Usenet 1994 January

home *** CD-ROM | disk | FTP | other *** search

/ Usenet 1994 January / usenetsourcesnewsgroupsinfomagicjanuary1994.iso / sources / unix / volume22 / auth-utils / part02 < prev next >

Wrap

Internet Message Format | 1990-04-29 | 55.6 KB

Subject: v22i004: Utilities for auth2.1 server, Part02/03 Newsgroups: comp.sources.unix Approved: rsalz@uunet.UU.NET X-Checksum-Snefru: 582fbff6 16089939 01f37867 64bf5410 Submitted-by: Daniel J. Bernstein <brnstnd@acf10.nyu.edu> Posting-number: Volume 22, Issue 4 Archive-name: auth-utils/part02 #! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "sh <file", e.g.. If this archive is complete, you # will see the following message at the end: # "End of archive 2 (of 3)." # Contents: aport/README aport/checkaport.man aport/killaport.c # aport/killaport.man aport/listaport.c clients/README clients/inews # sendmail-auth/README servers/README servers/in.chargend # servers/services tam/README tam/TAM.doc tam/tamdel.c # Wrapped by rsalz@litchi.bbn.com on Mon Apr 30 16:18:46 1990 PATH=/bin:/usr/bin:/usr/ucb ; export PATH if test -f 'aport/README' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'aport/README'\" else echo shar: Extracting \"'aport/README'\" $1647 characters$ sed "s/^X//" >'aport/README' <<'END_OF_FILE' Xaport - the aport utilites, version 1.0 X XThese programs work closely with the authentication directory structure Xto provide termination, status, and recovery facilities. Future versions Xof these programs will probably be incorporated into the auth package. X Xkillaport version 1.0, April 23, 1990. XCopyright (c) 1990, Daniel J. Bernstein. XAll rights reserved. X Xlistaport version 1.0, April 23, 1990. XCopyright (c) 1990, Daniel J. Bernstein. XAll rights reserved. X Xcheckaport version 1.0, April 23, 1990. XCopyright (c) 1990, Daniel J. Bernstein. XAll rights reserved. X XFiles: XCHANGES Description of changes since first distributed version XREADME This document XMakefile Installation commands Xkillaport.c The killaport program Xlistaport.c The listaport program Xcheckaport.c The checkaport program Xkillaport.man Documentation Xlistaport.man Documentation Xcheckaport.man Documentation Xdjberr.h Error macros X XEdit the options in Makefile and type make. killaport, listaport, and Xcheckaport will be the executable programs; killaport.1, listaport.1, Xand checkaport.1 will be the nroff'ed documentation. X Xkillaport and listaport must be setuid auth like authtcp and attachport. Xcheckaport is an experimental equivalent of fsck for the authentication Xdirectory; it should not be setuid auth, though it should run as auth or Xroot periodically by hand or from cron. X XI don't pretend to know your machine's setup so there's no make install. X XRead CHANGES for a list of changes. Type killaport -C and killaport -W Xfor copyright and warranty information, killaport -H for help. Similarly Xfor listaport and checkaport. END_OF_FILE if test 1647 -ne `wc -c <'aport/README'`; then echo shar: \"'aport/README'\" unpacked with wrong size! fi # end of 'aport/README' fi if test -f 'aport/checkaport.man' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'aport/checkaport.man'\" else echo shar: Extracting \"'aport/checkaport.man'\" $1734 characters$ sed "s/^X//" >'aport/checkaport.man' <<'END_OF_FILE' X.TH checkaport 8 X.SH NAME Xcheckaport \- clean up authentication directory, checking security X.SH SYNTAX Xcheckaport X[ X\fB\-ACHUVW\fI X] X.SH DESCRIPTION X.I checkaport Xwades through the Xauthentication directory, Xchecking for possible security breaches, Xannouncing warnings on stderr, Xand generally cleaning up. XIt may be run periodically Xby hand or from X.I cron. X.PP XNormally X.I checkaport Xwill run almost instantaneously Xand produce no output. XIf something strange has happened or your X.I rc.local Xfailed to clean up the authentication directory Xupon reboot, X.I checkaport Xmay give some warnings and Xdelete some outdated authentication files. XIn general you'll have to run X.I checkaport Xmore than once to clean up after major shocks. X.PP XOccasionally X.I checkaport Xmay announce a possible violation of security X(denial of service). XUsually the ILR user listed is responsible for the breach, Xbut you have to understand the authentication directory structure Xbefore you can be sure about this. X.PP XOptions X.B ACHUVW Xprint the authorship notice, Xcopyright notice, Xhelp notice, Xshort usage summary, Xversion number, Xand warranty information respectively. X.SH FILES X/usr/etc/auth/tcp XAuthentication directory X.SH DIAGNOSTICS XToo many to list; Xlater versions will have different diagnostics. XRead the source code. X.SH BUGS XNone known. X.SH MACHINES X.I checkaport Xhas been partially tested Xon an Astronautics ZS-2 running ZSUnix. XLike all other failure recovery systems, Xit's difficult to test thoroughly. XIf you have any luck with it or Xsuggestions for improvements, let the Xauthor know. X.SH VERSION Xcheckaport version 1.0, dated April 23, 1990. X.SH AUTHOR XCopyright 1990, Daniel J. Bernstein. X.SH "SEE ALSO" Xattachport(1), Xauthtcp(1), Xauthd(8) END_OF_FILE if test 1734 -ne `wc -c <'aport/checkaport.man'`; then echo shar: \"'aport/checkaport.man'\" unpacked with wrong size! fi # end of 'aport/checkaport.man' fi if test -f 'aport/killaport.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'aport/killaport.c'\" else echo shar: Extracting \"'aport/killaport.c'\" $5949 characters$ sed "s/^X//" >'aport/killaport.c' <<'END_OF_FILE' X/* Xkillaport.c: kill an attachport X*/ X X/* WARNING! killaport is probably setuid auth! */ X/* All setuid programs are dangerous! Check them carefully! */ X Xstatic char killaportauthor[] = X"killaport was written by Daniel J. Bernstein.\n\ XInternet address: brnstnd@acf10.nyu.edu.\n"; X Xstatic char killaportversion[] = X"killaport version 1.0, April 23, 1990.\n\ XCopyright (c) 1990, Daniel J. Bernstein.\n\ XAll rights reserved.\n"; X Xstatic char killaportcopyright[] = X"killaport version 1.0, April 23, 1990.\n\ XCopyright (c) 1990, Daniel J. Bernstein.\n\ XAll rights reserved.\n\ X\n\ XUntil January 1, 1995, you are granted the following rights: A. To make\n\ Xcopies of this work in original form, so long as (1) the copies are exact\n\ Xand complete; (2) the copies include the copyright notice, this paragraph,\n\ Xand the disclaimer of warranty in their entirety. B. To distribute this\n\ Xwork, or copies made under the provisions above, so long as (1) this is\n\ Xthe original work and not a derivative form; (2) you do not charge a fee\n\ Xfor copying or for distribution; (3) you ensure that the distributed form\n\ Xincludes the copyright notice, this paragraph, and the disclaimer of\n\ Xwarranty in their entirety. These rights are temporary and revocable upon\n\ Xwritten, oral, or other notice by Daniel J. Bernstein. These rights are\n\ Xautomatically revoked on January 1, 1995. This copyright notice shall be\n\ Xgoverned by the laws of the state of New York.\n\ X\n\ XIf you have questions about killaport or about this copyright notice,\n\ Xor if you would like additional rights beyond those granted above,\n\ Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X Xstatic char killaportwarranty[] = X"To the extent permitted by applicable law, Daniel J. Bernstein disclaims\n\ Xall warranties, explicit or implied, including but not limited to the\n\ Ximplied warranties of merchantability and fitness for a particular purpose.\n\ XDaniel J. Bernstein is not and shall not be liable for any damages,\n\ Xincidental or consequential, arising from the use of this program, even\n\ Xif you inform him of the possibility of such damages. This disclaimer\n\ Xshall be governed by the laws of the state of New York.\n\ X\n\ XIn other words, use this program at your own risk.\n\ X\n\ XIf you have questions about killaport or about this disclaimer of warranty,\n\ Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X Xstatic char killaportusage[] = X"Usage: killaport [ -ACHUVW ] port\n\ XHelp: killaport -H\n"; X Xstatic char killaporthelp[] = X"killaport kills an attachport you're running.\n\ X\n\ Xkillaport -A: print authorship notice\n\ Xkillaport -C: print copyright notice\n\ Xkillaport -H: print this notice\n\ Xkillaport -U: print short usage summary\n\ Xkillaport -V: print version number\n\ Xkillaport -W: print disclaimer of warranty\n\ X\n\ Xkillaport port: kill, kill, kill!\n\ X\n\ XIf you have questions about or suggestions for killaport, please feel free\n\ Xto contact the author, Daniel J. Bernstein, at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X X#include <sys/types.h> X#include <netinet/in.h> X#include <sys/file.h> X#ifdef BSD X#include <limits.h> X#endif X#include <stdio.h> X#include <netdb.h> X#include <signal.h> X#include <errno.h> Xextern int errno; X#include <pwd.h> Xextern int getopt(); Xextern char *optarg; /* these should be in getopt.h! */ Xextern int optind; X#include "djberr.h" X X#ifndef AUTHDIR X#define AUTHDIR "/usr/etc/auth" X#endif X Xmain(argc,argv,envp) Xint argc; Xchar *argv[]; Xchar *envp[]; X{ X int opt; X int uid = getuid(); X int euid = geteuid(); X int fd; X char buf[32]; /* same length as in attachport */ X int r; X struct passwd *pw; X char username[10]; X int pid; X unsigned short port; X struct servent *se; X X /* WARNING! We are probably running setuid auth! */ X X while ((opt = getopt(argc,argv,"ACHUVW")) != EOF) X switch(opt) X { X case 'A': (void) err(killaportauthor); exit(1); X case 'C': (void) err(killaportcopyright); exit(1); X case 'H': (void) err(killaporthelp); exit(1); X case 'U': (void) err(killaportusage); exit(1); X case 'V': (void) err(killaportversion); exit(1); X case 'W': (void) err(killaportwarranty); exit(1); X case '?': (void) err(killaportusage); exit(1); X } X argv += optind, argc -= optind; X X if (!*argv) X { X (void) err(killaportusage); X exit(1); X } X if (sscanf(*argv,"%hd",&port) < 1) X if (!(se = getservbyname(*argv,"tcp"))) X { X (void) err(killaportusage); X exit(1); X } X else X port = ntohs(se->s_port); /* inconsistency alert! s_port is int! */ X X if (!(pw = getpwuid(uid))) X { X (void) errn("killaport: fatal: who are you?"); X exit(4); X } X X if ((chdir(AUTHDIR) == -1) || chdir("tcp") == -1) X { X perrn2("killaport: fatal: cannot change to directory %s/tcp",AUTHDIR); X exit(2); X } X X (void) sprintf(buf,"lock.%u",port); X X if (((fd = open(buf,O_RDONLY)) == -1) || (flock(fd,LOCK_EX) == -1)) X { X perrn2("killaport: fatal: cannot open lock file lock.%u",port); X exit(5); X } X if ((r = read(fd,buf,31)) <= 0) X { X errn2("killaport: fatal: cannot read lock file lock.%u",port); X exit(6); X } X buf[r] = '\0'; X if (buf[0] == '!') X { X errn2("killaport: fatal: corrupted lock file lock.%u",port); X exit(7); X } X if (sscanf(buf,"%d-%s",&pid,username) < 2) X { X errn2("killaport: fatal: port %u not owned by an attachport",port); X exit(8); X } X if (uid && strcmp(username,pw->pw_name)) X { X (void) X errn2("killaport: fatal: cannot kill port %u: Permission denied",port); X exit(9); X } X if (kill(pid,SIGTERM) == -1) X switch(errno) X { X case ESRCH: X (void) errn2("killaport: fatal: port %u in trauma",port); X exit(10); X default: X (void) errn2("killaport: weird: can't kill port %u attachport?",port); X exit(11); X } X (void) errn2("killaport: port %u killed,\ X will be free after last connection drops",port); X X (void) close(fd); X exit(0); X} END_OF_FILE if test 5949 -ne `wc -c <'aport/killaport.c'`; then echo shar: \"'aport/killaport.c'\" unpacked with wrong size! fi # end of 'aport/killaport.c' fi if test -f 'aport/killaport.man' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'aport/killaport.man'\" else echo shar: Extracting \"'aport/killaport.man'\" $2349 characters$ sed "s/^X//" >'aport/killaport.man' <<'END_OF_FILE' X.TH killaport 1 X.SH NAME Xkillaport \- manually kill an attachport X.SH SYNTAX Xkillaport X[ X\fB\-ACHUVW\fI X] Xport X.SH DESCRIPTION X.I killaport Xkills the X.I attachport Xserving Xconnections to Xthe given TCP X.I port, Xprovided you are Xthe owner of that X.I attachport Xand Xit is authenticated. X.PP X.I port Xcan be given as a name Xor number. X.PP XThe X.I attachport Xwon't actually die Xuntil all its children have exited. XIt will, however, wither away slowly, Xnot accepting any new connections on the port. X.PP XOptions X.B ACHUVW Xprint the authorship notice, Xcopyright notice, Xhelp notice, Xshort usage summary, Xversion number, Xand warranty information respectively. X.SH FILES X/usr/etc/auth/tcp XAuthentication directory X.SH "EXIT VALUE" X0 upon success; X1 for usage messages; X2 if X.I killaport Xcan't get into the authentication directory; X4 if you're not listed in your password file; X5 if nobody is authenticated on that port; X6 if the lock file is unreadable; X7 if the lock file is corrupted; X8 if the port is not an X.I attachport; X9 if the port belongs to someone else; X10 if the X.I attachport Xhas silently died; X11 if the X.I attachport Xis unkillable for some other reason. X.SH DIAGNOSTICS X.TP X.I cannot change to directory X.I killaport Xdoes not have access to the authentication directory. X.TP X.I who are you? XYou're not listed in your password file. X.TP X.I cannot open lock file XThere are no authenticated utilities running on that port. X.TP X.I cannot read lock file XShouldn't happen. X.TP X.I corrupted lock file XSomeone has attempted to breach X.I attachport Xsecurity on this port. XReport this condition to your system administrator. X.TP X.I port not owned by an attachport XProbably an X.I authtcp Xis running on that port. X.TP X.I cannot kill port XThe X.I attachport Xbelongs to somebody else. X.TP X.I port in trauma XProbably the machine crashed Xand your machine's boot sequence Xdoesn't clear old authentications. X.TP X.I can't kill attachport? XThis shouldn't happen. X.TP X.I port killed XSuccess. X.SH RESTRICTIONS XThere's no way for anyone except root Xto kill an attachport started with X.B\-X Xand without X.B\-0. X.SH BUGS XNone known. X.SH MACHINES X.I killaport Xhas been tested Xon an Astronautics ZS-2 running ZSUnix. X.SH VERSION Xkillaport version 1.0, dated 4/23/90. X.SH AUTHOR XCopyright 1990, Daniel J. Bernstein. X.SH "SEE ALSO" Xattachport(1), Xlistaport(1), Xcheckaport(8) END_OF_FILE if test 2349 -ne `wc -c <'aport/killaport.man'`; then echo shar: \"'aport/killaport.man'\" unpacked with wrong size! fi # end of 'aport/killaport.man' fi if test -f 'aport/listaport.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'aport/listaport.c'\" else echo shar: Extracting \"'aport/listaport.c'\" $5387 characters$ sed "s/^X//" >'aport/listaport.c' <<'END_OF_FILE' X/* Xlistaport.c: list current attachports X*/ X X/* WARNING! listaport is probably setuid auth! */ X/* All setuid programs are dangerous! Check them carefully! */ X Xstatic char listaportauthor[] = X"listaport was written by Daniel J. Bernstein.\n\ XInternet address: brnstnd@acf10.nyu.edu.\n"; X Xstatic char listaportversion[] = X"listaport version 1.0, April 23, 1990.\n\ XCopyright (c) 1990, Daniel J. Bernstein.\n\ XAll rights reserved.\n"; X Xstatic char listaportcopyright[] = X"listaport version 1.0, April 23, 1990.\n\ XCopyright (c) 1990, Daniel J. Bernstein.\n\ XAll rights reserved.\n\ X\n\ XUntil January 1, 1995, you are granted the following rights: A. To make\n\ Xcopies of this work in original form, so long as (1) the copies are exact\n\ Xand complete; (2) the copies include the copyright notice, this paragraph,\n\ Xand the disclaimer of warranty in their entirety. B. To distribute this\n\ Xwork, or copies made under the provisions above, so long as (1) this is\n\ Xthe original work and not a derivative form; (2) you do not charge a fee\n\ Xfor copying or for distribution; (3) you ensure that the distributed form\n\ Xincludes the copyright notice, this paragraph, and the disclaimer of\n\ Xwarranty in their entirety. These rights are temporary and revocable upon\n\ Xwritten, oral, or other notice by Daniel J. Bernstein. These rights are\n\ Xautomatically revoked on January 1, 1995. This copyright notice shall be\n\ Xgoverned by the laws of the state of New York.\n\ X\n\ XIf you have questions about listaport or about this copyright notice,\n\ Xor if you would like additional rights beyond those granted above,\n\ Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X Xstatic char listaportwarranty[] = X"To the extent permitted by applicable law, Daniel J. Bernstein disclaims\n\ Xall warranties, explicit or implied, including but not limited to the\n\ Ximplied warranties of merchantability and fitness for a particular purpose.\n\ XDaniel J. Bernstein is not and shall not be liable for any damages,\n\ Xincidental or consequential, arising from the use of this program, even\n\ Xif you inform him of the possibility of such damages. This disclaimer\n\ Xshall be governed by the laws of the state of New York.\n\ X\n\ XIn other words, use this program at your own risk.\n\ X\n\ XIf you have questions about listaport or about this disclaimer of warranty,\n\ Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X Xstatic char listaportusage[] = X"Usage: listaport [ -ACHUVW ] \n\ XHelp: listaport -H\n"; X Xstatic char listaporthelp[] = X"listaport lists all attachports you're running.\n\ X\n\ Xlistaport -A: print authorship notice\n\ Xlistaport -C: print copyright notice\n\ Xlistaport -H: print this notice\n\ Xlistaport -U: print short usage summary\n\ Xlistaport -V: print version number\n\ Xlistaport -W: print disclaimer of warranty\n\ X\n\ Xlistaport: list ports\n\ X\n\ XIf you have questions about or suggestions for listaport, please feel free\n\ Xto contact the author, Daniel J. Bernstein, at brnstnd@acf10.nyu.edu\n\ Xon the Internet.\n"; X X#include <sys/types.h> X#include <sys/dir.h> X#include <sys/file.h> X#ifdef BSD X#include <limits.h> X#endif X#include <stdio.h> X#include <pwd.h> Xextern int getopt(); Xextern char *optarg; /* these should be in getopt.h! */ Xextern int optind; X#include "djberr.h" X X#ifndef AUTHDIR X#define AUTHDIR "/usr/etc/auth" X#endif X Xmain(argc,argv,envp) Xint argc; Xchar *argv[]; Xchar *envp[]; X{ X int opt; X int uid = getuid(); X int euid = geteuid(); X DIR *dirp; X struct direct *dp; X int fd; X char buf[32]; /* same length as in attachport */ X int r; X struct passwd *pw; X char username[10]; X int pid; X unsigned short port; X X /* WARNING! We are probably running setuid auth! */ X X while ((opt = getopt(argc,argv,"ACHUVW")) != EOF) X switch(opt) X { X case 'A': (void) err(listaportauthor); exit(1); X case 'C': (void) err(listaportcopyright); exit(1); X case 'H': (void) err(listaporthelp); exit(1); X case 'U': (void) err(listaportusage); exit(1); X case 'V': (void) err(listaportversion); exit(1); X case 'W': (void) err(listaportwarranty); exit(1); X case '?': (void) err(listaportusage); exit(1); X } X argv += optind, argc -= optind; X X if (!(pw = getpwuid(uid))) X { X (void) errn("listaport: fatal: who are you?"); X exit(4); X } X X if ((chdir(AUTHDIR) == -1) || chdir("tcp") == -1) X { X perrn2("listaport: fatal: cannot change to directory %s/tcp",AUTHDIR); X exit(2); X } X X if (!(dirp = opendir("."))) X { X perrn2("listaport: fatal: cannot read directory %s/tcp",AUTHDIR); X exit(3); X } X X while (dp = readdir(dirp)) X { X if (sscanf(dp->d_name,"lock.%hd",&port) < 1) X continue; /* fine, skip the file */ X if (((fd = open(dp->d_name,O_RDONLY)) == -1) || (flock(fd,LOCK_EX)) == -1) X { perrn2("listaport: warning: cannot open lock file %s",dp->d_name); } X if ((r = read(fd,buf,31)) <= 0) X { perrn2("listaport: warning: cannot read lock file %s",dp->d_name); } X (void) close(fd); X buf[r] = '\0'; X if (buf[0] == '!') X { perrn2("listaport: warning: corrupted lock file %s",dp->d_name); } X if (sscanf(buf,"%d-%s",&pid,username) < 2) X continue; /* fine, we just don't recognize this lock file's format */ X if (!uid || !strcmp(username,pw->pw_name)) X printf("user %s port %u pid %d\n",username,port,pid); X } X X (void) closedir(dirp); X X exit(0); X} END_OF_FILE if test 5387 -ne `wc -c <'aport/listaport.c'`; then echo shar: \"'aport/listaport.c'\" unpacked with wrong size! fi # end of 'aport/listaport.c' fi if test -f 'clients/README' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'clients/README'\" else echo shar: Extracting \"'clients/README'\" $2230 characters$ sed "s/^X//" >'clients/README' <<'END_OF_FILE' Xclients version 1.0, April 20, 1990. X Xdate@ - print the date on another host Xfinger@ - finger someone on another host Xwho@ - print who is on another host Xmconnect - connect to a mail (SMTP) server Xnconnect - connect to a news (NNTP) server Xechoconnect - connect to an echo server Xnullconnect - connect to a discard server Xinews - a really trivial ihave-based mini-inews X XThese shell scripts illustrate how easily clients for standard Internet XTCP ports can be set up with authtcp. X Xdate@ version 1.0, April 20, 1990. Xfinger@ version 1.0, April 20, 1990. Xwho@ version 1.0, April 20, 1990. Xmconnect version 1.0, April 20, 1990. Xnconnect version 1.0, April 20, 1990. Xechoconnect version 1.0, April 20, 1990. Xnullconnect version 1.0, April 20, 1990. Xinews version 1.0, April 20, 1990. XPlaced into public domain by Daniel J. Bernstein. X XFiles: XCHANGES Description of changes since first distributed version XREADME This document XMakefile Installation commands Xdate@ date@ shell script Xfinger@ finger@ shell script Xwho@ who@ shell script Xmconnect mconnect shell script Xnconnect nconnect shell script Xechoconnect echoconnect shell script Xnullconnect nullconnect shell script Xinews trivial inews shell script Xdate@.man date@ documentation Xfinger@.man finger@ documentation Xwho@.man who@ documentation Xmconnect.man mconnect documentation Xnconnect.man nconnect documentation Xechoconnect.man echoconnect documentation Xnullconnect.man nullconnect documentation X XEdit the options in Makefile and type make. date@, finger@, who@, Xmconnect, nconnect, echoconnect, nullconnect, and inews are executable Xshell scripts; date@.1, finger@.1, who@.1, mconnect.1, nconnect.1, Xechoconnect.1, and nullconnect.1 will be the nroff'ed documentation. X XSorry, no documentation for the trivial inews shell script. If you want Xto help support authenticated news and need a quick 'n' easy replacement Xfor the standard mini-inews, look at this version. X XYou must have authtcp installed before using any of these programs. You Xmust have multitee installed before using most of them. X XI don't pretend to know your machine's setup so there's no make install. END_OF_FILE if test 2230 -ne `wc -c <'clients/README'`; then echo shar: \"'clients/README'\" unpacked with wrong size! fi # end of 'clients/README' fi if test -f 'clients/inews' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'clients/inews'\" else echo shar: Extracting \"'clients/inews'\" $2319 characters$ sed "s/^X//" >'clients/inews' <<'END_OF_FILE' X#!/bin/sh X# trivial inews version 1.0, 4/20/90. X# Placed into the public domain by Daniel J. Bernstein. X# X# Note that this inews sticks around waiting for the connection, then X# repeats to the user everything the NNTP server says. X# X# Constants. X# XHOST=your.fully.qualified.domain.name.goes.here XSERVER=address.of.your.server XLOGDIR=/tmp/tin.log # drwxrwxrwt X# X# Set up temp fds. X# Xexec 4>/tmp/tin1.$$ 5</tmp/tin1.$$ Xexec 8>/tmp/tin2.$$ 9</tmp/tin2.$$ Xrm /tmp/tin1.$$ /tmp/tin2.$$ Xif cat >&4 Xthen X # X # Make sure we're not duplicating Date, Message-ID, Sender. X # Also check From, Path. X # X date="`multitee 5:1,8 | sed '/^$/q' | grep Date:`"; rewind 4;rewind 5 X mess="`multitee 9:1,4 | sed '/^$/q' | grep Message-ID:`";rewind 8;rewind 9 X path="`multitee 5:1,8 | sed '/^$/q' | grep Path:`"; rewind 4;rewind 5 X from="`multitee 9:1,4 | sed '/^$/q' | grep From:`"; rewind 8;rewind 9 X sender="`multitee 5:1,8 | sed '/^$/q' | grep Sender:`"; rewind 4;rewind 5 X if [ x"$date" != x ] X then echo 'inews: must not specify Date'; exit 1; X fi X if [ x"$mess" != x ] X then echo 'inews: must not specify Message-ID'; exit 1 X fi X if [ x"$sender" != x ] X then echo 'inews: must not specify Sender'; exit 1 X fi X # X # Add Path, From/Sender, Message-ID, Date. X # The Message-ID generated below is both unique and descriptive. X # X now=`date -u` X mid=$$:`echo "$now" | colrm 1 4 | colrm 17 22 | tr -d ' '` X bmidhb="<$mid@$HOST>" # used at the bottom! watch out! X date="Date: $now" X mess="Message-ID: $bmidhb" X newpath="Path: $HOST!$USER" X sender="$USER@$HOST" X if [ x"$path" = x ] X then echo "$newpath" >&4 X fi X if [ x"$from" != x ] X then sendhdr=Sender X else sendhdr=From X fi X export sender X pattern="`printenv sender | sed 's-$[\.\*\[\\\^\$\/]$-\\\\\1-g'`" X # A shame fgrep doesn't split -x into match-at-front and match-at-end. X if [ x"$sender" != x"$from" ] X then if echo x"$from" | sed "/^xFrom: $pattern /d" | grep -s . X then echo "$sendhdr: $sender" >&4 X fi X fi X echo "$mess" >&4 X echo "$date" >&4 X # X # Put it all together and send along X # X cat <&9 >&4 X ( echo "ihave $bmidhb"; X tee -a "$LOGDIR/$mid" <&5 | sed 's/^\.$/. /'; X echo .; echo quit; echo '' X ) | addcr | ( authtcp -R "$SERVER" nntp \ X multitee 0:6 6:1 4>&- 5<&- 8>&- 9<&- ) | delcr Xfi END_OF_FILE if test 2319 -ne `wc -c <'clients/inews'`; then echo shar: \"'clients/inews'\" unpacked with wrong size! fi chmod +x 'clients/inews' # end of 'clients/inews' fi if test -f 'sendmail-auth/README' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'sendmail-auth/README'\" else echo shar: Extracting \"'sendmail-auth/README'\" $5968 characters$ sed "s/^X//" >'sendmail-auth/README' <<'END_OF_FILE' Xsendmail-auth version 1.0, April 23, 1990. X Xsendmail is not particularly configurable, but by following the Xinstructions here you can have it generate an audit trail for all Xincoming messages. There's nothing you can do about local mail without Xrecompiling sendmail, as its local security is easy to circumvent; but Xnetwork mail forgery can be stopped. X XPlaced into public domain by Daniel J. Bernstein. X XFiles: XCHANGES Description of changes since first distributed version XREADME This document Xcf.include Changes to make to /usr/lib/sendmail.cf Xrc.include Changes to make to /etc/rc.local Xin.maild Daemon to wrap around sendmail and log authentication Xout.mail Script for sending out authenticated mail X XYou must have authtcp, attachport, and multitee installed first. X X1. Glance at out.mail, which will handle mail going out to the network. X Copy it to /etc/out.mail, owner root, mode 755. X X2. Glance at in.maild, a sendmail wrapper that will log authentication. X Copy it to /etc/in.maild, owner root, mode 755. (Depending on your X feelings about security, you may want to hide in.maild inside another X directory so that users can't detect changes to it.) X X3. Touch /usr/adm/in.mail.log, owner root, mode 644. This file will log X connections and sendmail invocations. To use a different file, change X the LOG= line at the top of in.maild. The log need not be readable, X but users can detect forgeries more easily if it is. (The information X can be collected in other ways anyway.) X X4. Compare rc.include to the sendmail startup lines in /etc/rc.local. X You want to remove the -bd from sendmail, so that it doesn't accept X SMTP connections on port 25; and put in a background attachport to X invoke /etc/in.maild for each incoming connection. Make sure you keep X sendmail -q30m (or whatever your queue run interval is) so that the X mail queue is dealt with periodically. X X5. Make a backup copy of /usr/lib/sendmail.cf. Find the standard network X mailer in /usr/lib/sendmail.cf; here it's tcp, specified on a line X starting with Mtcp, as illustrated in cf.include. You want to replace X the P=[IPC] with P=/etc/out.mail and A=IPC $h with A=out.mail $h. In X fact, it may be a good idea to use scripts for all mailers in this X fashion; that way you don't have to worry about constantly changing X sendmail.cf. X X6. ``Freeze'' /usr/lib/sendmail.cf into /usr/lib/sendmail.fc by running X /usr/lib/sendmail -bz. X X7. That's it! After your next reboot, all outgoing mail will go through X /etc/out.mail, and all incoming mail (through the network, anyway) X will go through /etc/in.maild with authentication logged. X X If you don't want to wait for a reboot, you might try waiting for the X current sendmail -bd to go idle, stopping it, checking that the mail X queue directory has no lock files (/usr/spool/mqueue/lf*), and X finally killing the sendmail. Then execute rc.include to start the X new daemons. This technique may not be safe; it's your machine. X X XWhat's the format of the log file? Under the current in.maild, each Xincoming connection generates a timestamp, authentication record in the Xform provided by attachport (e.g., brnstnd@128.122.128.22), and process Xid. A record is generated when sendmail starts and when it finishes; the Xsecond timestamp includes a final pid. This is often enough information Xfor users to figure out the source (or, in case of local forgeries, lack Xof source) of messages. X XUnfortunately, sendmail forks to deliver messages. The log file could Xlog the sendmail pid, but this wouldn't necessarily reflect the id added Xto messages. If two connections arrive from the same machine at the same Xtime, you can't prove by pids alone which messages were delivered from Xwhich connection. If this is a problem, add extra logging to in.maild; Xyou could, for example, log the output of the server, which will contain Xacknowledgments of senders and receivers. (Don't do this if your Xsendmail supports TURN!) A better solution would be to parse the input Xand checksum the messages with, say, Merkle's Snefru. Then again, if you Xcan do that, you might as well just add the authentication information Xto the top of the message. 'Nuff said. X XIf your log file grows rapidly you may want to rotate it and delete or Xarchive week-old logs. Check /usr/adm/daily for the messages and syslog Xrotation. X XBy changing in.maild's sleep 5 to an exit, you can simply drop all Xunauthenticated connections. Dropped connections also won't generate a Xlog file entry. Until most of the Internet adopts the Authentication XServer, this probably isn't a good idea. X X XHow should you use sendmail-auth in the real world? Good question. At a Xuniversity or other hostile environment, merely announcing the existence Xof audit trails is probably more than enough to stop forgeries. However, Xa message routed through a host not supporting authentication can't be Xtraced, and there's no easy way to warn the user reading a message that Xthe message might not be for real. Until a better mail system arrives, Xit may be worth the effort to design a protocol for remotely querying a Xsystem's logs. If anyone has any ideas on how to get the authentication Xinformation to the user without any hassle, let Dan Bernstein know at Xbrnstnd@acf10.nyu.edu. X X XCaveats? The biggest difference users will notice is that direct Xaddresses can no longer be specified as, e.g., brnstnd@[128.122.128.22], Xbecause authtcp doesn't understand the brackets. Instead, they must be Xspecified as brnstnd@128.122.128.22. If you really care, you can set up Xa rewriting rule to help the users who just can't remember to leave off Xthe brackets. X XAs sendmail doesn't have particularly straightforward mailer interfaces, Xout.mail doesn't communicate the different types of authtcp failures to Xsendmail. It simply pretends authtcp's error messages are SMTP errors Xreturned by the remote host, then drops the (non-)connection. END_OF_FILE if test 5968 -ne `wc -c <'sendmail-auth/README'`; then echo shar: \"'sendmail-auth/README'\" unpacked with wrong size! fi # end of 'sendmail-auth/README' fi if test -f 'servers/README' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'servers/README'\" else echo shar: Extracting \"'servers/README'\" $4778 characters$ sed "s/^X//" >'servers/README' <<'END_OF_FILE' Xservers package version 1.0, April 20, 1990. X XThese shell scripts illustrate how easily servers for standard Internet XTCP ports can be set up with attachport. X Xin.chargend version 1.0, April 20, 1990. Xin.daytimed version 1.0, April 20, 1990. Xin.echod version 1.0, April 20, 1990. Xin.fingerd version 1.0, April 20, 1990. Xin.nulld version 1.0, April 20, 1990. Xin.usersd version 1.0, April 20, 1990. Xout.finger version 1.0, April 20, 1990. Xstartservers version 1.0, April 20, 1990. XPlaced into public domain by Daniel J. Bernstein. X XFiles: XCHANGES Description of changes since first distributed version XREADME This document Xin.chargend Shell script serving chargen connections Xin.daytimed Shell script serving daytime connections Xin.echod Shell script serving echo connections Xin.fingerd Shell script serving finger connections Xin.nulld Shell script serving discard connections Xin.usersd Shell script serving users connections Xout.finger out.finger shell script Xout.fingerlocal out.fingerlocal shell script Xout.fingernet out.fingernet shell script Xrc.include Suggested additions to /etc/rc.local Xservices Neatly arranged /etc/services service list Xstartservers /etc/startservers, illustrating attachport X XThese scripts are not for general use other than as illustrations, so Xthere's no man page or Makefile. Here's how you use the scripts: X X1. Make sure your /etc/services includes the name of every service X you're going to set up. You may want to replace your /etc/services X with the services file here, moving specialized servers to the end. X X2. Make sure you have attachport installed and working. Also get addcr X and authinit. X X3. If you want to run servers as any userid other than root (you do), X make sure you have setuid installed and working. X X4. Copy startservers to /etc/startservers, owner root, mode 700. Check X that the servers and userids listed are appropriate for your system X and that the path names are correct. (You don't really need path X names, but it's traditional to include them in startup scripts.) X X -R means ``don't bother authenticating the remote end''; -X means X ``don't authenticate us locally.'' -r and -x are the defaults. X -X is convenient and might save you a few seconds of CPU time every X year; but it doesn't let the remote end know who you are. (This is X not really a problem for standard servers.) -R will actually save a X bit of real time in setting up the connection, especially over slow X links. However, don't give -R to any server program that understands X (or may in a later incarnation want to understand) the PROTO/REMOTE X convention for identifying the remote user. X X It is extremely stupid to specify -r for connections to port 113. X -R is the default in this case, though it isn't forced. X X5. Before you set up in.fingerd, you have to set up out.finger somewhere X accessible. out.finger will receive a single argument (unless you X change in.fingerd) and should print finger information suitable for X remote consumption. The out.finger version provided here handles X remote fingering even if your local finger program doesn't. X X6. Copy in.*d to /etc. Make sure the protections are appropriate. Check X through the daemons to make sure you like what they're doing before X you set them up. Don't you dare laugh at in.chargend. X X7. If you want to specify full pathnames in the server shell scripts, X do so now. X X8. Check that rc.include is appropriate for inclusion in your boot X sequence. You may want to redirect startservers' output to a log X file, say /etc/startservers.log, rather than the system console. X X9. Add rc.include into /etc/rc.local. Remove the obsoleted servers X from /etc/inetd.conf. kill -HUP the inetd process so that it will X use the new inetd.conf. Wait a little while for the old server X bindings to disappear. Finally, manually run startservers, and X exercise your new servers. X XAfter you're done with installation, move your old, buggy, insecure, Xobsolete servers (like /etc/fingerd) to some out-of-the way place so Xthat nobody accidentally uses them. Also send a note to Dan Bernstein, Xbrnstnd@acf10.nyu.edu, letting him know about your experiences with auth Xand authutil. X X XOver time you can experiment with your servers. As authentication gains Xpopularity, you may want to restrict server use to specific remote users Xor specific hosts. You could, for example, disallow unauthenticated Xfingering by adding X X if printenv REMOTE | grep -s '^@[^@]*$' X then exit 0 X fi X Xto the beginning of in.fingerd; you could then log the remote users, or Xeven tell local users who's finding out about them! The same technique Xmight be even more useful for recording network logins. END_OF_FILE if test 4778 -ne `wc -c <'servers/README'`; then echo shar: \"'servers/README'\" unpacked with wrong size! fi # end of 'servers/README' fi if test -f 'servers/in.chargend' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'servers/in.chargend'\" else echo shar: Extracting \"'servers/in.chargend'\" $7072 characters$ sed "s/^X//" >'servers/in.chargend' <<'END_OF_FILE' X#!/bin/sh X# in.chargend version 1.0, 4/20/90. X# Placed into the public domain by Daniel J. Bernstein. Xwhile : Xdo X cat << 'EOF' X !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg X!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh X"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi X#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij X$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk X%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl X&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm X'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn X()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno X)*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop X*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq X+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr X,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs X-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst X./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu X/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv X0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvw X123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx X23456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy X3456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz X456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{ X56789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{| X6789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} X789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ X89:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ X9:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ ! X:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !" X;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"# X<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$ X=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$% X>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%& X?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&' X@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'( XABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'() XBCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()* XCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+ XDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+, XEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,- XFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-. XGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./ XHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0 XIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./01 XJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./012 XKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123 XLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./01234 XMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./012345 XNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456 XOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./01234567 XPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./012345678 XQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789 XRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789: XSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:; XTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;< XUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<= XVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=> XWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>? XXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ XYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@A XZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@AB X[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABC X\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCD X]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDE X^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEF X_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFG X`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGH Xabcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHI Xbcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJ Xcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJK Xdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKL Xefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLM Xfghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN Xghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO Xhijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOP Xijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQ Xjklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR Xklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRS Xlmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRST Xmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTU Xnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV Xopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVW Xpqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX Xqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXY Xrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ Xstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[ Xtuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\ Xuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] Xvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^ Xwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ Xxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_` Xyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a Xz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ab X{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abc X|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcd X}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcde X~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef XEOF Xdone END_OF_FILE if test 7072 -ne `wc -c <'servers/in.chargend'`; then echo shar: \"'servers/in.chargend'\" unpacked with wrong size! fi chmod +x 'servers/in.chargend' # end of 'servers/in.chargend' fi if test -f 'servers/services' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'servers/services'\" else echo shar: Extracting \"'servers/services'\" $2001 characters$ sed "s/^X//" >'servers/services' <<'END_OF_FILE' X# Network service list, /etc/services, as used by getservbyname(3). X# Reorganized from the service list on a BSD-derived system. X# X# Official TCP servers installed and operating on this host. X# Xecho 7/tcp Xdiscard 9/tcp sink null Xsystat 11/tcp users Xdaytime 13/tcp Xchargen 19/tcp ttytst source Xftp 21/tcp Xtelnet 23/tcp Xsmtp 25/tcp mail Xtime 37/tcp timserver Xfinger 79/tcp Xauth 113/tcp authentication X# X# System-specific TCP servers installed and operating on this host. X# Xexec 512/tcp Xlogin 513/tcp Xuucp 540/tcp uucpd # uucp daemon 251 for masscomps Xshell 514/tcp cmd # no passwords used X# X# Official UDP servers installed and operating on this host. X# Xecho 7/udp Xdiscard 9/udp sink null Xdaytime 13/udp Xchargen 19/udp ttytst source Xtime 37/udp timserver X# X# System-specific UDP servers installed and operating on this host. X# Xbiff 512/udp comsat Xtalk 517/udp Xntalk 518/udp X# X# Other official TCP services. X# Xnetstat 15/tcp Xqotd 17/tcp quote Xnameserver 42/tcp name # IEN 116 Xwhois 43/tcp nicname Xdomain 53/tcp nameserver # name-domain server Xmtp 57/tcp # deprecated Xrje 77/tcp netrjs Xlink 87/tcp ttylink Xsupdup 95/tcp Xhostnames 101/tcp hostname # usually from sri-nic Xpop 109/tcp postoffice Xsunrpc 111/tcp Xsftp 115/tcp Xuucp-path 117/tcp Xnntp 119/tcp readnews untp # USENET News Transfer Protocol X# X# Other system-specific TCP services. X# Xprinter 515/tcp spooler # line printer spooler Xefs 520/tcp # for LucasFilm Xtempo 526/tcp newdate Xcourier 530/tcp rpc Xconference 531/tcp chat Xnetnews 532/tcp readnews Xremotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem Xrfile 562/tcp rfiled X# X# Other official UDP services. X# Xrlp 39/udp resource # resource location Xdomain 53/udp nameserver Xtftp 69/udp Xsunrpc 111/udp X# X# Other system-specific UDP services. X# Xwho 513/udp whod Xsyslog 514/udp Xroute 520/udp router routed Xtimed 525/udp timeserver Xnetwall 533/udp # -for emergency broadcasts X# X# Other services. X# END_OF_FILE if test 2001 -ne `wc -c <'servers/services'`; then echo shar: \"'servers/services'\" unpacked with wrong size! fi # end of 'servers/services' fi if test -f 'tam/README' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tam/README'\" else echo shar: Extracting \"'tam/README'\" $2567 characters$ sed "s/^X//" >'tam/README' <<'END_OF_FILE' Xtam package version 1.0, April 23, 1990. X XTAM - Trivial Authenticated Mail X Xtamd version 1.0, April 23, 1990. Xtamsetup version 1.0, April 23, 1990. Xtamprint version 1.0, April 23, 1990. Xtamdel version 1.0, April 23, 1990. Xtam2look version 1.0, April 23, 1990. Xtam2mail version 1.0, April 23, 1990. Xtamsend version 1.0, April 23, 1990. XPlaced into public domain by Daniel J. Bernstein. X XFiles: XCHANGES Description of changes since first distributed version XREADME This document XMakefile Installation commands Xrc.include Lines to include in /etc/rc.local Xservices.include Lines to include in /etc/services Xtamd The tam daemon shell script Xtamsetup.c The tamsetup program Xtamprint.c The tamprint program Xtamdel.c The tamdel program Xtam2look The tam2look shell script Xtam2mail The tam2mail shell script Xtamsend The tamsend shell script Xtamd.man Documentation Xtamdel.man Documentation Xtamprint.man Documentation Xtamsetup.man Documentation Xtamsend.man Documentation Xtam2look.man Documentation Xtam2mail.man Documentation XTAM.doc Description of the TAM protocol X XEdit the options in Makefile and type make. tamsetup, tamprint, and Xtamdel will be the executable programs; tamd, tam2look, tam2mail, and Xtamsend are executable shell scripts; tamdel.1, tamprint.1, tamsetup.1, Xtamsend.1, tam2look.1, tam2mail.1, and tamd.8 will be the nroff'ed Xdocumentation. X XYou must have authtcp, attachport, and multitee set up before using tam. X XTAM runs on standard port 209. You should add this into /etc/services as Xindicated in services.include. X XFor security, you should set up a new userid, tam. Uid tam should not Xpermit logins. Its encrypted password should be something impossible, Xlike an asterisk. Its shell should be /bin/true. Its home directory Xshould be /nonexistent. Its uid should be unique. X Xtamsetup, tamprint, and tamdel should be setuid tam; check the source Xcarefully for security holes! You also need a directory /usr/spool/tam, Xowner tam, group irrelevant, mode 0700. If you want to use a different Xdirectory, you must change TAMDIR in the Makefile and in the shell Xscripts. X Xtamd should be set up under attachport(1) or inetd(8) to receive Xconnections on TCP port 209. It should not be setuid tam---no scripts Xshould ever be setuid anything!---though it will always run as tam. X XMake sure you put your domain into tamsend. X XI don't pretend to know your machine's setup so there's no make install. X XRead TAM.doc for a first draft of the TAM protocol. END_OF_FILE if test 2567 -ne `wc -c <'tam/README'`; then echo shar: \"'tam/README'\" unpacked with wrong size! fi # end of 'tam/README' fi if test -f 'tam/TAM.doc' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tam/TAM.doc'\" else echo shar: Extracting \"'tam/TAM.doc'\" $3026 characters$ sed "s/^X//" >'tam/TAM.doc' <<'END_OF_FILE' XTAM: Trivial Authenticated Mail protocol X XThe TAM server on a host listens on the TAM TCP port for connections. X XThe TAM client on a host connects to the TAM TCP port on that or another Xhost. It prints a single line (the ``user line'') consisting of a string X(the ``user'') followed by a linefeed (not cr-lf). The user is meant as Xa user on the server's host who has set up a TAMbox for receiving mail, Xthough it can be interpreted in any way. User lines beginning with + are Xreserved for future assigned meanings. X XThe server prints a single line in response, consisting of either just a Xlinefeed (not cr-lf) for success or one or more characters followed by a Xlinefeed (not cr-lf) for an error. Some suggested errors are as follows: X TAM ERROR: username: No such user XThis might mean that the server doesn't have a TAMbox for that user. X TAM ERROR: Unauthenticated XThis might mean that the server is unable to authenticate the client Xwith the Authentication Server as specified in RFC 931. A host that does Xnot support RFC 931 is at this time considered incompetent to use TAM, Xthough particular TAM servers may use methods other than RFC 931 for Xverifying the source of the message. X XError lines beginning with + are reserved for future assigned meanings. XIn any case, either side may cut off the connection any time after an Xerror (though + error lines may specify different behavior). X XIf the client sees a blank line from the server, it sends any text in Xany form, then closes the connection. The server may dispose of the text X(the ``message'') any way it wants, subject to any constraints specified Xfor user lines beginning with +. Note that such constraints may include Xconstraints on the form of the received message. Typically the server is Xexpected to deliver the message to the user named in the user line, or, Xif that isn't possible, to somehow bring the undelivered message to the Xattention of a human. X XThe server is expected to cut off the connection before the client does Xonly to conserve resources. (This can justify cutting off apparently Xdead connections, overly long messages, etc.) The client should treat Xthis as an error. X XThe client is expected to send the message as soon and as quickly as Xpossible after the server sends a blank error line. X XThe TAM TCP port is 209. X XExample of TAM conversation: Client is user brnstnd running on host Xkramden.acf.nyu.edu. Server is on host stealth.acf.nyu.edu. Client sets Xup a locally authenticated connection to server. Server checks client's Xauthentication, finds brnstnd@128.122.142.2. X X C: root\n (\n means linefeed. Client wants to send TAM to root.) X S: \n (empty line in response, means ``go ahead'') X C: Sent-From: brnstnd@kramden.acf.nyu.edu\n X Sent-To: root@stealth, brnstnd\n X Subject: wow, TAM works\n X \n X I'm impressed! After all, it's sooooooo complicated!\n X (and so on, free-form text to deliver) X XThe server records the message in root's TAMbox, along with the date and Xauthentication information. END_OF_FILE if test 3026 -ne `wc -c <'tam/TAM.doc'`; then echo shar: \"'tam/TAM.doc'\" unpacked with wrong size! fi # end of 'tam/TAM.doc' fi if test -f 'tam/tamdel.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tam/tamdel.c'\" else echo shar: Extracting \"'tam/tamdel.c'\" $1512 characters$ sed "s/^X//" >'tam/tamdel.c' <<'END_OF_FILE' X/* tamdel version 1.0, 4/23/90. */ X X#include <stdio.h> X#include <sys/file.h> X#ifdef BSD X#include <limits.h> X#endif X#include <pwd.h> X X#ifndef TAMDIR X#define TAMDIR "/usr/spool/tam" X#endif X X#ifndef BUFSIZ X#define BUFSIZ 1024 X#endif X Xmain() X{ X struct passwd *pw; X char path[sizeof(TAMDIR) + 11]; X char pathnew[sizeof(TAMDIR) + 16]; X int fd; X int fdnew; X char buf[BUFSIZ]; X int r; X X if (!(pw = getpwuid(getuid()))) X { X fprintf(stderr,"tamdel: fatal: who are you?\n"); X exit(1); X } X (void) sprintf(path,"%s/%s",TAMDIR,pw->pw_name); X if ((fd = open(path,O_RDONLY)) == -1) X { X perror("tamdel: fatal: can't read tam spool file"); X exit(2); X } X if (flock(fd,LOCK_EX) == -1) X { X perror("tamdel: fatal: can't lock tam spool file"); X exit(3); X } X X while ((r = read(fd,buf,sizeof(buf))) > 0) X if (write(1,buf,r) < r) X { X /* This may happen, incorrectly, if the output is nonblocking. */ X /* We assume the usual convention that you never pass nonblocking fds. */ X perror("tamdel: fatal: write error"); X exit(5); X } X if (r < 0) X { X perror("tamdel: fatal: read error"); X exit(4); X } X else X { X (void) sprintf(pathnew,"%s/%s.new!",TAMDIR,pw->pw_name); X if ((fdnew = open(pathnew,O_WRONLY | O_CREAT | O_EXCL,0600)) == -1) X { X perror("tamdel: fatal: can't create new tam spool file"); X exit(6); X } X if (rename(pathnew,path) == -1) X { X perror("tamdel: fatal: can't recreate tam spool file"); X (void) unlink(pathnew); X exit(7); X } X } X exit(0); X} END_OF_FILE if test 1512 -ne `wc -c <'tam/tamdel.c'`; then echo shar: \"'tam/tamdel.c'\" unpacked with wrong size! fi # end of 'tam/tamdel.c' fi echo shar: End of archive 2 $of 3$. cp /dev/null ark2isdone MISSING="" for I in 1 2 3 ; do if test ! -f ark${I}isdone ; then MISSING="${MISSING} ${I}" fi done if test "${MISSING}" = "" ; then echo You have unpacked all 3 archives. rm -f ark[1-9]isdone else echo You still need to unpack the following archives: echo " " ${MISSING} fi ## End of shell archive. exit 0 exit 0 # Just in case...