c720e8585f
Ian says: Sometime around January 1999 2.4-current sources broke the handling of afpd group access. Now fixed. Various fixes and updates to afpd.
206 lines
4.7 KiB
Plaintext
206 lines
4.7 KiB
Plaintext
--- etc/afpd/auth.c.orig Tue Sep 17 04:33:55 1996
|
|
+++ etc/afpd/auth.c Tue Mar 16 18:25:36 1999
|
|
@@ -37,9 +37,15 @@
|
|
#endif KRB AFS UAM_AFSKRB
|
|
|
|
#if defined( KRB ) || defined( UAM_AFSKRB )
|
|
+#ifdef SOLARIS
|
|
+#include <kerberos/krb.h>
|
|
+#include <kerberos/des.h>
|
|
+#include <kerberos/prot.h>
|
|
+#else SOLARIS
|
|
#include <krb.h>
|
|
#include <des.h>
|
|
#include <prot.h>
|
|
+#endif SOLARIS
|
|
|
|
C_Block seskey;
|
|
Key_schedule seskeysched;
|
|
@@ -101,7 +107,9 @@
|
|
#ifdef KRB
|
|
{ "Kerberos IV", krb4_login, krb4_logincont, 0 },
|
|
#endif KRB
|
|
+#ifndef AFS
|
|
{ "Cleartxt Passwrd", clrtxt_login, NULL, 0 },
|
|
+#endif AFS
|
|
#ifdef UAM_AFSKRB
|
|
{ "AFS Kerberos", afskrb_login, afskrb_logincont, 0 },
|
|
#endif UAM_AFSKRB
|
|
@@ -277,15 +285,15 @@
|
|
return( AFPERR_NOTAUTH );
|
|
}
|
|
|
|
- syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid );
|
|
- if ( initgroups( name, gid ) < 0 || setgid( gid ) < 0 ||
|
|
- setuid( uid ) < 0 ) {
|
|
- syslog( LOG_ERR, "login: %m" );
|
|
- return( AFPERR_BADUAM );
|
|
+ if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) {
|
|
+ syslog( LOG_ERR, "login: getgroups: %m" );
|
|
+ return( AFPERR_BADUAM );
|
|
}
|
|
|
|
- if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) {
|
|
- syslog( LOG_ERR, "login: getgroups: %m" );
|
|
+ syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid );
|
|
+ if ( initgroups( name, gid ) < 0 || setgroups(ngroups, groups) < 0 ||
|
|
+ setgid( gid ) < 0 || setuid( uid ) < 0 ) {
|
|
+ syslog( LOG_ERR, "login: %m" );
|
|
return( AFPERR_BADUAM );
|
|
}
|
|
uuid = uid;
|
|
@@ -448,7 +456,7 @@
|
|
bcopy( p, &cr, len );
|
|
|
|
pcbc_encrypt((C_Block *)&cr, (C_Block *)&cr, len, seskeysched,
|
|
- seskey, DES_DECRYPT );
|
|
+ seskey, DECRYPT );
|
|
|
|
p = buf;
|
|
cr.ticket_st.length = ntohl( cr.ticket_st.length );
|
|
@@ -512,7 +520,7 @@
|
|
|
|
extern char *crypt();
|
|
|
|
-static char clrtxtname[ 31 ];
|
|
+static char clrtxtname[ 32 ];
|
|
|
|
clrtxt_login( ibuf, ibuflen, rbuf, rbuflen )
|
|
char *ibuf, *rbuf;
|
|
@@ -527,13 +535,16 @@
|
|
|
|
*rbuflen = 0;
|
|
|
|
- len = *ibuf++;
|
|
+ len = *(unsigned char *)ibuf++;
|
|
if ( len > 31 ) {
|
|
return( AFPERR_PARAM );
|
|
}
|
|
bcopy( ibuf, clrtxtname, len );
|
|
ibuf += len;
|
|
clrtxtname[ len ] = '\0';
|
|
+ while ( len-- ) {
|
|
+ clrtxtname[ len ] = tolower( clrtxtname[ len ] );
|
|
+ }
|
|
username = clrtxtname;
|
|
if (( pwd = getpwnam( clrtxtname )) == NULL ) {
|
|
return( AFPERR_NOTAUTH );
|
|
@@ -566,11 +577,6 @@
|
|
++ibuf;
|
|
}
|
|
ibuf[ 8 ] = '\0';
|
|
-#ifdef AFS
|
|
- if ( kcheckuser( pwd, ibuf ) == 0 ) {
|
|
- return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid ));
|
|
- }
|
|
-#endif AFS
|
|
p = crypt( ibuf, pwd->pw_passwd );
|
|
if ( strcmp( p, pwd->pw_passwd ) == 0 ) {
|
|
return( login( pwd->pw_name, pwd->pw_uid, pwd->pw_gid ));
|
|
@@ -579,96 +585,6 @@
|
|
return( AFPERR_NOTAUTH );
|
|
}
|
|
|
|
-#ifdef AFS
|
|
-#include <rx/rxkad.h>
|
|
-#include <afs/afsint.h>
|
|
-
|
|
-char *ka_LocalCell();
|
|
-
|
|
-void
|
|
-addrealm(realm,cells)
|
|
- char *realm;
|
|
- char ***cells;
|
|
-{
|
|
- char **ptr;
|
|
- int temp;
|
|
-
|
|
- ptr= *cells;
|
|
-
|
|
- for(;*ptr != 0 ;ptr++)
|
|
- if(!strcmp(realm,*ptr))
|
|
- return;
|
|
-
|
|
- temp=ptr- *cells;
|
|
- *cells=(char**)realloc(*cells,((2+temp)*sizeof(char*)));
|
|
- ptr= *cells+temp;
|
|
-
|
|
- *ptr=(char*)malloc(strlen(realm)+1);
|
|
- strcpy(*ptr++,realm);
|
|
- *ptr=0;
|
|
- return;
|
|
-}
|
|
-
|
|
-int kcheckuser(pwd,passwd)
|
|
- struct passwd *pwd;
|
|
- char *passwd;
|
|
-{
|
|
- long code;
|
|
- char *instance="";
|
|
- char realm[MAXKTCREALMLEN];
|
|
- char lorealm[MAXKTCREALMLEN];
|
|
- char *cell;
|
|
- Date lifetime=MAXKTCTICKETLIFETIME;
|
|
- int rval;
|
|
- char **cells=(char **)malloc(sizeof(char*));
|
|
- char *temp;
|
|
- int rc,cellNum;
|
|
- struct ktc_principal serviceName;
|
|
-
|
|
- *cells=0;
|
|
-
|
|
- code = ka_Init(0);
|
|
-
|
|
- {
|
|
- char *temp,*temp1;
|
|
- temp=(char*)malloc(strlen(pwd->pw_dir)+1);
|
|
- strcpy(temp,pwd->pw_dir);
|
|
- temp1=temp;
|
|
- temp=strtok(temp,"/");
|
|
- temp=strtok('\0',"/");
|
|
- ka_CellToRealm(temp,realm,0);
|
|
- addrealm(realm,&cells);
|
|
- free(temp1);
|
|
- }
|
|
-
|
|
- setpag();
|
|
- authenticate(cells,pwd->pw_name,passwd);
|
|
- cellNum=0;
|
|
- rc=ktc_ListTokens(cellNum,&cellNum,&serviceName);
|
|
- if(rc)
|
|
- rval=1;
|
|
- else{
|
|
- rval=0;
|
|
- }
|
|
-
|
|
- return(rval);
|
|
-}
|
|
-
|
|
-authenticate(cells,name,passwd)
|
|
- char **cells;
|
|
- char *name;
|
|
- char *passwd;
|
|
-{
|
|
- char **ptr=cells;
|
|
- char *errorstring;
|
|
-
|
|
- while(*ptr){
|
|
- ka_UserAuthenticate(name,/*instance*/"",/*cell*/*ptr++,
|
|
- passwd,/*setpag*/0,&errorstring);
|
|
- }
|
|
-}
|
|
-#endif AFS
|
|
-
|
|
#if defined( UAM_AFSKRB ) && defined( AFS )
|
|
afskrb_login( ibuf, ibuflen, rbuf, rbuflen )
|
|
char *ibuf, *rbuf;
|
|
@@ -793,7 +709,7 @@
|
|
ibuf += sizeof( short );
|
|
|
|
pcbc_encrypt((C_Block *)ibuf, (C_Block *)ibuf,
|
|
- clen, seskeysched, seskey, DES_DECRYPT );
|
|
+ clen, seskeysched, seskey, DECRYPT );
|
|
if ( kuam_set_in_tkt( name, instance, realm, TICKET_GRANTING_TICKET,
|
|
realm, ibuf ) != INTK_OK ) {
|
|
return( AFPERR_PARAM );
|