openbsd-ports/net/netatalk/patches/patch-ah

--- etc/afpd/auth.c.orig	Tue Sep 17 04:33:55 1996
+++ etc/afpd/auth.c	Tue Mar 16 18:25:36 1999
@@ -37,9 +37,15 @@
 #endif KRB AFS UAM_AFSKRB
 
 #if defined( KRB ) || defined( UAM_AFSKRB )
+#ifdef SOLARIS
+#include <kerberos/krb.h>
+#include <kerberos/des.h>
+#include <kerberos/prot.h>
+#else SOLARIS
 #include <krb.h>
 #include <des.h>
 #include <prot.h>
+#endif SOLARIS
 
 C_Block			seskey;
 Key_schedule		seskeysched;
@@ -101,7 +107,9 @@
 #ifdef KRB
     { "Kerberos IV",		krb4_login,	krb4_logincont,		0 },
 #endif KRB
+#ifndef AFS
     { "Cleartxt Passwrd",	clrtxt_login,	NULL,			0 },
+#endif AFS
 #ifdef UAM_AFSKRB
     { "AFS Kerberos",		afskrb_login,	afskrb_logincont,	0 },
 #endif UAM_AFSKRB
@@ -277,15 +285,15 @@
 	return( AFPERR_NOTAUTH );
     }
 
-    syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid );
-    if ( initgroups( name, gid ) < 0 || setgid( gid ) < 0 ||
-	    setuid( uid ) < 0 ) {
-	syslog( LOG_ERR, "login: %m" );
-	return( AFPERR_BADUAM );
+    if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) {
+        syslog( LOG_ERR, "login: getgroups: %m" );
+        return( AFPERR_BADUAM );
     }
 
-    if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) {
-	syslog( LOG_ERR, "login: getgroups: %m" );
+    syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid );
+    if ( initgroups( name, gid ) < 0 || setgroups(ngroups, groups) < 0 ||
+		setgid( gid ) < 0 || setuid( uid ) < 0 ) {
+	syslog( LOG_ERR, "login: %m" );
 	return( AFPERR_BADUAM );
     }
     uuid = uid;
@@ -448,7 +456,7 @@
 	bcopy( p, &cr, len );
 
 	pcbc_encrypt((C_Block *)&cr, (C_Block *)&cr, len, seskeysched,
-		seskey, DES_DECRYPT );
+		seskey, DECRYPT );
 
 	p = buf;
 	cr.ticket_st.length = ntohl( cr.ticket_st.length );
@@ -512,7 +520,7 @@
 
 extern char	*crypt();
 
-static char	clrtxtname[ 31 ];
+static char	clrtxtname[ 32 ];
 
 clrtxt_login( ibuf, ibuflen, rbuf, rbuflen )
     char	*ibuf, *rbuf;
@@ -527,13 +535,16 @@
 
     *rbuflen = 0;
 
-    len = *ibuf++;
+    len = *(unsigned char *)ibuf++;
     if ( len > 31 ) {
 	return( AFPERR_PARAM );
     }
     bcopy( ibuf, clrtxtname, len );
     ibuf += len;
     clrtxtname[ len ] = '\0';
+    while ( len-- ) {
+	clrtxtname[ len ] = tolower( clrtxtname[ len ] );
+    }
     username = clrtxtname;
     if (( pwd = getpwnam( clrtxtname )) == NULL ) {
 	return( AFPERR_NOTAUTH );
@@ -566,11 +577,6 @@
 	    ++ibuf;
 	}
 	ibuf[ 8 ] = '\0';
-#ifdef AFS
-	if ( kcheckuser( pwd, ibuf ) == 0 ) {
-	    return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid ));
-	}
-#endif AFS
 	p = crypt( ibuf, pwd->pw_passwd );
 	if ( strcmp( p, pwd->pw_passwd ) == 0 ) {
 	    return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid ));
@@ -579,96 +585,6 @@
     return( AFPERR_NOTAUTH );
 }
 
-#ifdef AFS
-#include <rx/rxkad.h>
-#include <afs/afsint.h>
-
-char *ka_LocalCell();
-
-void
-addrealm(realm,cells)
-    char *realm;
-	char ***cells;
-{
-    char **ptr;
-	int temp;
-
-	ptr= *cells;
-
-    for(;*ptr != 0 ;ptr++)
-        if(!strcmp(realm,*ptr))
-            return;
-
-	temp=ptr- *cells;
-	*cells=(char**)realloc(*cells,((2+temp)*sizeof(char*)));
-	ptr= *cells+temp;
-
-    *ptr=(char*)malloc(strlen(realm)+1);
-    strcpy(*ptr++,realm);
-	*ptr=0;
-    return;
-}
-
-int kcheckuser(pwd,passwd)
-	struct passwd *pwd;
-	char *passwd;
-{
-	long code;
-	char *instance="";
-	char realm[MAXKTCREALMLEN];
-	char lorealm[MAXKTCREALMLEN];
-	char *cell;
-	Date lifetime=MAXKTCTICKETLIFETIME;
-	int rval;
-	char **cells=(char **)malloc(sizeof(char*));
-	char *temp;
-	int rc,cellNum;
-	struct ktc_principal serviceName;
-
-	*cells=0;
-
-	code = ka_Init(0);
-
-	{
-		char *temp,*temp1;
-		temp=(char*)malloc(strlen(pwd->pw_dir)+1);
-		strcpy(temp,pwd->pw_dir);
-		temp1=temp;
-		temp=strtok(temp,"/");
-		temp=strtok('\0',"/");
-		ka_CellToRealm(temp,realm,0);
-		addrealm(realm,&cells);
-		free(temp1);
-	}
-
-	setpag();
-	authenticate(cells,pwd->pw_name,passwd);
-	cellNum=0;
-	rc=ktc_ListTokens(cellNum,&cellNum,&serviceName);
-	if(rc)
-		rval=1;
-	else{
-		rval=0;
-	}
-
-	return(rval);
-}
-
-authenticate(cells,name,passwd)
-	char **cells;
-	char *name;
-	char *passwd;
-{
-	char **ptr=cells;
-	char *errorstring;
-
-	while(*ptr){
-	    ka_UserAuthenticate(name,/*instance*/"",/*cell*/*ptr++,
-		    passwd,/*setpag*/0,&errorstring);
-	}
-}
-#endif AFS
-
 #if defined( UAM_AFSKRB ) && defined( AFS )
 afskrb_login( ibuf, ibuflen, rbuf, rbuflen )
     char	*ibuf, *rbuf;
@@ -793,7 +709,7 @@
     ibuf += sizeof( short );
 
     pcbc_encrypt((C_Block *)ibuf, (C_Block *)ibuf,
-	    clen, seskeysched, seskey, DES_DECRYPT );
+	    clen, seskeysched, seskey, DECRYPT );
     if ( kuam_set_in_tkt( name, instance, realm, TICKET_GRANTING_TICKET,
 	    realm, ibuf ) != INTK_OK ) {
 	return( AFPERR_PARAM );
patches from Ian McWilliam <I.McWilliam@cit.nepean.uws.edu.au> Ian says: Sometime around January 1999 2.4-current sources broke the handling of afpd group access. Now fixed. Various fixes and updates to afpd. 1999-03-16 07:57:58 -05:00			`--- etc/afpd/auth.c.orig Tue Sep 17 04:33:55 1996`
			`+++ etc/afpd/auth.c Tue Mar 16 18:25:36 1999`
			`@@ -37,9 +37,15 @@`
			`#endif KRB AFS UAM_AFSKRB`

			`#if defined( KRB ) \|\| defined( UAM_AFSKRB )`
			`+#ifdef SOLARIS`
			`+#include <kerberos/krb.h>`
			`+#include <kerberos/des.h>`
			`+#include <kerberos/prot.h>`
			`+#else SOLARIS`
			`#include <krb.h>`
			`#include <des.h>`
			`#include <prot.h>`
			`+#endif SOLARIS`

			`C_Block seskey;`
			`Key_schedule seskeysched;`
			`@@ -101,7 +107,9 @@`
			`#ifdef KRB`
			`{ "Kerberos IV", krb4_login, krb4_logincont, 0 },`
			`#endif KRB`
			`+#ifndef AFS`
			`{ "Cleartxt Passwrd", clrtxt_login, NULL, 0 },`
			`+#endif AFS`
			`#ifdef UAM_AFSKRB`
			`{ "AFS Kerberos", afskrb_login, afskrb_logincont, 0 },`
			`#endif UAM_AFSKRB`
			`@@ -277,15 +285,15 @@`
			`return( AFPERR_NOTAUTH );`
			`}`

			`- syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid );`
			`- if ( initgroups( name, gid ) < 0 \|\| setgid( gid ) < 0 \|\|`
			`- setuid( uid ) < 0 ) {`
			`- syslog( LOG_ERR, "login: %m" );`
			`- return( AFPERR_BADUAM );`
			`+ if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) {`
			`+ syslog( LOG_ERR, "login: getgroups: %m" );`
			`+ return( AFPERR_BADUAM );`
			`}`

			`- if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) {`
			`- syslog( LOG_ERR, "login: getgroups: %m" );`
			`+ syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid );`
			`+ if ( initgroups( name, gid ) < 0 \|\| setgroups(ngroups, groups) < 0 \|\|`
			`+ setgid( gid ) < 0 \|\| setuid( uid ) < 0 ) {`
			`+ syslog( LOG_ERR, "login: %m" );`
			`return( AFPERR_BADUAM );`
			`}`
			`uuid = uid;`
			`@@ -448,7 +456,7 @@`
			`bcopy( p, &cr, len );`

			`pcbc_encrypt((C_Block )&cr, (C_Block )&cr, len, seskeysched,`
			`- seskey, DES_DECRYPT );`
			`+ seskey, DECRYPT );`

			`p = buf;`
			`cr.ticket_st.length = ntohl( cr.ticket_st.length );`
			`@@ -512,7 +520,7 @@`

			`extern char *crypt();`

			`-static char clrtxtname[ 31 ];`
			`+static char clrtxtname[ 32 ];`

			`clrtxt_login( ibuf, ibuflen, rbuf, rbuflen )`
			`char ibuf, rbuf;`
			`@@ -527,13 +535,16 @@`

			`*rbuflen = 0;`

			`- len = *ibuf++;`
			`+ len = (unsigned char )ibuf++;`
			`if ( len > 31 ) {`
			`return( AFPERR_PARAM );`
			`}`
			`bcopy( ibuf, clrtxtname, len );`
			`ibuf += len;`
			`clrtxtname[ len ] = '\0';`
			`+ while ( len-- ) {`
			`+ clrtxtname[ len ] = tolower( clrtxtname[ len ] );`
			`+ }`
			`username = clrtxtname;`
			`if (( pwd = getpwnam( clrtxtname )) == NULL ) {`
			`return( AFPERR_NOTAUTH );`
			`@@ -566,11 +577,6 @@`
			`++ibuf;`
			`}`
			`ibuf[ 8 ] = '\0';`
			`-#ifdef AFS`
			`- if ( kcheckuser( pwd, ibuf ) == 0 ) {`
			`- return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid ));`
			`- }`
			`-#endif AFS`
			`p = crypt( ibuf, pwd->pw_passwd );`
			`if ( strcmp( p, pwd->pw_passwd ) == 0 ) {`
			`return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid ));`
			`@@ -579,96 +585,6 @@`
			`return( AFPERR_NOTAUTH );`
			`}`

			`-#ifdef AFS`
			`-#include <rx/rxkad.h>`
			`-#include <afs/afsint.h>`
			`-`
			`-char *ka_LocalCell();`
			`-`
			`-void`
			`-addrealm(realm,cells)`
			`- char *realm;`
			`- char ***cells;`
			`-{`
			`- char **ptr;`
			`- int temp;`
			`-`
			`- ptr= *cells;`
			`-`
			`- for(;*ptr != 0 ;ptr++)`
			`- if(!strcmp(realm,*ptr))`
			`- return;`
			`-`
			`- temp=ptr- *cells;`
			`- cells=(char)realloc(cells,((2+temp)sizeof(char)));`
			`- ptr= *cells+temp;`
			`-`
			`- ptr=(char)malloc(strlen(realm)+1);`
			`- strcpy(*ptr++,realm);`
			`- *ptr=0;`
			`- return;`
			`-}`
			`-`
			`-int kcheckuser(pwd,passwd)`
			`- struct passwd *pwd;`
			`- char *passwd;`
			`-{`
			`- long code;`
			`- char *instance="";`
			`- char realm[MAXKTCREALMLEN];`
			`- char lorealm[MAXKTCREALMLEN];`
			`- char *cell;`
			`- Date lifetime=MAXKTCTICKETLIFETIME;`
			`- int rval;`
			`- char cells=(char )malloc(sizeof(char*));`
			`- char *temp;`
			`- int rc,cellNum;`
			`- struct ktc_principal serviceName;`
			`-`
			`- *cells=0;`
			`-`
			`- code = ka_Init(0);`
			`-`
			`- {`
			`- char temp,temp1;`
			`- temp=(char*)malloc(strlen(pwd->pw_dir)+1);`
			`- strcpy(temp,pwd->pw_dir);`
			`- temp1=temp;`
			`- temp=strtok(temp,"/");`
			`- temp=strtok('\0',"/");`
			`- ka_CellToRealm(temp,realm,0);`
			`- addrealm(realm,&cells);`
			`- free(temp1);`
			`- }`
			`-`
			`- setpag();`
			`- authenticate(cells,pwd->pw_name,passwd);`
			`- cellNum=0;`
			`- rc=ktc_ListTokens(cellNum,&cellNum,&serviceName);`
			`- if(rc)`
			`- rval=1;`
			`- else{`
			`- rval=0;`
			`- }`
			`-`
			`- return(rval);`
			`-}`
			`-`
			`-authenticate(cells,name,passwd)`
			`- char **cells;`
			`- char *name;`
			`- char *passwd;`
			`-{`
			`- char **ptr=cells;`
			`- char *errorstring;`
			`-`
			`- while(*ptr){`
			`- ka_UserAuthenticate(name,/instance/"",/cell/*ptr++,`
			`- passwd,/setpag/0,&errorstring);`
			`- }`
			`-}`
			`-#endif AFS`
			`-`
			`#if defined( UAM_AFSKRB ) && defined( AFS )`
			`afskrb_login( ibuf, ibuflen, rbuf, rbuflen )`
			`char ibuf, rbuf;`
			`@@ -793,7 +709,7 @@`
			`ibuf += sizeof( short );`

			`pcbc_encrypt((C_Block )ibuf, (C_Block )ibuf,`
			`- clen, seskeysched, seskey, DES_DECRYPT );`
			`+ clen, seskeysched, seskey, DECRYPT );`
			`if ( kuam_set_in_tkt( name, instance, realm, TICKET_GRANTING_TICKET,`
			`realm, ibuf ) != INTK_OK ) {`
			`return( AFPERR_PARAM );`