--- etc/afpd/auth.c.orig Tue Sep 17 04:33:55 1996 +++ etc/afpd/auth.c Tue Mar 16 18:25:36 1999 @@ -37,9 +37,15 @@ #endif KRB AFS UAM_AFSKRB #if defined( KRB ) || defined( UAM_AFSKRB ) +#ifdef SOLARIS +#include +#include +#include +#else SOLARIS #include #include #include +#endif SOLARIS C_Block seskey; Key_schedule seskeysched; @@ -101,7 +107,9 @@ #ifdef KRB { "Kerberos IV", krb4_login, krb4_logincont, 0 }, #endif KRB +#ifndef AFS { "Cleartxt Passwrd", clrtxt_login, NULL, 0 }, +#endif AFS #ifdef UAM_AFSKRB { "AFS Kerberos", afskrb_login, afskrb_logincont, 0 }, #endif UAM_AFSKRB @@ -277,15 +285,15 @@ return( AFPERR_NOTAUTH ); } - syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid ); - if ( initgroups( name, gid ) < 0 || setgid( gid ) < 0 || - setuid( uid ) < 0 ) { - syslog( LOG_ERR, "login: %m" ); - return( AFPERR_BADUAM ); + if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) { + syslog( LOG_ERR, "login: getgroups: %m" ); + return( AFPERR_BADUAM ); } - if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) { - syslog( LOG_ERR, "login: getgroups: %m" ); + syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid ); + if ( initgroups( name, gid ) < 0 || setgroups(ngroups, groups) < 0 || + setgid( gid ) < 0 || setuid( uid ) < 0 ) { + syslog( LOG_ERR, "login: %m" ); return( AFPERR_BADUAM ); } uuid = uid; @@ -448,7 +456,7 @@ bcopy( p, &cr, len ); pcbc_encrypt((C_Block *)&cr, (C_Block *)&cr, len, seskeysched, - seskey, DES_DECRYPT ); + seskey, DECRYPT ); p = buf; cr.ticket_st.length = ntohl( cr.ticket_st.length ); @@ -512,7 +520,7 @@ extern char *crypt(); -static char clrtxtname[ 31 ]; +static char clrtxtname[ 32 ]; clrtxt_login( ibuf, ibuflen, rbuf, rbuflen ) char *ibuf, *rbuf; @@ -527,13 +535,16 @@ *rbuflen = 0; - len = *ibuf++; + len = *(unsigned char *)ibuf++; if ( len > 31 ) { return( AFPERR_PARAM ); } bcopy( ibuf, clrtxtname, len ); ibuf += len; clrtxtname[ len ] = '\0'; + while ( len-- ) { + clrtxtname[ len ] = tolower( clrtxtname[ len ] ); + } username = clrtxtname; if (( pwd = getpwnam( clrtxtname )) == NULL ) { return( AFPERR_NOTAUTH ); @@ -566,11 +577,6 @@ ++ibuf; } ibuf[ 8 ] = '\0'; -#ifdef AFS - if ( kcheckuser( pwd, ibuf ) == 0 ) { - return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid )); - } -#endif AFS p = crypt( ibuf, pwd->pw_passwd ); if ( strcmp( p, pwd->pw_passwd ) == 0 ) { return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid )); @@ -579,96 +585,6 @@ return( AFPERR_NOTAUTH ); } -#ifdef AFS -#include -#include - -char *ka_LocalCell(); - -void -addrealm(realm,cells) - char *realm; - char ***cells; -{ - char **ptr; - int temp; - - ptr= *cells; - - for(;*ptr != 0 ;ptr++) - if(!strcmp(realm,*ptr)) - return; - - temp=ptr- *cells; - *cells=(char**)realloc(*cells,((2+temp)*sizeof(char*))); - ptr= *cells+temp; - - *ptr=(char*)malloc(strlen(realm)+1); - strcpy(*ptr++,realm); - *ptr=0; - return; -} - -int kcheckuser(pwd,passwd) - struct passwd *pwd; - char *passwd; -{ - long code; - char *instance=""; - char realm[MAXKTCREALMLEN]; - char lorealm[MAXKTCREALMLEN]; - char *cell; - Date lifetime=MAXKTCTICKETLIFETIME; - int rval; - char **cells=(char **)malloc(sizeof(char*)); - char *temp; - int rc,cellNum; - struct ktc_principal serviceName; - - *cells=0; - - code = ka_Init(0); - - { - char *temp,*temp1; - temp=(char*)malloc(strlen(pwd->pw_dir)+1); - strcpy(temp,pwd->pw_dir); - temp1=temp; - temp=strtok(temp,"/"); - temp=strtok('\0',"/"); - ka_CellToRealm(temp,realm,0); - addrealm(realm,&cells); - free(temp1); - } - - setpag(); - authenticate(cells,pwd->pw_name,passwd); - cellNum=0; - rc=ktc_ListTokens(cellNum,&cellNum,&serviceName); - if(rc) - rval=1; - else{ - rval=0; - } - - return(rval); -} - -authenticate(cells,name,passwd) - char **cells; - char *name; - char *passwd; -{ - char **ptr=cells; - char *errorstring; - - while(*ptr){ - ka_UserAuthenticate(name,/*instance*/"",/*cell*/*ptr++, - passwd,/*setpag*/0,&errorstring); - } -} -#endif AFS - #if defined( UAM_AFSKRB ) && defined( AFS ) afskrb_login( ibuf, ibuflen, rbuf, rbuflen ) char *ibuf, *rbuf; @@ -793,7 +709,7 @@ ibuf += sizeof( short ); pcbc_encrypt((C_Block *)ibuf, (C_Block *)ibuf, - clen, seskeysched, seskey, DES_DECRYPT ); + clen, seskeysched, seskey, DECRYPT ); if ( kuam_set_in_tkt( name, instance, realm, TICKET_GRANTING_TICKET, realm, ibuf ) != INTK_OK ) { return( AFPERR_PARAM );