/*
- * $Id: uam.c,v 1.21 2002-03-07 15:59:53 jmarcus Exp $
+ * $Id: uam.c,v 1.33 2009-11-08 00:41:45 didg Exp $
*
* Copyright (c) 1999 Adrian Sun (asun@zoology.washington.edu)
* All Rights Reserved. See COPYRIGHT.
#include "auth.h"
#include "uam_auth.h"
+#ifdef AFP3x
+#define utf8_encoding() (afp_version >= 30)
+#else
+#define utf8_encoding() (0)
+#endif
+
#ifdef TRU64
#include <netdb.h>
#include <sia.h>
#endif /* TRU64 */
/* --- server uam functions -- */
+#ifndef NO_LOAD_UAM
+extern int uam_setup(const char *path);
+#endif
/* uam_load. uams must have a uam_setup function. */
struct uam_mod *uam_load(const char *path, const char *name)
struct uam_mod *mod;
void *module;
+#ifndef NO_LOAD_UAM
if ((module = mod_open(path)) == NULL) {
- LOG(log_error, logtype_default, "uam_load(%s): failed to load: %s", name, mod_error());
+ LOG(log_error, logtype_afpd, "uam_load(%s): failed to load: %s", name, mod_error());
return NULL;
}
+#endif
if ((mod = (struct uam_mod *) malloc(sizeof(struct uam_mod))) == NULL) {
- LOG(log_error, logtype_default, "uam_load(%s): malloc failed", name);
+ LOG(log_error, logtype_afpd, "uam_load(%s): malloc failed", name);
goto uam_load_fail;
}
- strncpy(buf, name, sizeof(buf));
- buf[sizeof(buf) - 1] = '\0';
+ strlcpy(buf, name, sizeof(buf));
if ((p = strchr(buf, '.')))
*p = '\0';
+
+#ifndef NO_LOAD_UAM
if ((mod->uam_fcn = mod_symbol(module, buf)) == NULL) {
- LOG(log_error, logtype_default, "uam_load(%s): mod_symbol error for symbol %s",
+ LOG(log_error, logtype_afpd, "uam_load(%s): mod_symbol error for symbol %s",
name,
buf);
goto uam_load_err;
}
if (mod->uam_fcn->uam_type != UAM_MODULE_SERVER) {
- LOG(log_error, logtype_default, "uam_load(%s): attempted to load a non-server module",
+ LOG(log_error, logtype_afpd, "uam_load(%s): attempted to load a non-server module",
name);
goto uam_load_err;
}
if (!mod->uam_fcn->uam_setup ||
((*mod->uam_fcn->uam_setup)(name) < 0)) {
- LOG(log_error, logtype_default, "uam_load(%s): uam_setup failed", name);
+ LOG(log_error, logtype_afpd, "uam_load(%s): uam_setup failed", name);
goto uam_load_err;
}
+#else
+ uam_setup(name);
+#endif
mod->uam_module = module;
return mod;
{
if (mod->uam_fcn->uam_cleanup)
(*mod->uam_fcn->uam_cleanup)();
+
+#ifndef NO_LOAD_UAM
mod_close(mod->uam_module);
+#endif
free(mod);
}
/* -- client-side uam functions -- */
-
/* set up stuff for this uam. */
int uam_register(const int type, const char *path, const char *name, ...)
{
va_list ap;
struct uam_obj *uam;
+ int ret;
if (!name)
return -1;
if ((uam = auth_uamfind(type, name, strlen(name)))) {
if (strcmp(uam->uam_path, path)) {
/* it exists, but it's not the same module. */
- LOG(log_error, logtype_default, "uam_register: \"%s\" already loaded by %s",
+ LOG(log_error, logtype_afpd, "uam_register: \"%s\" already loaded by %s",
name, path);
return -1;
}
va_start(ap, name);
switch (type) {
+ case UAM_SERVER_LOGIN_EXT: /* expect four arguments */
+ uam->u.uam_login.login = va_arg(ap, void *);
+ uam->u.uam_login.logincont = va_arg(ap, void *);
+ uam->u.uam_login.logout = va_arg(ap, void *);
+ uam->u.uam_login.login_ext = va_arg(ap, void *);
+ break;
+
case UAM_SERVER_LOGIN: /* expect three arguments */
+ uam->u.uam_login.login_ext = NULL;
uam->u.uam_login.login = va_arg(ap, void *);
uam->u.uam_login.logincont = va_arg(ap, void *);
uam->u.uam_login.logout = va_arg(ap, void *);
va_end(ap);
/* attach to other uams */
- if (auth_register(type, uam) < 0) {
+ ret = auth_register(type, uam);
+ if ( ret) {
free(uam->uam_path);
free(uam);
- return -1;
}
- return 0;
+ return ret;
}
void uam_unregister(const int type, const char *name)
free(uam);
}
-/* --- helper functions for plugin uams --- */
+/* --- helper functions for plugin uams ---
+ * name: user name
+ * len: size of name buffer.
+*/
-struct passwd *uam_getname(char *name, const int len)
+struct passwd *uam_getname(void *private, char *name, const int len)
{
+ AFPObj *obj = private;
struct passwd *pwent;
- char *user;
- int i;
+ static char username[256];
+ static char user[256];
+ static char pwname[256];
+ char *p;
+ size_t namelen, gecoslen = 0, pwnamelen = 0;
if ((pwent = getpwnam(name)))
return pwent;
-
+
+ /* if we have a NT domain name try with it */
+ if (obj->options.ntdomain && obj->options.ntseparator) {
+ /* FIXME What about charset ? */
+ size_t ulen = strlen(obj->options.ntdomain) + strlen(obj->options.ntseparator) + strlen(name);
+ if ((p = malloc(ulen +1))) {
+ strcpy(p, obj->options.ntdomain);
+ strcat(p, obj->options.ntseparator);
+ strcat(p, name);
+ pwent = getpwnam(p);
+ free(p);
+ if (pwent) {
+ int len = strlen(pwent->pw_name);
+ if (len < MAXUSERLEN) {
+ strncpy(name,pwent->pw_name, MAXUSERLEN);
+ }else{
+ LOG(log_error, logtype_uams, "MAJOR:The name %s is longer than %d",pwent->pw_name,MAXUSERLEN);
+ }
+
+ return pwent;
+ }
+ }
+ }
#ifndef NO_REAL_USER_NAME
- for (i = 0; i < len; i++)
- name[i] = tolower(name[i]);
+
+ if ( (size_t) -1 == (namelen = convert_string((utf8_encoding())?CH_UTF8_MAC:obj->options.maccharset,
+ CH_UCS2, name, -1, username, sizeof(username))))
+ return NULL;
setpwent();
while ((pwent = getpwent())) {
- if ((user = strchr(pwent->pw_gecos, ',')))
- *user = '\0';
- user = pwent->pw_gecos;
+ if ((p = strchr(pwent->pw_gecos, ',')))
+ *p = '\0';
+
+ if ((size_t)-1 == ( gecoslen = convert_string(obj->options.unixcharset, CH_UCS2,
+ pwent->pw_gecos, -1, user, sizeof(username))) )
+ continue;
+ if ((size_t)-1 == ( pwnamelen = convert_string(obj->options.unixcharset, CH_UCS2,
+ pwent->pw_name, -1, pwname, sizeof(username))) )
+ continue;
+
/* check against both the gecos and the name fields. the user
* might have just used a different capitalization. */
- if ((strncasecmp(user, name, len) == 0) ||
- (strncasecmp(pwent->pw_name, name, len) == 0)) {
- strncpy(name, pwent->pw_name, len);
- name[len - 1] = '\0';
+
+ if ( (namelen == gecoslen && strncasecmp_w((ucs2_t*)user, (ucs2_t*)username, len) == 0) ||
+ ( namelen == pwnamelen && strncasecmp_w ( (ucs2_t*) pwname, (ucs2_t*) username, len) == 0)) {
+ strlcpy(name, pwent->pw_name, len);
break;
}
}
#ifndef DISABLE_SHELLCHECK
if (!pwd->pw_shell || (*pwd->pw_shell == '\0')) {
- LOG(log_info, logtype_default, "uam_checkuser: User %s does not have a shell", pwd->pw_name);
+ LOG(log_info, logtype_afpd, "uam_checkuser: User %s does not have a shell", pwd->pw_name);
return -1;
}
-#endif
while ((p = getusershell())) {
if ( strcmp( p, pwd->pw_shell ) == 0 )
}
endusershell();
-#ifndef DISABLE_SHELLCHECK
if (!p) {
- LOG(log_info, logtype_default, "illegal shell %s for %s", pwd->pw_shell, pwd->pw_name);
+ LOG(log_info, logtype_afpd, "illegal shell %s for %s", pwd->pw_shell, pwd->pw_name);
return -1;
}
#endif /* DISABLE_SHELLCHECK */
return 0;
}
+int uam_random_string (AFPObj *obj, char *buf, int len)
+{
+ u_int32_t result;
+ int ret;
+ int fd;
+
+ if ( (len <= 0) || (len % sizeof(result)))
+ return -1;
+
+ /* construct a random number */
+ if ((fd = open("/dev/urandom", O_RDONLY)) < 0) {
+ struct timeval tv;
+ struct timezone tz;
+ int i;
+
+ if (gettimeofday(&tv, &tz) < 0)
+ return -1;
+ srandom(tv.tv_sec + (unsigned long) obj + (unsigned long) obj->handle);
+ for (i = 0; i < len; i += sizeof(result)) {
+ result = random();
+ memcpy(buf + i, &result, sizeof(result));
+ }
+ } else {
+ ret = read(fd, buf, len);
+ close(fd);
+ if (ret <= 0)
+ return -1;
+ }
+ return 0;
+}
+
/* afp-specific functions */
int uam_afpserver_option(void *private, const int what, void *option,
- int *len)
+ size_t *len)
{
-AFPObj *obj = private;
- char **buf = (char **) option; /* most of the options are this */
- int32_t result;
- int fd;
+ AFPObj *obj = private;
+ const char **buf = (const char **) option; /* most of the options are this */
+ struct session_info **sinfo = (struct session_info **) option;
if (!obj || !option)
return -1;
switch (what) {
case UAM_OPTION_USERNAME:
- *buf = (void *) obj->username;
+ *buf = obj->username;
if (len)
*len = sizeof(obj->username) - 1;
break;
case UAM_OPTION_GUEST:
- *buf = (void *) obj->options.guest;
+ *buf = obj->options.guest;
if (len)
*len = strlen(obj->options.guest);
break;
switch (*len) {
case UAM_PASSWD_FILENAME:
- *buf = (void *) obj->options.passwdfile;
+ *buf = obj->options.passwdfile;
*len = strlen(obj->options.passwdfile);
break;
break;
case UAM_OPTION_RANDNUM: /* returns a random number in 4-byte units. */
- if (!len || (*len < 0) || (*len % sizeof(result)))
+ if (!len)
return -1;
- /* construct a random number */
- if ((fd = open("/dev/urandom", O_RDONLY)) < 0) {
- struct timeval tv;
- struct timezone tz;
- char *randnum = (char *) option;
- int i;
-
- if (gettimeofday(&tv, &tz) < 0)
- return -1;
- srandom(tv.tv_sec + (unsigned long) obj + (unsigned long) obj->handle);
- for (i = 0; i < *len; i += sizeof(result)) {
- result = random();
- memcpy(randnum + i, &result, sizeof(result));
- }
- } else {
- result = read(fd, option, *len);
- close(fd);
- if (result < 0)
- return -1;
- }
+ return uam_random_string(obj, option, *len);
break;
case UAM_OPTION_HOSTNAME:
- *buf = (void *) obj->options.hostname;
+ *buf = obj->options.hostname;
if (len)
*len = strlen(obj->options.hostname);
break;
case UAM_OPTION_PROTOCOL:
- *buf = (void *) obj->proto;
+ *((int *) option) = obj->proto;
break;
+
case UAM_OPTION_CLIENTNAME:
- {
- struct DSI *dsi = obj->handle;
- struct hostent *hp;
-
- hp = gethostbyaddr( (char *) &dsi->client.sin_addr,
- sizeof( struct in_addr ),
- dsi->client.sin_family );
- if( hp )
- *buf = (void *) hp->h_name;
- else
- *buf = (void *) inet_ntoa( dsi->client.sin_addr );
- }
+ {
+ struct DSI *dsi = obj->handle;
+ const struct sockaddr *sa;
+ char hbuf[NI_MAXHOST];
+
+ sa = (struct sockaddr *)&dsi->client;
+ if (getnameinfo(sa, sizeof(dsi->client), hbuf, sizeof(hbuf), NULL, 0, 0) == 0)
+ *buf = hbuf;
+ else
+ *buf = getip_string((struct sockaddr *)&dsi->client);
+
break;
+ }
case UAM_OPTION_COOKIE:
/* it's up to the uam to actually store something useful here.
* this just passes back a handle to the cookie. the uam side
* the cookie. */
*buf = (void *) &obj->uam_cookie;
break;
-
+ case UAM_OPTION_KRB5SERVICE:
+ *buf = obj->options.k5service;
+ if (len)
+ *len = (*buf)?strlen(*buf):0;
+ break;
+ case UAM_OPTION_KRB5REALM:
+ *buf = obj->options.k5realm;
+ if (len)
+ *len = (*buf)?strlen(*buf):0;
+ break;
+ case UAM_OPTION_FQDN:
+ *buf = obj->options.fqdn;
+ if (len)
+ *len = (*buf)?strlen(*buf):0;
+ break;
+ case UAM_OPTION_MACCHARSET:
+ *((int *) option) = obj->options.maccharset;
+ *len = sizeof(obj->options.maccharset);
+ break;
+ case UAM_OPTION_UNIXCHARSET:
+ *((int *) option) = obj->options.unixcharset;
+ *len = sizeof(obj->options.unixcharset);
+ break;
+ case UAM_OPTION_SESSIONINFO:
+ *sinfo = &(obj->sinfo);
+ break;
default:
return -1;
break;
/* if we need to maintain a connection, this is how we do it.
* because an action pointer gets passed in, we can stream
* DSI connections */
-int uam_afp_read(void *handle, char *buf, int *buflen,
+int uam_afp_read(void *handle, char *buf, size_t *buflen,
int (*action)(void *, void *, const int))
{
AFPObj *obj = handle;
if ((rc=sia_ses_init(&entity, argc, argv, hostname, username, tty,
colinput, gssapi)) != SIASUCCESS) {
- LOG(log_error, logtype_default, "cannot initialise SIA");
+ LOG(log_error, logtype_afpd, "cannot initialise SIA");
return SIAFAIL;
}
/* save old action for restoration later */
if (sigaction(SIGALRM, NULL, &act))
- LOG(log_error, logtype_default, "cannot save SIGALRM handler");
+ LOG(log_error, logtype_afpd, "cannot save SIGALRM handler");
if ((rc=sia_ses_authent(collect, passphrase, entity)) != SIASUCCESS) {
/* restore old action after clobbering by sia_ses_authent() */
if (sigaction(SIGALRM, &act, NULL))
- LOG(log_error, logtype_default, "cannot restore SIGALRM handler");
+ LOG(log_error, logtype_afpd, "cannot restore SIGALRM handler");
- LOG(log_info, logtype_default, "unsuccessful login for %s",
+ LOG(log_info, logtype_afpd, "unsuccessful login for %s",
(hostname?hostname:"(null)"));
return SIAFAIL;
}
- LOG(log_info, logtype_default, "successful login for %s",
+ LOG(log_info, logtype_afpd, "successful login for %s",
(hostname?hostname:"(null)"));
/* restore old action after clobbering by sia_ses_authent() */
if (sigaction(SIGALRM, &act, NULL))
- LOG(log_error, logtype_default, "cannot restore SIGALRM handler");
+ LOG(log_error, logtype_afpd, "cannot restore SIGALRM handler");
sia_ses_release(&entity);
#endif /* TRU64 */
/* --- papd-specific functions (just placeholders) --- */
-void append(void *pf, char *data, int len)
+struct papfile;
+void append(struct papfile *pf _U_, const char *data _U_, int len _U_)
{
return;
}