[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-290-gd9875
From: |
Mats Erik Andersson |
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-290-gd987526 |
Date: |
Wed, 15 May 2013 14:05:36 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via d987526e82bb5b9757a93cda7f67c33265b54477 (commit)
via 2d29628f5b9781ff36871d8ed94367d7d6d827a0 (commit)
from 129168ffccbdf29ccaf5948f4154f0d2d58e63a2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=d987526e82bb5b9757a93cda7f67c33265b54477
commit d987526e82bb5b9757a93cda7f67c33265b54477
Author: Mats Erik Andersson <address@hidden>
Date: Wed May 15 15:13:11 2013 +0200
rshd: Client's principal name.
diff --git a/ChangeLog b/ChangeLog
index 3635e88..c19fdff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2013-05-15 Mats Erik Andersson <address@hidden>
+ rshd: Report client's principal name.
+
+ * src/rshd.c (rprincipal): New variable.
+ (doit) [SHISHI] <use_kerberos>: Set `rprincipal'
+ using shishi_encticketpart_clientrealm().
+ [KRB5] <use_kerberos>: New calls to krb5_kuserok()
+ and krb5_unparse_name().
+ (doit): Report success to syslog using `rprincipal'.
+
+2013-05-15 Mats Erik Andersson <address@hidden>
+
rlogind: Report client's principal name.
* libinetutils/shishi_def.h (struct auth_data):
diff --git a/src/rshd.c b/src/rshd.c
index 11bcd7d..1108401 100644
--- a/src/rshd.c
+++ b/src/rshd.c
@@ -433,6 +433,7 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
const char *hostname, *errorstr, *errorhost = NULL;
char *cp, sig, buf[BUFSIZ];
char *cmdbuf, *locuser, *remuser;
+ char *rprincipal = NULL;
#if defined WITH_IRUSEROK_AF && !defined WITH_PAM
void * fromaddrp; /* Pointer to remote address. */
#endif
@@ -1118,6 +1119,12 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t
fromlen)
free (compcksum);
+ rc = shishi_encticketpart_clientrealm (h,
+ shishi_tkt_encticketpart (shishi_ap_tkt (ap)),
+ &rprincipal, NULL);
+ if (rc != SHISHI_OK)
+ rprincipal = NULL;
+
shishi_ap_done (ap);
}
@@ -1128,7 +1135,14 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t
fromlen)
rc = krb5_copy_principal (context, ticket->enc_part2->client,
&client);
+ if (rc)
+ goto fail; /* FIXME: Temporary handler. */
+
+ if (client && !krb5_kuserok (context, client, locuser))
+ goto fail; /* FIXME: Temporary handler. */
+ rprincipal = NULL;
+ krb5_unparse_name (context, client, &rprincipal);
}
#endif /* KRB5 || SHISHI */
@@ -1788,7 +1802,7 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t
fromlen)
else
#endif /* KRB4 */
syslog (LOG_INFO | LOG_AUTH,
- "address@hidden as %s: cmd='%.80s'",
+ "%s%s from %s as '%s': cmd='%.80s'",
#ifdef SHISHI
!use_kerberos ? ""
: !doencrypt ? "Kerberized "
@@ -1796,7 +1810,8 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t
fromlen)
#else
"",
#endif
- remuser, hostname, locuser, cmdbuf);
+ rprincipal ? rprincipal : remuser,
+ hostname, locuser, cmdbuf);
}
#ifdef SHISHI
if (doencrypt)
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=2d29628f5b9781ff36871d8ed94367d7d6d827a0
commit 2d29628f5b9781ff36871d8ed94367d7d6d827a0
Author: Mats Erik Andersson <address@hidden>
Date: Wed May 15 12:54:01 2013 +0200
rlogind: Client's principal name.
diff --git a/ChangeLog b/ChangeLog
index 1ef073f..3635e88 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,28 @@
2013-05-15 Mats Erik Andersson <address@hidden>
+ rlogind: Report client's principal name.
+
+ * libinetutils/shishi_def.h (struct auth_data):
+ New member `rprincipal'.
+ * src/rlogind.c (struct auth_data) [!SHISHI]:
+ Likewise.
+ (do_krb5_login) [KRB5]: Delete NAME. Assign value
+ to `ap->rprincipal' using previous krb5_unparse_name().
+ (do_shishi_login) [SHISHI]:
+ Call shishi_encticketpart_clientrealm() to set
+ `ad->rprincipal'. Let the syslog message mention
+ the client's principal name, instead of remote name.
+
+ rlogind: Login options for Solaris again!
+
+ * src/rlogind.c (exec_login) [SOLARIS10 || SOLARIS]:
+ Make option orders roughly similar. Add option `-d'.
+ <authenticated> [KERBEROS || SHISHI]: Add option `-u'
+ with remote client's principal name. Depending on
+ `kerberos', let `-s' take argument `krlogin' or `rlogin'.
+
+2013-05-15 Mats Erik Andersson <address@hidden>
+
Audit of login options.
* configure.ac (SOLARIS10): Replace previous
diff --git a/libinetutils/shishi_def.h b/libinetutils/shishi_def.h
index 1f0d3d1..5dfd139 100644
--- a/libinetutils/shishi_def.h
+++ b/libinetutils/shishi_def.h
@@ -42,6 +42,7 @@ struct auth_data
char *hostname;
char *lusername;
char *rusername;
+ char *rprincipal;
char *term;
char *env[2];
int kerberos_version;
diff --git a/src/rlogind.c b/src/rlogind.c
index 1334065..cb81cec 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -206,6 +206,7 @@ struct auth_data
char *hostname;
char *lusername;
char *rusername;
+ char *rprincipal;
char *term;
char *env[2];
# ifdef KERBEROS
@@ -1119,15 +1120,21 @@ exec_login (int authenticated, struct auth_data *ap)
if (authenticated)
{
#ifdef SOLARIS10
- /* TODO: Add `-u' with Kerberos principal name of user.
- */
- execle (path_login, "login", "-p", "-s", "krlogin",
- "-r", ap->hostname, "-U", ap->rusername,
- ap->lusername, NULL, ap->env);
-#elif defined SOLARIS
execle (path_login, "login", "-p", "-r", ap->hostname,
+ "-d", line, "-U", ap->rusername,
+# if defined KERBEROS || defined SHISHI
+ "-s", (kerberos ? "krlogin" : "rlogin"),
+ "-u", (ap->rprincipal ? ap->rprincipal : ap->rusername),
+# else /* !KERBEROS && !SHISHI */
+ "-s", "rlogin",
+# endif
ap->lusername, NULL, ap->env);
-#else
+
+#elif defined SOLARIS /* !SOLARIS10 */
+ execle (path_login, "login", "-p", "-r", ap->hostname,
+ "-d", line, ap->lusername, NULL, ap->env);
+
+#else /* !SOLARIS */
/* Some GNU/Linux systems, but not all, provide `-r'
* for use instead of `-h'. Some BSD systems provide `-u'.
*/
@@ -1138,13 +1145,13 @@ exec_login (int authenticated, struct auth_data *ap)
else
{
#ifdef SOLARIS10
- /* `-U' in not strictly needed, but is harmless. */
- execle (path_login, "login", "-p", "-s", "rlogin",
- "-r", ap->hostname, "-U", ap->rusername,
+ /* `-U' in not strictly needed, but is probably harmless. */
+ execle (path_login, "login", "-p", "-r", ap->hostname,
+ "-d", line, "-s", "rlogin", "-U", ap->rusername,
ap->lusername, NULL, ap->env);
#elif defined SOLARIS
execle (path_login, "login", "-p", "-r", ap->hostname,
- ap->lusername, NULL, ap->env);
+ "-d", line, ap->lusername, NULL, ap->env);
#else
/* Some GNU/Linux systems, but not all, provide `-r'
* for use instead of `-h'. Some BSD systems provide `-u'.
@@ -1478,7 +1485,6 @@ do_krb5_login (int infd, struct auth_data *ap, const char
**err_msg)
struct sockaddr_in laddr;
int len;
struct passwd *pwd;
- char *name;
status = krb5_init_context (&ap->context);
if (status)
@@ -1576,12 +1582,15 @@ do_krb5_login (int infd, struct auth_data *ap, const
char **err_msg)
if (ap->client && !krb5_kuserok (ap->context, ap->client, ap->lusername))
return 1;
- krb5_unparse_name (ap->context, ap->client, &name);
+ ap->rprincipal = NULL;
+
+ krb5_unparse_name (ap->context, ap->client, &ap->rprincipal);
syslog (LOG_INFO | LOG_AUTH,
"%sKerberos V login from %s on %s\n",
- (pwd->pw_uid == 0) ? "ROOT " : "", name, ap->hostname);
- free (name);
+ (pwd->pw_uid == 0) ? "ROOT " : "",
+ ap->rprincipal ? ap->rprincipal : ap->rusername,
+ ap->hostname);
return 0;
}
@@ -1733,6 +1742,12 @@ do_shishi_login (int infd, struct auth_data *ad, const
char **err_msg)
return rc;
}
+ rc = shishi_encticketpart_clientrealm (ad->h,
+ shishi_tkt_encticketpart (shishi_ap_tkt (ad->ap)),
+ &ad->rprincipal, NULL);
+ if (rc != SHISHI_OK)
+ ad->rprincipal = NULL;
+
shishi_ap_done (ad->ap);
# ifdef WITH_PAM
@@ -1747,7 +1762,9 @@ do_shishi_login (int infd, struct auth_data *ad, const
char **err_msg)
syslog (LOG_INFO | LOG_AUTH,
"Kerberos V %slogin from %s on %s as `%s'.\n",
ENCRYPT_IO ? "encrypted " : "",
- ad->rusername, ad->hostname, ad->lusername);
+ ad->rprincipal ? ad->rprincipal : ad->rusername,
+ ad->hostname,
+ ad->lusername);
return SHISHI_OK;
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 34 +++++++++++++++++++++++++++++++
libinetutils/shishi_def.h | 1 +
src/rlogind.c | 49 ++++++++++++++++++++++++++++++--------------
src/rshd.c | 19 +++++++++++++++-
4 files changed, 85 insertions(+), 18 deletions(-)
hooks/post-receive
--
GNU Inetutils
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-290-gd987526,
Mats Erik Andersson <=