diff options
Diffstat (limited to 'eBones/usr.bin')
27 files changed, 0 insertions, 3036 deletions
diff --git a/eBones/usr.bin/Makefile b/eBones/usr.bin/Makefile deleted file mode 100644 index fa796caeb8f5..000000000000 --- a/eBones/usr.bin/Makefile +++ /dev/null @@ -1,6 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.1 1995/09/13 17:24:05 markm Exp $ - -SUBDIR= kadmin kdestroy kinit klist ksrvtgt register rkinit - -.include <bsd.subdir.mk> diff --git a/eBones/usr.bin/Makefile.inc b/eBones/usr.bin/Makefile.inc deleted file mode 100644 index 5506596ac57e..000000000000 --- a/eBones/usr.bin/Makefile.inc +++ /dev/null @@ -1,5 +0,0 @@ -# @(#)Makefile.inc 8.1 (Berkeley) 6/6/93 - -BINDIR?= /usr/bin - -.include "../Makefile.inc" diff --git a/eBones/usr.bin/kadmin/Makefile b/eBones/usr.bin/kadmin/Makefile deleted file mode 100644 index 8f0864c7cbaf..000000000000 --- a/eBones/usr.bin/kadmin/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# $Id$ - -PROG= kadmin -SRCS= ${KRBOBJDIR}/krb_err.h kadmin.c kadmin_cmds.c -CLEANFILES+= kadmin_cmds.c krb_err.c -CFLAGS+= -DPOSIX -I${.CURDIR}/../../lib/libkadm -I${KRBOBJDIR} -DPADD= ${LIBKRB} ${LIBDES} -LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -LDADD+= -lss -lcom_err -MAN8= kadmin.8 - -kadmin_cmds.c: kadmin_cmds.ct - test -e kadmin_cmds.ct || ln -s ${.CURDIR}/kadmin_cmds.ct . - mk_cmds kadmin_cmds.ct - -.include <bsd.prog.mk> diff --git a/eBones/usr.bin/kadmin/kadmin.8 b/eBones/usr.bin/kadmin/kadmin.8 deleted file mode 100644 index 6e1501571326..000000000000 --- a/eBones/usr.bin/kadmin/kadmin.8 +++ /dev/null @@ -1,158 +0,0 @@ -.\" from: kadmin.8,v 4.2 89/07/25 17:20:02 jtkohl Exp $ -.\" $Id: kadmin.8,v 1.2 1994/07/19 19:27:22 g89r4222 Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kadmin \- network utility for Kerberos database administration -.SH SYNOPSIS -.B kadmin [-u user] [-r default_realm] [-m] -.SH DESCRIPTION -This utility provides a unified administration interface to -the -Kerberos -master database. -Kerberos -administrators -use -.I kadmin -to register new users and services to the master database, -and to change information about existing database entries. -For instance, an administrator can use -.I kadmin -to change a user's -Kerberos -password. -A Kerberos administrator is a user with an ``admin'' instance -whose name appears on one of the Kerberos administration access control -lists. If the \-u option is used, -.I user -will be used as the administrator instead of the local user. -If the \-r option is used, -.I default_realm -will be used as the default realm for transactions. Otherwise, -the local realm will be used by default. -If the \-m option is used, multiple requests will be permitted -on only one entry of the admin password. Some sites won't -support this option. - -The -.I kadmin -program communicates over the network with the -.I kadmind -program, which runs on the machine housing the Kerberos master -database. -The -.I kadmind -creates new entries and makes modifications to the database. - -When you enter the -.I kadmin -command, -the program displays a message that welcomes you and explains -how to ask for help. -Then -.I kadmin -waits for you to enter commands (which are described below). -It then asks you for your -.I admin -password before accessing the database. - -Use the -.I add_new_key -(or -.I ank -for short) -command to register a new principal -with the master database. -The command requires one argument, -the principal's name. The name -given can be fully qualified using -the standard -.I name.instance@realm -convention. -You are asked to enter your -.I admin -password, -then prompted twice to enter the principal's -new password. If no realm is specified, -the local realm is used unless another was -given on the commandline with the \-r flag. -If no instance is -specified, a null instance is used. If -a realm other than the default realm is specified, -you will need to supply your admin password for -the other realm. - -Use the -.I change_password (cpw) -to change a principal's -Kerberos -password. -The command requires one argument, -the principal's -name. -You are asked to enter your -.I admin -password, -then prompted twice to enter the principal's new password. -The name -given can be fully qualified using -the standard -.I name.instance@realm -convention. - -Use the -.I change_admin_password (cap) -to change your -.I admin -instance password. -This command requires no arguments. -It prompts you for your old -.I admin -password, then prompts you twice to enter the new -.I admin -password. If this is your first command, -the default realm is used. Otherwise, the realm -used in the last command is used. - -Use the -.I destroy_tickets (dest) -command to destroy your admin tickets explicitly. - -Use the -.I list_requests (lr) -command to get a list of possible commands. - -Use the -.I help -command to display -.IR kadmin's -various help messages. -If entered without an argument, -.I help -displays a general help message. -You can get detailed information on specific -.I kadmin -commands -by entering -.I help -.IR command_name . - -To quit the program, type -.IR quit . - -.SH BUGS -The user interface is primitive, and the command names could be better. - -.SH "SEE ALSO" -kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8) -.br -``A Subsystem Utilities Package for UNIX'' by Ken Raeburn -.SH AUTHORS -Jeffrey I. Schiller, MIT Project Athena -.br -Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/eBones/usr.bin/kadmin/kadmin.c b/eBones/usr.bin/kadmin/kadmin.c deleted file mode 100644 index 54ccedcfab7c..000000000000 --- a/eBones/usr.bin/kadmin/kadmin.c +++ /dev/null @@ -1,636 +0,0 @@ -/* - * $Source$ - * $Author$ - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Kerberos database administrator's tool. - * - * The default behavior of kadmin is if the -m option is given - * on the commandline, multiple requests are allowed to be given - * with one entry of the admin password (until the tickets expire). - * If you do not want this to be an available option, compile with - * NO_MULTIPLE defined. - */ - -#if 0 -#ifndef lint -static char rcsid_kadmin_c[] = -"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadmin.c,v 4.5 89/09/26 14:17:54 qjb Exp "; -#endif lint -#endif - -#include <unistd.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> -#include <time.h> -#include <sys/param.h> -#include <pwd.h> -#include <ss/ss.h> -#include <com_err.h> -#include <krb_err.h> -#include <kadm.h> - -#define BAD_PW 1 -#define GOOD_PW 0 -#define FUDGE_VALUE 15 /* for ticket expiration time */ -#define PE_NO 0 -#define PE_YES 1 -#define PE_UNSURE 2 - -/* for get_password, whether it should do the swapping...necessary for - using vals structure, unnecessary for change_pw requests */ -#define DONTSWAP 0 -#define SWAP 1 - -static void do_init(int argc, char *argv[]); -void clean_up(void); -int get_password(unsigned long *low, unsigned long *high, char *prompt, - int byteswap); -int get_admin_password(void); -int princ_exists(char *name, char *instance, char *realm); - -extern ss_request_table admin_cmds; - -static char myname[ANAME_SZ]; -static char default_realm[REALM_SZ]; /* default kerberos realm */ -static char krbrlm[REALM_SZ]; /* current realm being administered */ -#ifndef NO_MULTIPLE -static int multiple = 0; /* Allow multiple requests per ticket */ -#endif - -int -main(argc, argv) - int argc; - char *argv[]; -{ - int sci_idx; - int code; - char tktstring[MAXPATHLEN]; - - void quit(); - - sci_idx = ss_create_invocation("admin", "2.0", (char *) NULL, - &admin_cmds, &code); - if (code) { - ss_perror(sci_idx, code, "creating invocation"); - exit(1); - } - (void) sprintf(tktstring, "/tmp/tkt_adm_%d",getpid()); - krb_set_tkt_string(tktstring); - - do_init(argc, argv); - - printf("Welcome to the Kerberos Administration Program, version 2\n"); - printf("Type \"help\" if you need it.\n"); - ss_listen(sci_idx, &code); - printf("\n"); - quit(); - exit(0); -} - -int -setvals(vals, string) - Kadm_vals *vals; - char *string; -{ - char realm[REALM_SZ]; - int status = KADM_SUCCESS; - - bzero(vals, sizeof(*vals)); - bzero(realm, sizeof(realm)); - - SET_FIELD(KADM_NAME,vals->fields); - SET_FIELD(KADM_INST,vals->fields); - if ((status = kname_parse(vals->name, vals->instance, realm, string))) { - printf("kerberos error: %s\n", krb_err_txt[status]); - return status; - } - if (!realm[0]) - strcpy(realm, default_realm); - if (strcmp(realm, krbrlm)) { - strcpy(krbrlm, realm); - if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) - != KADM_SUCCESS) - printf("kadm error for realm %s: %s\n", - krbrlm, error_message(status)); - } - if (status) - return 1; - else - return KADM_SUCCESS; -} - -void -change_password(argc, argv) - int argc; - char *argv[]; -{ - Kadm_vals old, new; - int status; - char pw_prompt[BUFSIZ]; - - if (argc != 2) { - printf("Usage: change_password loginname\n"); - return; - } - - if (setvals(&old, argv[1]) != KADM_SUCCESS) - return; - - new = old; - - SET_FIELD(KADM_DESKEY,new.fields); - - if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { - /* get the admin's password */ - if (get_admin_password() != GOOD_PW) - return; - - /* get the new password */ - (void) sprintf(pw_prompt, "New password for %s:", argv[1]); - - if (get_password(&new.key_low, &new.key_high, - pw_prompt, SWAP) == GOOD_PW) { - status = kadm_mod(&old, &new); - if (status == KADM_SUCCESS) { - printf("Password changed for %s.\n", argv[1]); - } else { - printf("kadmin: %s\nwhile changing password for %s", - error_message(status), argv[1]); - } - } else - printf("Error reading password; password unchanged\n"); - bzero((char *)&new, sizeof(new)); -#ifndef NO_MULTIPLE - if (!multiple) - clean_up(); -#endif - } - else - printf("kadmin: Principal does not exist.\n"); - return; -} - -/*ARGSUSED*/ -void -change_admin_password(argc, argv) - int argc; - char *argv[]; -{ - des_cblock newkey; - unsigned long low, high; - int status; - char prompt_pw[BUFSIZ]; - - if (argc != 1) { - printf("Usage: change_admin_password\n"); - return; - } - /* get the admin's password */ - if (get_admin_password() != GOOD_PW) - return; - - (void) sprintf(prompt_pw, "New password for %s.admin:",myname); - if (get_password(&low, &high, prompt_pw, DONTSWAP) == GOOD_PW) { - bcopy((char *)&low,(char *) newkey,4); - bcopy((char *)&high, (char *)(((long *) newkey) + 1),4); - low = high = 0L; - if ((status = kadm_change_pw(newkey)) == KADM_SUCCESS) - printf("Admin password changed\n"); - else - printf("kadm error: %s\n",error_message(status)); - bzero((char *)newkey, sizeof(newkey)); - } else - printf("Error reading password; password unchanged\n"); -#ifndef NO_MULTIPLE - if (!multiple) - clean_up(); -#endif - return; -} - -void -add_new_key(argc, argv) - int argc; - char *argv[]; -{ - Kadm_vals new; - char pw_prompt[BUFSIZ]; - int status; - - if (argc != 2) { - printf("Usage: add_new_key user_name.\n"); - return; - } - if (setvals(&new, argv[1]) != KADM_SUCCESS) - return; - - SET_FIELD(KADM_DESKEY,new.fields); - - if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) { - /* get the admin's password */ - if (get_admin_password() != GOOD_PW) - return; - - /* get the new password */ - (void) sprintf(pw_prompt, "Password for %s:", argv[1]); - - if (get_password(&new.key_low, &new.key_high, - pw_prompt, SWAP) == GOOD_PW) { - status = kadm_add(&new); - if (status == KADM_SUCCESS) { - printf("%s added to database.\n", argv[1]); - } else { - printf("kadm error: %s\n",error_message(status)); - } - } else - printf("Error reading password; %s not added\n",argv[1]); - bzero((char *)&new, sizeof(new)); -#ifndef NO_MULTIPLE - if (!multiple) - clean_up(); -#endif - } - else - printf("kadmin: Principal already exists.\n"); - return; -} - -void -get_entry(argc, argv) - int argc; - char *argv[]; -{ - int status; - u_char fields[4]; - Kadm_vals vals; - - if (argc != 2) { - printf("Usage: get_entry username\n"); - return; - } - - bzero(fields, sizeof(fields)); - - SET_FIELD(KADM_NAME,fields); - SET_FIELD(KADM_INST,fields); - SET_FIELD(KADM_EXPDATE,fields); - SET_FIELD(KADM_ATTR,fields); - SET_FIELD(KADM_MAXLIFE,fields); - - if (setvals(&vals, argv[1]) != KADM_SUCCESS) - return; - - - if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { - /* get the admin's password */ - if (get_admin_password() != GOOD_PW) - return; - - if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS) - prin_vals(&vals); - else - printf("kadm error: %s\n",error_message(status)); - -#ifndef NO_MULTIPLE - if (!multiple) - clean_up(); -#endif - } - else - printf("kadmin: Principal does not exist.\n"); - return; -} - - -void -help(argc, argv) - int argc; - char *argv[]; -{ - if (argc == 1) { - printf("Welcome to the Kerberos administration program."); - printf("Type \"?\" to get\n"); - printf("a list of requests that are available. You can"); - printf(" get help on each of\n"); - printf("the commands by typing \"help command_name\"."); - printf(" Some functions of this\n"); - printf("program will require an \"admin\" password"); - printf(" from you. This is a password\n"); - printf("private to you, that is used to authenticate"); - printf(" requests from this\n"); - printf("program. You can change this password with"); - printf(" the \"change_admin_password\"\n"); - printf("(or short form \"cap\") command. Good Luck! \n"); - } else if (!strcmp(argv[1], "change_password") || - !strcmp(argv[1], "cpw")) { - printf("Usage: change_password user_name.\n"); - printf("\n"); - printf("user_name is the name of the user whose password"); - printf(" you wish to change. \n"); - printf("His/her password is changed in the kerberos database\n"); - printf("When this command is issued, first the \"Admin\""); - printf(" password will be prompted\n"); - printf("for and if correct the user's new password will"); - printf(" be prompted for (twice with\n"); - printf("appropriate comparison). Note: No minimum password"); - printf(" length restrictions apply, but\n"); - printf("longer passwords are more secure.\n"); - } else if (!strcmp(argv[1], "change_admin_password") || - !strcmp(argv[1], "cap")) { - printf("Usage: change_admin_password.\n"); - printf("\n"); - printf("This command takes no arguments and is used"); - printf(" to change your private\n"); - printf("\"Admin\" password. It will first prompt for"); - printf(" the (current) \"Admin\"\n"); - printf("password and then ask for the new password"); - printf(" by prompting:\n"); - printf("\n"); - printf("New password for <Your User Name>.admin:\n"); - printf("\n"); - printf("Enter the new admin password that you desire"); - printf(" (it will be asked for\n"); - printf("twice to avoid errors).\n"); - } else if (!strcmp(argv[1], "add_new_key") || - !strcmp(argv[1], "ank")) { - printf("Usage: add_new_key user_name.\n"); - printf("\n"); - printf("user_name is the name of a new user to put"); - printf(" in the kerberos database. Your\n"); - printf("\"Admin\" password and the user's password"); - printf(" are prompted for. The user's\n"); - printf("password will be asked for"); - printf(" twice to avoid errors.\n"); - } else if (!strcmp(argv[1], "get_entry") || - !strcmp(argv[1], "get")) { - printf("Usage: get_entry user_name.\n"); - printf("\n"); - printf("user_name is the name of a user whose"); - printf(" entry you wish to review. Your\n"); - printf("\"Admin\" password is prompted for. "); - printf(" The key field is not filled in, for\n"); - printf("security reasons.\n"); - } else if (!strcmp(argv[1], "destroy_tickets") || - !strcmp(argv[1], "dest")) { - printf("Usage: destroy_tickets\n"); - printf("\n"); - printf("Destroy your admin tickets. This will"); - printf(" cause you to be prompted for your\n"); - printf("admin password on your next request.\n"); - } else if (!strcmp(argv[1], "list_requests") || - !strcmp(argv[1], "lr") || - !strcmp(argv[1], "?")) { - printf("Usage: list_requests\n"); - printf("\n"); - printf("This command lists what other commands are"); - printf(" currently available.\n"); - } else if (!strcmp(argv[1], "exit") || - !strcmp(argv[1], "quit") || - !strcmp(argv[1], "q")) { - printf("Usage: quit\n"); - printf("\n"); - printf("This command exits this program.\n"); - } else { - printf("Sorry there is no such command as %s.", argv[1]); - printf(" Type \"help\" for more information. \n"); - } - return; -} - -void -go_home(str,x) -char *str; -int x; -{ - fprintf(stderr, "%s: %s\n", str, error_message(x)); - clean_up(); - exit(1); -} - -static int inited = 0; - -void -usage() -{ - fprintf(stderr, "Usage: kadmin [-u admin_name] [-r default_realm]"); -#ifndef NO_MULTIPLE - fprintf(stderr, " [-m]"); -#endif - fprintf(stderr, "\n"); -#ifndef NO_MULTIPLE - fprintf(stderr, " -m allows multiple admin requests to be "); - fprintf(stderr, "serviced with one entry of admin\n"); - fprintf(stderr, " password.\n"); -#endif - exit(1); -} - -static void -do_init(argc, argv) - int argc; - char *argv[]; -{ - struct passwd *pw; - extern char *optarg; - extern int optind; - int c; -#ifndef NO_MULTIPLE -#define OPTION_STRING "u:r:m" -#else -#define OPTION_STRING "u:r:" -#endif - - bzero(myname, sizeof(myname)); - - if (!inited) { - /* - * This is only as a default/initial realm; we don't care - * about failure. - */ - if (krb_get_lrealm(default_realm, 1) != KSUCCESS) - strcpy(default_realm, KRB_REALM); - - /* - * If we can reach the local realm, initialize to it. Otherwise, - * don't initialize. - */ - if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS) - bzero(krbrlm, sizeof(krbrlm)); - else - strcpy(krbrlm, default_realm); - - while ((c = getopt(argc, argv, OPTION_STRING)) != EOF) - switch (c) { - case 'u': - strncpy(myname, optarg, sizeof(myname) - 1); - break; - case 'r': - bzero(default_realm, sizeof(default_realm)); - strncpy(default_realm, optarg, sizeof(default_realm) - 1); - break; -#ifndef NO_MULTIPLE - case 'm': - multiple++; - break; -#endif - default: - usage(); - break; - } - if (optind < argc) - usage(); - if (!myname[0]) { - pw = getpwuid((int) getuid()); - if (!pw) { - fprintf(stderr, - "You aren't in the password file. Who are you?\n"); - exit(1); - } - (void) strcpy(myname, pw->pw_name); - } - inited = 1; - } -} - -#ifdef NOENCRYPTION -#define read_long_pw_string placebo_read_pw_string -#else -#define read_long_pw_string des_read_pw_string -#endif -extern int read_long_pw_string(); - -int -get_admin_password() -{ - int status; - char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ - int ticket_life = 1; /* minimum ticket lifetime */ -#ifndef NO_MULTIPLE - CREDENTIALS c; - - if (multiple) { - /* If admin tickets exist and are valid, just exit. */ - bzero(&c, sizeof(c)); - if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS) - /* - * If time is less than lifetime - FUDGE_VALUE after issue date, - * tickets will probably last long enough for the next - * transaction. - */ - if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE)) - return(KADM_SUCCESS); - ticket_life = DEFAULT_TKT_LIFE; - } -#endif - - if (princ_exists(myname, "admin", krbrlm) != PE_NO) { - if (read_long_pw_string(admin_passwd, sizeof(admin_passwd)-1, - "Admin password:", 0)) { - fprintf(stderr, "Error reading admin password.\n"); - goto bad; - } - status = krb_get_pw_in_tkt(myname, "admin", krbrlm, PWSERV_NAME, - KADM_SINST, ticket_life, admin_passwd); - bzero(admin_passwd, sizeof(admin_passwd)); - } - else - status = KDC_PR_UNKNOWN; - - switch(status) { - case GT_PW_OK: - return(GOOD_PW); - case KDC_PR_UNKNOWN: - printf("Principal %s.admin@%s does not exist.\n", myname, krbrlm); - goto bad; - case GT_PW_BADPW: - printf("Incorrect admin password.\n"); - goto bad; - default: - com_err("kadmin", status+krb_err_base, - "while getting password tickets"); - goto bad; - } - - bad: - bzero(admin_passwd, sizeof(admin_passwd)); - (void) dest_tkt(); - return(BAD_PW); -} - -void -clean_up() -{ - (void) dest_tkt(); - return; -} - -void -quit() -{ - printf("Cleaning up and exiting.\n"); - clean_up(); - exit(0); -} - -int -princ_exists(name, instance, realm) - char *name; - char *instance; - char *realm; -{ - int status; - - status = krb_get_pw_in_tkt(name, instance, realm, "krbtgt", realm, 1, ""); - - if ((status == KSUCCESS) || (status == INTK_BADPW)) - return(PE_YES); - else if (status == KDC_PR_UNKNOWN) - return(PE_NO); - else - return(PE_UNSURE); -} - -int -get_password(low, high, prompt, byteswap) -unsigned long *low, *high; -char *prompt; -int byteswap; -{ - char new_passwd[MAX_KPW_LEN]; /* new password */ - des_cblock newkey; - - do { - if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1)) - return(BAD_PW); - if (strlen(new_passwd) == 0) - printf("Null passwords are not allowed; try again.\n"); - } while (strlen(new_passwd) == 0); - -#ifdef NOENCRYPTION - bzero((char *) newkey, sizeof(newkey)); -#else - des_string_to_key(new_passwd, &newkey); -#endif - bzero(new_passwd, sizeof(new_passwd)); - - bcopy((char *) newkey,(char *)low,4); - bcopy((char *)(((long *) newkey) + 1), (char *)high,4); - - bzero((char *) newkey, sizeof(newkey)); - -#ifdef NOENCRYPTION - *low = 1; -#endif - - if (byteswap != DONTSWAP) { - *low = htonl(*low); - *high = htonl(*high); - } - return(GOOD_PW); -} diff --git a/eBones/usr.bin/kadmin/kadmin_cmds.ct b/eBones/usr.bin/kadmin/kadmin_cmds.ct deleted file mode 100644 index 141ac154e1f1..000000000000 --- a/eBones/usr.bin/kadmin/kadmin_cmds.ct +++ /dev/null @@ -1,41 +0,0 @@ -# $Source: /usr/cvs/src/eBones/kadmin/kadmin_cmds.ct,v $ -# $Author: mark $ -# $Header: /usr/cvs/src/eBones/kadmin/kadmin_cmds.ct,v 1.1 1995/07/18 16:36:56 mark Exp $ -# -# Copyright 1988 by the Massachusetts Institute of Technology. -# -# For copying and distribution information, please see the file -# <mit-copyright.h>. -# -# Command table for Kerberos administration tool -# - command_table admin_cmds; - - request change_password, - "Change a user's password", - change_password, cpw; - - request change_admin_password, "Change your admin password", - change_admin_password, cap; - - request add_new_key, "Add new user to kerberos database", - add_new_key, ank; - - request get_entry, "Get entry from kerberos database", - get_entry, get; - - request clean_up, "Destroy admin tickets", - destroy_tickets, dest; - - request help,"Request help with this program", - help; - -# list_requests is generic -- unrelated to Kerberos - - request ss_list_requests, "List available requests.", - list_requests, lr, "?"; - - request quit, "Exit program.", - quit, exit, q; - - end; diff --git a/eBones/usr.bin/kdestroy/Makefile b/eBones/usr.bin/kdestroy/Makefile deleted file mode 100644 index d61e691c84f5..000000000000 --- a/eBones/usr.bin/kdestroy/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.5 1995/09/14 04:06:04 gibbs Exp $ - -PROG= kdestroy -CFLAGS+=-DKERBEROS -DDEBUG -DBSD42 -DPADD= ${LIBKRB} ${LIBDES} -LDADD= -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN1= kdestroy.1 - -.include <bsd.prog.mk> diff --git a/eBones/usr.bin/kdestroy/kdestroy.1 b/eBones/usr.bin/kdestroy/kdestroy.1 deleted file mode 100644 index 709935366e73..000000000000 --- a/eBones/usr.bin/kdestroy/kdestroy.1 +++ /dev/null @@ -1,81 +0,0 @@ -.\" from: kdestroy.1,v 4.9 89/01/23 11:39:50 jtkohl Exp $ -.\" $Id: kdestroy.1,v 1.2 1994/07/19 19:27:32 g89r4222 Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdestroy \- destroy Kerberos tickets -.SH SYNOPSIS -.B kdestroy -[ -.B \-f -] -[ -.B \-q -] -.SH DESCRIPTION -The -.I kdestroy -utility destroys the user's active -Kerberos -authorization tickets by writing zeros to the file that contains them. -If the ticket file does not exist, -.I kdestroy -displays a message to that effect. -.PP -After overwriting the file, -.I kdestroy -removes the file from the system. -The utility -displays a message indicating the success or failure of the -operation. -If -.I kdestroy -is unable to destroy the ticket file, -the utility will warn you by making your terminal beep. -.PP -In the Athena workstation environment, -the -.I toehold -service automatically destroys your tickets when you -end a workstation session. -If your site does not provide a similar ticket-destroying mechanism, -you can place the -.I kdestroy -command in your -.I .logout -file so that your tickets are destroyed automatically -when you logout. -.PP -The options to -.I kdestroy -are as follows: -.TP 7 -.B \-f -.I kdestroy -runs without displaying the status message. -.TP -.B \-q -.I kdestroy -will not make your terminal beep if it fails to destroy the tickets. -.SH FILES -KRBTKFILE environment variable if set, otherwise -.br -/tmp/tkt[uid] -.SH SEE ALSO -kerberos(1), kinit(1), klist(1) -.SH BUGS -.PP -Only the tickets in the user's current ticket file are destroyed. -Separate ticket files are used to hold root instance and password -changing tickets. These files should probably be destroyed too, or -all of a user's tickets kept in a single ticket file. -.SH AUTHORS -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.br -Clifford Neuman, MIT Project Athena -.br -Bill Sommerfeld, MIT Project Athena diff --git a/eBones/usr.bin/kdestroy/kdestroy.c b/eBones/usr.bin/kdestroy/kdestroy.c deleted file mode 100644 index 926eea52da95..000000000000 --- a/eBones/usr.bin/kdestroy/kdestroy.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * This program causes Kerberos tickets to be destroyed. - * Options are: - * - * -q[uiet] - no bell even if tickets not destroyed - * -f[orce] - no message printed at all - * - * from: kdestroy.c,v 4.5 88/03/18 15:16:02 steiner Exp $ - * $Id: kdestroy.c,v 1.3 1995/07/18 16:37:44 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kdestroy.c,v 1.3 1995/07/18 16:37:44 mark Exp $"; -#endif lint -#endif - -#include <stdio.h> -#include <krb.h> -#ifdef BSD42 -#include <strings.h> -#endif BSD42 - - -static char *pname; - -static void -usage() -{ - fprintf(stderr, "Usage: %s [-f] [-q]\n", pname); - exit(1); -} - -int -main(argc, argv) - int argc; - char *argv[]; -{ - int fflag=0, qflag=0, k_errno; - register char *cp; - - cp = rindex (argv[0], '/'); - if (cp == NULL) - pname = argv[0]; - else - pname = cp+1; - - if (argc > 2) - usage(); - else if (argc == 2) { - if (!strcmp(argv[1], "-f")) - ++fflag; - else if (!strcmp(argv[1], "-q")) - ++qflag; - else usage(); - } - - k_errno = dest_tkt(); - - if (fflag) { - if (k_errno != 0 && k_errno != RET_TKFIL) - exit(1); - else - exit(0); - } else { - if (k_errno == 0) - printf("Tickets destroyed.\n"); - else if (k_errno == RET_TKFIL) - fprintf(stderr, "No tickets to destroy.\n"); - else { - fprintf(stderr, "Tickets NOT destroyed.\n"); - if (!qflag) - fprintf(stderr, "\007"); - exit(1); - } - } - exit(0); -} diff --git a/eBones/usr.bin/kinit/Makefile b/eBones/usr.bin/kinit/Makefile deleted file mode 100644 index 94549dceb4ec..000000000000 --- a/eBones/usr.bin/kinit/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.5 1995/09/14 04:06:11 gibbs Exp $ - -PROG= kinit -CFLAGS+=-DKERBEROS -DDEBUG -DBSD42 -DPADD= ${LIBKRB} ${LIBDES} -LDADD= -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN1= kinit.1 - -.include <bsd.prog.mk> diff --git a/eBones/usr.bin/kinit/kinit.1 b/eBones/usr.bin/kinit/kinit.1 deleted file mode 100644 index f9a97a738201..000000000000 --- a/eBones/usr.bin/kinit/kinit.1 +++ /dev/null @@ -1,133 +0,0 @@ -.\" from: kinit.1,v 4.6 89/01/23 11:39:11 jtkohl Exp $ -.\" $Id: kinit.1,v 1.2 1994/07/19 19:27:36 g89r4222 Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kinit \- Kerberos login utility -.SH SYNOPSIS -.B kinit -[ -.B \-irvl -] -.SH DESCRIPTION -The -.I kinit -command is used to login to the -Kerberos -authentication and authorization system. -Note that only registered -Kerberos -users can use the -Kerberos -system. -For information about registering as a -Kerberos -user, -see the -.I kerberos(1) -manual page. -.PP -If you are logged in to a workstation that is running the -.I toehold -service, -you do not have to use -.I kinit. -The -.I toehold -login procedure will log you into -Kerberos -automatically. -You will need to use -.I kinit -only in those situations in which -your original tickets have expired. -(Tickets expire in about a day.) -Note as well that -.I toehold -will automatically destroy your tickets when you logout from the workstation. -.PP -When you use -.I kinit -without options, -the utility -prompts for your username and Kerberos password, -and tries to authenticate your login with the local -Kerberos -server. -.PP -If -Kerberos -authenticates the login attempt, -.I kinit -retrieves your initial ticket and puts it in the ticket file specified by -your KRBTKFILE environment variable. -If this variable is undefined, -your ticket will be stored in the -.IR /tmp -directory, -in the file -.I tktuid , -where -.I uid -specifies your user identification number. -.PP -If you have logged in to -Kerberos -without the benefit of the workstation -.I toehold -system, -make sure you use the -.I kdestroy -command to destroy any active tickets before you end your login session. -You may want to put the -.I kdestroy -command in your -.I \.logout -file so that your tickets will be destroyed automatically when you logout. -.PP -The options to -.I kinit -are as follows: -.TP 7 -.B \-i -.I kinit -prompts you for a -Kerberos -instance. -.TP -.B \-r -.I kinit -prompts you for a -Kerberos -realm. -This option lets you authenticate yourself with a remote -Kerberos -server. -.TP -.B \-v -Verbose mode. -.I kinit -prints the name of the ticket file used, and -a status message indicating the success or failure of -your login attempt. -.TP -.B \-l -.I kinit -prompts you for a ticket lifetime in minutes. Due to protocol -restrictions in Kerberos Version 4, this value must be between 5 and -1275 minutes. -.SH SEE ALSO -.PP -kerberos(1), kdestroy(1), klist(1), toehold(1) -.SH BUGS -The -.B \-r -option has not been fully implemented. -.SH AUTHORS -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.br -Clifford Neuman, MIT Project Athena diff --git a/eBones/usr.bin/kinit/kinit.c b/eBones/usr.bin/kinit/kinit.c deleted file mode 100644 index 66a6f7f2c3d7..000000000000 --- a/eBones/usr.bin/kinit/kinit.c +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * Routine to initialize user to Kerberos. Prompts optionally for - * user, instance and realm. Authenticates user and gets a ticket - * for the Kerberos ticket-granting service for future use. - * - * Options are: - * - * -i[instance] - * -r[realm] - * -v[erbose] - * -l[ifetime] - * - * from: kinit.c,v 4.12 90/03/20 16:11:15 jon Exp $ - * $Id$ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id$"; -#endif lint -#endif - -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <pwd.h> -#include <krb.h> - -#ifndef ORGANIZATION -#define ORGANIZATION "MIT Project Athena" -#endif /*ORGANIZATION*/ - -#ifdef PC -#define LEN 64 /* just guessing */ -#endif PC - -#if defined(BSD42) || defined(__FreeBSD__) || defined(__NetBSD__) -#include <strings.h> -#include <sys/param.h> -#if defined(ultrix) || defined(sun) -#define LEN 64 -#else -#define LEN MAXHOSTNAMELEN -#endif /* defined(ultrix) || defined(sun) */ -#endif /* BSD42 */ - -#define LIFE 96 /* lifetime of ticket in 5-minute units */ - -char *progname; - -void usage(void); - -void -get_input(s, size, stream) -char *s; -int size; -FILE *stream; -{ - char *p; - - if (fgets(s, size, stream) == NULL) - exit(1); - if ((p = index(s, '\n')) != NULL) - *p = '\0'; -} - -int -main(argc, argv) - int argc; - char *argv[]; -{ - char aname[ANAME_SZ]; - char inst[INST_SZ]; - char realm[REALM_SZ]; - char buf[LEN]; - char *username = NULL; - int iflag, rflag, vflag, lflag, lifetime, k_errno; - register char *cp; - register i; - - *inst = *realm = '\0'; - iflag = rflag = vflag = lflag = 0; - lifetime = LIFE; - progname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv; - - while (--argc) { - if ((*++argv)[0] != '-') { - if (username) - usage(); - username = *argv; - continue; - } - for (i = 1; (*argv)[i] != '\0'; i++) - switch ((*argv)[i]) { - case 'i': /* Instance */ - ++iflag; - continue; - case 'r': /* Realm */ - ++rflag; - continue; - case 'v': /* Verbose */ - ++vflag; - continue; - case 'l': - ++lflag; - continue; - default: - usage(); - exit(1); - } - } - if (username && - (k_errno = kname_parse(aname, inst, realm, username)) - != KSUCCESS) { - fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]); - iflag = rflag = 1; - username = NULL; - } - if (k_gethostname(buf, LEN)) { - fprintf(stderr, "%s: k_gethostname failed\n", progname); - exit(1); - } - printf("%s (%s)\n", ORGANIZATION, buf); - if (username) { - printf("Kerberos Initialization for \"%s", aname); - if (*inst) - printf(".%s", inst); - if (*realm) - printf("@%s", realm); - printf("\"\n"); - } else { - if (iflag) { - printf("Kerberos Initialization\n"); - printf("Kerberos name: "); - get_input(aname, sizeof(aname), stdin); - } else { - int uid = getuid(); - char *getenv(); - struct passwd *pwd; - - /* default to current user name unless running as root */ - if (uid == 0 && (username = getenv("USER")) && - strcmp(username, "root") != 0) { - strncpy(aname, username, sizeof(aname)); - strncpy(inst, "root", sizeof(inst)); - } else { - pwd = getpwuid(uid); - - if (pwd == (struct passwd *) NULL) { - fprintf(stderr, "Unknown name for your uid\n"); - printf("Kerberos name: "); - get_input(aname, sizeof(aname), stdin); - } else - strncpy(aname, pwd->pw_name, sizeof(aname)); - } - } - - if (!*aname) - exit(0); - if (!k_isname(aname)) { - fprintf(stderr, "%s: bad Kerberos name format\n", - progname); - exit(1); - } - } - /* optional instance */ - if (iflag) { - printf("Kerberos instance: "); - get_input(inst, sizeof(inst), stdin); - if (!k_isinst(inst)) { - fprintf(stderr, "%s: bad Kerberos instance format\n", - progname); - exit(1); - } - } - if (rflag) { - printf("Kerberos realm: "); - get_input(realm, sizeof(realm), stdin); - if (!k_isrealm(realm)) { - fprintf(stderr, "%s: bad Kerberos realm format\n", - progname); - exit(1); - } - } - if (lflag) { - printf("Kerberos ticket lifetime (minutes): "); - get_input(buf, sizeof(buf), stdin); - lifetime = atoi(buf); - if (lifetime < 5) - lifetime = 1; - else - lifetime /= 5; - /* This should be changed if the maximum ticket lifetime */ - /* changes */ - if (lifetime > 255) - lifetime = 255; - } - if (!*realm && krb_get_lrealm(realm, 1)) { - fprintf(stderr, "%s: krb_get_lrealm failed\n", progname); - exit(1); - } - k_errno = krb_get_pw_in_tkt(aname, inst, realm, "krbtgt", realm, - lifetime, 0); - if (vflag) { - printf("Kerberos realm %s:\n", realm); - printf("%s\n", krb_err_txt[k_errno]); - } else if (k_errno) { - fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]); - exit(1); - } - return 0; -} - -void -usage() -{ - fprintf(stderr, "Usage: %s [-irvl] [name]\n", progname); - exit(1); -} diff --git a/eBones/usr.bin/klist/Makefile b/eBones/usr.bin/klist/Makefile deleted file mode 100644 index ef144105a673..000000000000 --- a/eBones/usr.bin/klist/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.5 1995/09/14 04:06:15 gibbs Exp $ - -PROG= klist -CFLAGS+=-DKERBEROS -DDEBUG -DPADD= ${LIBKRB} ${LIBDES} -LDADD= -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN1= klist.1 - -.include <bsd.prog.mk> diff --git a/eBones/usr.bin/klist/klist.1 b/eBones/usr.bin/klist/klist.1 deleted file mode 100644 index af7e31ad2048..000000000000 --- a/eBones/usr.bin/klist/klist.1 +++ /dev/null @@ -1,84 +0,0 @@ -.\" from: klist.1,v 4.8 89/01/24 14:35:09 jtkohl Exp $ -.\" $Id: klist.1,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -klist \- list currently held Kerberos tickets -.SH SYNOPSIS -.B klist -[ -\fB\-s \fR|\fB \-t\fR -] [ -.B \-file -name ] [ -.B \-srvtab -] -.br -.SH DESCRIPTION -.I klist -prints the name of the tickets file and the -identity of the principal the tickets are for (as listed in the -tickets file), and -lists the principal names of all Kerberos tickets currently held by -the user, along with the issue and expire time for each authenticator. -Principal names are listed in the form -.I name.instance@realm, -with the '.' omitted if the instance is null, -and the '@' omitted if the realm is null. - -If given the -.B \-s -option, -.I klist -does not print the issue and expire times, the name of the tickets file, -or the identity of the principal. - -If given the -.B \-t -option, -.B klist -checks for the existence of a non-expired ticket-granting-ticket in the -ticket file. If one is present, it exits with status 0, else it exits -with status 1. No output is generated when this option is specified. - -If given the -.B \-file -option, the following argument is used as the ticket file. -Otherwise, if the -.B KRBTKFILE -environment variable is set, it is used. -If this environment variable -is not set, the file -.B /tmp/tkt[uid] -is used, where -.B uid -is the current user-id of the user. - -If given the -.B \-srvtab -option, the file is treated as a service key file, and the names of the -keys contained therein are printed. If no file is -specified with a -.B \-file -option, the default is -.IR /etc/kerberosIV/srvtab . -.SH FILES -.TP 2i -/etc/kerberosIV/krb.conf -to get the name of the local realm -.TP -/tmp/tkt[uid] -as the default ticket file ([uid] is the decimal UID of the user). -.TP -/etc/kerberosIV/srvtab -as the default service key file -.SH SEE ALSO -.PP -kerberos(1), kinit(1), kdestroy(1) -.SH BUGS -When reading a file as a service key file, very little sanity or error -checking is performed. diff --git a/eBones/usr.bin/klist/klist.c b/eBones/usr.bin/klist/klist.c deleted file mode 100644 index 0927dcb7f58f..000000000000 --- a/eBones/usr.bin/klist/klist.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * Lists your current Kerberos tickets. - * Written by Bill Sommerfeld, MIT Project Athena. - * - * from: klist.c,v 4.15 89/08/30 11:19:16 jtkohl Exp $ - * $Id: klist.c,v 1.3 1995/07/18 16:37:59 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: klist.c,v 1.3 1995/07/18 16:37:59 mark Exp $"; -#endif lint -#endif - -#include <unistd.h> -#include <stdio.h> -#include <stdlib.h> -#include <strings.h> -#include <sys/file.h> -#include <krb.h> -#include <prot.h> -#include <time.h> - -int ok_getst(int fd, char *s, int n); -void display_srvtab(char *file); -char *short_date(long *dp); -void usage(void); -void display_tktfile(char *file, int tgt_test, int long_form); - -char *whoami; /* What was I invoked as?? */ - -extern char *krb_err_txt[]; - -/* ARGSUSED */ -int -main(argc, argv) - int argc; - char **argv; -{ - int long_form = 1; - int tgt_test = 0; - int do_srvtab = 0; - char *tkt_file = NULL; - char *cp; - - whoami = (cp = rindex(*argv, '/')) ? cp + 1 : *argv; - - while (*(++argv)) { - if (!strcmp(*argv, "-s")) { - long_form = 0; - continue; - } - if (!strcmp(*argv, "-t")) { - tgt_test = 1; - long_form = 0; - continue; - } - if (!strcmp(*argv, "-l")) { /* now default */ - continue; - } - if (!strcmp(*argv, "-file")) { - if (*(++argv)) { - tkt_file = *argv; - continue; - } else - usage(); - } - if (!strcmp(*argv, "-srvtab")) { - if (tkt_file == NULL) /* if no other file spec'ed, - set file to default srvtab */ - tkt_file = KEYFILE; - do_srvtab = 1; - continue; - } - usage(); - } - - if (do_srvtab) - display_srvtab(tkt_file); - else - display_tktfile(tkt_file, tgt_test, long_form); - exit(0); -} - -void -display_tktfile(file, tgt_test, long_form) -char *file; -int tgt_test, long_form; -{ - char pname[ANAME_SZ]; - char pinst[INST_SZ]; - char prealm[REALM_SZ]; - char buf1[20], buf2[20]; - int k_errno; - CREDENTIALS c; - int header = 1; - - if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL)) - file = TKT_FILE; - - if (long_form) - printf("Ticket file: %s\n", file); - - /* - * Since krb_get_tf_realm will return a ticket_file error, - * we will call tf_init and tf_close first to filter out - * things like no ticket file. Otherwise, the error that - * the user would see would be - * klist: can't find realm of ticket file: No ticket file (tf_util) - * instead of - * klist: No ticket file (tf_util) - */ - - /* Open ticket file */ - if ((k_errno = tf_init(file, R_TKT_FIL))) { - if (!tgt_test) - fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]); - exit(1); - } - /* Close ticket file */ - (void) tf_close(); - - /* - * We must find the realm of the ticket file here before calling - * tf_init because since the realm of the ticket file is not - * really stored in the principal section of the file, the - * routine we use must itself call tf_init and tf_close. - */ - if ((k_errno = krb_get_tf_realm(file, prealm)) != KSUCCESS) { - if (!tgt_test) - fprintf(stderr, "%s: can't find realm of ticket file: %s\n", - whoami, krb_err_txt[k_errno]); - exit(1); - } - - /* Open ticket file */ - if ((k_errno = tf_init(file, R_TKT_FIL))) { - if (!tgt_test) - fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]); - exit(1); - } - /* Get principal name and instance */ - if ((k_errno = tf_get_pname(pname)) || - (k_errno = tf_get_pinst(pinst))) { - if (!tgt_test) - fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]); - exit(1); - } - - /* - * You may think that this is the obvious place to get the - * realm of the ticket file, but it can't be done here as the - * routine to do this must open the ticket file. This is why - * it was done before tf_init. - */ - - if (!tgt_test && long_form) - printf("Principal:\t%s%s%s%s%s\n\n", pname, - (pinst[0] ? "." : ""), pinst, - (prealm[0] ? "@" : ""), prealm); - while ((k_errno = tf_get_cred(&c)) == KSUCCESS) { - if (!tgt_test && long_form && header) { - printf("%-15s %-15s %s\n", - " Issued", " Expires", " Principal"); - header = 0; - } - if (tgt_test) { - c.issue_date += ((unsigned char) c.lifetime) * 5 * 60; - if (!strcmp(c.service, TICKET_GRANTING_TICKET) && - !strcmp(c.instance, prealm)) { - if (time(0) < c.issue_date) - exit(0); /* tgt hasn't expired */ - else - exit(1); /* has expired */ - } - continue; /* not a tgt */ - } - if (long_form) { - (void) strcpy(buf1, short_date(&c.issue_date)); - c.issue_date += ((unsigned char) c.lifetime) * 5 * 60; - (void) strcpy(buf2, short_date(&c.issue_date)); - printf("%s %s ", buf1, buf2); - } - printf("%s%s%s%s%s\n", - c.service, (c.instance[0] ? "." : ""), c.instance, - (c.realm[0] ? "@" : ""), c.realm); - } - if (tgt_test) - exit(1); /* no tgt found */ - if (header && long_form && k_errno == EOF) { - printf("No tickets in file.\n"); - } -} - -char * -short_date(dp) - long *dp; -{ - register char *cp; - extern char *ctime(); - cp = ctime(dp) + 4; - cp[15] = '\0'; - return (cp); -} - -void -usage() -{ - fprintf(stderr, - "Usage: %s [ -s | -t ] [ -file filename ] [ -srvtab ]\n", whoami); - exit(1); -} - -void -display_srvtab(file) -char *file; -{ - int stab; - char serv[SNAME_SZ]; - char inst[INST_SZ]; - char rlm[REALM_SZ]; - unsigned char key[8]; - unsigned char vno; - int count; - - printf("Server key file: %s\n", file); - - if ((stab = open(file, O_RDONLY, 0400)) < 0) { - perror(file); - exit(1); - } - printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm", - "Key Version"); - printf("------------------------------------------------------\n"); - - /* argh. getst doesn't return error codes, it silently fails */ - while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0) - && ((count = ok_getst(stab, inst, INST_SZ)) > 0) - && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) { - if (((count = read(stab,(char *) &vno,1)) != 1) || - ((count = read(stab,(char *) key,8)) != 8)) { - if (count < 0) - perror("reading from key file"); - else - fprintf(stderr, "key file truncated\n"); - exit(1); - } - printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno); - } - if (count < 0) - perror(file); - (void) close(stab); -} - -/* adapted from getst() in librkb */ -/* - * ok_getst() takes a file descriptor, a string and a count. It reads - * from the file until either it has read "count" characters, or until - * it reads a null byte. When finished, what has been read exists in - * the given string "s". If "count" characters were actually read, the - * last is changed to a null, so the returned string is always null- - * terminated. ok_getst() returns the number of characters read, including - * the null terminator. - * - * If there is a read error, it returns -1 (like the read(2) system call) - */ - -int -ok_getst(fd, s, n) - int fd; - register char *s; - int n; -{ - register count = n; - int err; - while ((err = read(fd, s, 1)) > 0 && --count) - if (*s++ == '\0') - return (n - count); - if (err < 0) - return(-1); - *s = '\0'; - return (n - count); -} diff --git a/eBones/usr.bin/ksrvtgt/Makefile b/eBones/usr.bin/ksrvtgt/Makefile deleted file mode 100644 index a00940d1384a..000000000000 --- a/eBones/usr.bin/ksrvtgt/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.5 1995/09/14 04:06:18 gibbs Exp $ - -PROG= ksrvtgt -CFLAGS+=-DKERBEROS -DDEBUG -DPADD= ${LIBKRB} ${LIBDES} -LDADD= -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN1= ksrvtgt.1 - -.include <bsd.prog.mk> diff --git a/eBones/usr.bin/ksrvtgt/ksrvtgt.1 b/eBones/usr.bin/ksrvtgt/ksrvtgt.1 deleted file mode 100644 index 129c7457215c..000000000000 --- a/eBones/usr.bin/ksrvtgt/ksrvtgt.1 +++ /dev/null @@ -1,51 +0,0 @@ -.\" from: ksrvtgt.1,v 4.1 89/01/24 14:36:28 jtkohl Exp $ -.\" $Id: ksrvtgt.1,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a -service key -.SH SYNOPSIS -.B ksrvtgt -name instance [[realm] srvtab] -.SH DESCRIPTION -.I ksrvtgt -retrieves a ticket-granting ticket with a lifetime of five (5) minutes -for the principal -.I name.instance@realm -(or -.I name.instance@localrealm -if -.I realm -is not supplied on the command line), decrypts the response using -the service key found in -.I srvtab -(or in -.B /etc/kerberosIV/srvtab -if -.I srvtab -is not specified on the command line), and stores the ticket in the -standard ticket cache. -.PP -This command is intended primarily for use in shell scripts and other -batch-type facilities. -.SH DIAGNOSTICS -"Generic kerberos failure (kfailure)" can indicate a whole range of -problems, the most common of which is the inability to read the service -key file. -.SH FILES -.TP 2i -/etc/kerberosIV/krb.conf -to get the name of the local realm. -.TP -/tmp/tkt[uid] -The default ticket file. -.TP -/etc/kerberosIV/srvtab -The default service key file. -.SH SEE ALSO -kerberos(1), kinit(1), kdestroy(1) diff --git a/eBones/usr.bin/ksrvtgt/ksrvtgt.c b/eBones/usr.bin/ksrvtgt/ksrvtgt.c deleted file mode 100644 index 0f92394b6bbd..000000000000 --- a/eBones/usr.bin/ksrvtgt/ksrvtgt.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * Get a ticket-granting-ticket given a service key file (srvtab) - * The lifetime is the shortest allowed [1 five-minute interval] - * - * from: ksrvtgt.c,v 4.3 89/07/28 10:17:28 jtkohl Exp $ - * $Id: ksrvtgt.c,v 1.3 1995/07/18 16:40:07 mark Exp $ - */ - -#ifndef lint -const char rcsid[] = -"$Id: ksrvtgt.c,v 1.3 1995/07/18 16:40:07 mark Exp $"; -#endif /* lint */ - -#include <stdio.h> -#include <string.h> -#include <sys/param.h> -#include <krb.h> -#include <conf.h> - -int -main(argc,argv) - int argc; - char **argv; -{ - char realm[REALM_SZ + 1]; - register int code; - char srvtab[MAXPATHLEN + 1]; - - bzero(realm, sizeof(realm)); - bzero(srvtab, sizeof(srvtab)); - - if (argc < 3 || argc > 5) { - fprintf(stderr, "Usage: %s name instance [[realm] srvtab]\n", - argv[0]); - exit(1); - } - - if (argc == 4) - (void) strncpy(srvtab, argv[3], sizeof(srvtab) -1); - - if (argc == 5) { - (void) strncpy(realm, argv[3], sizeof(realm) - 1); - (void) strncpy(srvtab, argv[4], sizeof(srvtab) -1); - } - - if (srvtab[0] == 0) - (void) strcpy(srvtab, KEYFILE); - - if (realm[0] == 0) - if (krb_get_lrealm(realm, 1) != KSUCCESS) - (void) strcpy(realm, KRB_REALM); - - code = krb_get_svc_in_tkt(argv[1], argv[2], realm, - "krbtgt", realm, 1, srvtab); - if (code) - fprintf(stderr, "%s\n", krb_err_txt[code]); - exit(code); -} diff --git a/eBones/usr.bin/passwd/kpasswd.c b/eBones/usr.bin/passwd/kpasswd.c deleted file mode 100644 index 90f92474ed05..000000000000 --- a/eBones/usr.bin/passwd/kpasswd.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * change your password with kerberos - */ - -#ifndef lint -#if 0 -static char rcsid_kpasswd_c[] = - "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp "; -#endif -static const char rcsid[] = - "$Id$"; -#endif lint - -/* - * kpasswd - * change your password with kerberos - */ - -#include <stdio.h> -#include <sys/types.h> -#include <sys/param.h> -#include <pwd.h> -#include "kadm.h" - -#include "extern.h" - -extern void krb_set_tkt_string(); -static void go_home(char *, int); - - -int krb_passwd(char *uname, char *iflag, char *rflag, char *uflag) -{ - char name[ANAME_SZ]; /* name of user */ - char inst[INST_SZ]; /* instance of user */ - char realm[REALM_SZ]; /* realm of user */ - char default_name[ANAME_SZ]; - char default_inst[INST_SZ]; - char default_realm[REALM_SZ]; - int realm_given = 0; /* True if realm was give on cmdline */ - int use_default = 1; /* True if we should use default name */ - struct passwd *pw; - int status; /* return code */ - des_cblock new_key; - int c; - extern char *optarg; - extern int optind; - char tktstring[MAXPATHLEN]; - - void get_pw_new_key(); - -#ifdef NOENCRYPTION -#define read_long_pw_string placebo_read_pw_string -#else -#define read_long_pw_string des_read_pw_string -#endif - int read_long_pw_string(); - - bzero(name, sizeof(name)); - bzero(inst, sizeof(inst)); - bzero(realm, sizeof(realm)); - - if (krb_get_tf_fullname(TKT_FILE, default_name, default_inst, - default_realm) != KSUCCESS) { - pw = getpwuid((int) getuid()); - if (pw) { - strcpy(default_name, pw->pw_name); - } else { - /* seems like a null name is kinda silly */ - strcpy(default_name, ""); - } - strcpy(default_inst, ""); - if (krb_get_lrealm(default_realm, 1) != KSUCCESS) - strcpy(default_realm, KRB_REALM); - } - - if(uflag) { - if (status = kname_parse(name, inst, realm, uflag)) { - errx(2, "Kerberos error: %s", krb_err_txt[status]); - } - if (realm[0]) - realm_given++; - else - if (krb_get_lrealm(realm, 1) != KSUCCESS) - strcpy(realm, KRB_REALM); - } - - if(uname) { - if (k_isname(uname)) { - strncpy(name, uname, sizeof(name) - 1); - } else { - errx(1, "bad name: %s", uname); - } - } - - if(iflag) { - if (k_isinst(iflag)) { - strncpy(inst, iflag, sizeof(inst) - 1); - } else { - errx(1, "bad instance: %s", iflag); - } - } - - if(rflag) { - if (k_isrealm(rflag)) { - strncpy(realm, rflag, sizeof(realm) - 1); - realm_given++; - } else { - errx(1, "bad realm: %s", rflag); - } - } - - if(uname || iflag || rflag || uflag) use_default = 0; - - if (use_default) { - strcpy(name, default_name); - strcpy(inst, default_inst); - strcpy(realm, default_realm); - } else { - if (!name[0]) - strcpy(name, default_name); - if (!realm[0]) - strcpy(realm, default_realm); - } - - (void) sprintf(tktstring, "/tmp/tkt_cpw_%d",getpid()); - krb_set_tkt_string(tktstring); - - get_pw_new_key(new_key, name, inst, realm, realm_given); - - if ((status = kadm_init_link("changepw", KRB_MASTER, realm)) - != KADM_SUCCESS) - com_err("kpasswd", status, "while initializing"); - else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS) - com_err("kpasswd", status, " attempting to change password."); - - if (status != KADM_SUCCESS) - fprintf(stderr,"Password NOT changed.\n"); - else - printf("Password changed.\n"); - - (void) dest_tkt(); - if (status) - exit(2); - else - exit(0); -} - -void get_pw_new_key(new_key, name, inst, realm, print_realm) - des_cblock new_key; - char *name; - char *inst; - char *realm; - int print_realm; /* True if realm was give on cmdline */ -{ - char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ - char pword[MAX_KPW_LEN]; /* storage for the password */ - char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ - - char local_realm[REALM_SZ]; - int status; - - /* - * We don't care about failure; this is to determine whether or - * not to print the realm in the prompt for a new password. - */ - (void) krb_get_lrealm(local_realm, 1); - - if (strcmp(local_realm, realm)) - print_realm++; - - (void) sprintf(ppromp,"Old password for %s%s%s%s%s:", - name, *inst ? "." : "", inst, - print_realm ? "@" : "", print_realm ? realm : ""); - if (read_long_pw_string(pword, sizeof(pword)-1, ppromp, 0)) { - fprintf(stderr, "Error reading old password.\n"); - exit(1); - } - - if ((status = krb_get_pw_in_tkt(name, inst, realm, PWSERV_NAME, - KADM_SINST, 1, pword)) != KSUCCESS) { - if (status == INTK_BADPW) { - printf("Incorrect old password.\n"); - exit(0); - } - else { - fprintf(stderr, "Kerberos error: %s\n", krb_err_txt[status]); - exit(1); - } - } - bzero(pword, sizeof(pword)); - do { - (void) sprintf(npromp,"New Password for %s%s%s%s%s:", - name, *inst ? "." : "", inst, - print_realm ? "@" : "", print_realm ? realm : ""); - if (read_long_pw_string(pword, sizeof(pword)-1, npromp, 1)) - go_home("Error reading new password, password unchanged.\n",0); - if (strlen(pword) == 0) - printf("Null passwords are not allowed; try again.\n"); - } while (strlen(pword) == 0); - -#ifdef NOENCRYPTION - bzero((char *) new_key, sizeof(des_cblock)); - new_key[0] = (unsigned char) 1; -#else - (void) des_string_to_key(pword, (des_cblock *)new_key); -#endif - bzero(pword, sizeof(pword)); -} - -static void -go_home(str,x) - char *str; - int x; -{ - fprintf(stderr, str, x); - (void) dest_tkt(); - exit(1); -} diff --git a/eBones/usr.bin/register/Makefile b/eBones/usr.bin/register/Makefile deleted file mode 100644 index 9e4b170386f6..000000000000 --- a/eBones/usr.bin/register/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 6/1/93 -# $Id: Makefile,v 1.5 1995/09/14 04:08:57 gibbs Exp $ - -PROG= register -CFLAGS+=-DCRYPT -DDEBUG -DKERBEROS -DPADD= ${LIBKRB} ${LIBDES} ${LIBCRYPT} -LDADD= -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -lcrypt -BINOWN= root -BINMODE=4555 - -.include <bsd.prog.mk> diff --git a/eBones/usr.bin/register/pathnames.h b/eBones/usr.bin/register/pathnames.h deleted file mode 100644 index 611c54f28a24..000000000000 --- a/eBones/usr.bin/register/pathnames.h +++ /dev/null @@ -1,39 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)pathnames.h 8.1 (Berkeley) 6/1/93 - */ - -#define SERVER_KEYDIR "/etc/kerberosIV/register_keys" -#define CLIENT_KEYFILE "/etc/kerberosIV/.update.key" -#define KEYFILE_BASE ".update.key" -#define _PATH_KPASSWD "/usr/bin/passwd" diff --git a/eBones/usr.bin/register/register.1 b/eBones/usr.bin/register/register.1 deleted file mode 100644 index 0ac298dcaab5..000000000000 --- a/eBones/usr.bin/register/register.1 +++ /dev/null @@ -1,63 +0,0 @@ -.\" Copyright (c) 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)register.1 8.1 (Berkeley) 6/1/93 -.\" -.TH REGISTER 1 "June 1, 1993" -.UC 7 -.SH NAME -register \- register with Kerberos -.SH SYNOPSIS -.B register -.SH DESCRIPTION -The -.I register -command -is used to register a new user with Kerberos. -The Kerberos server keeps record of certain trusted hosts -from which it will accept new registrations. -If the host on which -.I register -is run is trusted by Kerberos, the user -is asked for his current password, and then -a new password to be used with Kerberos. -A user may only register with Kerberos one time. -.SH FILES -.br -/etc/kerberosIV/.update.keyxx.xx.xx.xx shared DES key with server -.SH "SEE ALSO" -registerd(8), kerberos(1) -.SH DIAGNOSTICS -\*(lqPrincipal not unique\*(rq -if the user already exists in the Kerberos database. -.br -\*(lqPermission Denied,\*(rq -if the host on which register is being run is untrusted. diff --git a/eBones/usr.bin/register/register.c b/eBones/usr.bin/register/register.c deleted file mode 100644 index d38dcc456b08..000000000000 --- a/eBones/usr.bin/register/register.c +++ /dev/null @@ -1,316 +0,0 @@ -/*- - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#ifndef lint -static char copyright[] = -"@(#) Copyright (c) 1989, 1993\n\ - The Regents of the University of California. All rights reserved.\n"; -static char sccsid[] = "@(#)register.c 8.1 (Berkeley) 6/1/93"; -#endif /* not lint */ -#endif - -#include <string.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/param.h> -#include <sys/time.h> -#include <sys/resource.h> -#include <sys/socket.h> -#include <sys/file.h> -#include <sys/signal.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <pwd.h> -#include <stdio.h> -#include <netdb.h> -#include <des.h> -#include <krb.h> -#include "pathnames.h" -#include "register_proto.h" - -#define SERVICE "krbupdate" /* service to add to KDC's database */ -#define PROTOCOL "tcp" - -void die(int); -void type_info(void); -void setup_key(struct sockaddr_in local); -void cleanup(void); -int get_user_info(void); - -char realm[REALM_SZ]; -char krbhst[MAX_HSTNM]; - -static char pname[ANAME_SZ]; -static char iname[INST_SZ]; -static char password[_PASSWORD_LEN]; - -void -main(argc, argv) - int argc; - char **argv; -{ - struct servent *se; - struct hostent *host; - struct sockaddr_in sin, local; - int rval; - int sock, llen; - u_char code; - static struct rlimit rl = { 0, 0 }; - - signal(SIGPIPE, die); - - if (setrlimit(RLIMIT_CORE, &rl) < 0) { - perror("rlimit"); - exit(1); - } - - if ((se = getservbyname(SERVICE, PROTOCOL)) == NULL) { - fprintf(stderr, "couldn't find entry for service %s\n", - SERVICE); - exit(1); - } - if ((rval = krb_get_lrealm(realm,0)) != KSUCCESS) { - fprintf(stderr, "couldn't get local Kerberos realm: %s\n", - krb_err_txt[rval]); - exit(1); - } - - if ((rval = krb_get_krbhst(krbhst, realm, 1)) != KSUCCESS) { - fprintf(stderr, "couldn't get Kerberos host: %s\n", - krb_err_txt[rval]); - exit(1); - } - - if ((host = gethostbyname(krbhst)) == NULL) { - fprintf(stderr, "couldn't get host entry for host %s\n", - krbhst); - exit(1); - } - - sin.sin_family = host->h_addrtype; - (void)bcopy(host->h_addr, (char *) &sin.sin_addr, host->h_length); - sin.sin_port = se->s_port; - - if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { - perror("socket"); - exit(1); - } - - if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) { - perror("connect"); - (void)close(sock); - exit(1); - } - - llen = sizeof(local); - if (getsockname(sock, (struct sockaddr *) &local, &llen) < 0) { - perror("getsockname"); - (void)close(sock); - exit(1); - } - - setup_key(local); - - type_info(); - - if (!get_user_info()) { - code = ABORT; - (void)des_write(sock, &code, 1); - cleanup(); - exit(1); - } - - code = APPEND_DB; - if (des_write(sock, &code, 1) != 1) { - perror("write 1"); - cleanup(); - exit(1); - } - - if (des_write(sock, pname, ANAME_SZ) != ANAME_SZ) { - perror("write principal name"); - cleanup(); - exit(1); - } - - if (des_write(sock, iname, INST_SZ) != INST_SZ) { - perror("write instance name"); - cleanup(); - exit(1); - } - - if (des_write(sock, password, 255) != 255) { - perror("write password"); - cleanup(); - exit(1); - } - - /* get return message */ - - { - int cc; - char msgbuf[BUFSIZ]; - - cc = read(sock, msgbuf, BUFSIZ); - if (cc <= 0) { - fprintf(stderr, "protocol error during key verification\n"); - cleanup(); - exit(1); - } - if (strncmp(msgbuf, GOTKEY_MSG, 6) != 0) { - fprintf(stderr, "%s: %s", krbhst, msgbuf); - cleanup(); - exit(1); - } - - cc = des_read(sock, msgbuf, BUFSIZ); - if (cc <= 0) { - fprintf(stderr, "protocol error during read\n"); - cleanup(); - exit(1); - } else { - printf("%s: %s", krbhst, msgbuf); - } - } - - cleanup(); - close(sock); -} - -void -cleanup() -{ - bzero(password, 255); -} - -extern char *crypt(); -extern char *getpass(); - -int -get_user_info() -{ - int uid = getuid(); - int valid = 0, i; - struct passwd *pw; - char *pas, *namep; - - /* NB: we must run setuid-root to get at the real pw file */ - - if ((pw = getpwuid(uid)) == NULL) { - fprintf(stderr, "Who are you?\n"); - return(0); - } - (void)seteuid(uid); - (void)strcpy(pname, pw->pw_name); /* principal name */ - - for (i = 1; i < 3; i++) { - pas = getpass("login password:"); - namep = crypt(pas, pw->pw_passwd); - if (strcmp(namep, pw->pw_passwd)) { - fprintf(stderr, "Password incorrect\n"); - continue; - } else { - valid = 1; - break; - } - } - if (!valid) - return(0); - pas = getpass("Kerberos password (may be the same):"); - while (*pas == NULL) { - printf("<NULL> password not allowed\n"); - pas = getpass("Kerberos password (may be the same):"); - } - (void)strcpy(password, pas); /* password */ - pas = getpass("Retype Kerberos password:"); - if (strcmp(password, pas)) { - fprintf(stderr, "Password mismatch -- aborted\n"); - return(0); - } - - iname[0] = NULL; /* null instance name */ - return(1); -} - -void -setup_key(local) - struct sockaddr_in local; -{ - static struct keyfile_data kdata; - static Key_schedule schedule; - int fd; - char namebuf[MAXPATHLEN]; - - (void) sprintf(namebuf, "%s%s", - CLIENT_KEYFILE, - inet_ntoa(local.sin_addr)); - - fd = open(namebuf, O_RDONLY); - if (fd < 0) { - fprintf(stderr, "couldn't open key file %s for local host: ", - namebuf); - perror(""); - exit(1); - } - - if (read(fd, (char *)&kdata, sizeof(kdata)) != sizeof(kdata)) { - fprintf(stderr,"size error reading key file for local host %s\n", - inet_ntoa(local.sin_addr)); - exit(1); - } - key_sched((des_cblock *)kdata.kf_key, schedule); - des_set_key_krb((des_cblock *)kdata.kf_key, schedule); - return; -} - -void -type_info() -{ - printf("Kerberos user registration (realm %s)\n\n", realm); - printf("Please enter your login password followed by your new Kerberos password.\n"); - printf("The Kerberos password you enter now will be used in the future\n"); - printf("as your Kerberos password for all machines in the %s realm.\n", realm); - printf("You will only be allowed to perform this operation once, although you may run\n"); - printf("the %s program from now on to change your Kerberos password.\n\n", _PATH_KPASSWD); -} - -void -die(sig) - int sig; -{ - fprintf(stderr, "\nServer no longer listening\n"); - fflush(stderr); - cleanup(); - exit(1); -} diff --git a/eBones/usr.bin/register/register_proto.h b/eBones/usr.bin/register/register_proto.h deleted file mode 100644 index 54789494071f..000000000000 --- a/eBones/usr.bin/register/register_proto.h +++ /dev/null @@ -1,43 +0,0 @@ -/*- - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)register_proto.h 8.1 (Berkeley) 6/1/93 - */ - -#define APPEND_DB 0x01 -#define ABORT 0x02 - -#define GOTKEY_MSG "GOTKEY" - -struct keyfile_data { - C_Block kf_key; -}; diff --git a/eBones/usr.bin/rkinit/Makefile b/eBones/usr.bin/rkinit/Makefile deleted file mode 100644 index b910742fe1b0..000000000000 --- a/eBones/usr.bin/rkinit/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# Makefile,v 1.2 1995/01/20 22:08:14 wollman Exp - -PROG= rkinit -SRCS= ${RKINITOBJDIR}/rkinit_err.h rkinit.c -CFLAGS+= -I${KRBOBJDIR} -I${RKINITOBJDIR} -LDADD+= -L${RKINITOBJDIR} -lrkinit -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -LDADD+= -lss -lcom_err - -MAN1= rkinit.1 - -.include <bsd.prog.mk> diff --git a/eBones/usr.bin/rkinit/rkinit.1 b/eBones/usr.bin/rkinit/rkinit.1 deleted file mode 100644 index 5634d2b7483c..000000000000 --- a/eBones/usr.bin/rkinit/rkinit.1 +++ /dev/null @@ -1,206 +0,0 @@ -.\" -.\" $Header: /local/cvsfiles/kerberos/src/appl/rkinit/man/rkinit.1,v 1.1 1991/12/03 23:21:25 eichin Exp $ -.\" $Source: /local/cvsfiles/kerberos/src/appl/rkinit/man/rkinit.1,v $ -.\" $Author: eichin $ -.\" -.\" -.TH RKINIT 1 "November 12, 1989" -.UC 4 -.SH NAME -rkinit \- establish kerberos tickets safely on a remote host -.SH SYNOPSIS -.B rkinit [ host ] -[ -p -.B principal -] [ -l -.B username -] [ -k -.B kerberos_realm -] [ -f -.B ticket_file -] [ -h -.B remote_host -] [ -t -.B ticket_lifetime -] [ -.B \-notimeout -] - -A host name must be specified either as the first command line -argument or following a \-h flag. If redundant command line -arguments are given, the last one to appear takes precedence. - -.SH DESCRIPTION -.I rkinit -is a program that allows a user to establish kerberos tickets on -a remote host registered for -rlogin service. This can be done without the user's kerberos -password ever leaving the client machine. - -In order to establish tickets remotely -without the use of something like -.I rkinit, -one would have to log in to the -remote host and run -.IR kinit (1). -.I rkinit -followed by -.I rlogin -can be thought of as a safe substitute for -.I rlogin -followed -.I kinit. - -.I rkinit -uses the same access checking mechanism as -.I rlogin. -That means that -.I rkinit -can be used to create any tickets for user -.I A -on remote host -.I B -if and only if -.IR A 's -tickets would entitle a login to -.I B. -This means that one can create remote tickets for himself or for -another user if he is in that user's .klogin file. - -.I rkinit -understands the following command line options: - -.TP 4 -.B \-p \fIprincipal\fR -If -.I principal, -in the format -.I name[.inst][@realm] -is specified, the tickets created on the remote host will be the -tickets indicated by the -.I principal -field. If this option is not given, the following defaults are -used: If the user running -.I rkinit -does not have tickets on the client machine, -.I rkinit -will prompt for a password and behave effectively as if the user -had invoked -.I kinit -on the specified -remote host; i.e., -the tickets established will be owned on the remote host -by the user who invoked -.I rkinit -and will be for the local realm of the -remote host. -If the user running -.I rkinit -already has tickets, -.I rkinit -will prompt for a password and create tickets whose principal -matches that of the -tickets that the user already has. - - -.TP -.B \-l \fIusername\fR -If -.I username -is specified, the ticket file on the remote host will be owned by the -user -.I username. -If it is not specified, the tickets will be owned by -the remote user whose login name matches that of the user invoking -.I rkinit. - -.TP -.B \-r \fIrealm\fR -.I realm -is used to tell -.I rkinit -what realm the remote host is in. This -option should not usually have to be used since -.I rkinit -uses -.IR krb_realmofhost (3) -to determine the remote host's kerberos realm. Note that this -is distinct from realm as specified in -.I principal, -which refers to the realm of the remote tickets. - -.TP -.B \-f \fIticket_file\fR -This option is used to specify the name of the ticket file that -should be used on the remote host. Note that if you -specify a location for the ticket file that is other -than the default, you will have to set the environment variable -KRBTKFILE to that filename once you get to the remote host in -order for you to use the tickets. -If a ticket file is not specified, the tickets will -be placed in the -default location as specified by -.IR tkt_file (3). -On a UNIX host, this is /tmp/tkt<uid>, where -<uid> is the user id of the person who owns the remote ticket file. - -.TP -.B \-h \fIremote_host\fR -.I remote host -is the host on which remote tickets are being obtained. This -option can be used in place of specifying the host as the first -command line argument. - -.TP -.B \-t \fIticket_lifetime\fR -.I ticket lifetime -is the lifetime in minutes of the remote tickets. If it is not -specified, the default ticket life time (as defined in krb.h) is -used. - -.TP -.B \-notimeout -prevents the client from timing out. This is mainly useful only -for debugging since the rkinit server also times out. - -.SH EXAMPLES - -In the following examples, -.B tabetha -and -.B soup -are machines in the -.B ATHENA.MIT.EDU -kerberos realm and -.B local -is a user who can log in -to -.B soup -and has -.B qjb.root@ATHENA.MIT.EDU -in his .klogin file. - - -% rkinit tabetha -.br -Kerberos initialization (tabetha) -.br -Password for qjb@ATHENA.MIT.EDU: -.br -% -.br - -.br -% rkinit soup -p qjb.root -l local -.br -Kerberos initialization (soup): tickets will be owned by local -.br -Password for qjb.root@ATHENA.MIT.EDU: -.br -% - -.SH SEE ALSO -rkinitd(8), kerberos(1), kerberos(3), kinit(1) - -.SH AUTHOR -Emanuel Jay Berkenbilt (MIT-Project Athena) diff --git a/eBones/usr.bin/rkinit/rkinit.c b/eBones/usr.bin/rkinit/rkinit.c deleted file mode 100644 index 35a0eebfaa10..000000000000 --- a/eBones/usr.bin/rkinit/rkinit.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * $Id: rkinit.c,v 1.1 1993/12/10 18:41:00 dglo Exp gibbs $ - * $Source: /usr/src/eBones/rkinit/RCS/rkinit.c,v $ - * $Author: dglo $ - * - * This is an rkinit client - */ - -#if !defined(lint) && !defined(SABER) && !defined(LOCORE) && defined(RCS_HDRS) -static char *rcsid = "$Id: rkinit.c,v 1.1 1993/12/10 18:41:00 dglo Exp gibbs $"; -#endif /* lint || SABER || LOCORE || RCS_HDRS */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <sys/types.h> -#include <netdb.h> -#include <pwd.h> -#include <krb.h> -#include <des.h> -#include <com_err.h> - -#include <rkinit.h> -#include <rkinit_err.h> - -#ifndef TRUE -#define TRUE 1 -#endif - -#ifndef FALSE -#define FALSE 0 -#endif - -#ifdef __STDC__ -static void usage(void) -#else -static void usage() -#endif /* __STDC__ */ -{ - fprintf(stderr,"Usage: rkinit [host] options\n"); - fprintf(stderr, - "Options: [-l username] [-k krb_realm] [-p principal] [-f tktfile]\n"); - fprintf(stderr, " [-t lifetime] [-h host] [-notimeout]\n"); - fprintf(stderr, "A host must be specified either with the -h option "); - fprintf(stderr, "or as the first argument.\n"); - - exit(1); -} - -int -#ifdef __STDC__ -main(int argc, char *argv[]) -#else -main(argc, argv) - int argc; - char *argv[]; -#endif /* __STDC__ */ -{ - char *whoami; /* Name of this program */ - - char principal[MAX_K_NAME_SZ]; /* Principal for which to get tickets */ - char *host = NULL; /* Remote host */ - char *username = 0; /* Username of owner of ticket */ - char r_krealm[REALM_SZ]; /* Kerberos realm of remote host */ - char aname[ANAME_SZ]; /* Aname of remote ticket file */ - char inst[INST_SZ]; /* Instance of remote ticket file */ - char realm[REALM_SZ]; /* Realm of remote ticket file */ - char *tktfilename = NULL; /* Name of ticket file on remote host */ - u_long lifetime = DEFAULT_TKT_LIFE; /* Lifetime of remote tickets */ - int timeout = TRUE; /* Should we time out? */ - rkinit_info info; /* Information needed by rkinit */ - - struct passwd *localid; /* To determine local id */ - - int status = 0; /* general error number */ - - int i; - - bzero(r_krealm, sizeof(r_krealm)); - bzero(principal, sizeof(principal)); - bzero(aname, sizeof(aname)); - bzero(inst, sizeof(inst)); - bzero(realm, sizeof(realm)); - - /* Parse commandline arguements. */ - if ((whoami = rindex(argv[0], '/')) == 0) - whoami = argv[0]; - else - whoami++; - - if (argc < 2) usage(); - - if (argv[1][0] != '-') { - host = argv[1]; - i = 2; - } - else - i = 1; - - for (/* i initialized above */; i < argc; i++) { - if (strcmp(argv[i], "-h") == NULL) { - if (++i >= argc) - usage(); - else - host = argv[i]; - } - else if (strcmp(argv[i], "-l") == NULL) { - if (++i >= argc) - usage(); - else - username = argv[i]; - } - else if (strcmp(argv[i], "-k") == NULL) { - if (++i >= argc) - usage(); - else - strncpy(r_krealm, argv[i], sizeof(r_krealm) - 1); - } - else if (strcmp(argv[i], "-p") == NULL) { - if (++i >= argc) - usage(); - else - strncpy(principal, argv[i], sizeof(principal) - 1); - } - else if (strcmp(argv[i], "-f") == NULL) { - if (++i >= argc) - usage(); - else - tktfilename = argv[i]; - } - else if (strcmp(argv[i], "-t") == NULL) { - if (++i >= argc) - usage(); - else { - lifetime = atoi(argv[i])/5; - if (lifetime == 0) - lifetime = 1; - else if (lifetime > 255) - lifetime = 255; - } - } - else if (strcmp(argv[i], "-notimeout") == NULL) - timeout = FALSE; - else - usage(); - } - - if (host == NULL) - usage(); - - /* Initialize the realm of the remote host if necessary */ - if (r_krealm[0] == 0) { - /* - * Try to figure out the realm of the remote host. If the - * remote host is unknown, don't worry about it; the library - * will handle the error better and print a good error message. - */ - struct hostent *hp; - if ((hp = gethostbyname(host))) - strcpy(r_krealm, krb_realmofhost(hp->h_name)); - } - - /* If no username was specified, use local id on client host */ - if (username == 0) { - if ((localid = getpwuid(getuid())) == 0) { - fprintf(stderr, "You can not be found in the password file.\n"); - exit(1); - } - username = localid->pw_name; - } - - /* Find out who will go in the ticket file */ - if (! principal[0]) { - if ((status = krb_get_tf_fullname(TKT_FILE, aname, inst, realm)) - != KSUCCESS) { - /* - * If user has no ticket file and principal was not specified, - * we will try to get tickets for username@remote_realm - */ - strcpy(aname, username); - strcpy(realm, r_krealm); - } - } - else { - if ((status = kname_parse(aname, inst, realm, principal)) - != KSUCCESS) { - fprintf(stderr, "%s\n", krb_err_txt[status]); - exit(1); - } - if (strlen(realm) == 0) { - if (krb_get_lrealm(realm, 1) != KSUCCESS) - strcpy(realm, KRB_REALM); - } - } - - bzero((char *)&info, sizeof(info)); - - strcpy(info.aname, aname); - strcpy(info.inst, inst); - strcpy(info.realm, realm); - strcpy(info.sname, "krbtgt"); - strcpy(info.sinst, realm); - strncpy(info.username, username, sizeof(info.username) - 1); - if (tktfilename) - strncpy(info.tktfilename, tktfilename, sizeof(info.tktfilename) - 1); - info.lifetime = lifetime; - - if ((status = rkinit(host, r_krealm, &info, timeout))) { - com_err(whoami, status, "while obtaining remote tickets:"); - fprintf(stderr, "%s\n", rkinit_errmsg(0)); - exit(1); - } - - exit(0); -} |