Usenet 1993 July

home *** CD-ROM | disk | FTP | other *** search

/ Usenet 1993 July / InfoMagic USENET CD-ROM July 1993.ISO / sources / unix / volume22 / auth / part01 next >

Wrap

Internet Message Format | 1990-04-29 | 53.8 KB

Subject: v22i001: RFC 931 TCP Authentication server, Part01/02 Newsgroups: comp.sources.unix Approved: rsalz@uunet.UU.NET X-Checksum-Snefru: 478415bf 1082bb14 40ecd74b ad50453c Submitted-by: Dan Bernstein <brnstnd@acf10.nyu.edu> Posting-number: Volume 22, Issue 1 Archive-name: auth2.1/part01 [ For more details, see rfc931 which is included in this package. --r$ ] This package provides two benefits. The first is a secure user-level implementation of RFC 931, the Authentication Server; unless TCP itself is compromised, it is impossible to forge mail or news between computers supporting RFC 931. The second is a single, modular interface to TCP. Programs written to work with authtcp and attachport don't even need to be recompiled to run under a more comprehensive network security system like Kerberos, as long the auth package is replaced. #! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "sh <file", e.g.. If this archive is complete, you # will see the following message at the end: # "End of archive 1 (of 2)." # Contents: CHANGES Makefile README attachport.man authd.c authd.man # authtcp.man authuser.c authuser.h authuser.man dir.doc djbatoi.h # djberr.h # Wrapped by rsalz@litchi.bbn.com on Mon Apr 30 15:53:39 1990 PATH=/bin:/usr/bin:/usr/ucb ; export PATH if test -f 'CHANGES' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'CHANGES'\" else echo shar: Extracting \"'CHANGES'\" $3686 characters$ sed "s/^X//" >'CHANGES' <<'END_OF_FILE' X4/18/90: Packaged auth 2.1 to replace previous comp.sources.unix submission. X4/18/90: authd version 2.1. X4/18/90: authd looks much prettier. X4/18/90: attachport version 4.1. X4/18/90: authd supports ! lock files. X4/18/90: attachport forks as real uid. X4/18/90: attachport now checks periodically for lost children. X4/18/90: Corrected locking scheme for exceptional (i.e. impossible) cases. X4/18/90: authtcp version 2.1. X4/18/90: authtcp forks as real uid. X4/18/90: attachport handles signals better. X4/18/90: authtcp handles signals better. It's annoying that extensions X to the signal semantics could make secure programs insecure. X4/18/90: attachport is now just as careful. X4/18/90: authtcp is now ridiculously careful to switch to effective uid X before unlinking lock file and to real uid before exiting. X4/18/90: Aargh, fork() uses effective uid rather than real uid for X MAXUPRC checks. This ``feature'' can bring down attachport and X authtcp if MAXUPRC is small and the machine is big. X X4/2/90: attachport version 4.0. X4/2/90: authtcp version 2.0. X4/2/90: authd version 2.0. X4/2/90: authuser version 2.0. X4/2/90: Final packaging and distribution for comp.sources.unix. X X4/2/90: Everything passes lint perfectly, though not lint -hacx. X X4/2/90: attachport now understands SIGTERM from killaport. X4/2/90: All programs now use inet_ntoa() where appropriate. X4/2/90: All programs now use isascii() where appropriate. X4/2/90: attachport now understands everything. X4/2/90: Integrated attachport into auth distribution. attachport CHANGES: X 3/21/90: Somehow attachport has gotten up to 3.6. X 1/28/90: Added -0 option to wither away when input file disappears. X 1/28/90: Added -1 option as a computer-friendly -v. X 1/7/90: attachport 3.5. X Cleaned up mostly everything. X attachport version 3.0, 11/1/89. X X4/1/90: authuser now checks for USERID from the Authentication Server, X though it doesn't do anything informative upon a remote ERROR. X4/1/90: authd now uses unsigned where it should. X4/1/90: authuser now uses unsigned where it should. X4/1/90: authtcp now uses unsigned where it should. X4/1/90: authd now uses ctype.h appropriately. X X4/1/90: authd supports new locking protocol. X4/1/90: authtcp supports new locking protocol. X4/1/90: Set up new locking procedure to prevent authentication race X condition; attachport will have to support this too. X X3/31/90: authtcp version 1.8. X X3/31/90: authtcp now talks to the remote authd. X3/31/90: authuser version 1.5. X3/31/90: Redid authuser interface. X3/31/90: Added authuser library to authtcpd (now just auth) distribution. X X3/27/90: authtcp now supports getservbyname()---and an interesting X inconsistency showed up! Check sockaddr_in in netinet/in.h X versus servent.s_port in netdb.h. Ho hum. X3/27/90: Touched up authtcp a bit. X X1/31/90: authd version 1.52. X1/31/90: authtcp version 1.52. X X1/31/90: authtcp now supports TSTP. X1/31/90: Both programs now have AUTHDIR ifdefed so it can go into Makefile. X XGetopt usage compatible with dumb getopt (no special numeric treatment). X X1/7/90: authd version 1.5. X1/7/90: authtcp version 1.5. X XBoth programs now use getopt. X Xauthd passes lint. X Xauthtcp: Whoops, really should turn off TSTP, as we don't handle stopping. X Xauthtcp keeps socket open, to close a Trojan Horse-like security hole. Xauthtcp doesn't turn off signals for its child. X Xauthtcp version 1.1, 11/1/89. X Xauthtcp has the verbose option it's been begging for. Xauthtcp now understands gethostbyname(). X Xauthd version 1.001, 11/1/89. Xauthtcp version 1.001, 11/1/89. X XChanged 50 in both programs to be sizeof(AUTHDIR) + 30. X Xauthd version 1.0, 10/26/89. Xauthtcp version 1.0, 10/26/89. END_OF_FILE if test 3686 -ne `wc -c <'CHANGES'`; then echo shar: \"'CHANGES'\" unpacked with wrong size! fi # end of 'CHANGES' fi if test -f 'Makefile' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Makefile'\" else echo shar: Extracting \"'Makefile'\" $1570 characters$ sed "s/^X//" >'Makefile' <<'END_OF_FILE' XCC=cc XCCOPTS=-O XNROFF=nroff XNROFFOPTS=-man X X# -DAUTHDIR=\"directory\" to override default of /usr/etc/auth X# -DAUTHTCPPORT=port to override default of 113 X# -DMAXHOSTNAMELEN=nn to specify maximum host name length X# (default in sys/param.h, except on Suns) X Xdefault: all X Xall: attachport authtcp authd authuser.o attachport.1 authtcp.1 authd.8 authuser.3 X Xshar: auth.shar X Xattachport: attachport.o authuser.o Makefile X $(CC) $(CCOPTS) -o attachport attachport.o authuser.o X Xattachport.o: attachport.c authuser.h Makefile X $(CC) $(CCOPTS) -c attachport.c X Xauthtcp: authtcp.o authuser.o Makefile X $(CC) $(CCOPTS) -o authtcp authtcp.o authuser.o X Xauthtcp.o: authtcp.c authuser.h Makefile X $(CC) $(CCOPTS) -c authtcp.c X Xauthd: authd.c Makefile X $(CC) $(CCOPTS) -o authd authd.c X Xauthuser.o: authuser.c Makefile X $(CC) $(CCOPTS) -c authuser.c X Xattachport.1: attachport.man Makefile X $(NROFF) $(NROFFOPTS) < attachport.man > attachport.1 X Xauthtcp.1: authtcp.man Makefile X $(NROFF) $(NROFFOPTS) < authtcp.man > authtcp.1 X Xauthd.8: authd.man Makefile X $(NROFF) $(NROFFOPTS) < authd.man > authd.8 X Xauthuser.3: authuser.man Makefile X $(NROFF) $(NROFFOPTS) < authuser.man > authuser.3 X Xauth.shar: CHANGES README attachport.man authtcp.man authd.man authuser.man Makefile attachport.c authtcp.c authd.c authuser.c authuser.h djberr.h djbatoi.h dir.doc rfc931 X shar CHANGES README attachport.man authtcp.man authd.man authuser.man Makefile attachport.c authtcp.c authd.c authuser.c authuser.h djberr.h djbatoi.h dir.doc rfc931 > auth.shar X chmod 400 auth.shar END_OF_FILE if test 1570 -ne `wc -c <'Makefile'`; then echo shar: \"'Makefile'\" unpacked with wrong size! fi # end of 'Makefile' fi if test -f 'README' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'README'\" else echo shar: Extracting \"'README'\" $4153 characters$ sed "s/^X//" >'README' <<'END_OF_FILE' Xattachport - attach a server program to a TCP port Xauthtcp - create a locally authenticated TCP connection to an Internet host Xauthd - authentication server daemon Xauthuser - remote authentication library X XThis package provides two benefits. The first is a secure user-level Ximplementation of RFC 931, the Authentication Server; unless TCP itself Xis compromised, it is impossible to forge mail or news between computers Xsupporting RFC 931. The second is a single, modular interface to TCP. XPrograms written to work with authtcp and attachport don't even need to Xbe recompiled to run under a more comprehensive network security system Xlike Kerberos, as long the auth package is replaced. X Xattachport version 4.1, April 18, 1990. XCopyright (c) 1990, Daniel J. Bernstein. XAll rights reserved. X Xauthtcp version 2.1, April 18, 1990. XCopyright (c) 1990, Daniel J. Bernstein. XAll rights reserved. X Xauthd version 2.1, April 18, 1990. XCopyright (c) 1990, Daniel J. Bernstein. XAll rights reserved. X Xauthuser version 2.0, April 2, 1990. XCopyright (c) 1990, Daniel J. Bernstein XAll rights reserved. X XThis distribution packaged April 18, 1990. X XFiles: XCHANGES Description of changes since first distributed version XREADME This document XMakefile Installation commands Xattachport.c The attachport program Xauthtcp.c The authtcp program Xauthd.c The authd program Xauthuser.c The authuser library Xattachport.man Documentation Xauthtcp.man Documentation Xauthd.man Documentation Xauthuser.man Documentation Xdjberr.h Error macros Xdjbatoi.h Replacement atoi()---Sun's library version can crash Xdir.doc Description of authentication directory contents Xrfc931 RFC 931, Authentication Server X XEdit the options in Makefile and type make. attachport, authtcp, and Xauthd will be the executable programs; authuser.o will be the linkable Xlibrary; attachport.1, authtcp.1, authd.8, and authuser.3 will be the Xnroff'ed documentation. X XYou probably want to pick up the multitee and authutil packages before Xtrying out any of these programs. X XFor authentication to work, you must set up a new userid, say auth. XUid auth should not permit logins. Its encrypted password should be Xsomething impossible, like an asterisk. Its shell should be /bin/true. XIts home directory should be /nonexistent. Its uid should be unique. X Xauthtcp and attachport should be setuid auth; check the source carefully Xfor security holes! You also need a directory /usr/etc/auth/tcp, owner Xauth, group irrelevant, mode 0700. (You can use a different directory/tcp Xif you set AUTHDIR in the Makefile.) X Xauthd should be set up under attachport(1) or inetd(8) to receive Xconnections on TCP port 113. It should not be setuid auth, though it Xwill always run as auth. X XThe authuser library needs no particular preparation; if you want to Xmake it available to users, put it into a library archive and copy Xauthuser.h to /usr/include. X XI don't pretend to know your machine's setup so there's no make install. X XRead CHANGES for a list of changes. Type authtcp -C and authtcp -W Xfor copyright and warranty information, authtcp -H for help. Similarly Xfor attachport and authd. For authuser, print authusercopyright[] and Xauthuserwarranty[] for copyright and warranty information, authuserhelp[] Xfor help. X XRead dir.doc for a description of the authentication directory as used Xby authtcp, attachport, and authd. X X Some BSD variants (notably ULTRIX) handle multiple non-root setuid X processes poorly. To test the behavior of your system, try the X following sequence from a root csh: X SU% cp /usr/bin/sleep /tmp/slip X SU% chown nobody /tmp/slip; chmod 4755 /tmp/slip X SU% repeat 100 sh -ic '(/tmp/slip 10000 &) 2>&1' > /tmp/pids X SU% /bin/kill "`cat /tmp/pids`" X Here 100 is any number bigger than MAXUPRC in /usr/include/sys/param.h. X If the repeat fails, hangs, or crashes your system, complain at your X vendor: you can't reliably install programs setuid to anything except X root. In this case you'll have to install auth setuid root rather than X setuid auth as per the instructions; this is perfectly safe. END_OF_FILE if test 4153 -ne `wc -c <'README'`; then echo shar: \"'README'\" unpacked with wrong size! fi # end of 'README' fi if test -f 'attachport.man' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'attachport.man'\" else echo shar: Extracting \"'attachport.man'\" $7625 characters$ sed "s/^X//" >'attachport.man' <<'END_OF_FILE' X.TH attachport 1 X.SH NAME Xattachport \- attach a server program to a TCP port X.SH SYNTAX Xattachport X[ X\fB\-ACHUVW\fI X] [ X\fB\-01rRvxX\fI X] [ X\fB\-p\fIportnum X] Xprogram X[ Xarg ... X] & X.SH DESCRIPTION X.I attachport Xattaches a server to a TCP port. XThe port may be specified by X.I portnum, Xor one will be assigned; Xthe server is specified by X.I program. X.I attachport Xwill pass any further arguments through to the server program. X.PP X.I portnum Xcan be fully specified as a port number, Xor given as a service name. X.PP XAny incoming request on the TCP port Xinvokes a new copy of the server, Xwhich runs with all input directed from Xand output directed to the port. XAll environment variables and similar process data Xare taken directly from the original invocation of X.I attachport; Xhowever, X.I attachport Xwill attempt to dissociate itself from its controlling terminal. X.PP X.I attachport Xworks with Xthe Authentication Server, X.I authd(8): Xthe connecting host can verify the identity of the server. X.PP XOptions X.B ACHUVW Xprint the authorship notice, Xcopyright notice, Xhelp notice, Xshort usage summary, Xversion number, Xand warranty information respectively. X.PP X.I attachport Xhas several flags: X.TP 12 X\fB\-p\fIportnum XAttempt to attach the server to port X.I portnum. XThe port number is restricted on most machines to a number between X0 and 65535; any larger number will be mapped down into this range. XPorts 0 through 1023 are generally restricted to root processes. XPorts above 50000 are a good choice for user (nonstandard) servers. XIf you do not specify a port, X.I attachport Xwill assign one. X.TP X\fB\-v\fI XVerbose: X.I attachport Xwill report success. X.TP X\fB\-1\fI XWrite the port number to standard output as an integer followed by Xa newline. XThis is the non-user-friendly version of X\fB\-v. X.TP X\fB\-0\fI XEvery ten seconds, check that the (otherwise unused) standard input Xfile still has links. If it doesn't, X.I attachport Xwill slowly wither away, Xdying as soon as its children have exited and cleaned up. X.I attachport Xwill refuse further connections on the same port in the meantime. XThis is appropriate for a shell script; Xuse X.I killaport(1) Xto kill X.I attachport Xmanually. X.TP X\fB\-x\fI XLocally authenticate each connection (default). X.TP X\fB\-X\fI XDo not locally authenticate connections. X.TP X\fB\-r\fI XAttempt to determine the identity of the other end of Xeach connection Xthrough the remote Authentication Server (default). X.I attachport Xwill place the identity Xinto environment variable XREMOTE, with the form X.I user@in.et.ad.dr Xwhere X.I user Xis a string giving the user name Xand X.I in.et.ad.dr Xis a numerical Internet address. XIf the other end is not authenticated, X.I user Xwill be blank. XNote that X.I user Xmay contain @ signs; XREMOTE should be parsed from Xright to left. X.I attachport Xalso sets environment variable XPROTO to the string X.I TCP. X.TP X\fB\-R\fI XDo not remotely authenticate. XThis is the default if the local port is 113 (auth): Xtwo machines caught in an Authentication Server loop Xwould rapidly be brought to their knees, Xthough the loop would end after user X.I auth Xhit its process limit on either machine. X.PP XThe server could use X.I getpeername(2) Xto find out who it's talking to, Xbut it's faster, simpler, and more portable Xto use PROTO and REMOTE. XFuture versions of X.I attachport, Xversions for other network interfaces, Xand versions for completely different communications systems Xwill all provide the same PROTO/REMOTE interface. XOf course, if PROTO is not TCP, REMOTE will probably Xhave a different format. X.PP XNote that the insertion of carriage returns after newlines Xis normally done automatically by the terminal driver. XYou must be careful to output carriage returns before newlines Xfor your program to talk correctly with a low-level communications server. X.PP XYou should make sure to run X.I attachport Xin the background. XAlso, you should make sure that its diagnostic output goes Xeither into a log file or into /dev/null. X.SH DIAGNOSTICS X.TP 1.5i X\fIwarning: can't find my own Internet number?!\fB XYour host is not listed in your hosts table?! X.TP X.I cannot setreuid XThis should never happen. X.TP X.I cannot create socket XSomething went wrong in creating the communications socket. X.TP X.I cannot bind: Address already in use XSome other process is attached to that port. X(Note that even if that process goes away, Xit may be a few minutes before the port is free again.) X.TP X.I cannot bind: some other problem XYou can't bind the communications socket to the port for some Xother reason. Do you have permission for ports 0 through 1023? X.TP X.I cannot listen XSomething went wrong in setting up the socket to listen for Xincoming calls. X.TP X.I warning: cannot open /dev/tty X.I attachport Xwill not be able to dissociate itself from your terminal. XYou should get this warning if you invoke X.I attachport Xwithout a controlling terminal in the first place. X.TP X.I warning: cannot dissociate /dev/tty X.I attachport Xwill not be able to dissociate itself from your terminal. X.TP X.I cannot confirm connection X.I attachport Xis unable to access XTCP status information for the connection. XThis shouldn't happen; Xlet your system administrator Xand travel agent know if it does. X.TP X.I cannot allocate environment XThere's so little memory available that X.I attachport Xis unable to find space for Xthe REMOTE and PROTO environment variables. XIf REMOTE and PROTO are in the environment Xwhen X.I attachport Xstarts, Xthis can't happen, Xand X.I attachport Xwill run just a tiny bit faster. X(On the other hand, most other programs Xwill run a tiny bit slower.) X.TP X.I cannot get socket name XThis shouldn't happen. X.TP X.I local port locked X.I attachport Xis set up incorrectly. X.TP X.I attached to port nnnnn X.I attachport Xhas successfully attached itself to a port, Xand you specified X.B\-v. X.TP X.I cannot execute X.I attachport Xis unable to start the server. X.TP X.I local port locked X.I attachport Xis set up incorrectly. X.TP X.I warning: cannot unlink authentication entry XThis should never happen; Xif it does, report the problem to your system administrator Xand make sure the entry is removed. X.TP X.I warning: cannot authenticate X.I attachport Xis set up incorrectly. X.SH MACHINES X.I attachport Xhas been tested on a VAX 8700 running ULTRIX 2.0, Xa Sun 3 running SunOS, Xa Sun 4 running SunOS, Xa Convex C-210 running Convex UNIX, Xan Astronautics ZS-2 running ZSUnix, Xand several other machines. X.SH FILES XNone. X.SH BUGS XNone known. X.SH RESTRICTIONS X.I attachport Xdoes not let you easily specify a pipeline or other sequence Xof commands; you must first set up an executable shell script Xthat does the desired combination of actions. X.PP X.I attachport Xdeals correctly but rigidly with multihomed hosts. X.PP X.I attachport Xdoes not support X.I syslog. X.PP XBecause of failures in the signal handling semantics, X.I attachport Xmay fail to notice a child exiting if too many children Xexit at once. Normally this doesn't matter, but if X.I attachport Xis withering away under X.B\-1 Xor X.I killaport, Xit may stick around waiting for nothing. X.I attachport Xchecks for this condition and corrects it periodically. X.PP XIf X.I program Xforks and exits, Xpassing the connection to its children, Xit will lose authentication. XThis is consistent with other network programs and Xwith common sense: it's impossible to define X``the'' user on the other side of the connection if Xseveral processes, all with different uids, have that Xconnection open. X.SH VERSION Xattachport version 4.1, dated April 18, 1990. X.SH AUTHOR XCopyright 1990, Daniel J. Bernstein. X.SH "SEE ALSO" Xauthtcp(1), Xkillaport(1), Xtelnet(1), Xauthuser(3), Xgetservbyname(3), Xauthd(8), Xinetd(8) END_OF_FILE if test 7625 -ne `wc -c <'attachport.man'`; then echo shar: \"'attachport.man'\" unpacked with wrong size! fi # end of 'attachport.man' fi if test -f 'authd.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'authd.c'\" else echo shar: Extracting \"'authd.c'\" $6057 characters$ sed "s/^X//" >'authd.c' <<'END_OF_FILE' X/* Xauthd.c: Authentication Server daemon X*/ X Xstatic char authdauthor[] = X"authd was written by Daniel J. Bernstein.\n\ XInternet address: brnstnd@acf10.nyu.edu.\n"; X Xstatic char authdversion[] = X"authd version 2.1, April 18, 1990.\n\ XCopyright (c) 1990, Daniel J. Bernstein.\n\ XAll rights reserved.\n"; X Xstatic char authdcopyright[] = X"authd version 2.1, April 18, 1990.\n\ XCopyright (c) 1990, Daniel J. Bernstein.\n\ XAll rights reserved.\n\ X\n\ XUntil January 1, 1995, you are granted the following rights: A. To make\n\ Xcopies of this work in original form, so long as (1) the copies are exact\n\ Xand complete; (2) the copies include the copyright notice, this paragraph,\n\ Xand the disclaimer of warranty in their entirety. B. To distribute this\n\ Xwork, or copies made under the provisions above, so long as (1) this is\n\ Xthe original work and not a derivative form; (2) you do not charge a fee\n\ Xfor copying or for distribution; (3) you ensure that the distributed form\n\ Xincludes the copyright notice, this paragraph, and the disclaimer of\n\ Xwarranty in their entirety. These rights are temporary and revocable upon\n\ Xwritten, oral, or other notice by Daniel J. Bernstein. These rights are\n\ Xautomatically revoked on January 1, 1995. This copyright notice shall be\n\ Xgoverned by the laws of the state of New York.\n\ X\n\ XIf you have questions about authd or about this copyright notice,\n\ Xor if you would like additional rights beyond those granted above,\n\ Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X Xstatic char authdwarranty[] = X"To the extent permitted by applicable law, Daniel J. Bernstein disclaims\n\ Xall warranties, explicit or implied, including but not limited to the\n\ Ximplied warranties of merchantability and fitness for a particular purpose.\n\ XDaniel J. Bernstein is not and shall not be liable for any damages,\n\ Xincidental or consequential, arising from the use of this program, even\n\ Xif you inform him of the possibility of such damages. This disclaimer\n\ Xshall be governed by the laws of the state of New York.\n\ X\n\ XIn other words, use this program at your own risk.\n\ X\n\ XIf you have questions about authd or about this disclaimer of warranty,\n\ Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X Xstatic char authdusage[] = X"Usage: authd [ -ACHUVW ] \n\ XHelp: authd -H\n"; X Xstatic char authdhelp[] = X"authd provides TCP authentication information to other Internet hosts. \n\ X\n\ Xauthd -A: print authorship notice\n\ Xauthd -C: print copyright notice\n\ Xauthd -H: print this notice\n\ Xauthd -U: print short usage summary\n\ Xauthd -V: print version number\n\ Xauthd -W: print disclaimer of warranty\n\ X\n\ Xauthd: provide authentication information as per RFC 931\n\ X\n\ Xauthd should be run under a TCP connection server, such as\n\ Xinetd(8) or attachport(1).\n\ X\n\ XIf you have questions about or suggestions for authd, please feel free\n\ Xto contact the author, Daniel J. Bernstein, at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X X#include <stdio.h> Xextern int errno; X#include <sys/types.h> X#include <netinet/in.h> X#include <sys/file.h> X#ifdef BSD X#include <limits.h> X#endif Xextern int getopt(); Xextern char *optarg; /* these should be in getopt.h! */ Xextern int optind; X#include <ctype.h> X#include "djberr.h" X X#ifndef AUTHDIR X#define AUTHDIR "/usr/etc/auth" X#endif X X#define ERR(num) { printf("%s, %s: ERROR: UNKNOWN-ERROR\r\n",\ X localport,remoteport); exit(num); } X Xmain(argc,argv,envp) Xint argc; Xchar *argv[]; Xchar *envp[]; X{ X int ch; X char localport[10]; X int localportlen = 0; X char remoteport[10]; X int remoteportlen = 0; X int loop = 0; X struct sockaddr_in sa; X int salen; X int authfd; X char authfn[sizeof(AUTHDIR) + 30]; X int lockfd; X char lockfn[sizeof(AUTHDIR) + 30]; /* for new locking protocol */ X char lockbuf[32]; /* 5 pid, 1 :, 10 I, 1 ., 5 R, 1 \n, 8 U, 1 \0 */ X unsigned long lockin; X unsigned short lockport; X int r; X char buf[9]; X int opt; X X while ((opt = getopt(argc,argv,"ACHUVW")) != EOF) X switch(opt) X { X case 'A': (void) err(authdauthor); exit(1); X case 'C': (void) err(authdcopyright); exit(1); X case 'H': (void) err(authdhelp); exit(1); X case 'U': (void) err(authdusage); exit(1); X case 'V': (void) err(authdversion); exit(1); X case 'W': (void) err(authdwarranty); exit(1); X case '?': (void) err(authdusage); exit(1); X } X argv += optind, argc -= optind; X if (*argv) X { X (void) err(authdusage); exit(1); X } X X while ((ch = getchar()) != ',') X { X if (isascii(ch) && isdigit(ch)) X localport[localportlen++] = ch; X if (localportlen == 6) /* tough luck! */ X exit(2); X if ((++loop) > 1000) /* tough luck! */ X exit(3); X } X X while ((ch = getchar()) != '\n') X { X if (isascii(ch) && isdigit(ch)) X remoteport[remoteportlen++] = ch; X if (remoteportlen == 6) /* tough luck! */ X exit(4); X if ((++loop) > 1000) /* tough luck! */ X exit(5); X } X X /* Now we'll be nice enough to respond. */ X X salen = sizeof(sa); X if (getpeername(0,&sa,&salen) == -1) ERR(6) X X /* Now we have enough information to look up answer. */ X X (void) sprintf(lockfn,"%s/tcp/lock.%s",AUTHDIR,localport); X if ((lockfd = open(lockfn,O_RDONLY)) == -1) ERR(7) X (void) flock(lockfd,LOCK_EX); /* can't fail */ X if ((r = read(lockfd,lockbuf,31)) <= 0) ERR(8) X lockbuf[r] = '\0'; X if (lockbuf[0] == '!') ERR(12) /* ding ding ding! security alert! */ X X (void) sprintf(authfn,"%s/tcp/%D.%s.%s",AUTHDIR,sa.sin_addr.s_addr, X localport,remoteport); X if ((authfd = open(authfn,O_RDONLY)) == -1) X { X /* maybe it's authtcp and username file isn't there yet */ X if (sscanf(lockbuf,"%*d:%D.%hd %8s",&lockin,&lockport,buf) < 3) ERR(9) X if ((lockin != sa.sin_addr.s_addr) || (lockport != atoi(remoteport))) ERR(10) X /* bingo! */ X } X else X { X if ((r = read(authfd,buf,8)) <= 0) ERR(11) X buf[r] = '\0'; X } X X printf("%s, %s: USERID: UNIX: %s\r\n",localport,remoteport,buf); X X (void) flock(lockfd,LOCK_UN); /* unnecessary */ X exit(0); X} END_OF_FILE if test 6057 -ne `wc -c <'authd.c'`; then echo shar: \"'authd.c'\" unpacked with wrong size! fi # end of 'authd.c' fi if test -f 'authd.man' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'authd.man'\" else echo shar: Extracting \"'authd.man'\" $2244 characters$ sed "s/^X//" >'authd.man' <<'END_OF_FILE' X.TH authd 8 X.SH NAME Xauthd \- Authentication Server daemon X.SH SYNTAX Xauthd X[ X\fB\-ACHUVW\fI X] X.SH DESCRIPTION X.I authd Xis a simple daemon implementing the XRFC 931 Authentication Server protocol. XIt should be invoked by a network server, Xsuch as X.I attachport(1), Xfor connections to TCP port 113. X.PP XThe client host Xgives X.I authd Xtwo numbers separated by a comma. X.I authd Xinterprets the numbers as TCP port numbers Xfor the local and remote sides respectively Xof a TCP connection between this host and the client host. XIt returns a line of the form X.EX Xlocalport, remoteport: USERID: UNIX: username X.EE Xwhere username Xis the name of the user on this side of Xthe specified connection. XIf X.I authd Xdoes not have an authentication entry for that connection, Xit returns a line of the form X.EX Xlocalport, remoteport: ERROR: UNKNOWN-ERROR. X.EE X.PP XOptions X.B ACHUVW Xprint the authorship notice, Xcopyright notice, Xhelp notice, Xshort usage summary, Xversion number, Xand warranty information respectively. X.PP X.SH DIAGNOSTICS X.TP XNone. X.SH MACHINES X.I authd Xhas been tested Xon an Astronautics ZS-2 Xrunning ZSUnix, Xa Sun 3 running SunOS, Xa Sun 4 running SunOS, Xa Convex C-210 running Convex UNIX, Xand several other machines. X.SH FILES X/usr/etc/auth/tcp/* X.SH BUGS XNone known. X.SH RESTRICTIONS X.I authd Xdoes not require kernel support; Xit must be supported on the user level by X.I authtcp Xand X.I attachport. XIf those programs are not used, X.I authd Xis useless. X.PP XThe author feels quite confident in predicting that Xthe first problems people have with X.I authd Xwill be on multihomed hosts. XProgrammers be warned: It takes some effort Xto correctly use X.I authd Xon a multihomed host! X.SH VERSION Xauthd version 2.1, dated April 18, 1990. X.SH AUTHOR XCopyright 1990, Daniel J. Bernstein. X.SH REFERENCES XThe authentication server is more secure than passwords Xin some ways, but less secure than passwords in many ways. X(It's certainly better than no password at all---e.g., for Xmail or news.) XIt is not the final solution. XFor an excellent discussion of security problems within Xthe TCP/IP protocol suite, see XSteve Bellovin's article X``Security Problems in the TCP/IP Protocol Suite.'' X.SH "SEE ALSO" Xauthtcp(1), Xattachport(1), Xauthuser(3), Xtcp(4), Xinetd(8) END_OF_FILE if test 2244 -ne `wc -c <'authd.man'`; then echo shar: \"'authd.man'\" unpacked with wrong size! fi # end of 'authd.man' fi if test -f 'authtcp.man' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'authtcp.man'\" else echo shar: Extracting \"'authtcp.man'\" $6629 characters$ sed "s/^X//" >'authtcp.man' <<'END_OF_FILE' X.TH authtcp 1 X.SH NAME Xauthtcp \- create a locally authenticated TCP connection X.SH SYNTAX Xauthtcp X[ X\fB\-d\fIn X] [ X\fB\-p\fIlocalport X] [ X\fB\-rRxXv\fI X] [ X\fB\-ACHUVW\fI X] X\fIinetaddr\fB X\fItcpport\fB X\fIprogram\fB X[ X\fIarg ...\fB X] X.SH DESCRIPTION X.I authtcp Xcreates a TCP connection to Internet host X\fIinetaddr\fB Xat port X\fItcpport\fB, Xthen runs X\fIprogram\fB Xwith the specified Xarguments. XThe local TCP port may be given as X\fIlocalport\fB, Xor X.I authtcp Xwill assign one. X.PP XUntil X.I program Xexits, X.I authd(8) Xwill report that the user owns the TCP connection. XHence the other end of the connection can Xverify the identity of this end, Xmodulo the lack of Internet security. X.PP X.I inetaddr Xcan be fully specified as a dotted Internet address, Xor given as a domain name. X.I tcpport Xcan be fully specified as a decimal port number, Xor given as a service name. X.PP X.I authtcp Xmakes the connection available Xto X.I program Xas a socket in file descriptor 6, Xleaving all other file descriptors intact. X.PP XOptions X.B ACHUVW Xprint the authorship notice, Xcopyright notice, Xhelp notice, Xshort usage summary, Xversion number, Xand warranty information respectively. X.PP X.I authtcp Xhas several flags: X.TP 12 X\fB\-d\fIn XProvide the connection in file descriptor X\fIn\fB, Xrather than the default descriptor, 6. XIf X\fIn\fB Xis not specified, X.I authtcp Xwill open the connection in the first available file descriptor Xand pass that number in place of the first argument to X.I program Xthat contains solely an equals sign (if there is one). X.TP X\fB\-p\fIlocalport XAttempt to use X.I localport Xas the local TCP port number. XThis may fail if that port number is out of Xrange (usually 1\-65535), Xor if another process is using that port X(or has used it very recently). XPorts 1 through 1023 are generally reserved for root processes, Xand ports above 50000 are generally reserved for user servers. XIf you specify X.B \-p0 X(default), X.I authtcp Xwill assign a number. XSeveral instances of X.B \-p Xdefer to the last. X.TP X\fB\-X\fI XDo not attempt to locally authenticate the connection; Xjust set up the connection and run X.I program. X.TP X\fB\-x\fI XLocally authenticate the connection (default). X.TP X\fB\-r\fI XAttempt to determine the identity of the other end of Xthis connection Xthrough the remote Authentication Server (default). X.I authtcp Xwill place the identity Xinto environment variable XREMOTE, with the form X.I user@in.et.ad.dr Xwhere X.I user Xis a string giving the user name Xand X.I in.et.ad.dr Xis a numerical Internet address. XIf the other end is not authenticated, X.I user Xwill be blank. XNote that X.I user Xmay contain @ signs; XREMOTE should be parsed from Xright to left. X.I authtcp Xalso sets environment variable XPROTO to the string X.I TCP. X.TP X\fB\-R\fI XDo not remotely authenticate. X.TP X\fB\-v\fI XVerbose: Print a message when the connection is established. XAlso, report unusual termination of X.I program. X.PP XIf X.I program Xterminates normally, X.I authtcp Xwill terminate with the same exit code. XOtherwise it will terminate with exit code 1. X.PP X.SH DIAGNOSTICS X.TP X.I do not understand inetaddr XYou probably specified a domain name address Xthat X.I authtcp Xcan't decode. X.TP X.I cannot execute X.I authtcp Xis unable to execute X.I program. X.TP X.I cannot unlink authentication entry XThis should never happen; if it does, Xreport the problem to your system administrator and Xmake sure the entry is removed. X.TP X.I cannot bind local port XYou probably specified a protected or out-of-range Xport with X.I\-p. XIf you didn't specify X.I\-p Xand this message appears without a number, Xall TCP ports are in use. XReport this to your system administrator. X.TP X.I cannot confirm connection X.I authtcp Xis unable to access XTCP status information for the connection. XThis shouldn't happen; Xlet your system administrator Xand travel agent know if it does. X.TP X.I cannot allocate environment XThere's so little memory available that X.I authtcp Xis unable to find space for Xthe REMOTE and PROTO environment variables. XIf REMOTE and PROTO are in the environment Xwhen X.I authtcp Xstarts, Xthis can't happen, Xand X.I authtcp Xwill run just a tiny bit faster. X(On the other hand, most other programs Xwill run a tiny bit slower.) X.TP X.I cannot connect XSelf-explanatory. X.TP X.I connected to XSelf-explanatory. X.TP X.I killed by signal XSelf-explanatory. X.TP X.I cannot authenticate X.I authtcp Xis not set up correctly. X.TP X.I local port locked X.I authtcp Xis not set up correctly. X.TP X.I cannot setreuid XThis should never happen. X.TP X.I cannot create socket XThis shouldn't happen, unless you have too many files open. X.TP X.I cannot use file descriptor XThis should never happen. X.TP X.I cannot get socket name XThis shouldn't happen. X.SH MACHINES X.I authtcp Xhas been tested Xon an Astronautics ZS-2 Xrunning ZSUnix, Xa Sun 3 running SunOS, Xa Sun 4 running SunOS, Xa Convex C-210 running Convex UNIX, Xand several other machines. X.SH FILES X/usr/etc/auth/tcp/* X.SH BUGS XNone known. X.SH RESTRICTIONS XIf X.I program Xcloses the connection long before exiting, Xanother user can with a little effort make the same connection Xand pretend to be the user running X.I authtcp. XHence X.I program Xshould exit soon after Xclosing the connection. X(Within several seconds is usually good enough.) XA slightly more subtle Xsecurity problem is that a program may set up a connection Xunder X.I authtcp, Xbreak the connection without exiting, Xand wait for a victim program to make the same connection. XIf the attacker chose the correct local port number, Xthere are two possibilities: Either the victim uses Xthe authentication mechanism and will fail to connect, Xor the victim does not understand the mechanism and will Xbe misrepresented by X.I authd. XAs of version 1.5, X.I authtcp Xcloses both of these holes, Xby keeping the connection open until X.I program Xexits. XHence X.I program Xmust not depend upon the connection being closed Xbefore it exits. X.PP X.I authtcp's Xmost important function is to create a locally authenticated Xconnection; remote authentication is useful but can be Xperformed by X.I program. XIt is sometimes difficult to explain that the X.I auth Xin X.I authtcp Xstands for local, not remote, authentication. X.PP XIf X.I gethostbyname(3) Xdoesn't understand the Domain Name Server, X.I authtcp Xwon't either. X.PP X.I authtcp Xshould try all the possible addresses returned Xby X.I gethostbyname(3); Xit only tries the first. X.PP XIf X.I program Xpasses the connection to another Xprocess and exits, Xauthentication will be lost. X.SH VERSION Xauthtcp version 2.1, dated April 18, 1990. X.SH AUTHOR XCopyright 1990, Daniel J. Bernstein. X.SH "SEE ALSO" Xattachport(1), Xauthuser(3), Xtcp(4), Xauthd(8), Xgethostbyname(3), Xgetservbyname(3) END_OF_FILE if test 6629 -ne `wc -c <'authtcp.man'`; then echo shar: \"'authtcp.man'\" unpacked with wrong size! fi # end of 'authtcp.man' fi if test -f 'authuser.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'authuser.c'\" else echo shar: Extracting \"'authuser.c'\" $6556 characters$ sed "s/^X//" >'authuser.c' <<'END_OF_FILE' Xchar authuserauthor[] = X"authuser was written by Daniel J. Bernstein.\n\ XInternet address: brnstnd@acf10.nyu.edu.\n"; X Xchar authuserversion[] = X"authuser version 2.0, April 2, 1990.\n\ XCopyright (c) 1990, Daniel J. Bernstein.\n\ XAll rights reserved.\n"; X Xchar authusercopyright[] = X"authuser version 2.0, April 2, 1990.\n\ XCopyright (c) 1990, Daniel J. Bernstein.\n\ XAll rights reserved.\n\ X\n\ XUntil January 1, 1993, you are granted the following rights: A. To make\n\ Xcopies of this work in original form, so long as (1) the copies are exact\n\ Xand complete; (2) the copies include the copyright notice, this paragraph,\n\ Xand the disclaimer of warranty in their entirety. B. To distribute this\n\ Xwork, or copies made under the provisions above, so long as (1) this is\n\ Xthe original work and not a derivative form; (2) you do not charge a fee\n\ Xfor copying or for distribution; (3) you ensure that the distributed form\n\ Xincludes the copyright notice, this paragraph, and the disclaimer of\n\ Xwarranty in their entirety. These rights are temporary and revocable upon\n\ Xwritten, oral, or other notice by Daniel J. Bernstein. These rights are\n\ Xautomatically revoked on January 1, 1993. This copyright notice shall be\n\ Xgoverned by the laws of the state of New York.\n\ X\n\ XIf you have questions about authuser or about this copyright notice,\n\ Xor if you would like additional rights beyond those granted above,\n\ Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X Xchar authuserwarranty[] = X"To the extent permitted by applicable law, Daniel J. Bernstein disclaims\n\ Xall warranties, explicit or implied, including but not limited to the\n\ Ximplied warranties of merchantability and fitness for a particular purpose.\n\ XDaniel J. Bernstein is not and shall not be liable for any damages,\n\ Xincidental or consequential, arising from the use of this program, even\n\ Xif you inform him of the possibility of such damages. This disclaimer\n\ Xshall be governed by the laws of the state of New York.\n\ X\n\ XIn other words, use this program at your own risk.\n\ X\n\ XIf you have questions about authuser or about this disclaimer of warranty,\n\ Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X Xchar authuserhelp[] = X"#include \"authuser.h\"\n\ X\n\ Xint auth_casecmp(u,v); char *u; char *v;\n\ XReturns 0 if strings are equal, 1 if the first is larger, -1 if the\n\ Xsecond is larger. Case is ignored.\n\ X\n\ Xchar *auth_xline(user,fd,&in);\n\ XReturns line like X-Auth-User: username or X-Forgery-By: username,\n\ Xdepending what the host on the other side of fd thinks of the user.\n\ X\n\ Xint auth_fd(fd,&in,&local,&remote);\n\ XPlaces address information for TCP connection fd into in, local, remote.\n\ X\n\ Xchar *auth_tcpuser(in,local,remote);\n\ XReturns name of user on remote@in side of local TCP connection.\n\ X\n\ Xchar *user; int fd; unsigned long in; unsigned short local, remote;\n\ X\n\ XIf you have questions about or suggestions for authuser, please feel free\n\ Xto contact the author, Daniel J. Bernstein, at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X X#include <stdio.h> X#include <sys/types.h> X#include <sys/socket.h> X#include <netinet/in.h> X#include <arpa/inet.h> X#include <netdb.h> X#include <sys/errno.h> Xextern int errno; X#include <ctype.h> X#include "authuser.h" X X#ifndef AUTHTCPPORT X#define AUTHTCPPORT 113 X#endif X X#define SIZ 500 /* various buffers */ X Xint auth_casecmp(u,v) Xchar *u; Xchar *v; X{ X /* is it correct to consider Foo and fOo the same user? yes */ X while (*u && *v) X if (tolower(*u) != tolower(*v)) X return(tolower(*u) - tolower(*v)); X else X u++,v++; X return(*u || *v); X} X Xstatic char authline[SIZ]; X Xchar *auth_xline(user,fd,in) Xchar *user; /* the supposed name of the user, NULL if unknown */ Xint fd; /* the file descriptor of the connection */ Xunsigned long *in; X{ X unsigned short local; X unsigned short remote; X char *ruser; X X if (auth_fd(fd,in,&local,&remote) == -1) X return NULL; X ruser = auth_tcpuser(*in,local,remote); X if (ruser == NULL) X return(NULL); X if (user == NULL) X user = ruser; /* forces X-Auth-User */ X sprintf(authline, X (auth_casecmp(ruser,user) ? "X-Forgery-By: %s" : "X-Auth-User: %s"), X ruser); X return(authline); X} X Xint auth_fd(fd,in,local,remote) Xint fd; Xunsigned long *in; Xunsigned short *local; Xunsigned short *remote; X{ X struct sockaddr_in sa; X int dummy; X X dummy = sizeof(sa); X if (getsockname(fd,&sa,&dummy) == -1) X return -1; X if (sa.sin_family != AF_INET) X { X errno = EAFNOSUPPORT; X return -1; X } X *local = ntohs(sa.sin_port); X dummy = sizeof(sa); X if (getpeername(fd,&sa,&dummy) == -1) X return -1; X *remote = ntohs(sa.sin_port); X *in = sa.sin_addr.s_addr; X return 0; X} X Xstatic char ruser[SIZ]; Xstatic char realbuf[SIZ]; Xstatic char *buf; X Xchar *auth_tcpuser(in,local,remote) Xunsigned long in; Xunsigned short local; Xunsigned short remote; X{ X struct sockaddr_in sa; X int s; X int buflen; X int w; X int saveerrno; X char ch; X unsigned short rlocal; X unsigned short rremote; X X if ((s = socket(AF_INET,SOCK_STREAM,0)) == -1) X return(NULL); X sa.sin_family = AF_INET; X sa.sin_port = htons((unsigned short) AUTHTCPPORT); X sa.sin_addr.s_addr = in; X if (connect(s,&sa,sizeof(sa)) == -1) X { X saveerrno = errno; X (void) close(s); X errno = saveerrno; X return(NULL); X } X X buf = realbuf; X (void) sprintf(buf,"%u , %u\r\n",(unsigned int) remote,(unsigned int) local); X /* note the reversed order */ X buflen = strlen(buf); X while ((w = write(s,buf,buflen)) < buflen) X if (w == -1) /* should we worry about 0 as well? */ X { X saveerrno = errno; X (void) close(s); X errno = saveerrno; X return(NULL); X } X else X { X buf += w; X buflen -= w; X } X buf = realbuf; X while ((w = read(s,&ch,1)) == 1) X { X *buf = ch; X if ((ch != ' ') && (ch != '\t') && (ch != '\r')) X buf++; X if ((buf - realbuf == sizeof(realbuf) - 1) || (ch == '\n')) X break; X } X if (w == -1) X { X saveerrno = errno; X (void) close(s); X errno = saveerrno; X return(NULL); X } X *buf = '\0'; X X if (sscanf(realbuf,"%hd,%hd: USERID :%*[^:]:%s", X &rremote,&rlocal,ruser) < 3) X { X (void) close(s); X errno = EIO; X /* makes sense, right? well, not when USERID failed to match ERROR */ X /* but there's no good error to return in that case */ X return(NULL); X } X if ((remote != rremote) || (local != rlocal)) X { X (void) close(s); X errno = EIO; X return(NULL); X } X /* XXXXXX: we're not going to do any backslash processing */ X (void) close(s); X return(ruser); X} END_OF_FILE if test 6556 -ne `wc -c <'authuser.c'`; then echo shar: \"'authuser.c'\" unpacked with wrong size! fi # end of 'authuser.c' fi if test -f 'authuser.h' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'authuser.h'\" else echo shar: Extracting \"'authuser.h'\" $279 characters$ sed "s/^X//" >'authuser.h' <<'END_OF_FILE' X#ifndef AUTHUSER_H X#define AUTHUSER_H X Xextern char authuserauthor[]; Xextern char authuserversion[]; Xextern char authusercopyright[]; Xextern char authuserwarranty[]; Xextern char authuserhelp[]; X Xint auth_casecmp(); Xchar *auth_xline(); Xint auth_fd(); Xchar *auth_tcpuser(); X X#endif END_OF_FILE if test 279 -ne `wc -c <'authuser.h'`; then echo shar: \"'authuser.h'\" unpacked with wrong size! fi # end of 'authuser.h' fi if test -f 'authuser.man' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'authuser.man'\" else echo shar: Extracting \"'authuser.man'\" $3314 characters$ sed "s/^X//" >'authuser.man' <<'END_OF_FILE' X.TH authuser 3 X.SH NAME Xauthuser \- remote authentication library using the Authentication Server X.SH SYNTAX X.B #include <authuser.h> X.PP X.B int auth_casecmp(u,v); X.br X.B char *u; X.br X.B char *v; X.PP X.B char *auth_xline(user,fd,&in); X.PP X.B int auth_fd(fd,&in,&local,&remote); X.PP X.B char *auth_tcpuser(in,local,remote); X.PP X.B char *user; X.br X.B int fd; X.br X.B unsigned long in; X.br X.B unsigned short local; X.br X.B unsigned short remote; X.SH DESCRIPTION XThe X.I authuser Xlibrary provides a simple interface for Xfinding out the remote identity Xof a connection through the XAuthentication Server Xas specified by RFC 931. X.PP XStatic strings X.B authuserauthor[], X.B authuserversion[], X.B authusercopyright[], X.B authuserwarranty[], Xand X.B authuserhelp[] Xcontain the authorship notice, Xversion number, Xcopyright notice, Xwarranty information, Xand help notice respectively. X.PP X.B auth_casecmp(u,v) Xreturns 0 if the strings are equal, 1 if the first is larger, X-1 if the second is larger. Case is ignored. X.PP X.B auth_xline(user,fd,&in) Xreturns a line of the form X-Auth-User: username or X-Forgery-By: username, Xdepending upon what the host on the other side of X.B fd Xthinks of the user. XThis is particularly appropriate for Xmail and news headers. XThe line is stored in a static area Xwhich is overwritten on each call to X.B auth_xline. XIf X.B fd Xis not a TCP connection Xor authentication is impossible, X.B auth_xline Xreturns NULL, setting errno appropriately. XIf user is NULL, Xit never returns X-Forgery-By. XThe line is not cr-lf terminated. X.B auth_xline Xplaces the Internet address of the other host into in. X.PP X.B auth_fd(fd,&in,&local,&remote) Xretrieves address information from the connection in socket X.B fd. XIt places the XInternet address of the host on other side into X.B in Xand the local and remote XTCP ports into X.B local Xand X.B remote. X.B auth_fd Xreturns -1 upon error, setting errno appropriately. X.PP X.B auth_tcpuser(in,local,remote) Xreturns the name of the user on the other end of the TCP connection Xbetween X.B remote@in Xand X.B local. XIf authentication is impossible, X.B auth_tcpuser Xreturns XNULL, setting errno appropriately. XThe user name is stored in a static area Xwhich is overwritten on each call to X.B auth_tcpuser Xand X.B auth_xline. X.PP X.SH MACHINES X.I authuser Xhas been tested Xon an Astronautics ZS-2 Xrunning ZSUnix, Xa Sun 3 running SunOS, a Sun 4 running SunOS, Xa Convex C-210 running Convex UNIX, Xand several other machines. X.SH RESTRICTIONS X.I authuser Xdoes no backslash interpretation Xupon the remote user name. XHopefully the next revision of RFC 931 Xwill make clear exactly what backslash Xinterpretation should be going on. X.PP X.I authuser Xdoes not use the operating system type Xinformation provided by the Authentication Server. X.SH VERSION Xauthuser version 2.0, dated April 2, 1990. X.SH AUTHOR XCopyright 1990, Daniel J. Bernstein. X.SH REFERENCES XThe authentication server is more secure than passwords Xin some ways, but less secure than passwords in many ways. X(It's certainly better than no password at all---e.g., for Xmail or news.) XIt is not the final solution. XFor an excellent discussion of security problems within Xthe TCP/IP protocol suite, see XSteve Bellovin's article X``Security Problems in the TCP/IP Protocol Suite.'' X.SH "SEE ALSO" Xauthtcp(1), Xauthd(1), Xattachport(1), Xtcp(4) END_OF_FILE if test 3314 -ne `wc -c <'authuser.man'`; then echo shar: \"'authuser.man'\" unpacked with wrong size! fi # end of 'authuser.man' fi if test -f 'dir.doc' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'dir.doc'\" else echo shar: Extracting \"'dir.doc'\" $3911 characters$ sed "s/^X//" >'dir.doc' <<'END_OF_FILE' XThe authentication directory, AUTHDIR/tcp, contains several different Xtypes of files. X XIt is assumed that long ints representing Internet addresses take at Xmost ten digits, short ints representing TCP port numbers take at most Xfive digits, and ints representing process ids take at most five digits. X XFiles of the form I.L.R, where I, L, and R are integers, are username Xfiles. There is one username file per auth connection to/from this host, Xtwo for a local connection. I is the Internet address of the host on the Xother end of a TCP connection, expressed as a single long int; L and R Xare the connection's local and remote TCP ports respectively. The file Xcontains just the name of the user, up to eight characters long. X XFiles of the form ps.C.P, where C and P are integers, are attachport Xprocess files. There is one process file for each connection served by Xan attachport on this host. C and P are the process ids of the child X(server for a particular connection) and parent (attachport) processes Xrespectively. The file contains the name of a username file; in effect, Xit points to the username file, so that the attachport can easily keep Xtrack of each of its children. X XFiles of the form lock.L, where L is an integer, are lock files. L is Xa local TCP port number. At any time there will be at most one auth Xprogram handling connections to/from port L. When authtcp or attachport Xstarts, it opens the lock file with O_EXCL and writes its pid into it. XIf that fails, it reads the lock file, checks that the process exists, Xand gives an appropriate error. When it exits, it removes the lock file. X XLock files are also used to prevent race conditions during critical Xmoments between connecting or accepting a connection and creating the Xappropriate username file. For attachport this is no big deal: it Xselects for reading before accepting a connection, and from before the Xaccept() until the authentication entry is in place, it places an Xexclusive flock() on the lock file. (This WILL NOT WORK if selecting Xfor reading performs an implicit accept. The race condition resulting Xfrom such a bug could be extremely hard to detect; but don't say I Xdidn't warn you.) For authtcp, however, this is much more difficult: Xan outgoing connect() may take practically forever, and there's no way Xto precisely control the moment of connection as a select-accept can. XOn the other hand, authtcp has all the local authentication information Xit needs, before even beginning the connection. So it writes a colon, Xthe I.R remote information, a newline, and the username into the lock Xfile after its pid; it doesn't use a flock() except while updating the Xlock file. authd will look in this file only if it fails to find a Xusername file; authentication requests rarely happen so quickly. Xattachport also places extra information into the lock file, namely a Xhyphen and the user name. X XObserve that the duplicate authtcp information in the lock file gives Xaway the user name on the local side of a connection that has not yet Xsucceeded. Technically, this is not a violation of RFC 931, but it might Xoffend purists. Then again, it's symmetric with how the user name is Xavailable for a moment after the connection is closed. X XLatest addition to the lock file: If the first character is a ! then Xattachport (or, in a later version, perhaps authtcp) has been killed by Xthe user during a critical moment. If you want a detailed explanation of Xhow and why this is used, ask auth's author. X XIf the auth package gets much more complicated, it may be worth imposing Xa bit more structure on the authentication directory; hopefully all this Xauthentication information will be available from the kernel long before Xthat happens. The lock file system would have to be changed immediately Xif auth were to support REUSEADDR; however, ftp seems to be the only Xprogram that needs REUSEADDR, and PUFF is a much better file transfer Xsystem. END_OF_FILE if test 3911 -ne `wc -c <'dir.doc'`; then echo shar: \"'dir.doc'\" unpacked with wrong size! fi # end of 'dir.doc' fi if test -f 'djbatoi.h' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'djbatoi.h'\" else echo shar: Extracting \"'djbatoi.h'\" $381 characters$ sed "s/^X//" >'djbatoi.h' <<'END_OF_FILE' X/* djbatoi.h, 11/1/89. */ X X#ifndef __DJBATOIH_ X#define __DJBATOIH_ X X/* some stupid versions of atoi() crash (!) on nulls */ Xint dummyatoi; X#define atoi(s) ( ( dummyatoi = 0 ), \ X ( sscanf(s,"%d",&dummyatoi) || ( dummyatoi = 0 ) ), \ X dummyatoi ) Xlong dummyatol; X#define atol(s) ( ( dummyatol = 0 ), \ X ( sscanf(s,"%D",&dummyatol) || ( dummyatol = 0 ) ), \ X dummyatol ) X X#endif END_OF_FILE if test 381 -ne `wc -c <'djbatoi.h'`; then echo shar: \"'djbatoi.h'\" unpacked with wrong size! fi # end of 'djbatoi.h' fi if test -f 'djberr.h' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'djberr.h'\" else echo shar: Extracting \"'djberr.h'\" $491 characters$ sed "s/^X//" >'djberr.h' <<'END_OF_FILE' X/* djberr.h, 11/1/89. */ X X#ifndef __DJBERRH_ X#define __DJBERRH_ X Xextern int errno; X X#define errn(s) (((void) fputs(s,stderr)), putc('\n',stderr)) X#define err(s) (fputs(s,stderr)) X#define errn2(s,t) (((void) fprintf(stderr,s,t)), putc('\n',stderr)) X#define errn3(s,t,u) (((void) fprintf(stderr,s,t,u)), putc('\n',stderr)) X#define perrn2(s,t) { int dummyerrno = errno; (void) fprintf(stderr,s,t); \ X (void) fputs(": ",stderr); errno = dummyerrno; \ X (void) perror(""); } X X#endif END_OF_FILE if test 491 -ne `wc -c <'djberr.h'`; then echo shar: \"'djberr.h'\" unpacked with wrong size! fi # end of 'djberr.h' fi echo shar: End of archive 1 $of 2$. cp /dev/null ark1isdone MISSING="" for I in 1 2 ; do if test ! -f ark${I}isdone ; then MISSING="${MISSING} ${I}" fi done if test "${MISSING}" = "" ; then echo You have unpacked both archives. rm -f ark[1-9]isdone else echo You still need to unpack the following archives: echo " " ${MISSING} fi ## End of shell archive. exit 0 exit 0 # Just in case...