31355b4571
more syslogging of login failures so we have have more info on why. patch-etcafpd-volumec Update to partially resolve the current problem with afpd not behaving correctly with permisions on /etc/netatalk. Log correctly to /var/log/daemon when we can't access configuration files. Put in place proper error checking when reading them. Would be nice if the origional programmers actually checked for failure for anything. People can now see just why things are not working as they like. Mar 29 18:08:38 kashmir afpd[6210]: session from 39148.187:250 on 39148.169:129 Mar 29 18:08:38 kashmir afpd[6210]: login dingo (uid 1002, gid 10) Mar 29 18:08:38 kashmir afpd[6210]: unable to access /etc/netatalk/AppleVolumes.system: Permission denied Mar 29 18:08:40 kashmir afpd[6210]: done Mar 29 18:08:40 kashmir afpd[21593]: asp_chld 6210 done Pass the CORRECT arguments to creatvol. from "Benninghoff, John" <JABenninghoff@dainrauscher.com> Return AFPERR_PARAM when we can't access configuration files to the appleshare client requesting access. This stops possible DOS under MacOS. In it's current form the Appleshare client has to be killed on the MAC side by killing the "CHOOSER" Application. By returning proper errors the appleshare client exits gracefully with error: "An Appleshare system error occured." patch-etcpapd-lpc cosmetic change: remove an unused variable. patch-version changes made bump version. -- From: maintainer
439 lines
11 KiB
Plaintext
439 lines
11 KiB
Plaintext
$OpenBSD: patch-etcafpd-authc,v 1.2 2001/04/18 13:17:43 brad Exp $
|
|
--- etc/afpd/auth.c.orig Sat Mar 15 07:03:18 1997
|
|
+++ etc/afpd/auth.c Wed Apr 18 14:19:12 2001
|
|
@@ -4,18 +4,22 @@
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
+#include <stdlib.h>
|
|
+#include <unistd.h>
|
|
#include <sys/types.h>
|
|
#include <sys/param.h>
|
|
#include <sys/syslog.h>
|
|
#include <sys/time.h>
|
|
+#include <sys/stat.h>
|
|
+#include <sys/socket.h>
|
|
#include <netatalk/endian.h>
|
|
#include <netatalk/at.h>
|
|
#include <atalk/afp.h>
|
|
#include <atalk/paths.h>
|
|
#include <atalk/atp.h>
|
|
#include <atalk/asp.h>
|
|
+#include <atalk/compat.h>
|
|
#include <limits.h>
|
|
-#include <strings.h>
|
|
#include <string.h>
|
|
#include <ctype.h>
|
|
#include <pwd.h>
|
|
@@ -47,8 +51,8 @@
|
|
#include <prot.h>
|
|
#endif SOLARIS
|
|
|
|
-C_Block seskey;
|
|
-Key_schedule seskeysched;
|
|
+des_cblock *seskey;
|
|
+des_key_schedule seskeysched;
|
|
static char realm[ REALM_SZ ];
|
|
#endif KRB UAM_AFSKRB
|
|
|
|
@@ -93,6 +97,7 @@ gid_t groups[ NGROUPS ];
|
|
int ngroups;
|
|
char *username = NULL;
|
|
char *mktemp();
|
|
+int strndiacasecmp();
|
|
|
|
/*
|
|
* These numbers are scattered throughout the code.
|
|
@@ -100,6 +105,8 @@ char *mktemp();
|
|
struct afp_versions afp_versions[] = {
|
|
{ "AFPVersion 1.1", 11 },
|
|
{ "AFPVersion 2.0", 20 },
|
|
+ { "AFPVersion 2.1", 21 },
|
|
+ { "AFP2.2", 22 }
|
|
};
|
|
|
|
/* Note that these names must match those in main() */
|
|
@@ -120,6 +127,7 @@ struct afp_uams *afp_uam = NULL;
|
|
/*
|
|
* Mark a UAM as off.
|
|
*/
|
|
+void
|
|
uam_off( uam )
|
|
char *uam;
|
|
{
|
|
@@ -134,6 +142,7 @@ uam_off( uam )
|
|
return;
|
|
}
|
|
|
|
+void
|
|
status_versions( data )
|
|
char *data;
|
|
{
|
|
@@ -147,12 +156,13 @@ status_versions( data )
|
|
for ( i = 0; i < num; i++ ) {
|
|
len = strlen( afp_versions[ i ].av_name );
|
|
*data++ = len;
|
|
- bcopy( afp_versions[ i ].av_name , data, len );
|
|
+ memcpy( data, afp_versions[ i ].av_name, len );
|
|
data += len;
|
|
}
|
|
status->as_uamsoff = htons( data - (char *)status );
|
|
}
|
|
|
|
+void
|
|
status_uams( data )
|
|
char *data;
|
|
{
|
|
@@ -171,13 +181,14 @@ status_uams( data )
|
|
if (( afp_uams[ i ].au_flags & AU_OFF ) == 0 ) {
|
|
len = strlen( afp_uams[ i ].au_name );
|
|
*data++ = len;
|
|
- bcopy( afp_uams[ i ].au_name, data, len );
|
|
+ memcpy( data, afp_uams[ i ].au_name, len );
|
|
data += len;
|
|
}
|
|
}
|
|
status->as_iconoff = htons( data - (char *)status );
|
|
}
|
|
|
|
+int
|
|
afp_login( ibuf, ibuflen, rbuf, rbuflen )
|
|
char *ibuf, *rbuf;
|
|
int ibuflen, *rbuflen;
|
|
@@ -230,6 +241,7 @@ afp_login( ibuf, ibuflen, rbuf, rbuflen
|
|
return( afp_uam->au_login( ibuf, ibuflen, rbuf, rbuflen ));
|
|
}
|
|
|
|
+int
|
|
afp_logincont( ibuf, ibuflen, rbuf, rbuflen, asp )
|
|
char *ibuf, *rbuf;
|
|
int ibuflen, *rbuflen;
|
|
@@ -242,6 +254,7 @@ afp_logincont( ibuf, ibuflen, rbuf, rbuf
|
|
return( afp_uam->au_logincont( ibuf, ibuflen, rbuf, rbuflen, asp ));
|
|
}
|
|
|
|
+int
|
|
noauth_login( ibuf, ibuflen, rbuf, rbuflen )
|
|
char *ibuf, *rbuf;
|
|
int ibuflen, *rbuflen;
|
|
@@ -275,6 +288,7 @@ noauth_login( ibuf, ibuflen, rbuf, rbufl
|
|
return( AFP_OK );
|
|
}
|
|
|
|
+int
|
|
login( name, uid, gid )
|
|
char *name;
|
|
uid_t uid;
|
|
@@ -302,6 +316,7 @@ login( name, uid, gid )
|
|
return( AFP_OK );
|
|
}
|
|
|
|
+void
|
|
lcase( p )
|
|
char *p;
|
|
{
|
|
@@ -313,6 +328,7 @@ lcase( p )
|
|
return;
|
|
}
|
|
|
|
+void
|
|
ucase( p )
|
|
char *p;
|
|
{
|
|
@@ -335,7 +351,7 @@ ucase( p )
|
|
#define KRB4WRT_SKIP 7
|
|
#define KRB4RPL_DONEMUT 8
|
|
|
|
-
|
|
+int
|
|
krb4_login( ibuf, ibuflen, rbuf, rbuflen )
|
|
char *ibuf, *rbuf;
|
|
int ibuflen, *rbuflen;
|
|
@@ -360,7 +376,7 @@ krb4_login( ibuf, ibuflen, rbuf, rbuflen
|
|
*p++ = 1;
|
|
len = strlen( realm );
|
|
*p++ = len;
|
|
- strcpy( p, realm );
|
|
+ (void)strlcpy( p, realm, sizeof(p) );
|
|
p += len + 1;
|
|
|
|
#ifdef AFS
|
|
@@ -375,6 +391,7 @@ krb4_login( ibuf, ibuflen, rbuf, rbuflen
|
|
return( AFPERR_AUTHCONT );
|
|
}
|
|
|
|
+int
|
|
krb4_logincont( ibuf, ibuflen, rbuf, rbuflen, asp )
|
|
char *ibuf, *rbuf;
|
|
int ibuflen, *rbuflen;
|
|
@@ -384,15 +401,15 @@ krb4_logincont( ibuf, ibuflen, rbuf, rbu
|
|
KTEXT_ST tkt;
|
|
static AUTH_DAT ad;
|
|
int rc;
|
|
- short len;
|
|
+ int16_t len;
|
|
char *p;
|
|
- CREDENTIALS cr;
|
|
#ifdef AFS
|
|
+ CREDENTIALS cr;
|
|
struct ViceIoctl vi;
|
|
struct ClearToken ct;
|
|
-#endif AFS
|
|
char buf[ 1024 ];
|
|
int aint;
|
|
+#endif AFS
|
|
|
|
if ( asp_wrtcont( asp, rbuf, rbuflen ) < 0 ) {
|
|
*rbuflen = 0;
|
|
@@ -403,15 +420,15 @@ krb4_logincont( ibuf, ibuflen, rbuf, rbu
|
|
|
|
switch ( rc = *p++ ) {
|
|
case KRB4WRT_SESS :
|
|
- bcopy( p, &len, sizeof( short ));
|
|
+ memcpy( &len, p, sizeof( len ));
|
|
tkt.length = ntohs( len );
|
|
- p += sizeof( short );
|
|
+ p += sizeof( len );
|
|
|
|
if ( tkt.length <= 0 || tkt.length > MAX_KTXT_LEN ) {
|
|
*rbuflen = 0;
|
|
return( AFPERR_BADUAM );
|
|
}
|
|
- bcopy( p, tkt.dat, tkt.length );
|
|
+ memcpy( tkt.dat, p, tkt.length );
|
|
p += tkt.length;
|
|
|
|
if (( rc = krb_rd_req( &tkt, "afpserver", Obj, 0, &ad, "" ))
|
|
@@ -424,7 +441,7 @@ krb4_logincont( ibuf, ibuflen, rbuf, rbu
|
|
|
|
syslog( LOG_INFO, "krb4_login: %s.%s@%s", ad.pname, ad.pinst,
|
|
ad.prealm );
|
|
- bcopy( ad.session, seskey, sizeof( C_Block ));
|
|
+ memcpy( seskey, ad.session, sizeof( C_Block ));
|
|
key_sched( seskey, seskeysched );
|
|
|
|
username = ad.pname;
|
|
@@ -444,46 +461,46 @@ krb4_logincont( ibuf, ibuflen, rbuf, rbu
|
|
len = strlen( realm );
|
|
*p++ = len + 1;
|
|
*p++ = '@';
|
|
- strcpy( p, realm );
|
|
+ (void)strlcpy( p, realm, sizeof(p) );
|
|
p += len + 1;
|
|
*rbuflen = p - rbuf;
|
|
return( AFPERR_AUTHCONT );
|
|
|
|
case KRB4WRT_TOKEN :
|
|
- bcopy( p, &len, sizeof( short ));
|
|
+ memcpy( &len, p, sizeof( len ));
|
|
len = ntohs( len );
|
|
- p += sizeof( short );
|
|
- bcopy( p, &cr, len );
|
|
+ p += sizeof( len );
|
|
+ memcpy( &cr, p, len );
|
|
|
|
pcbc_encrypt((C_Block *)&cr, (C_Block *)&cr, len, seskeysched,
|
|
seskey, DECRYPT );
|
|
|
|
p = buf;
|
|
cr.ticket_st.length = ntohl( cr.ticket_st.length );
|
|
- bcopy( &cr.ticket_st.length, p, sizeof( int ));
|
|
- p += sizeof( int );
|
|
- bcopy( cr.ticket_st.dat, p, cr.ticket_st.length );
|
|
+ memcpy( p, &cr.ticket_st.length, sizeof( p ));
|
|
+ p += sizeof( p );
|
|
+ memcpy( p, cr.ticket_st.dat, cr.ticket_st.length );
|
|
p += cr.ticket_st.length;
|
|
|
|
ct.AuthHandle = ntohl( cr.kvno );
|
|
- bcopy( cr.session, ct.HandShakeKey, sizeof( cr.session ));
|
|
+ memcpy( ct.HandShakeKey, cr.session, sizeof( cr.session ));
|
|
ct.ViceId = 0;
|
|
ct.BeginTimestamp = ntohl( cr.issue_date );
|
|
ct.EndTimestamp = krb_life_to_time( ntohl( cr.issue_date ),
|
|
ntohl( cr.lifetime ));
|
|
|
|
aint = sizeof( struct ClearToken );
|
|
- bcopy( &aint, p, sizeof( int ));
|
|
- p += sizeof( int );
|
|
- bcopy( &ct, p, sizeof( struct ClearToken ));
|
|
+ memcpy( p, &aint, sizeof( p ));
|
|
+ p += sizeof( p );
|
|
+ memcpy( p, &ct, sizeof( struct ClearToken ));
|
|
p += sizeof( struct ClearToken );
|
|
|
|
aint = 0;
|
|
- bcopy( &aint, p, sizeof( int ));
|
|
- p += sizeof( int );
|
|
+ memcpy( p, &aint, sizeof( p ));
|
|
+ p += sizeof( p );
|
|
|
|
lcase( realm );
|
|
- strcpy( p, realm );
|
|
+ (void)strlcpy( p, realm, sizeof(p) );
|
|
p += strlen( realm ) + 1;
|
|
|
|
vi.in = buf;
|
|
@@ -520,8 +537,9 @@ krb4_logincont( ibuf, ibuflen, rbuf, rbu
|
|
|
|
extern char *crypt();
|
|
|
|
-static char clrtxtname[ 32 ];
|
|
+static char clrtxtname[MAXLOGNAME];
|
|
|
|
+int
|
|
clrtxt_login( ibuf, ibuflen, rbuf, rbuflen )
|
|
char *ibuf, *rbuf;
|
|
int ibuflen, *rbuflen;
|
|
@@ -536,17 +554,20 @@ clrtxt_login( ibuf, ibuflen, rbuf, rbufl
|
|
*rbuflen = 0;
|
|
|
|
len = *(unsigned char *)ibuf++;
|
|
- if ( len > 31 ) {
|
|
+ if ( len > (MAXLOGNAME-1)) {
|
|
+ syslog( LOG_INFO, "Username > %d characters. OpenBSD only supports max. %d character usernames.", MAXLOGNAME-1, MAXLOGNAME-1);
|
|
return( AFPERR_PARAM );
|
|
}
|
|
- bcopy( ibuf, clrtxtname, len );
|
|
+ memcpy( clrtxtname, ibuf, len );
|
|
ibuf += len;
|
|
clrtxtname[ len ] = '\0';
|
|
while ( len-- ) {
|
|
clrtxtname[ len ] = tolower( clrtxtname[ len ] );
|
|
}
|
|
username = clrtxtname;
|
|
- if (( pwd = getpwnam( clrtxtname )) == NULL ) {
|
|
+ if (( pwd = getpwnam(clrtxtname)) == NULL ) {
|
|
+ syslog(LOG_INFO,
|
|
+ "Username: %s not in password database: No login.", clrtxtname);
|
|
return( AFPERR_NOTAUTH );
|
|
}
|
|
|
|
@@ -594,13 +615,13 @@ afskrb_login( ibuf, ibuflen, rbuf, rbufl
|
|
CREDENTIALS cr;
|
|
char *p, *q;
|
|
int len, rc, whoserealm;
|
|
- short slen;
|
|
+ int16_t slen;
|
|
|
|
len = *ibuf++;
|
|
ibuf[ len ] = '\0';
|
|
- if (( p = index( ibuf, '@' )) != NULL ) {
|
|
+ if (( p = strchr( ibuf, '@' )) != NULL ) {
|
|
*p++ = '\0';
|
|
- strcpy( realm, p );
|
|
+ (void)strlcpy( realm, p, sizeof(realm) );
|
|
ucase( realm );
|
|
whoserealm = 0;
|
|
} else {
|
|
@@ -610,13 +631,13 @@ afskrb_login( ibuf, ibuflen, rbuf, rbufl
|
|
}
|
|
whoserealm = 1;
|
|
}
|
|
- if (( p = index( ibuf, '.' )) != NULL ) {
|
|
+ if (( p = strchr( ibuf, '.' )) != NULL ) {
|
|
*p++ = '\0';
|
|
- strcpy( instance, p );
|
|
+ (void)strlcpy( instance, p, sizeof(instance) );
|
|
} else {
|
|
*instance = '\0';
|
|
}
|
|
- strcpy( name, ibuf );
|
|
+ (void)strlcpy( name, ibuf, sizeof(name) );
|
|
/*
|
|
* We don't have the session key, yet. Get one.
|
|
*/
|
|
@@ -649,12 +670,12 @@ afskrb_login( ibuf, ibuflen, rbuf, rbufl
|
|
return( AFPERR_BADUAM );
|
|
}
|
|
|
|
- bcopy( cr.session, seskey, sizeof( C_Block ));
|
|
+ memcpy( seskey, cr.session, sizeof( C_Block ));
|
|
key_sched( seskey, seskeysched );
|
|
validseskey = 1;
|
|
username = name;
|
|
|
|
- bcopy( authent.dat, p, authent.length );
|
|
+ memcpy( p, authent.dat, authent.length );
|
|
p += authent.length;
|
|
}
|
|
|
|
@@ -677,13 +698,13 @@ afskrb_login( ibuf, ibuflen, rbuf, rbufl
|
|
q += 10;
|
|
|
|
len = strlen( realm );
|
|
- strcpy( p, realm );
|
|
+ (void)strlcpy( p, realm, sizeof(p) );
|
|
p += len + 1;
|
|
- bcopy( q, &slen, sizeof( short ));
|
|
- bcopy( &slen, p, sizeof( short ));
|
|
- p += sizeof( short );
|
|
- q += sizeof( short );
|
|
- bcopy( q, p, slen );
|
|
+ memcpy( &slen, q, sizeof( slen ));
|
|
+ memcpy( p, &slen, sizeof( p ));
|
|
+ p += sizeof( p );
|
|
+ q += sizeof( q );
|
|
+ memcpy( p, q, slen );
|
|
p += slen;
|
|
|
|
*rbuflen = p - rbuf;
|
|
@@ -700,13 +721,13 @@ afskrb_logincont( ibuf, ibuflen, rbuf, r
|
|
struct passwd *pwd;
|
|
char buf[ 1024 ], *p;
|
|
int aint;
|
|
- short clen;
|
|
+ int16_t clen;
|
|
|
|
*rbuflen = 0;
|
|
ibuf += 2;
|
|
- bcopy( ibuf, &clen, sizeof( short ));
|
|
+ memcpy( &clen, ibuf, sizeof( clen ));
|
|
clen = ntohs( clen );
|
|
- ibuf += sizeof( short );
|
|
+ ibuf += sizeof( clen );
|
|
|
|
pcbc_encrypt((C_Block *)ibuf, (C_Block *)ibuf,
|
|
clen, seskeysched, seskey, DECRYPT );
|
|
@@ -723,30 +744,30 @@ afskrb_logincont( ibuf, ibuflen, rbuf, r
|
|
}
|
|
|
|
p = buf;
|
|
- bcopy( &cr.ticket_st.length, p, sizeof( int ));
|
|
- p += sizeof( int );
|
|
- bcopy( cr.ticket_st.dat, p, cr.ticket_st.length );
|
|
+ memcpy( p, &cr.ticket_st.length, sizeof( p ));
|
|
+ p += sizeof( p );
|
|
+ memcpy( p, cr.ticket_st.dat, cr.ticket_st.length );
|
|
p += cr.ticket_st.length;
|
|
|
|
ct.AuthHandle = cr.kvno;
|
|
- bcopy( cr.session, ct.HandShakeKey, sizeof( cr.session ));
|
|
+ memcpy( ct.HandShakeKey, cr.session, sizeof( cr.session ));
|
|
ct.ViceId = 0;
|
|
ct.BeginTimestamp = cr.issue_date;
|
|
/* ct.EndTimestamp = cr.issue_date + ( cr.lifetime * 5 * 60 ); */
|
|
ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime );
|
|
|
|
aint = sizeof( struct ClearToken );
|
|
- bcopy( &aint, p, sizeof( int ));
|
|
- p += sizeof( int );
|
|
- bcopy( &ct, p, sizeof( struct ClearToken ));
|
|
+ memcpy( p, &aint, sizeof( p ));
|
|
+ p += sizeof( p );
|
|
+ memcpy( p, &ct, sizeof( struct ClearToken ));
|
|
p += sizeof( struct ClearToken );
|
|
|
|
aint = 0;
|
|
- bcopy( &aint, p, sizeof( int ));
|
|
- p += sizeof( int );
|
|
+ memcpy( p, &aint, sizeof( p ));
|
|
+ p += sizeof( p );
|
|
|
|
lcase( realm );
|
|
- strcpy( p, realm );
|
|
+ (void)strlcpy( p, realm, sizeof(p) );
|
|
p += strlen( realm ) + 1;
|
|
|
|
vi.in = buf;
|