home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Usenet 1994 October
/
usenetsourcesnewsgroupsinfomagicoctober1994disk2.iso
/
unix
/
volume22
/
auth-utils
/
part02
< prev
next >
Wrap
Text File
|
1990-04-29
|
57KB
|
1,546 lines
Subject: v22i004: Utilities for auth2.1 server, Part02/03
Newsgroups: comp.sources.unix
Approved: rsalz@uunet.UU.NET
X-Checksum-Snefru: 582fbff6 16089939 01f37867 64bf5410
Submitted-by: Daniel J. Bernstein <brnstnd@acf10.nyu.edu>
Posting-number: Volume 22, Issue 4
Archive-name: auth-utils/part02
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of archive 2 (of 3)."
# Contents: aport/README aport/checkaport.man aport/killaport.c
# aport/killaport.man aport/listaport.c clients/README clients/inews
# sendmail-auth/README servers/README servers/in.chargend
# servers/services tam/README tam/TAM.doc tam/tamdel.c
# Wrapped by rsalz@litchi.bbn.com on Mon Apr 30 16:18:46 1990
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f 'aport/README' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'aport/README'\"
else
echo shar: Extracting \"'aport/README'\" \(1647 characters\)
sed "s/^X//" >'aport/README' <<'END_OF_FILE'
Xaport - the aport utilites, version 1.0
X
XThese programs work closely with the authentication directory structure
Xto provide termination, status, and recovery facilities. Future versions
Xof these programs will probably be incorporated into the auth package.
X
Xkillaport version 1.0, April 23, 1990.
XCopyright (c) 1990, Daniel J. Bernstein.
XAll rights reserved.
X
Xlistaport version 1.0, April 23, 1990.
XCopyright (c) 1990, Daniel J. Bernstein.
XAll rights reserved.
X
Xcheckaport version 1.0, April 23, 1990.
XCopyright (c) 1990, Daniel J. Bernstein.
XAll rights reserved.
X
XFiles:
XCHANGES Description of changes since first distributed version
XREADME This document
XMakefile Installation commands
Xkillaport.c The killaport program
Xlistaport.c The listaport program
Xcheckaport.c The checkaport program
Xkillaport.man Documentation
Xlistaport.man Documentation
Xcheckaport.man Documentation
Xdjberr.h Error macros
X
XEdit the options in Makefile and type make. killaport, listaport, and
Xcheckaport will be the executable programs; killaport.1, listaport.1,
Xand checkaport.1 will be the nroff'ed documentation.
X
Xkillaport and listaport must be setuid auth like authtcp and attachport.
Xcheckaport is an experimental equivalent of fsck for the authentication
Xdirectory; it should not be setuid auth, though it should run as auth or
Xroot periodically by hand or from cron.
X
XI don't pretend to know your machine's setup so there's no make install.
X
XRead CHANGES for a list of changes. Type killaport -C and killaport -W
Xfor copyright and warranty information, killaport -H for help. Similarly
Xfor listaport and checkaport.
END_OF_FILE
if test 1647 -ne `wc -c <'aport/README'`; then
echo shar: \"'aport/README'\" unpacked with wrong size!
fi
# end of 'aport/README'
fi
if test -f 'aport/checkaport.man' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'aport/checkaport.man'\"
else
echo shar: Extracting \"'aport/checkaport.man'\" \(1734 characters\)
sed "s/^X//" >'aport/checkaport.man' <<'END_OF_FILE'
X.TH checkaport 8
X.SH NAME
Xcheckaport \- clean up authentication directory, checking security
X.SH SYNTAX
Xcheckaport
X[
X\fB\-ACHUVW\fI
X]
X.SH DESCRIPTION
X.I checkaport
Xwades through the
Xauthentication directory,
Xchecking for possible security breaches,
Xannouncing warnings on stderr,
Xand generally cleaning up.
XIt may be run periodically
Xby hand or from
X.I cron.
X.PP
XNormally
X.I checkaport
Xwill run almost instantaneously
Xand produce no output.
XIf something strange has happened or your
X.I rc.local
Xfailed to clean up the authentication directory
Xupon reboot,
X.I checkaport
Xmay give some warnings and
Xdelete some outdated authentication files.
XIn general you'll have to run
X.I checkaport
Xmore than once to clean up after major shocks.
X.PP
XOccasionally
X.I checkaport
Xmay announce a possible violation of security
X(denial of service).
XUsually the ILR user listed is responsible for the breach,
Xbut you have to understand the authentication directory structure
Xbefore you can be sure about this.
X.PP
XOptions
X.B ACHUVW
Xprint the authorship notice,
Xcopyright notice,
Xhelp notice,
Xshort usage summary,
Xversion number,
Xand warranty information respectively.
X.SH FILES
X/usr/etc/auth/tcp
XAuthentication directory
X.SH DIAGNOSTICS
XToo many to list;
Xlater versions will have different diagnostics.
XRead the source code.
X.SH BUGS
XNone known.
X.SH MACHINES
X.I checkaport
Xhas been partially tested
Xon an Astronautics ZS-2 running ZSUnix.
XLike all other failure recovery systems,
Xit's difficult to test thoroughly.
XIf you have any luck with it or
Xsuggestions for improvements, let the
Xauthor know.
X.SH VERSION
Xcheckaport version 1.0, dated April 23, 1990.
X.SH AUTHOR
XCopyright 1990, Daniel J. Bernstein.
X.SH "SEE ALSO"
Xattachport(1),
Xauthtcp(1),
Xauthd(8)
END_OF_FILE
if test 1734 -ne `wc -c <'aport/checkaport.man'`; then
echo shar: \"'aport/checkaport.man'\" unpacked with wrong size!
fi
# end of 'aport/checkaport.man'
fi
if test -f 'aport/killaport.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'aport/killaport.c'\"
else
echo shar: Extracting \"'aport/killaport.c'\" \(5949 characters\)
sed "s/^X//" >'aport/killaport.c' <<'END_OF_FILE'
X/*
Xkillaport.c: kill an attachport
X*/
X
X/* WARNING! killaport is probably setuid auth! */
X/* All setuid programs are dangerous! Check them carefully! */
X
Xstatic char killaportauthor[] =
X"killaport was written by Daniel J. Bernstein.\n\
XInternet address: brnstnd@acf10.nyu.edu.\n";
X
Xstatic char killaportversion[] =
X"killaport version 1.0, April 23, 1990.\n\
XCopyright (c) 1990, Daniel J. Bernstein.\n\
XAll rights reserved.\n";
X
Xstatic char killaportcopyright[] =
X"killaport version 1.0, April 23, 1990.\n\
XCopyright (c) 1990, Daniel J. Bernstein.\n\
XAll rights reserved.\n\
X\n\
XUntil January 1, 1995, you are granted the following rights: A. To make\n\
Xcopies of this work in original form, so long as (1) the copies are exact\n\
Xand complete; (2) the copies include the copyright notice, this paragraph,\n\
Xand the disclaimer of warranty in their entirety. B. To distribute this\n\
Xwork, or copies made under the provisions above, so long as (1) this is\n\
Xthe original work and not a derivative form; (2) you do not charge a fee\n\
Xfor copying or for distribution; (3) you ensure that the distributed form\n\
Xincludes the copyright notice, this paragraph, and the disclaimer of\n\
Xwarranty in their entirety. These rights are temporary and revocable upon\n\
Xwritten, oral, or other notice by Daniel J. Bernstein. These rights are\n\
Xautomatically revoked on January 1, 1995. This copyright notice shall be\n\
Xgoverned by the laws of the state of New York.\n\
X\n\
XIf you have questions about killaport or about this copyright notice,\n\
Xor if you would like additional rights beyond those granted above,\n\
Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\
Xon the Internet.\n";
X
Xstatic char killaportwarranty[] =
X"To the extent permitted by applicable law, Daniel J. Bernstein disclaims\n\
Xall warranties, explicit or implied, including but not limited to the\n\
Ximplied warranties of merchantability and fitness for a particular purpose.\n\
XDaniel J. Bernstein is not and shall not be liable for any damages,\n\
Xincidental or consequential, arising from the use of this program, even\n\
Xif you inform him of the possibility of such damages. This disclaimer\n\
Xshall be governed by the laws of the state of New York.\n\
X\n\
XIn other words, use this program at your own risk.\n\
X\n\
XIf you have questions about killaport or about this disclaimer of warranty,\n\
Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\
Xon the Internet.\n";
X
Xstatic char killaportusage[] =
X"Usage: killaport [ -ACHUVW ] port\n\
XHelp: killaport -H\n";
X
Xstatic char killaporthelp[] =
X"killaport kills an attachport you're running.\n\
X\n\
Xkillaport -A: print authorship notice\n\
Xkillaport -C: print copyright notice\n\
Xkillaport -H: print this notice\n\
Xkillaport -U: print short usage summary\n\
Xkillaport -V: print version number\n\
Xkillaport -W: print disclaimer of warranty\n\
X\n\
Xkillaport port: kill, kill, kill!\n\
X\n\
XIf you have questions about or suggestions for killaport, please feel free\n\
Xto contact the author, Daniel J. Bernstein, at brnstnd@acf10.nyu.edu\n\
Xon the Internet.\n";
X
X#include <sys/types.h>
X#include <netinet/in.h>
X#include <sys/file.h>
X#ifdef BSD
X#include <limits.h>
X#endif
X#include <stdio.h>
X#include <netdb.h>
X#include <signal.h>
X#include <errno.h>
Xextern int errno;
X#include <pwd.h>
Xextern int getopt();
Xextern char *optarg; /* these should be in getopt.h! */
Xextern int optind;
X#include "djberr.h"
X
X#ifndef AUTHDIR
X#define AUTHDIR "/usr/etc/auth"
X#endif
X
Xmain(argc,argv,envp)
Xint argc;
Xchar *argv[];
Xchar *envp[];
X{
X int opt;
X int uid = getuid();
X int euid = geteuid();
X int fd;
X char buf[32]; /* same length as in attachport */
X int r;
X struct passwd *pw;
X char username[10];
X int pid;
X unsigned short port;
X struct servent *se;
X
X /* WARNING! We are probably running setuid auth! */
X
X while ((opt = getopt(argc,argv,"ACHUVW")) != EOF)
X switch(opt)
X {
X case 'A': (void) err(killaportauthor); exit(1);
X case 'C': (void) err(killaportcopyright); exit(1);
X case 'H': (void) err(killaporthelp); exit(1);
X case 'U': (void) err(killaportusage); exit(1);
X case 'V': (void) err(killaportversion); exit(1);
X case 'W': (void) err(killaportwarranty); exit(1);
X case '?': (void) err(killaportusage); exit(1);
X }
X argv += optind, argc -= optind;
X
X if (!*argv)
X {
X (void) err(killaportusage);
X exit(1);
X }
X if (sscanf(*argv,"%hd",&port) < 1)
X if (!(se = getservbyname(*argv,"tcp")))
X {
X (void) err(killaportusage);
X exit(1);
X }
X else
X port = ntohs(se->s_port); /* inconsistency alert! s_port is int! */
X
X if (!(pw = getpwuid(uid)))
X {
X (void) errn("killaport: fatal: who are you?");
X exit(4);
X }
X
X if ((chdir(AUTHDIR) == -1) || chdir("tcp") == -1)
X {
X perrn2("killaport: fatal: cannot change to directory %s/tcp",AUTHDIR);
X exit(2);
X }
X
X (void) sprintf(buf,"lock.%u",port);
X
X if (((fd = open(buf,O_RDONLY)) == -1) || (flock(fd,LOCK_EX) == -1))
X {
X perrn2("killaport: fatal: cannot open lock file lock.%u",port);
X exit(5);
X }
X if ((r = read(fd,buf,31)) <= 0)
X {
X errn2("killaport: fatal: cannot read lock file lock.%u",port);
X exit(6);
X }
X buf[r] = '\0';
X if (buf[0] == '!')
X {
X errn2("killaport: fatal: corrupted lock file lock.%u",port);
X exit(7);
X }
X if (sscanf(buf,"%d-%s",&pid,username) < 2)
X {
X errn2("killaport: fatal: port %u not owned by an attachport",port);
X exit(8);
X }
X if (uid && strcmp(username,pw->pw_name))
X {
X (void)
X errn2("killaport: fatal: cannot kill port %u: Permission denied",port);
X exit(9);
X }
X if (kill(pid,SIGTERM) == -1)
X switch(errno)
X {
X case ESRCH:
X (void) errn2("killaport: fatal: port %u in trauma",port);
X exit(10);
X default:
X (void) errn2("killaport: weird: can't kill port %u attachport?",port);
X exit(11);
X }
X (void) errn2("killaport: port %u killed,\
X will be free after last connection drops",port);
X
X (void) close(fd);
X exit(0);
X}
END_OF_FILE
if test 5949 -ne `wc -c <'aport/killaport.c'`; then
echo shar: \"'aport/killaport.c'\" unpacked with wrong size!
fi
# end of 'aport/killaport.c'
fi
if test -f 'aport/killaport.man' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'aport/killaport.man'\"
else
echo shar: Extracting \"'aport/killaport.man'\" \(2349 characters\)
sed "s/^X//" >'aport/killaport.man' <<'END_OF_FILE'
X.TH killaport 1
X.SH NAME
Xkillaport \- manually kill an attachport
X.SH SYNTAX
Xkillaport
X[
X\fB\-ACHUVW\fI
X]
Xport
X.SH DESCRIPTION
X.I killaport
Xkills the
X.I attachport
Xserving
Xconnections to
Xthe given TCP
X.I port,
Xprovided you are
Xthe owner of that
X.I attachport
Xand
Xit is authenticated.
X.PP
X.I port
Xcan be given as a name
Xor number.
X.PP
XThe
X.I attachport
Xwon't actually die
Xuntil all its children have exited.
XIt will, however, wither away slowly,
Xnot accepting any new connections on the port.
X.PP
XOptions
X.B ACHUVW
Xprint the authorship notice,
Xcopyright notice,
Xhelp notice,
Xshort usage summary,
Xversion number,
Xand warranty information respectively.
X.SH FILES
X/usr/etc/auth/tcp
XAuthentication directory
X.SH "EXIT VALUE"
X0 upon success;
X1 for usage messages;
X2 if
X.I killaport
Xcan't get into the authentication directory;
X4 if you're not listed in your password file;
X5 if nobody is authenticated on that port;
X6 if the lock file is unreadable;
X7 if the lock file is corrupted;
X8 if the port is not an
X.I attachport;
X9 if the port belongs to someone else;
X10 if the
X.I attachport
Xhas silently died;
X11 if the
X.I attachport
Xis unkillable for some other reason.
X.SH DIAGNOSTICS
X.TP
X.I cannot change to directory
X.I killaport
Xdoes not have access to the authentication directory.
X.TP
X.I who are you?
XYou're not listed in your password file.
X.TP
X.I cannot open lock file
XThere are no authenticated utilities running on that port.
X.TP
X.I cannot read lock file
XShouldn't happen.
X.TP
X.I corrupted lock file
XSomeone has attempted to breach
X.I attachport
Xsecurity on this port.
XReport this condition to your system administrator.
X.TP
X.I port not owned by an attachport
XProbably an
X.I authtcp
Xis running on that port.
X.TP
X.I cannot kill port
XThe
X.I attachport
Xbelongs to somebody else.
X.TP
X.I port in trauma
XProbably the machine crashed
Xand your machine's boot sequence
Xdoesn't clear old authentications.
X.TP
X.I can't kill attachport?
XThis shouldn't happen.
X.TP
X.I port killed
XSuccess.
X.SH RESTRICTIONS
XThere's no way for anyone except root
Xto kill an attachport started with
X.B\-X
Xand without
X.B\-0.
X.SH BUGS
XNone known.
X.SH MACHINES
X.I killaport
Xhas been tested
Xon an Astronautics ZS-2 running ZSUnix.
X.SH VERSION
Xkillaport version 1.0, dated 4/23/90.
X.SH AUTHOR
XCopyright 1990, Daniel J. Bernstein.
X.SH "SEE ALSO"
Xattachport(1),
Xlistaport(1),
Xcheckaport(8)
END_OF_FILE
if test 2349 -ne `wc -c <'aport/killaport.man'`; then
echo shar: \"'aport/killaport.man'\" unpacked with wrong size!
fi
# end of 'aport/killaport.man'
fi
if test -f 'aport/listaport.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'aport/listaport.c'\"
else
echo shar: Extracting \"'aport/listaport.c'\" \(5387 characters\)
sed "s/^X//" >'aport/listaport.c' <<'END_OF_FILE'
X/*
Xlistaport.c: list current attachports
X*/
X
X/* WARNING! listaport is probably setuid auth! */
X/* All setuid programs are dangerous! Check them carefully! */
X
Xstatic char listaportauthor[] =
X"listaport was written by Daniel J. Bernstein.\n\
XInternet address: brnstnd@acf10.nyu.edu.\n";
X
Xstatic char listaportversion[] =
X"listaport version 1.0, April 23, 1990.\n\
XCopyright (c) 1990, Daniel J. Bernstein.\n\
XAll rights reserved.\n";
X
Xstatic char listaportcopyright[] =
X"listaport version 1.0, April 23, 1990.\n\
XCopyright (c) 1990, Daniel J. Bernstein.\n\
XAll rights reserved.\n\
X\n\
XUntil January 1, 1995, you are granted the following rights: A. To make\n\
Xcopies of this work in original form, so long as (1) the copies are exact\n\
Xand complete; (2) the copies include the copyright notice, this paragraph,\n\
Xand the disclaimer of warranty in their entirety. B. To distribute this\n\
Xwork, or copies made under the provisions above, so long as (1) this is\n\
Xthe original work and not a derivative form; (2) you do not charge a fee\n\
Xfor copying or for distribution; (3) you ensure that the distributed form\n\
Xincludes the copyright notice, this paragraph, and the disclaimer of\n\
Xwarranty in their entirety. These rights are temporary and revocable upon\n\
Xwritten, oral, or other notice by Daniel J. Bernstein. These rights are\n\
Xautomatically revoked on January 1, 1995. This copyright notice shall be\n\
Xgoverned by the laws of the state of New York.\n\
X\n\
XIf you have questions about listaport or about this copyright notice,\n\
Xor if you would like additional rights beyond those granted above,\n\
Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\
Xon the Internet.\n";
X
Xstatic char listaportwarranty[] =
X"To the extent permitted by applicable law, Daniel J. Bernstein disclaims\n\
Xall warranties, explicit or implied, including but not limited to the\n\
Ximplied warranties of merchantability and fitness for a particular purpose.\n\
XDaniel J. Bernstein is not and shall not be liable for any damages,\n\
Xincidental or consequential, arising from the use of this program, even\n\
Xif you inform him of the possibility of such damages. This disclaimer\n\
Xshall be governed by the laws of the state of New York.\n\
X\n\
XIn other words, use this program at your own risk.\n\
X\n\
XIf you have questions about listaport or about this disclaimer of warranty,\n\
Xplease feel free to contact the author at brnstnd@acf10.nyu.edu\n\
Xon the Internet.\n";
X
Xstatic char listaportusage[] =
X"Usage: listaport [ -ACHUVW ] \n\
XHelp: listaport -H\n";
X
Xstatic char listaporthelp[] =
X"listaport lists all attachports you're running.\n\
X\n\
Xlistaport -A: print authorship notice\n\
Xlistaport -C: print copyright notice\n\
Xlistaport -H: print this notice\n\
Xlistaport -U: print short usage summary\n\
Xlistaport -V: print version number\n\
Xlistaport -W: print disclaimer of warranty\n\
X\n\
Xlistaport: list ports\n\
X\n\
XIf you have questions about or suggestions for listaport, please feel free\n\
Xto contact the author, Daniel J. Bernstein, at brnstnd@acf10.nyu.edu\n\
Xon the Internet.\n";
X
X#include <sys/types.h>
X#include <sys/dir.h>
X#include <sys/file.h>
X#ifdef BSD
X#include <limits.h>
X#endif
X#include <stdio.h>
X#include <pwd.h>
Xextern int getopt();
Xextern char *optarg; /* these should be in getopt.h! */
Xextern int optind;
X#include "djberr.h"
X
X#ifndef AUTHDIR
X#define AUTHDIR "/usr/etc/auth"
X#endif
X
Xmain(argc,argv,envp)
Xint argc;
Xchar *argv[];
Xchar *envp[];
X{
X int opt;
X int uid = getuid();
X int euid = geteuid();
X DIR *dirp;
X struct direct *dp;
X int fd;
X char buf[32]; /* same length as in attachport */
X int r;
X struct passwd *pw;
X char username[10];
X int pid;
X unsigned short port;
X
X /* WARNING! We are probably running setuid auth! */
X
X while ((opt = getopt(argc,argv,"ACHUVW")) != EOF)
X switch(opt)
X {
X case 'A': (void) err(listaportauthor); exit(1);
X case 'C': (void) err(listaportcopyright); exit(1);
X case 'H': (void) err(listaporthelp); exit(1);
X case 'U': (void) err(listaportusage); exit(1);
X case 'V': (void) err(listaportversion); exit(1);
X case 'W': (void) err(listaportwarranty); exit(1);
X case '?': (void) err(listaportusage); exit(1);
X }
X argv += optind, argc -= optind;
X
X if (!(pw = getpwuid(uid)))
X {
X (void) errn("listaport: fatal: who are you?");
X exit(4);
X }
X
X if ((chdir(AUTHDIR) == -1) || chdir("tcp") == -1)
X {
X perrn2("listaport: fatal: cannot change to directory %s/tcp",AUTHDIR);
X exit(2);
X }
X
X if (!(dirp = opendir(".")))
X {
X perrn2("listaport: fatal: cannot read directory %s/tcp",AUTHDIR);
X exit(3);
X }
X
X while (dp = readdir(dirp))
X {
X if (sscanf(dp->d_name,"lock.%hd",&port) < 1)
X continue; /* fine, skip the file */
X if (((fd = open(dp->d_name,O_RDONLY)) == -1) || (flock(fd,LOCK_EX)) == -1)
X { perrn2("listaport: warning: cannot open lock file %s",dp->d_name); }
X if ((r = read(fd,buf,31)) <= 0)
X { perrn2("listaport: warning: cannot read lock file %s",dp->d_name); }
X (void) close(fd);
X buf[r] = '\0';
X if (buf[0] == '!')
X { perrn2("listaport: warning: corrupted lock file %s",dp->d_name); }
X if (sscanf(buf,"%d-%s",&pid,username) < 2)
X continue; /* fine, we just don't recognize this lock file's format */
X if (!uid || !strcmp(username,pw->pw_name))
X printf("user %s port %u pid %d\n",username,port,pid);
X }
X
X (void) closedir(dirp);
X
X exit(0);
X}
END_OF_FILE
if test 5387 -ne `wc -c <'aport/listaport.c'`; then
echo shar: \"'aport/listaport.c'\" unpacked with wrong size!
fi
# end of 'aport/listaport.c'
fi
if test -f 'clients/README' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'clients/README'\"
else
echo shar: Extracting \"'clients/README'\" \(2230 characters\)
sed "s/^X//" >'clients/README' <<'END_OF_FILE'
Xclients version 1.0, April 20, 1990.
X
Xdate@ - print the date on another host
Xfinger@ - finger someone on another host
Xwho@ - print who is on another host
Xmconnect - connect to a mail (SMTP) server
Xnconnect - connect to a news (NNTP) server
Xechoconnect - connect to an echo server
Xnullconnect - connect to a discard server
Xinews - a really trivial ihave-based mini-inews
X
XThese shell scripts illustrate how easily clients for standard Internet
XTCP ports can be set up with authtcp.
X
Xdate@ version 1.0, April 20, 1990.
Xfinger@ version 1.0, April 20, 1990.
Xwho@ version 1.0, April 20, 1990.
Xmconnect version 1.0, April 20, 1990.
Xnconnect version 1.0, April 20, 1990.
Xechoconnect version 1.0, April 20, 1990.
Xnullconnect version 1.0, April 20, 1990.
Xinews version 1.0, April 20, 1990.
XPlaced into public domain by Daniel J. Bernstein.
X
XFiles:
XCHANGES Description of changes since first distributed version
XREADME This document
XMakefile Installation commands
Xdate@ date@ shell script
Xfinger@ finger@ shell script
Xwho@ who@ shell script
Xmconnect mconnect shell script
Xnconnect nconnect shell script
Xechoconnect echoconnect shell script
Xnullconnect nullconnect shell script
Xinews trivial inews shell script
Xdate@.man date@ documentation
Xfinger@.man finger@ documentation
Xwho@.man who@ documentation
Xmconnect.man mconnect documentation
Xnconnect.man nconnect documentation
Xechoconnect.man echoconnect documentation
Xnullconnect.man nullconnect documentation
X
XEdit the options in Makefile and type make. date@, finger@, who@,
Xmconnect, nconnect, echoconnect, nullconnect, and inews are executable
Xshell scripts; date@.1, finger@.1, who@.1, mconnect.1, nconnect.1,
Xechoconnect.1, and nullconnect.1 will be the nroff'ed documentation.
X
XSorry, no documentation for the trivial inews shell script. If you want
Xto help support authenticated news and need a quick 'n' easy replacement
Xfor the standard mini-inews, look at this version.
X
XYou must have authtcp installed before using any of these programs. You
Xmust have multitee installed before using most of them.
X
XI don't pretend to know your machine's setup so there's no make install.
END_OF_FILE
if test 2230 -ne `wc -c <'clients/README'`; then
echo shar: \"'clients/README'\" unpacked with wrong size!
fi
# end of 'clients/README'
fi
if test -f 'clients/inews' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'clients/inews'\"
else
echo shar: Extracting \"'clients/inews'\" \(2319 characters\)
sed "s/^X//" >'clients/inews' <<'END_OF_FILE'
X#!/bin/sh
X# trivial inews version 1.0, 4/20/90.
X# Placed into the public domain by Daniel J. Bernstein.
X#
X# Note that this inews sticks around waiting for the connection, then
X# repeats to the user everything the NNTP server says.
X#
X# Constants.
X#
XHOST=your.fully.qualified.domain.name.goes.here
XSERVER=address.of.your.server
XLOGDIR=/tmp/tin.log # drwxrwxrwt
X#
X# Set up temp fds.
X#
Xexec 4>/tmp/tin1.$$ 5</tmp/tin1.$$
Xexec 8>/tmp/tin2.$$ 9</tmp/tin2.$$
Xrm /tmp/tin1.$$ /tmp/tin2.$$
Xif cat >&4
Xthen
X #
X # Make sure we're not duplicating Date, Message-ID, Sender.
X # Also check From, Path.
X #
X date="`multitee 5:1,8 | sed '/^$/q' | grep Date:`"; rewind 4;rewind 5
X mess="`multitee 9:1,4 | sed '/^$/q' | grep Message-ID:`";rewind 8;rewind 9
X path="`multitee 5:1,8 | sed '/^$/q' | grep Path:`"; rewind 4;rewind 5
X from="`multitee 9:1,4 | sed '/^$/q' | grep From:`"; rewind 8;rewind 9
X sender="`multitee 5:1,8 | sed '/^$/q' | grep Sender:`"; rewind 4;rewind 5
X if [ x"$date" != x ]
X then echo 'inews: must not specify Date'; exit 1;
X fi
X if [ x"$mess" != x ]
X then echo 'inews: must not specify Message-ID'; exit 1
X fi
X if [ x"$sender" != x ]
X then echo 'inews: must not specify Sender'; exit 1
X fi
X #
X # Add Path, From/Sender, Message-ID, Date.
X # The Message-ID generated below is both unique and descriptive.
X #
X now=`date -u`
X mid=$$:`echo "$now" | colrm 1 4 | colrm 17 22 | tr -d ' '`
X bmidhb="<$mid@$HOST>" # used at the bottom! watch out!
X date="Date: $now"
X mess="Message-ID: $bmidhb"
X newpath="Path: $HOST!$USER"
X sender="$USER@$HOST"
X if [ x"$path" = x ]
X then echo "$newpath" >&4
X fi
X if [ x"$from" != x ]
X then sendhdr=Sender
X else sendhdr=From
X fi
X export sender
X pattern="`printenv sender | sed 's-\([\.\*\[\\\^\$\/]\)-\\\\\1-g'`"
X # A shame fgrep doesn't split -x into match-at-front and match-at-end.
X if [ x"$sender" != x"$from" ]
X then if echo x"$from" | sed "/^xFrom: $pattern /d" | grep -s .
X then echo "$sendhdr: $sender" >&4
X fi
X fi
X echo "$mess" >&4
X echo "$date" >&4
X #
X # Put it all together and send along
X #
X cat <&9 >&4
X ( echo "ihave $bmidhb";
X tee -a "$LOGDIR/$mid" <&5 | sed 's/^\.$/. /';
X echo .; echo quit; echo ''
X ) | addcr | ( authtcp -R "$SERVER" nntp \
X multitee 0:6 6:1 4>&- 5<&- 8>&- 9<&- ) | delcr
Xfi
END_OF_FILE
if test 2319 -ne `wc -c <'clients/inews'`; then
echo shar: \"'clients/inews'\" unpacked with wrong size!
fi
chmod +x 'clients/inews'
# end of 'clients/inews'
fi
if test -f 'sendmail-auth/README' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'sendmail-auth/README'\"
else
echo shar: Extracting \"'sendmail-auth/README'\" \(5968 characters\)
sed "s/^X//" >'sendmail-auth/README' <<'END_OF_FILE'
Xsendmail-auth version 1.0, April 23, 1990.
X
Xsendmail is not particularly configurable, but by following the
Xinstructions here you can have it generate an audit trail for all
Xincoming messages. There's nothing you can do about local mail without
Xrecompiling sendmail, as its local security is easy to circumvent; but
Xnetwork mail forgery can be stopped.
X
XPlaced into public domain by Daniel J. Bernstein.
X
XFiles:
XCHANGES Description of changes since first distributed version
XREADME This document
Xcf.include Changes to make to /usr/lib/sendmail.cf
Xrc.include Changes to make to /etc/rc.local
Xin.maild Daemon to wrap around sendmail and log authentication
Xout.mail Script for sending out authenticated mail
X
XYou must have authtcp, attachport, and multitee installed first.
X
X1. Glance at out.mail, which will handle mail going out to the network.
X Copy it to /etc/out.mail, owner root, mode 755.
X
X2. Glance at in.maild, a sendmail wrapper that will log authentication.
X Copy it to /etc/in.maild, owner root, mode 755. (Depending on your
X feelings about security, you may want to hide in.maild inside another
X directory so that users can't detect changes to it.)
X
X3. Touch /usr/adm/in.mail.log, owner root, mode 644. This file will log
X connections and sendmail invocations. To use a different file, change
X the LOG= line at the top of in.maild. The log need not be readable,
X but users can detect forgeries more easily if it is. (The information
X can be collected in other ways anyway.)
X
X4. Compare rc.include to the sendmail startup lines in /etc/rc.local.
X You want to remove the -bd from sendmail, so that it doesn't accept
X SMTP connections on port 25; and put in a background attachport to
X invoke /etc/in.maild for each incoming connection. Make sure you keep
X sendmail -q30m (or whatever your queue run interval is) so that the
X mail queue is dealt with periodically.
X
X5. Make a backup copy of /usr/lib/sendmail.cf. Find the standard network
X mailer in /usr/lib/sendmail.cf; here it's tcp, specified on a line
X starting with Mtcp, as illustrated in cf.include. You want to replace
X the P=[IPC] with P=/etc/out.mail and A=IPC $h with A=out.mail $h. In
X fact, it may be a good idea to use scripts for all mailers in this
X fashion; that way you don't have to worry about constantly changing
X sendmail.cf.
X
X6. ``Freeze'' /usr/lib/sendmail.cf into /usr/lib/sendmail.fc by running
X /usr/lib/sendmail -bz.
X
X7. That's it! After your next reboot, all outgoing mail will go through
X /etc/out.mail, and all incoming mail (through the network, anyway)
X will go through /etc/in.maild with authentication logged.
X
X If you don't want to wait for a reboot, you might try waiting for the
X current sendmail -bd to go idle, stopping it, checking that the mail
X queue directory has no lock files (/usr/spool/mqueue/lf*), and
X finally killing the sendmail. Then execute rc.include to start the
X new daemons. This technique may not be safe; it's your machine.
X
X
XWhat's the format of the log file? Under the current in.maild, each
Xincoming connection generates a timestamp, authentication record in the
Xform provided by attachport (e.g., brnstnd@128.122.128.22), and process
Xid. A record is generated when sendmail starts and when it finishes; the
Xsecond timestamp includes a final pid. This is often enough information
Xfor users to figure out the source (or, in case of local forgeries, lack
Xof source) of messages.
X
XUnfortunately, sendmail forks to deliver messages. The log file could
Xlog the sendmail pid, but this wouldn't necessarily reflect the id added
Xto messages. If two connections arrive from the same machine at the same
Xtime, you can't prove by pids alone which messages were delivered from
Xwhich connection. If this is a problem, add extra logging to in.maild;
Xyou could, for example, log the output of the server, which will contain
Xacknowledgments of senders and receivers. (Don't do this if your
Xsendmail supports TURN!) A better solution would be to parse the input
Xand checksum the messages with, say, Merkle's Snefru. Then again, if you
Xcan do that, you might as well just add the authentication information
Xto the top of the message. 'Nuff said.
X
XIf your log file grows rapidly you may want to rotate it and delete or
Xarchive week-old logs. Check /usr/adm/daily for the messages and syslog
Xrotation.
X
XBy changing in.maild's sleep 5 to an exit, you can simply drop all
Xunauthenticated connections. Dropped connections also won't generate a
Xlog file entry. Until most of the Internet adopts the Authentication
XServer, this probably isn't a good idea.
X
X
XHow should you use sendmail-auth in the real world? Good question. At a
Xuniversity or other hostile environment, merely announcing the existence
Xof audit trails is probably more than enough to stop forgeries. However,
Xa message routed through a host not supporting authentication can't be
Xtraced, and there's no easy way to warn the user reading a message that
Xthe message might not be for real. Until a better mail system arrives,
Xit may be worth the effort to design a protocol for remotely querying a
Xsystem's logs. If anyone has any ideas on how to get the authentication
Xinformation to the user without any hassle, let Dan Bernstein know at
Xbrnstnd@acf10.nyu.edu.
X
X
XCaveats? The biggest difference users will notice is that direct
Xaddresses can no longer be specified as, e.g., brnstnd@[128.122.128.22],
Xbecause authtcp doesn't understand the brackets. Instead, they must be
Xspecified as brnstnd@128.122.128.22. If you really care, you can set up
Xa rewriting rule to help the users who just can't remember to leave off
Xthe brackets.
X
XAs sendmail doesn't have particularly straightforward mailer interfaces,
Xout.mail doesn't communicate the different types of authtcp failures to
Xsendmail. It simply pretends authtcp's error messages are SMTP errors
Xreturned by the remote host, then drops the (non-)connection.
END_OF_FILE
if test 5968 -ne `wc -c <'sendmail-auth/README'`; then
echo shar: \"'sendmail-auth/README'\" unpacked with wrong size!
fi
# end of 'sendmail-auth/README'
fi
if test -f 'servers/README' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'servers/README'\"
else
echo shar: Extracting \"'servers/README'\" \(4778 characters\)
sed "s/^X//" >'servers/README' <<'END_OF_FILE'
Xservers package version 1.0, April 20, 1990.
X
XThese shell scripts illustrate how easily servers for standard Internet
XTCP ports can be set up with attachport.
X
Xin.chargend version 1.0, April 20, 1990.
Xin.daytimed version 1.0, April 20, 1990.
Xin.echod version 1.0, April 20, 1990.
Xin.fingerd version 1.0, April 20, 1990.
Xin.nulld version 1.0, April 20, 1990.
Xin.usersd version 1.0, April 20, 1990.
Xout.finger version 1.0, April 20, 1990.
Xstartservers version 1.0, April 20, 1990.
XPlaced into public domain by Daniel J. Bernstein.
X
XFiles:
XCHANGES Description of changes since first distributed version
XREADME This document
Xin.chargend Shell script serving chargen connections
Xin.daytimed Shell script serving daytime connections
Xin.echod Shell script serving echo connections
Xin.fingerd Shell script serving finger connections
Xin.nulld Shell script serving discard connections
Xin.usersd Shell script serving users connections
Xout.finger out.finger shell script
Xout.fingerlocal out.fingerlocal shell script
Xout.fingernet out.fingernet shell script
Xrc.include Suggested additions to /etc/rc.local
Xservices Neatly arranged /etc/services service list
Xstartservers /etc/startservers, illustrating attachport
X
XThese scripts are not for general use other than as illustrations, so
Xthere's no man page or Makefile. Here's how you use the scripts:
X
X1. Make sure your /etc/services includes the name of every service
X you're going to set up. You may want to replace your /etc/services
X with the services file here, moving specialized servers to the end.
X
X2. Make sure you have attachport installed and working. Also get addcr
X and authinit.
X
X3. If you want to run servers as any userid other than root (you do),
X make sure you have setuid installed and working.
X
X4. Copy startservers to /etc/startservers, owner root, mode 700. Check
X that the servers and userids listed are appropriate for your system
X and that the path names are correct. (You don't really need path
X names, but it's traditional to include them in startup scripts.)
X
X -R means ``don't bother authenticating the remote end''; -X means
X ``don't authenticate us locally.'' -r and -x are the defaults.
X -X is convenient and might save you a few seconds of CPU time every
X year; but it doesn't let the remote end know who you are. (This is
X not really a problem for standard servers.) -R will actually save a
X bit of real time in setting up the connection, especially over slow
X links. However, don't give -R to any server program that understands
X (or may in a later incarnation want to understand) the PROTO/REMOTE
X convention for identifying the remote user.
X
X It is extremely stupid to specify -r for connections to port 113.
X -R is the default in this case, though it isn't forced.
X
X5. Before you set up in.fingerd, you have to set up out.finger somewhere
X accessible. out.finger will receive a single argument (unless you
X change in.fingerd) and should print finger information suitable for
X remote consumption. The out.finger version provided here handles
X remote fingering even if your local finger program doesn't.
X
X6. Copy in.*d to /etc. Make sure the protections are appropriate. Check
X through the daemons to make sure you like what they're doing before
X you set them up. Don't you dare laugh at in.chargend.
X
X7. If you want to specify full pathnames in the server shell scripts,
X do so now.
X
X8. Check that rc.include is appropriate for inclusion in your boot
X sequence. You may want to redirect startservers' output to a log
X file, say /etc/startservers.log, rather than the system console.
X
X9. Add rc.include into /etc/rc.local. Remove the obsoleted servers
X from /etc/inetd.conf. kill -HUP the inetd process so that it will
X use the new inetd.conf. Wait a little while for the old server
X bindings to disappear. Finally, manually run startservers, and
X exercise your new servers.
X
XAfter you're done with installation, move your old, buggy, insecure,
Xobsolete servers (like /etc/fingerd) to some out-of-the way place so
Xthat nobody accidentally uses them. Also send a note to Dan Bernstein,
Xbrnstnd@acf10.nyu.edu, letting him know about your experiences with auth
Xand authutil.
X
X
XOver time you can experiment with your servers. As authentication gains
Xpopularity, you may want to restrict server use to specific remote users
Xor specific hosts. You could, for example, disallow unauthenticated
Xfingering by adding
X
X if printenv REMOTE | grep -s '^@[^@]*$'
X then exit 0
X fi
X
Xto the beginning of in.fingerd; you could then log the remote users, or
Xeven tell local users who's finding out about them! The same technique
Xmight be even more useful for recording network logins.
END_OF_FILE
if test 4778 -ne `wc -c <'servers/README'`; then
echo shar: \"'servers/README'\" unpacked with wrong size!
fi
# end of 'servers/README'
fi
if test -f 'servers/in.chargend' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'servers/in.chargend'\"
else
echo shar: Extracting \"'servers/in.chargend'\" \(7072 characters\)
sed "s/^X//" >'servers/in.chargend' <<'END_OF_FILE'
X#!/bin/sh
X# in.chargend version 1.0, 4/20/90.
X# Placed into the public domain by Daniel J. Bernstein.
Xwhile :
Xdo
X cat << 'EOF'
X !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
X!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh
X"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi
X#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
X$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk
X%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl
X&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm
X'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn
X()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno
X)*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop
X*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq
X+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr
X,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs
X-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst
X./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu
X/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv
X0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvw
X123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx
X23456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy
X3456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
X456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
X56789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|
X6789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}
X789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
X89:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
X9:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !
X:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"
X;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#
X<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$
X=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%
X>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&
X?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'
X@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'(
XABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()
XBCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*
XCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+
XDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,
XEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-
XFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-.
XGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./
XHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0
XIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./01
XJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./012
XKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123
XLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./01234
XMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./012345
XNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456
XOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./01234567
XPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./012345678
XQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789
XRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:
XSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;
XTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<
XUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=
XVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>
XWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?
XXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@
XYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@A
XZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@AB
X[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABC
X\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCD
X]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDE
X^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEF
X_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFG
X`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGH
Xabcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHI
Xbcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJ
Xcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJK
Xdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKL
Xefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLM
Xfghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN
Xghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO
Xhijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOP
Xijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQ
Xjklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR
Xklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRS
Xlmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRST
Xmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTU
Xnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV
Xopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVW
Xpqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX
Xqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXY
Xrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ
Xstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[
Xtuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\
Xuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
Xvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^
Xwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_
Xxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`
Xyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a
Xz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ab
X{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abc
X|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcd
X}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcde
X~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef
XEOF
Xdone
END_OF_FILE
if test 7072 -ne `wc -c <'servers/in.chargend'`; then
echo shar: \"'servers/in.chargend'\" unpacked with wrong size!
fi
chmod +x 'servers/in.chargend'
# end of 'servers/in.chargend'
fi
if test -f 'servers/services' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'servers/services'\"
else
echo shar: Extracting \"'servers/services'\" \(2001 characters\)
sed "s/^X//" >'servers/services' <<'END_OF_FILE'
X# Network service list, /etc/services, as used by getservbyname(3).
X# Reorganized from the service list on a BSD-derived system.
X#
X# Official TCP servers installed and operating on this host.
X#
Xecho 7/tcp
Xdiscard 9/tcp sink null
Xsystat 11/tcp users
Xdaytime 13/tcp
Xchargen 19/tcp ttytst source
Xftp 21/tcp
Xtelnet 23/tcp
Xsmtp 25/tcp mail
Xtime 37/tcp timserver
Xfinger 79/tcp
Xauth 113/tcp authentication
X#
X# System-specific TCP servers installed and operating on this host.
X#
Xexec 512/tcp
Xlogin 513/tcp
Xuucp 540/tcp uucpd # uucp daemon 251 for masscomps
Xshell 514/tcp cmd # no passwords used
X#
X# Official UDP servers installed and operating on this host.
X#
Xecho 7/udp
Xdiscard 9/udp sink null
Xdaytime 13/udp
Xchargen 19/udp ttytst source
Xtime 37/udp timserver
X#
X# System-specific UDP servers installed and operating on this host.
X#
Xbiff 512/udp comsat
Xtalk 517/udp
Xntalk 518/udp
X#
X# Other official TCP services.
X#
Xnetstat 15/tcp
Xqotd 17/tcp quote
Xnameserver 42/tcp name # IEN 116
Xwhois 43/tcp nicname
Xdomain 53/tcp nameserver # name-domain server
Xmtp 57/tcp # deprecated
Xrje 77/tcp netrjs
Xlink 87/tcp ttylink
Xsupdup 95/tcp
Xhostnames 101/tcp hostname # usually from sri-nic
Xpop 109/tcp postoffice
Xsunrpc 111/tcp
Xsftp 115/tcp
Xuucp-path 117/tcp
Xnntp 119/tcp readnews untp # USENET News Transfer Protocol
X#
X# Other system-specific TCP services.
X#
Xprinter 515/tcp spooler # line printer spooler
Xefs 520/tcp # for LucasFilm
Xtempo 526/tcp newdate
Xcourier 530/tcp rpc
Xconference 531/tcp chat
Xnetnews 532/tcp readnews
Xremotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
Xrfile 562/tcp rfiled
X#
X# Other official UDP services.
X#
Xrlp 39/udp resource # resource location
Xdomain 53/udp nameserver
Xtftp 69/udp
Xsunrpc 111/udp
X#
X# Other system-specific UDP services.
X#
Xwho 513/udp whod
Xsyslog 514/udp
Xroute 520/udp router routed
Xtimed 525/udp timeserver
Xnetwall 533/udp # -for emergency broadcasts
X#
X# Other services.
X#
END_OF_FILE
if test 2001 -ne `wc -c <'servers/services'`; then
echo shar: \"'servers/services'\" unpacked with wrong size!
fi
# end of 'servers/services'
fi
if test -f 'tam/README' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'tam/README'\"
else
echo shar: Extracting \"'tam/README'\" \(2567 characters\)
sed "s/^X//" >'tam/README' <<'END_OF_FILE'
Xtam package version 1.0, April 23, 1990.
X
XTAM - Trivial Authenticated Mail
X
Xtamd version 1.0, April 23, 1990.
Xtamsetup version 1.0, April 23, 1990.
Xtamprint version 1.0, April 23, 1990.
Xtamdel version 1.0, April 23, 1990.
Xtam2look version 1.0, April 23, 1990.
Xtam2mail version 1.0, April 23, 1990.
Xtamsend version 1.0, April 23, 1990.
XPlaced into public domain by Daniel J. Bernstein.
X
XFiles:
XCHANGES Description of changes since first distributed version
XREADME This document
XMakefile Installation commands
Xrc.include Lines to include in /etc/rc.local
Xservices.include Lines to include in /etc/services
Xtamd The tam daemon shell script
Xtamsetup.c The tamsetup program
Xtamprint.c The tamprint program
Xtamdel.c The tamdel program
Xtam2look The tam2look shell script
Xtam2mail The tam2mail shell script
Xtamsend The tamsend shell script
Xtamd.man Documentation
Xtamdel.man Documentation
Xtamprint.man Documentation
Xtamsetup.man Documentation
Xtamsend.man Documentation
Xtam2look.man Documentation
Xtam2mail.man Documentation
XTAM.doc Description of the TAM protocol
X
XEdit the options in Makefile and type make. tamsetup, tamprint, and
Xtamdel will be the executable programs; tamd, tam2look, tam2mail, and
Xtamsend are executable shell scripts; tamdel.1, tamprint.1, tamsetup.1,
Xtamsend.1, tam2look.1, tam2mail.1, and tamd.8 will be the nroff'ed
Xdocumentation.
X
XYou must have authtcp, attachport, and multitee set up before using tam.
X
XTAM runs on standard port 209. You should add this into /etc/services as
Xindicated in services.include.
X
XFor security, you should set up a new userid, tam. Uid tam should not
Xpermit logins. Its encrypted password should be something impossible,
Xlike an asterisk. Its shell should be /bin/true. Its home directory
Xshould be /nonexistent. Its uid should be unique.
X
Xtamsetup, tamprint, and tamdel should be setuid tam; check the source
Xcarefully for security holes! You also need a directory /usr/spool/tam,
Xowner tam, group irrelevant, mode 0700. If you want to use a different
Xdirectory, you must change TAMDIR in the Makefile and in the shell
Xscripts.
X
Xtamd should be set up under attachport(1) or inetd(8) to receive
Xconnections on TCP port 209. It should not be setuid tam---no scripts
Xshould ever be setuid anything!---though it will always run as tam.
X
XMake sure you put your domain into tamsend.
X
XI don't pretend to know your machine's setup so there's no make install.
X
XRead TAM.doc for a first draft of the TAM protocol.
END_OF_FILE
if test 2567 -ne `wc -c <'tam/README'`; then
echo shar: \"'tam/README'\" unpacked with wrong size!
fi
# end of 'tam/README'
fi
if test -f 'tam/TAM.doc' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'tam/TAM.doc'\"
else
echo shar: Extracting \"'tam/TAM.doc'\" \(3026 characters\)
sed "s/^X//" >'tam/TAM.doc' <<'END_OF_FILE'
XTAM: Trivial Authenticated Mail protocol
X
XThe TAM server on a host listens on the TAM TCP port for connections.
X
XThe TAM client on a host connects to the TAM TCP port on that or another
Xhost. It prints a single line (the ``user line'') consisting of a string
X(the ``user'') followed by a linefeed (not cr-lf). The user is meant as
Xa user on the server's host who has set up a TAMbox for receiving mail,
Xthough it can be interpreted in any way. User lines beginning with + are
Xreserved for future assigned meanings.
X
XThe server prints a single line in response, consisting of either just a
Xlinefeed (not cr-lf) for success or one or more characters followed by a
Xlinefeed (not cr-lf) for an error. Some suggested errors are as follows:
X TAM ERROR: username: No such user
XThis might mean that the server doesn't have a TAMbox for that user.
X TAM ERROR: Unauthenticated
XThis might mean that the server is unable to authenticate the client
Xwith the Authentication Server as specified in RFC 931. A host that does
Xnot support RFC 931 is at this time considered incompetent to use TAM,
Xthough particular TAM servers may use methods other than RFC 931 for
Xverifying the source of the message.
X
XError lines beginning with + are reserved for future assigned meanings.
XIn any case, either side may cut off the connection any time after an
Xerror (though + error lines may specify different behavior).
X
XIf the client sees a blank line from the server, it sends any text in
Xany form, then closes the connection. The server may dispose of the text
X(the ``message'') any way it wants, subject to any constraints specified
Xfor user lines beginning with +. Note that such constraints may include
Xconstraints on the form of the received message. Typically the server is
Xexpected to deliver the message to the user named in the user line, or,
Xif that isn't possible, to somehow bring the undelivered message to the
Xattention of a human.
X
XThe server is expected to cut off the connection before the client does
Xonly to conserve resources. (This can justify cutting off apparently
Xdead connections, overly long messages, etc.) The client should treat
Xthis as an error.
X
XThe client is expected to send the message as soon and as quickly as
Xpossible after the server sends a blank error line.
X
XThe TAM TCP port is 209.
X
XExample of TAM conversation: Client is user brnstnd running on host
Xkramden.acf.nyu.edu. Server is on host stealth.acf.nyu.edu. Client sets
Xup a locally authenticated connection to server. Server checks client's
Xauthentication, finds brnstnd@128.122.142.2.
X
X C: root\n (\n means linefeed. Client wants to send TAM to root.)
X S: \n (empty line in response, means ``go ahead'')
X C: Sent-From: brnstnd@kramden.acf.nyu.edu\n
X Sent-To: root@stealth, brnstnd\n
X Subject: wow, TAM works\n
X \n
X I'm impressed! After all, it's sooooooo complicated!\n
X (and so on, free-form text to deliver)
X
XThe server records the message in root's TAMbox, along with the date and
Xauthentication information.
END_OF_FILE
if test 3026 -ne `wc -c <'tam/TAM.doc'`; then
echo shar: \"'tam/TAM.doc'\" unpacked with wrong size!
fi
# end of 'tam/TAM.doc'
fi
if test -f 'tam/tamdel.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'tam/tamdel.c'\"
else
echo shar: Extracting \"'tam/tamdel.c'\" \(1512 characters\)
sed "s/^X//" >'tam/tamdel.c' <<'END_OF_FILE'
X/* tamdel version 1.0, 4/23/90. */
X
X#include <stdio.h>
X#include <sys/file.h>
X#ifdef BSD
X#include <limits.h>
X#endif
X#include <pwd.h>
X
X#ifndef TAMDIR
X#define TAMDIR "/usr/spool/tam"
X#endif
X
X#ifndef BUFSIZ
X#define BUFSIZ 1024
X#endif
X
Xmain()
X{
X struct passwd *pw;
X char path[sizeof(TAMDIR) + 11];
X char pathnew[sizeof(TAMDIR) + 16];
X int fd;
X int fdnew;
X char buf[BUFSIZ];
X int r;
X
X if (!(pw = getpwuid(getuid())))
X {
X fprintf(stderr,"tamdel: fatal: who are you?\n");
X exit(1);
X }
X (void) sprintf(path,"%s/%s",TAMDIR,pw->pw_name);
X if ((fd = open(path,O_RDONLY)) == -1)
X {
X perror("tamdel: fatal: can't read tam spool file");
X exit(2);
X }
X if (flock(fd,LOCK_EX) == -1)
X {
X perror("tamdel: fatal: can't lock tam spool file");
X exit(3);
X }
X
X while ((r = read(fd,buf,sizeof(buf))) > 0)
X if (write(1,buf,r) < r)
X {
X /* This may happen, incorrectly, if the output is nonblocking. */
X /* We assume the usual convention that you never pass nonblocking fds. */
X perror("tamdel: fatal: write error");
X exit(5);
X }
X if (r < 0)
X {
X perror("tamdel: fatal: read error");
X exit(4);
X }
X else
X {
X (void) sprintf(pathnew,"%s/%s.new!",TAMDIR,pw->pw_name);
X if ((fdnew = open(pathnew,O_WRONLY | O_CREAT | O_EXCL,0600)) == -1)
X {
X perror("tamdel: fatal: can't create new tam spool file");
X exit(6);
X }
X if (rename(pathnew,path) == -1)
X {
X perror("tamdel: fatal: can't recreate tam spool file");
X (void) unlink(pathnew);
X exit(7);
X }
X }
X exit(0);
X}
END_OF_FILE
if test 1512 -ne `wc -c <'tam/tamdel.c'`; then
echo shar: \"'tam/tamdel.c'\" unpacked with wrong size!
fi
# end of 'tam/tamdel.c'
fi
echo shar: End of archive 2 \(of 3\).
cp /dev/null ark2isdone
MISSING=""
for I in 1 2 3 ; do
if test ! -f ark${I}isdone ; then
MISSING="${MISSING} ${I}"
fi
done
if test "${MISSING}" = "" ; then
echo You have unpacked all 3 archives.
rm -f ark[1-9]isdone
else
echo You still need to unpack the following archives:
echo " " ${MISSING}
fi
## End of shell archive.
exit 0
exit 0 # Just in case...
