commit-inetutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-290-gd9875

From: Mats Erik Andersson
Subject: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-290-gd987526
Date: Wed, 15 May 2013 14:05:36 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  d987526e82bb5b9757a93cda7f67c33265b54477 (commit)
       via  2d29628f5b9781ff36871d8ed94367d7d6d827a0 (commit)
      from  129168ffccbdf29ccaf5948f4154f0d2d58e63a2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=d987526e82bb5b9757a93cda7f67c33265b54477


commit d987526e82bb5b9757a93cda7f67c33265b54477
Author: Mats Erik Andersson <address@hidden>
Date:   Wed May 15 15:13:11 2013 +0200

    rshd: Client's principal name.

diff --git a/ChangeLog b/ChangeLog
index 3635e88..c19fdff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 2013-05-15  Mats Erik Andersson  <address@hidden>
 
+       rshd: Report client's principal name.
+
+       * src/rshd.c (rprincipal): New variable.
+       (doit) [SHISHI] <use_kerberos>: Set `rprincipal'
+       using shishi_encticketpart_clientrealm().
+       [KRB5] <use_kerberos>: New calls to krb5_kuserok()
+       and krb5_unparse_name().
+       (doit): Report success to syslog using `rprincipal'.
+
+2013-05-15  Mats Erik Andersson  <address@hidden>
+
        rlogind: Report client's principal name.
 
        * libinetutils/shishi_def.h (struct auth_data):
diff --git a/src/rshd.c b/src/rshd.c
index 11bcd7d..1108401 100644
--- a/src/rshd.c
+++ b/src/rshd.c
@@ -433,6 +433,7 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
   const char *hostname, *errorstr, *errorhost = NULL;
   char *cp, sig, buf[BUFSIZ];
   char *cmdbuf, *locuser, *remuser;
+  char *rprincipal = NULL;
 #if defined WITH_IRUSEROK_AF && !defined WITH_PAM
   void * fromaddrp;    /* Pointer to remote address.  */
 #endif
@@ -1118,6 +1119,12 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t 
fromlen)
 
     free (compcksum);
 
+    rc = shishi_encticketpart_clientrealm (h,
+                       shishi_tkt_encticketpart (shishi_ap_tkt (ap)),
+                       &rprincipal, NULL);
+    if (rc != SHISHI_OK)
+      rprincipal = NULL;
+
     shishi_ap_done (ap);
 
   }
@@ -1128,7 +1135,14 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t 
fromlen)
 
       rc = krb5_copy_principal (context, ticket->enc_part2->client,
                                &client);
+      if (rc)
+       goto fail;      /* FIXME: Temporary handler.  */
+
+      if (client && !krb5_kuserok (context, client, locuser))
+       goto fail;      /* FIXME: Temporary handler.  */
 
+      rprincipal = NULL;
+      krb5_unparse_name (context, client, &rprincipal);
     }
 #endif /* KRB5 || SHISHI */
 
@@ -1788,7 +1802,7 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t 
fromlen)
       else
 #endif /* KRB4 */
        syslog (LOG_INFO | LOG_AUTH,
-               "address@hidden as %s: cmd='%.80s'",
+               "%s%s from %s as '%s': cmd='%.80s'",
 #ifdef SHISHI
                !use_kerberos ? ""
                  : !doencrypt ? "Kerberized "
@@ -1796,7 +1810,8 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t 
fromlen)
 #else
                "",
 #endif
-               remuser, hostname, locuser, cmdbuf);
+               rprincipal ? rprincipal : remuser,
+               hostname, locuser, cmdbuf);
     }
 #ifdef SHISHI
   if (doencrypt)

http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=2d29628f5b9781ff36871d8ed94367d7d6d827a0


commit 2d29628f5b9781ff36871d8ed94367d7d6d827a0
Author: Mats Erik Andersson <address@hidden>
Date:   Wed May 15 12:54:01 2013 +0200

    rlogind: Client's principal name.

diff --git a/ChangeLog b/ChangeLog
index 1ef073f..3635e88 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,28 @@
 2013-05-15  Mats Erik Andersson  <address@hidden>
 
+       rlogind: Report client's principal name.
+
+       * libinetutils/shishi_def.h (struct auth_data):
+       New member `rprincipal'.
+       * src/rlogind.c (struct auth_data) [!SHISHI]:
+       Likewise.
+       (do_krb5_login) [KRB5]: Delete NAME.  Assign value
+       to `ap->rprincipal' using previous krb5_unparse_name().
+       (do_shishi_login) [SHISHI]:
+       Call shishi_encticketpart_clientrealm() to set
+       `ad->rprincipal'.  Let the syslog message mention
+       the client's principal name, instead of remote name.
+
+       rlogind: Login options for Solaris again!
+
+       * src/rlogind.c (exec_login) [SOLARIS10 || SOLARIS]:
+       Make option orders roughly similar.  Add option `-d'.
+       <authenticated> [KERBEROS || SHISHI]: Add option `-u'
+       with remote client's principal name.  Depending on
+       `kerberos', let `-s' take argument `krlogin' or `rlogin'.
+
+2013-05-15  Mats Erik Andersson  <address@hidden>
+
        Audit of login options.
 
        * configure.ac (SOLARIS10): Replace previous
diff --git a/libinetutils/shishi_def.h b/libinetutils/shishi_def.h
index 1f0d3d1..5dfd139 100644
--- a/libinetutils/shishi_def.h
+++ b/libinetutils/shishi_def.h
@@ -42,6 +42,7 @@ struct auth_data
   char *hostname;
   char *lusername;
   char *rusername;
+  char *rprincipal;
   char *term;
   char *env[2];
   int kerberos_version;
diff --git a/src/rlogind.c b/src/rlogind.c
index 1334065..cb81cec 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -206,6 +206,7 @@ struct auth_data
   char *hostname;
   char *lusername;
   char *rusername;
+  char *rprincipal;
   char *term;
   char *env[2];
 # ifdef KERBEROS
@@ -1119,15 +1120,21 @@ exec_login (int authenticated, struct auth_data *ap)
   if (authenticated)
     {
 #ifdef SOLARIS10
-      /* TODO: Add `-u' with Kerberos principal name of user.
-       */
-      execle (path_login, "login", "-p", "-s", "krlogin",
-             "-r", ap->hostname, "-U", ap->rusername,
-             ap->lusername, NULL, ap->env);
-#elif defined SOLARIS
       execle (path_login, "login", "-p", "-r", ap->hostname,
+             "-d", line, "-U", ap->rusername,
+# if defined KERBEROS || defined SHISHI
+             "-s", (kerberos ? "krlogin" : "rlogin"),
+             "-u", (ap->rprincipal ? ap->rprincipal : ap->rusername),
+# else /* !KERBEROS && !SHISHI */
+             "-s", "rlogin",
+# endif
              ap->lusername, NULL, ap->env);
-#else
+
+#elif defined SOLARIS  /* !SOLARIS10 */
+      execle (path_login, "login", "-p", "-r", ap->hostname,
+             "-d", line, ap->lusername, NULL, ap->env);
+
+#else /* !SOLARIS */
       /* Some GNU/Linux systems, but not all,  provide `-r'
        * for use instead of `-h'.  Some BSD systems provide `-u'.
        */
@@ -1138,13 +1145,13 @@ exec_login (int authenticated, struct auth_data *ap)
   else
     {
 #ifdef SOLARIS10
-      /* `-U' in not strictly needed, but is harmless.  */
-      execle (path_login, "login", "-p", "-s", "rlogin",
-             "-r", ap->hostname, "-U", ap->rusername,
+      /* `-U' in not strictly needed, but is probably harmless.  */
+      execle (path_login, "login", "-p", "-r", ap->hostname,
+             "-d", line, "-s", "rlogin", "-U", ap->rusername,
              ap->lusername, NULL, ap->env);
 #elif defined SOLARIS
       execle (path_login, "login", "-p", "-r", ap->hostname,
-             ap->lusername, NULL, ap->env);
+             "-d", line, ap->lusername, NULL, ap->env);
 #else
       /* Some GNU/Linux systems, but not all,  provide `-r'
        * for use instead of `-h'.  Some BSD systems provide `-u'.
@@ -1478,7 +1485,6 @@ do_krb5_login (int infd, struct auth_data *ap, const char 
**err_msg)
   struct sockaddr_in laddr;
   int len;
   struct passwd *pwd;
-  char *name;
 
   status = krb5_init_context (&ap->context);
   if (status)
@@ -1576,12 +1582,15 @@ do_krb5_login (int infd, struct auth_data *ap, const 
char **err_msg)
   if (ap->client && !krb5_kuserok (ap->context, ap->client, ap->lusername))
     return 1;
 
-  krb5_unparse_name (ap->context, ap->client, &name);
+  ap->rprincipal = NULL;
+
+  krb5_unparse_name (ap->context, ap->client, &ap->rprincipal);
 
   syslog (LOG_INFO | LOG_AUTH,
          "%sKerberos V login from %s on %s\n",
-         (pwd->pw_uid == 0) ? "ROOT " : "", name, ap->hostname);
-  free (name);
+         (pwd->pw_uid == 0) ? "ROOT " : "",
+         ap->rprincipal ? ap->rprincipal : ap->rusername,
+         ap->hostname);
 
   return 0;
 }
@@ -1733,6 +1742,12 @@ do_shishi_login (int infd, struct auth_data *ad, const 
char **err_msg)
       return rc;
     }
 
+  rc = shishi_encticketpart_clientrealm (ad->h,
+                       shishi_tkt_encticketpart (shishi_ap_tkt (ad->ap)),
+                       &ad->rprincipal, NULL);
+  if (rc != SHISHI_OK)
+    ad->rprincipal = NULL;
+
   shishi_ap_done (ad->ap);
 
 #  ifdef WITH_PAM
@@ -1747,7 +1762,9 @@ do_shishi_login (int infd, struct auth_data *ad, const 
char **err_msg)
   syslog (LOG_INFO | LOG_AUTH,
          "Kerberos V %slogin from %s on %s as `%s'.\n",
          ENCRYPT_IO ? "encrypted " : "",
-         ad->rusername, ad->hostname, ad->lusername);
+         ad->rprincipal ? ad->rprincipal : ad->rusername,
+         ad->hostname,
+         ad->lusername);
 
   return SHISHI_OK;
 }

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                 |   34 +++++++++++++++++++++++++++++++
 libinetutils/shishi_def.h |    1 +
 src/rlogind.c             |   49 ++++++++++++++++++++++++++++++--------------
 src/rshd.c                |   19 +++++++++++++++-
 4 files changed, 85 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
GNU Inetutils
reply via email to
[Prev in Thread] Current Thread [Next in Thread]