuser,
return (-1);
}
fcntl (s, F_SETOWN, pid);
+
+# ifdef HAVE_DECL_GETADDRINFO
+ len = ai->ai_addrlen;
+ memcpy (&sin, ai->ai_addr, ai->ai_addrlen);
+# else /* !HAVE_DECL_GETADDRINFO */
sin.ss_family = hp->h_addrtype;
switch (hp->h_addrtype)
{
case AF_INET6:
len = sizeof (struct sockaddr_in6);
-#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+# ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
sin.ss_len = len;
-#endif
+# endif
memcpy (&((struct sockaddr_in6 *) &sin)->sin6_addr,
hp->h_addr, hp->h_length);
((struct sockaddr_in6 *) &sin)->sin6_port = rport;
@@ -191,13 +229,14 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned
short rport, char *locuser,
case AF_INET:
default:
len = sizeof (struct sockaddr_in);
-#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+# ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
sin.ss_len = len;
-#endif
+# endif
memcpy (&((struct sockaddr_in *) &sin)->sin_addr,
hp->h_addr, hp->h_length);
((struct sockaddr_in *) &sin)->sin_port = rport;
}
+# endif /* !HAVE_DECL_GETADDRINFO */
if (connect (s, (struct sockaddr *) &sin, len) >= 0)
break;
@@ -217,11 +256,28 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned
short rport, char *locuser,
continue;
}
# if ! defined ultrix || defined sun
+# ifdef HAVE_DECL_GETADDRINFO
+ if (ai->ai_next)
+# else /* !HAVE_DECL_GETADDRINFO */
if (hp->h_addr_list[1] != NULL)
+# endif
{
int oerrno = errno;
char addrstr[INET6_ADDRSTRLEN];
+# ifdef HAVE_DECL_GETADDRINFO
+ getnameinfo (ai->ai_addr, ai->ai_addrlen,
+ addrstr, sizeof (addrstr), NULL, 0,
+ NI_NUMERICHOST);
+ fprintf (stderr, "kcmd: connect to address %s: ", addrstr);
+ errno = oerrno;
+ perror (NULL);
+ ai = ai->ai_next;
+ getnameinfo (ai->ai_addr, ai->ai_addrlen,
+ addrstr, sizeof (addrstr), NULL, 0,
+ NI_NUMERICHOST);
+ fprintf (stderr, "Trying %s...\n", addrstr);
+# else /* !HAVE_DECL_GETADDRINFO */
fprintf (stderr, "kcmd: connect to address %s: ",
inet_ntop (hp->h_addrtype, hp->h_addr_list[0],
addrstr, sizeof (addrstr)));
@@ -231,11 +287,20 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned
short rport, char *locuser,
fprintf (stderr, "Trying %s...\n",
inet_ntop (hp->h_addrtype, hp->h_addr_list[0],
addrstr, sizeof (addrstr)));
+# endif /* !HAVE_DECL_GETADDRINFO */
continue;
}
# endif /* !(defined(ultrix) || defined(sun)) */
+# ifdef HAVE_DECL_GETADDRINFO
+ if (errno != ECONNREFUSED)
+ perror (res->ai_canonname);
+
+ if (res)
+ freeaddrinfo (res);
+# else /* !HAVE_DECL_GETADDRINFO */
if (errno != ECONNREFUSED)
perror (hp->h_name);
+# endif
# if HAVE_SIGACTION
sigprocmask (SIG_SETMASK, &osigs, NULL);
@@ -245,6 +310,11 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned short
rport, char *locuser,
return (-1);
}
+# ifdef HAVE_DECL_GETADDRINFO
+ if (res)
+ freeaddrinfo (res);
+#endif
+
lport--;
if (fd2p == 0)
{
@@ -256,7 +326,7 @@ kcmd (Shishi ** h, int *sock, char **ahost, unsigned short
rport, char *locuser,
char num[8];
int port, s2, s3;
- s2 = getport (&lport);
+ s2 = getport (&lport, sin.ss_family);
len = sizeof (from);
if (s2 < 0)
@@ -403,23 +473,38 @@ bad:
}
int
-getport (int *alport)
+getport (int *alport, int af)
{
- struct sockaddr_in sin;
+ struct sockaddr_storage sin;
+ socklen_t len;
int s;
- sin.sin_family = AF_INET;
-#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
- sin.sin_len = sizeof (sin);
-#endif
- sin.sin_addr.s_addr = INADDR_ANY;
- s = socket (sin.sin_family, SOCK_STREAM, 0);
+ memset (&sin, 0, sizeof (sin));
+ sin.ss_family = af;
+ len = (af == AF_INET6) ? sizeof (struct sockaddr_in6)
+ : sizeof (struct sockaddr_in);
+# ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ sin.ss_len = len;
+# endif
+
+ s = socket (sin.ss_family, SOCK_STREAM, 0);
if (s < 0)
return (-1);
for (;;)
{
- sin.sin_port = htons ((unsigned short) * alport);
- if (bind (s, (struct sockaddr *) &sin, sizeof (sin)) >= 0)
+ switch (af)
+ {
+ case AF_INET6:
+ ((struct sockaddr_in6 *) &sin)->sin6_port =
+ htons ((unsigned short) * alport);
+ break;
+ case AF_INET:
+ default:
+ ((struct sockaddr_in *) &sin)->sin_port =
+ htons ((unsigned short) * alport);
+ }
+
+ if (bind (s, (struct sockaddr *) &sin, len) >= 0)
return (s);
if (errno != EADDRINUSE)
{
diff --git a/libinetutils/shishi_def.h b/libinetutils/shishi_def.h
index 71ef2d7..bd8b9d6 100644
--- a/libinetutils/shishi_def.h
+++ b/libinetutils/shishi_def.h
@@ -36,7 +36,7 @@ typedef struct shishi_iv shishi_ivector;
struct auth_data
{
- struct sockaddr_in from;
+ struct sockaddr_storage from;
socklen_t fromlen;
char *hostaddr;
char *hostname;
diff --git a/src/rlogind.c b/src/rlogind.c
index f463f44..4340dcf 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -144,7 +144,7 @@ extern int __check_rhosts_file;
#ifndef SHISHI
struct auth_data
{
- struct sockaddr_in from;
+ struct sockaddr_storage from;
socklen_t fromlen;
char *hostaddr;
char *hostname;
@@ -442,6 +442,7 @@ main (int argc, char *argv[])
return 0;
}
+/* FIXME: Migrate to IPv6 supported listener. */
void
rlogin_daemon (int maxchildren, int port)
@@ -546,7 +547,7 @@ rlogin_daemon (int maxchildren, int port)
int
rlogind_auth (int fd, struct auth_data *ap)
{
-#if defined HAVE_DECL_GETNAMEINFO || defined HAVE_DECL_GETADDRINFO
+#if defined HAVE_DECL_GETNAMEINFO && defined HAVE_DECL_GETADDRINFO
int rc;
char hoststr[NI_MAXHOST];
#else
@@ -554,11 +555,25 @@ rlogind_auth (int fd, struct auth_data *ap)
#endif
char *hostname;
int authenticated = 0;
+ void * addrp;
+ int port;
#ifdef SHISHI
int len, c;
#endif
+ switch (ap->from.ss_family)
+ {
+ case AF_INET6:
+ addrp = (void *) &((struct sockaddr_in6 *) &ap->from)->sin6_addr;
+ port = ntohs (((struct sockaddr_in6 *) &ap->from)->sin6_port);
+ break;
+ case AF_INET:
+ default:
+ addrp = (void *) &((struct sockaddr_in *) &ap->from)->sin_addr;
+ port = ntohs (((struct sockaddr_in *) &ap->from)->sin_port);
+ }
+
confirmed = 0;
/* Check the remote host name */
@@ -568,8 +583,17 @@ rlogind_auth (int fd, struct auth_data *ap)
if (!rc)
hostname = hoststr;
#else /* !HAVE_DECL_GETNAMEINFO */
- hp = gethostbyaddr ((char *) &ap->from.sin_addr, sizeof (struct in_addr),
- ap->from.sin_family);
+ switch (ap->from.ss_family)
+ {
+ case AF_INET6:
+ hp = gethostbyaddr (addrp, sizeof (struct in6_addr),
+ ap->from.ss_family);
+ break;
+ case AF_INET:
+ default:
+ hp = gethostbyaddr (addrp, sizeof (struct in_addr),
+ ap->from.ss_family);
+ }
if (hp)
hostname = hp->h_name;
#endif /* !HAVE_DECL_GETNAMEINFO */
@@ -591,7 +615,7 @@ rlogind_auth (int fd, struct auth_data *ap)
char astr[INET6_ADDRSTRLEN];
memset (&hints, 0, sizeof (hints));
- hints.ai_family = ap->from.sin_family;
+ hints.ai_family = ap->from.ss_family;
hints.ai_socktype = SOCK_STREAM;
rc = getaddrinfo (ap->hostname, NULL, &hints, &res);
@@ -615,8 +639,7 @@ rlogind_auth (int fd, struct auth_data *ap)
{
if (hp->h_addr_list[0] == NULL)
break;
- match = memcmp (hp->h_addr_list[0], &ap->from.sin_addr,
- sizeof (ap->from.sin_addr)) == 0;
+ match = memcmp (hp->h_addr_list[0], addrp, hp->h_length) == 0;
}
#endif /* !HAVE_DECL_GETADDRINFO */
if (!match)
@@ -638,15 +661,17 @@ rlogind_auth (int fd, struct auth_data *ap)
else
fatal (fd, err_msg, 0);
write (fd, &c, 1);
- confirmed = 1; /* we sent the null! */
+ confirmed = 1; /* We have sent the null! */
}
else
#endif
{
- int port = ntohs (ap->from.sin_port);
-
- if (ap->from.sin_family != AF_INET ||
- port >= IPPORT_RESERVED || port < IPPORT_RESERVED / 2)
+ if ((ap->from.ss_family != AF_INET
+#ifndef KERBEROS
+ && ap->from.ss_family != AF_INET6
+#endif
+ )
+ || port >= IPPORT_RESERVED || port < IPPORT_RESERVED / 2)
{
syslog (LOG_NOTICE, "Connection from %s on illegal port %d",
ap->hostaddr, port);
@@ -818,7 +843,10 @@ rlogind_mainloop (int infd, int outfd)
fatal (outfd, "Can't get peer name of remote host", 1);
}
- reply = inet_ntop (auth_data.from.sin_family, &auth_data.from.sin_addr,
+ reply = inet_ntop (auth_data.from.ss_family,
+ (auth_data.from.ss_family == AF_INET6)
+ ? (void *) &((struct sockaddr_in6 *)
&auth_data.from)->sin6_addr
+ : (void *) &((struct sockaddr_in *)
&auth_data.from)->sin_addr,
addrstr, sizeof (addrstr));
if (reply == NULL)
{
@@ -828,7 +856,9 @@ rlogind_mainloop (int infd, int outfd)
auth_data.hostaddr = xstrdup (addrstr);
syslog (LOG_INFO, "Connect from %s:%d", auth_data.hostaddr,
- ntohs (auth_data.from.sin_port));
+ (auth_data.from.ss_family == AF_INET6)
+ ? ntohs (((struct sockaddr_in6 *) &auth_data.from)->sin6_port)
+ : ntohs (((struct sockaddr_in *) &auth_data.from)->sin_port));
true = 1;
if (keepalive
@@ -923,6 +953,19 @@ do_rlogin (int infd, struct auth_data *ap)
{
struct passwd *pwd;
int rc;
+#if defined WITH_IRUSEROK_AF || defined WITH_IRUSEROK
+ void *addrp;
+
+ switch (ap->from.ss_family)
+ {
+ case AF_INET6:
+ addrp = (void *) &((struct sockaddr_in6 *) &ap->from)->sin6_addr;
+ break;
+ case AF_INET:
+ default:
+ addrp = (void *) &((struct sockaddr_in *) &ap->from)->sin_addr;
+ }
+#endif /* WITH_IRUSEROK_AF || WITH_IRUSEROK */
getstr (infd, &ap->rusername, NULL);
getstr (infd, &ap->lusername, NULL);
@@ -946,10 +989,10 @@ do_rlogin (int infd, struct auth_data *ap)
rc = iruserok_sa ((struct sockaddr *) &ap->from, ap->fromlen, 0,
ap->rusername, ap->lusername);
# elif defined WITH_IRUSEROK_AF
- rc = iruserok_af (&ap->from.sin_addr, 0, ap->rusername, ap->lusername,
- ap->from.sin_family);
+ rc = iruserok_af (addrp, 0, ap->rusername, ap->lusername,
+ ap->from.ss_family);
# else /* WITH_IRUSEROK */
- rc = iruserok (ap->from.sin_addr.s_addr, 0, ap->rusername, ap->lusername);
+ rc = iruserok (addrp, 0, ap->rusername, ap->lusername);
# endif /* WITH_IRUSEROK_SA || WITH_IRUSEROK_AF || WITH_IRUSEROK */
if (rc)
syslog (LOG_ERR | LOG_AUTH,
@@ -958,7 +1001,7 @@ do_rlogin (int infd, struct auth_data *ap)
#elif defined WITH_RUSEROK_AF || defined WITH_RUSEROK
# ifdef WITH_RUSEROK_AF
rc = ruserok_af (ap->hostaddr, 0, ap->rusername, ap->lusername,
- ap->from.sin_family);
+ ap->from.ss_family);
# else /* WITH_RUSEROK */
rc = ruserok (ap->hostaddr, 0, ap->rusername, ap->lusername);
# endif /* WITH_RUSEROK_AF || WITH_RUSEROK */
@@ -1187,7 +1230,7 @@ do_shishi_login (int infd, struct auth_data *ad, const
char **err_msg)
char *compcksum;
size_t compcksumlen, cksumlen = 30;
char cksumdata[100];
- struct sockaddr_in sock;
+ struct sockaddr_storage sock;
socklen_t socklen = sizeof (sock);
# ifdef ENCRYPTION
@@ -1296,8 +1339,11 @@ do_shishi_login (int infd, struct auth_data *ad, const
char **err_msg)
fatal (infd, "Can't get sockname", 1);
}
- snprintf (cksumdata, 100, "%u:%s%s", ntohs (sock.sin_port), ad->term + 5,
- ad->lusername);
+ snprintf (cksumdata, 100, "%u:%s%s",
+ (sock.ss_family == AF_INET6)
+ ? ntohs (((struct sockaddr_in6 *) &sock)->sin6_port)
+ : ntohs (((struct sockaddr_in *) &sock)->sin_port),
+ ad->term + 5, ad->lusername);
rc = shishi_checksum (ad->h, ad->enckey, 0, cksumtype, cksumdata,
strlen (cksumdata), &compcksum, &compcksumlen);
if (rc != SHISHI_OK
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=7de0a6859990a97a3190e8c398d57e9a8e023d28
commit 7de0a6859990a97a3190e8c398d57e9a8e023d28
Author: Mats Erik Andersson <address@hidden>
Date: Wed Jul 18 19:44:21 2012 +0200
rlogin: Close libshishi handle.
diff --git a/ChangeLog b/ChangeLog
index 430b50a..2d5c619 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2012-07-18 Mats Erik Andersson <address@hidden>
+ rlogin: Close libshishi handle.
+ The normal logout action should lead to an
+ orderly close down of the active libshishi
+ handle, otherwise the tickets get lost.
+
+ * src/rlogin.c (doit) <reader returning> [SHISHI]:
+ Call shishi_done() in authenticating mode, possibly
+ also shishi_key_done() and shishi_crypto_close().
+
+2012-07-18 Mats Erik Andersson <address@hidden>
+
rlogin: Non-authenticating with libshishi.
Verified functionality with `-K' switch.
diff --git a/src/rlogin.c b/src/rlogin.c
index 417fa0f..f240352 100644
--- a/src/rlogin.c
+++ b/src/rlogin.c
@@ -747,6 +747,22 @@ doit (sigset_t * smask)
/* If the reader returns zero, the socket to the server returned
an EOF, meaning the client logged out of the remote system.
This is the normal termination. */
+#ifdef SHISHI
+ if (use_kerberos)
+ {
+# ifdef ENCRYPTION
+ if (doencrypt)
+ {
+ shishi_key_done (key);
+ shishi_crypto_close (iv1.ctx);
+ shishi_crypto_close (iv2.ctx);
+ free (iv1.iv);
+ free (iv2.iv);
+ }
+# endif /* ENCRYPTION */
+ shishi_done (handle);
+ }
+#endif /* SHISHI */
error (0, 0, "Connection to %s closed normally.\r", host);
/* EXIT_SUCCESS is usually zero. So error might not exit. */
exit (EXIT_SUCCESS);
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=f0bea21c7e58ffb7251cdda4f1f7ad39913d4cff
commit f0bea21c7e58ffb7251cdda4f1f7ad39913d4cff
Author: Mats Erik Andersson <address@hidden>
Date: Wed Jul 18 19:27:07 2012 +0200
rlogin: Usable non-authenticating libshishi.
diff --git a/ChangeLog b/ChangeLog
index 36311b9..430b50a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
+2012-07-18 Mats Erik Andersson <address@hidden>
+
+ rlogin: Non-authenticating with libshishi.
+ Verified functionality with `-K' switch.
+
+ * src/rlogin.c (OPTIONS): Remove unused macro.
+ (main): Call doit() with reference to SMASK,
+ not OSMASK.
+ (reader) [SHISHI]: Check OOB data only in
+ Kerberos mode, i.e., for set `use_kerberos'.
+
+ rlogind: Authenticating mode with libshishi.
+ Avoid segmentation faults.
+
+ * src/rlogind.c (so_krb_login): Properly set
+ an empty error message by `*err_msg = NULL'.
+ (do_shishi_login): Do not free CKSUM before use,
+ but do so afterwards.
+
2012-07-14 Mats Erik Andersson <address@hidden>
telnetd: Activate authentication modes.
diff --git a/src/rlogin.c b/src/rlogin.c
index bb21e1a..417fa0f 100644
--- a/src/rlogin.c
+++ b/src/rlogin.c
@@ -223,12 +223,6 @@ void warning (const char *, ...);
extern sighandler_t setsig (int, sighandler_t);
-#if defined KERBEROS || defined SHISHI
-# define OPTIONS "8EKde:k:l:xhV"
-#else
-# define OPTIONS "8EKde:l:hV"
-#endif
-
const char args_doc[] = "HOST";
const char doc[] = "Starts a terminal session on a remote host.";
@@ -613,7 +607,7 @@ try_connect:
seteuid (uid);
setuid (uid);
- doit (&osmask);
+ doit (&smask);
return 0;
}
@@ -1222,12 +1216,15 @@ reader (sigset_t * smask)
for (;;)
{
#ifdef SHISHI
- if ((rcvcnt >= 5) && (bufp[0] == '\377') && (bufp[1] == '\377'))
- if ((bufp[2] == 'o') && (bufp[3] == 'o'))
- {
- oob (1);
- bufp += 5;
- }
+ if (use_kerberos)
+ {
+ if ((rcvcnt >= 5) && (bufp[0] == '\377') && (bufp[1] == '\377'))
+ if ((bufp[2] == 'o') && (bufp[3] == 'o'))
+ {
+ oob (1);
+ bufp += 5;
+ }
+ }
#endif
while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0)
{
diff --git a/src/rlogind.c b/src/rlogind.c
index c7745ca..f463f44 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -979,7 +979,7 @@ do_krb_login (int infd, struct auth_data *ap, const char
**err_msg)
{
int rc;
- err_msg = NULL;
+ *err_msg = NULL;
# if defined KRB5
if (kerberos == AUTH_KERBEROS_5)
rc = do_krb5_login (infd, ap, err_msg);
@@ -1300,17 +1300,18 @@ do_shishi_login (int infd, struct auth_data *ad, const
char **err_msg)
ad->lusername);
rc = shishi_checksum (ad->h, ad->enckey, 0, cksumtype, cksumdata,
strlen (cksumdata), &compcksum, &compcksumlen);
- free (cksum);
if (rc != SHISHI_OK
|| compcksumlen != cksumlen || memcmp (compcksum, cksum, cksumlen) != 0)
{
/* err_msg crash ? */
/* *err_msg = "checksum verify failed"; */
syslog (LOG_ERR, "checksum verify failed: %s", shishi_error (ad->h));
+ free (cksum);
free (compcksum);
return 1;
}
+ free (cksum);
free (compcksum);
rc = shishi_authorized_p (ad->h, shishi_ap_tkt (ad->ap), ad->lusername);
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 123 ++++++++++++++++++++++++++++++
libinetutils/kcmd.c | 136 +++++++++++++++++++++++++++++-----
libinetutils/krcmd.c | 11 ++-
libinetutils/shishi.c | 3 +-
libinetutils/shishi_def.h | 7 +-
src/rcp.c | 181 +++++++++++++++++++++++++++++++-------------
src/rlogin.c | 56 ++++++++++-----
src/rlogind.c | 97 ++++++++++++++++++------
src/rsh.c | 22 +++---
9 files changed, 500 insertions(+), 136 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-137-gc239b98,
Mats Erik Andersson <=