openbsd-ports/net/netatalk/patches/patch-ah
marc c720e8585f patches from Ian McWilliam <I.McWilliam@cit.nepean.uws.edu.au>
Ian says: Sometime around January 1999 2.4-current sources broke
the handling of afpd group access. Now fixed.
Various fixes and updates to afpd.
1999-03-16 12:57:58 +00:00

206 lines
4.7 KiB
Plaintext

--- etc/afpd/auth.c.orig Tue Sep 17 04:33:55 1996
+++ etc/afpd/auth.c Tue Mar 16 18:25:36 1999
@@ -37,9 +37,15 @@
#endif KRB AFS UAM_AFSKRB
#if defined( KRB ) || defined( UAM_AFSKRB )
+#ifdef SOLARIS
+#include <kerberos/krb.h>
+#include <kerberos/des.h>
+#include <kerberos/prot.h>
+#else SOLARIS
#include <krb.h>
#include <des.h>
#include <prot.h>
+#endif SOLARIS
C_Block seskey;
Key_schedule seskeysched;
@@ -101,7 +107,9 @@
#ifdef KRB
{ "Kerberos IV", krb4_login, krb4_logincont, 0 },
#endif KRB
+#ifndef AFS
{ "Cleartxt Passwrd", clrtxt_login, NULL, 0 },
+#endif AFS
#ifdef UAM_AFSKRB
{ "AFS Kerberos", afskrb_login, afskrb_logincont, 0 },
#endif UAM_AFSKRB
@@ -277,15 +285,15 @@
return( AFPERR_NOTAUTH );
}
- syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid );
- if ( initgroups( name, gid ) < 0 || setgid( gid ) < 0 ||
- setuid( uid ) < 0 ) {
- syslog( LOG_ERR, "login: %m" );
- return( AFPERR_BADUAM );
+ if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) {
+ syslog( LOG_ERR, "login: getgroups: %m" );
+ return( AFPERR_BADUAM );
}
- if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) {
- syslog( LOG_ERR, "login: getgroups: %m" );
+ syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid );
+ if ( initgroups( name, gid ) < 0 || setgroups(ngroups, groups) < 0 ||
+ setgid( gid ) < 0 || setuid( uid ) < 0 ) {
+ syslog( LOG_ERR, "login: %m" );
return( AFPERR_BADUAM );
}
uuid = uid;
@@ -448,7 +456,7 @@
bcopy( p, &cr, len );
pcbc_encrypt((C_Block *)&cr, (C_Block *)&cr, len, seskeysched,
- seskey, DES_DECRYPT );
+ seskey, DECRYPT );
p = buf;
cr.ticket_st.length = ntohl( cr.ticket_st.length );
@@ -512,7 +520,7 @@
extern char *crypt();
-static char clrtxtname[ 31 ];
+static char clrtxtname[ 32 ];
clrtxt_login( ibuf, ibuflen, rbuf, rbuflen )
char *ibuf, *rbuf;
@@ -527,13 +535,16 @@
*rbuflen = 0;
- len = *ibuf++;
+ len = *(unsigned char *)ibuf++;
if ( len > 31 ) {
return( AFPERR_PARAM );
}
bcopy( ibuf, clrtxtname, len );
ibuf += len;
clrtxtname[ len ] = '\0';
+ while ( len-- ) {
+ clrtxtname[ len ] = tolower( clrtxtname[ len ] );
+ }
username = clrtxtname;
if (( pwd = getpwnam( clrtxtname )) == NULL ) {
return( AFPERR_NOTAUTH );
@@ -566,11 +577,6 @@
++ibuf;
}
ibuf[ 8 ] = '\0';
-#ifdef AFS
- if ( kcheckuser( pwd, ibuf ) == 0 ) {
- return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid ));
- }
-#endif AFS
p = crypt( ibuf, pwd->pw_passwd );
if ( strcmp( p, pwd->pw_passwd ) == 0 ) {
return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid ));
@@ -579,96 +585,6 @@
return( AFPERR_NOTAUTH );
}
-#ifdef AFS
-#include <rx/rxkad.h>
-#include <afs/afsint.h>
-
-char *ka_LocalCell();
-
-void
-addrealm(realm,cells)
- char *realm;
- char ***cells;
-{
- char **ptr;
- int temp;
-
- ptr= *cells;
-
- for(;*ptr != 0 ;ptr++)
- if(!strcmp(realm,*ptr))
- return;
-
- temp=ptr- *cells;
- *cells=(char**)realloc(*cells,((2+temp)*sizeof(char*)));
- ptr= *cells+temp;
-
- *ptr=(char*)malloc(strlen(realm)+1);
- strcpy(*ptr++,realm);
- *ptr=0;
- return;
-}
-
-int kcheckuser(pwd,passwd)
- struct passwd *pwd;
- char *passwd;
-{
- long code;
- char *instance="";
- char realm[MAXKTCREALMLEN];
- char lorealm[MAXKTCREALMLEN];
- char *cell;
- Date lifetime=MAXKTCTICKETLIFETIME;
- int rval;
- char **cells=(char **)malloc(sizeof(char*));
- char *temp;
- int rc,cellNum;
- struct ktc_principal serviceName;
-
- *cells=0;
-
- code = ka_Init(0);
-
- {
- char *temp,*temp1;
- temp=(char*)malloc(strlen(pwd->pw_dir)+1);
- strcpy(temp,pwd->pw_dir);
- temp1=temp;
- temp=strtok(temp,"/");
- temp=strtok('\0',"/");
- ka_CellToRealm(temp,realm,0);
- addrealm(realm,&cells);
- free(temp1);
- }
-
- setpag();
- authenticate(cells,pwd->pw_name,passwd);
- cellNum=0;
- rc=ktc_ListTokens(cellNum,&cellNum,&serviceName);
- if(rc)
- rval=1;
- else{
- rval=0;
- }
-
- return(rval);
-}
-
-authenticate(cells,name,passwd)
- char **cells;
- char *name;
- char *passwd;
-{
- char **ptr=cells;
- char *errorstring;
-
- while(*ptr){
- ka_UserAuthenticate(name,/*instance*/"",/*cell*/*ptr++,
- passwd,/*setpag*/0,&errorstring);
- }
-}
-#endif AFS
-
#if defined( UAM_AFSKRB ) && defined( AFS )
afskrb_login( ibuf, ibuflen, rbuf, rbuflen )
char *ibuf, *rbuf;
@@ -793,7 +709,7 @@
ibuf += sizeof( short );
pcbc_encrypt((C_Block *)ibuf, (C_Block *)ibuf,
- clen, seskeysched, seskey, DES_DECRYPT );
+ clen, seskeysched, seskey, DECRYPT );
if ( kuam_set_in_tkt( name, instance, realm, TICKET_GRANTING_TICKET,
realm, ibuf ) != INTK_OK ) {
return( AFPERR_PARAM );