From 1982ee69fdfc44dcd1e011ac5cd45fd614f5cdae Mon Sep 17 00:00:00 2001
From: Garrett Wollman <wollman@FreeBSD.org>
Date: Tue, 29 Apr 1997 17:46:27 +0000
Subject: [PATCH] Implement Kerberized rcmd for rdump/rrestore.   This is
 lacking  the options one would normally expect to set the realm, enable
 encryption, and whatnot, but this actually is able to contact the remote
 server, so at least it's a start.  (As a bonus, the stripped static binary is
 unquestionably exportable.)

---
 sbin/dump/Makefile    |  7 +++++++
 sbin/dump/dump.8      |  9 +++++++--
 sbin/dump/dumprmt.c   | 20 +++++++++++++++-----
 sbin/dump/main.c      | 25 +++++++++++++++++++++----
 sbin/restore/Makefile |  7 +++++++
 sbin/restore/main.c   | 23 +++++++++++++++++------
 6 files changed, 74 insertions(+), 17 deletions(-)

diff --git a/sbin/dump/Makefile b/sbin/dump/Makefile
index 0912d8ddb31..764a7d6e763 100644
--- a/sbin/dump/Makefile
+++ b/sbin/dump/Makefile
@@ -22,4 +22,11 @@ BINMODE=2555
 MAN8=	dump.8
 MLINKS+=dump.8 rdump.8
 
+.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_EBONES)
+.PATH:	${.CURDIR}/../../usr.bin/rlogin
+SRCS+=	krcmd.c kcmd.c
+LDADD+=	-lkrb -ldes
+CFLAGS+=-DKERBEROS
+.endif
+
 .include <bsd.prog.mk>
diff --git a/sbin/dump/dump.8 b/sbin/dump/dump.8
index c7a5be8c31a..b05d1da10f8 100644
--- a/sbin/dump/dump.8
+++ b/sbin/dump/dump.8
@@ -31,7 +31,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)dump.8	8.3 (Berkeley) 5/1/95
-.\"	$Id: dump.8,v 1.13 1997/03/11 12:09:31 peter Exp $
+.\"	$Id: dump.8,v 1.14 1997/03/15 06:23:57 peter Exp $
 .\"
 .Dd May 1, 1995
 .Dt DUMP 8
@@ -41,7 +41,7 @@
 .Nd filesystem backup
 .Sh SYNOPSIS
 .Nm dump
-.Op Fl 0123456789acnu
+.Op Fl 0123456789acknu
 .Op Fl B Ar records
 .Op Fl b Ar blocksize
 .Op Fl d Ar density
@@ -164,6 +164,11 @@ program is
 .Pa /etc/rmt ;
 this can be overridden by the environment variable
 .Ev RMT .
+.It Fl k
+Use Kerberos authentication to talk to remote tape servers.  (Only
+available if this option was enabled when
+.Nm dump
+was compiled.)
 .It Fl n
 Whenever
 .Nm dump
diff --git a/sbin/dump/dumprmt.c b/sbin/dump/dumprmt.c
index 59597897d5c..0be78667984 100644
--- a/sbin/dump/dumprmt.c
+++ b/sbin/dump/dumprmt.c
@@ -83,9 +83,12 @@ static	int rmtgetb __P((void));
 static	void rmtgetconn __P((void));
 static	void rmtgets __P((char *, int));
 static	int rmtreply __P((char *));
+#ifdef KERBEROS
+int	krcmd __P((char **, int /*u_short*/, char *, char *, int *, char *));
+#endif
 
 static	int errfd = -1;
-
+extern	int dokerberos;
 extern	int ntrec;		/* blocking factor on tape */
 
 int
@@ -147,9 +150,10 @@ rmtgetconn()
 	int throughput;
 
 	if (sp == NULL) {
-		sp = getservbyname("shell", "tcp");
+		sp = getservbyname(dokerberos ? "kshell" : "shell", "tcp");
 		if (sp == NULL) {
-			msg("shell/tcp: unknown service\n");
+			msg("%s/tcp: unknown service\n",
+			    dokerberos ? "kshell" : "shell");
 			exit(X_ABORT);
 		}
 		pwd = getpwuid(getuid());
@@ -169,8 +173,14 @@ rmtgetconn()
 	if ((rmt = getenv("RMT")) == NULL)
 		rmt = _PATH_RMT;
 	msg("");
-	rmtape = rcmd(&rmtpeer, (u_short)sp->s_port, pwd->pw_name, tuser,
-	    rmt, &errfd);
+#ifdef KERBEROS
+	if (dokerberos)
+		rmtape = krcmd(&rmtpeer, sp->s_port, tuser, rmt, &errfd,
+			       (char *)0);
+	else
+#endif
+		rmtape = rcmd(&rmtpeer, (u_short)sp->s_port, pwd->pw_name,
+			      tuser, rmt, &errfd);
 	if (rmtape < 0) {
 		msg("login to %s as %s failed.\n", rmtpeer, tuser);
 		return;
diff --git a/sbin/dump/main.c b/sbin/dump/main.c
index 5257efb7478..1b6553bc7ea 100644
--- a/sbin/dump/main.c
+++ b/sbin/dump/main.c
@@ -79,6 +79,7 @@ int	tapeno = 0;	/* current tape number */
 int	density = 0;	/* density in bytes/0.1" " <- this is for hilit19 */
 int	ntrec = NTREC;	/* # tape blocks in each tape record */
 int	cartridge = 0;	/* Assume non-cartridge tape */
+int	dokerberos = 0;	/* Use Kerberos authentication */
 long	dev_bsize = 1;	/* recalculated below */
 long	blocksperfile;	/* output blocks per file */
 char	*host = NULL;	/* remote host (if any) */
@@ -117,7 +118,13 @@ main(argc, argv)
 		usage();
 
 	obsolete(&argc, &argv);
-	while ((ch = getopt(argc, argv, "0123456789aB:b:cd:f:h:ns:T:uWw")) != -1)
+#ifdef KERBEROS
+#define optstring "0123456789aB:b:cd:f:h:kns:T:uWw"
+#else
+#define optstring "0123456789aB:b:cd:f:h:ns:T:uWw"
+#endif
+	while ((ch = getopt(argc, argv, optstring)) != -1)
+#undef optstring
 		switch (ch) {
 		/* dump level */
 		case '0': case '1': case '2': case '3': case '4':
@@ -171,6 +178,12 @@ main(argc, argv)
 			honorlevel = numarg("honor level", 0L, 10L);
 			break;
 
+#ifdef KERBEROS
+		case 'k':
+			dokerberos = 1;
+			break;
+#endif
+
 		case 'n':		/* notify operators */
 			notify = 1;
 			break;
@@ -481,9 +494,13 @@ main(argc, argv)
 static void
 usage()
 {
-
-	(void)fprintf(stderr, "usage: dump [-0123456789acnu] [-B records] [-b blocksize] [-d density] [-f file]\n            [-h level] [-s feet] [-T date] filesystem\n");
-	(void)fprintf(stderr, "       dump [-W | -w]\n");
+	fprintf(stderr, "usage: dump [-0123456789ac"
+#ifdef KERBEROS
+		"k"
+#endif
+		"nu] [-B records] [-b blocksize] [-d density] [-f file]\n"
+		"		[-h level] [-s feet] [-T date] filesystem\n"
+		"	dump [-W | -w]\n");
 	exit(1);
 }
 
diff --git a/sbin/restore/Makefile b/sbin/restore/Makefile
index 916e6f00949..65f0d559462 100644
--- a/sbin/restore/Makefile
+++ b/sbin/restore/Makefile
@@ -12,4 +12,11 @@ MAN8=	restore.8
 MLINKS+=restore.8 rrestore.8
 .PATH:	${.CURDIR}/../dump
 
+.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_EBONES)
+.PATH:	${.CURDIR}/../../usr.bin/rlogin
+SRCS+=	krcmd.c kcmd.c
+LDADD+=	-lkrb -ldes
+CFLAGS+=-DKERBEROS
+.endif
+
 .include <bsd.prog.mk>
diff --git a/sbin/restore/main.c b/sbin/restore/main.c
index dbb895b1afd..6cb87d8e132 100644
--- a/sbin/restore/main.c
+++ b/sbin/restore/main.c
@@ -62,6 +62,7 @@ static char sccsid[] = "@(#)main.c	8.6 (Berkeley) 5/4/95";
 
 int	bflag = 0, cvtflag = 0, dflag = 0, vflag = 0, yflag = 0;
 int	hflag = 1, mflag = 1, Nflag = 0;
+int	dokerberos = 0;
 char	command = '\0';
 long	dumpnum = 1;
 long	volno = 0;
@@ -96,7 +97,12 @@ main(argc, argv)
 	if ((inputdev = getenv("TAPE")) == NULL)
 		inputdev = _PATH_DEFTAPE;
 	obsolete(&argc, &argv);
-	while ((ch = getopt(argc, argv, "b:cdf:himNRrs:tvxy")) != -1)
+#ifdef KERBEROS
+#define	optlist "b:cdf:hikmNRrs:tvxy"
+#else
+#define	optlist "b:cdf:himNRrs:tvxy"
+#endif
+	while ((ch = getopt(argc, argv, optlist)) != -1)
 		switch(ch) {
 		case 'b':
 			/* Change default tape blocksize. */
@@ -119,6 +125,11 @@ main(argc, argv)
 		case 'h':
 			hflag = 0;
 			break;
+#ifdef KERBEROS
+		case 'k':
+			dokerberos = 1;
+			break;
+#endif
 		case 'i':
 		case 'R':
 		case 'r':
@@ -278,11 +289,11 @@ static void
 usage()
 {
 	(void)fprintf(stderr, "usage:\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n",
-	  "restore -i [-chmvy] [-b blocksize] [-f file] [-s fileno]",
-	  "restore -r [-cvy] [-b blocksize] [-f file] [-s fileno]",
-	  "restore -R [-cvy] [-b blocksize] [-f file] [-s fileno]",
-	  "restore -x [-chmvy] [-b blocksize] [-f file] [-s fileno] [file ...]",
-	  "restore -t [-chvy] [-b blocksize] [-f file] [-s fileno] [file ...]");
+	  "restore -i [-chkmvy] [-b blocksize] [-f file] [-s fileno]",
+	  "restore -r [-ckvy] [-b blocksize] [-f file] [-s fileno]",
+	  "restore -R [-ckvy] [-b blocksize] [-f file] [-s fileno]",
+	  "restore -x [-chkmvy] [-b blocksize] [-f file] [-s fileno] [file ...]",
+	  "restore -t [-chkvy] [-b blocksize] [-f file] [-s fileno] [file ...]");
 	done(1);
 }