/*
- * $Id: uams_dhx_passwd.c,v 1.7 2001-05-08 18:03:19 rufustfirefly Exp $
+ * $Id: uams_dhx_passwd.c,v 1.22 2003-06-14 16:40:54 srittau Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
* All Rights Reserved. See COPYRIGHT.
*/
+#define _XOPEN_SOURCE /* for crypt() */
+
#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
+#include <config.h>
+#endif /* HAVE_CONFIG_H */
-#ifdef UAM_DHX
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#ifdef HAVE_UNISTD_H
#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
#ifndef NO_CRYPT_H
#include <crypt.h>
-#endif
+#endif /* ! NO_CRYPT_H */
#include <pwd.h>
-#include <syslog.h>
-
-#ifdef SOLARIS
-#define SHADOWPW
-#endif SOLARIS
+#include <atalk/logger.h>
#ifdef SHADOWPW
#include <shadow.h>
#endif /* SHADOWPW */
-#ifdef OPENSSL_DHX
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/cast.h>
-#else
-#include <bn.h>
-#include <dh.h>
-#include <cast.h>
-#endif /* OPENSSL_DHX */
-
#include <atalk/afp.h>
#include <atalk/uam.h>
(unsigned long) (a)) & 0xffff)
/* the secret key */
-static CAST_KEY castkey;
static struct passwd *dhxpwd;
static u_int8_t randbuf[16];
-#ifdef DIGITAL_UNIX_SECURITY
-#include <sys/types.h>
-#include <sys/security.h>
-#include <prot.h>
-#endif /* DIGITAL_UNIX_SECURITY */
+#ifdef TRU64
+#include <sia.h>
+#include <siad.h>
+
+static char *clientname;
+#endif /* TRU64 */
+
+#include "crypt.h"
/* dhx passwd */
-static int passwd_login(void *obj, struct passwd **uam_pwd,
+static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pwd,
char *ibuf, int ibuflen,
char *rbuf, int *rbuflen)
{
u_int8_t g = 0x07;
#ifdef SHADOWPW
struct spwd *sp;
-#endif
- BIGNUM *bn, *gbn, *pbn;
+#endif /* SHADOWPW */
+ CastKey castkey;
u_int16_t sessid;
- int len, i;
+ int i;
+#if 0
char *name;
- DH *dh;
-
-#ifdef TRU64
- static const char rnd_seed[] = "string to make the random number generator think it has entropy";
- RAND_seed(rnd_seed, sizeof rnd_seed);
#endif
- *rbuflen = 0;
-
- if (uam_afpserver_option(obj, UAM_OPTION_USERNAME, (void *) &name, &i) < 0)
- return AFPERR_PARAM;
+#if defined(TRU64) && !defined(HAVE_GCRYPT)
+ int rnd_seed[256];
+ for (i = 0; i < 256; i++)
+ rnd_seed[i] = random();
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
+#endif /* defined(TRU64) && !defined(HAVE_GCRYPT) */
- len = (unsigned char) *ibuf++;
- if ( len > i ) {
- return( AFPERR_PARAM );
- }
+ *rbuflen = 0;
- memcpy(name, ibuf, len );
- ibuf += len;
- name[ len ] = '\0';
- if ((unsigned long) ibuf & 1) /* padding */
- ++ibuf;
+#ifdef TRU64
+ if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
+ (void *) &clientname, NULL ) < 0 )
+ return AFPERR_PARAM;
+#endif /* TRU64 */
- if (( dhxpwd = uam_getname(name, i)) == NULL ) {
- return AFPERR_PARAM;
+ if (( dhxpwd = uam_getname(username, ulen)) == NULL ) {
+ return AFPERR_PARAM;
}
-
- syslog( LOG_INFO, "dhx login: %s", name);
+
+ LOG(log_info, logtype_uams, "dhx login: %s", username);
if (uam_checkuser(dhxpwd) < 0)
return AFPERR_NOTAUTH;
#ifdef SHADOWPW
if (( sp = getspnam( dhxpwd->pw_name )) == NULL ) {
- syslog( LOG_INFO, "no shadow passwd entry for %s", name);
+ LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
return AFPERR_NOTAUTH;
}
dhxpwd->pw_passwd = sp->sp_pwdp;
-#endif SHADOWPW
+#endif /* SHADOWPW */
if (!dhxpwd->pw_passwd)
return AFPERR_NOTAUTH;
- /* get the client's public key */
- if (!(bn = BN_bin2bn(ibuf, KEYSIZE, NULL))) {
- return AFPERR_PARAM;
- }
-
- /* get our primes */
- if (!(gbn = BN_bin2bn(&g, sizeof(g), NULL))) {
- BN_free(bn);
+ castkey = atalk_cast_key(ibuf, KEYSIZE);
+ if (!castkey)
return AFPERR_PARAM;
- }
-
- if (!(pbn = BN_bin2bn(p, sizeof(p), NULL))) {
- BN_free(gbn);
- BN_free(bn);
- return AFPERR_PARAM;
- }
-
- /* okay, we're ready */
- if (!(dh = DH_new())) {
- BN_free(pbn);
- BN_free(gbn);
- BN_free(bn);
- return AFPERR_PARAM;
- }
-
- /* generate key and make sure we have enough space */
- dh->p = pbn;
- dh->g = gbn;
- if (!DH_generate_key(dh) || (BN_num_bytes(dh->pub_key) > KEYSIZE)) {
- goto passwd_fail;
- }
- /* figure out the key. use rbuf as a temporary buffer. */
- i = DH_compute_key(rbuf, bn, dh);
-
- /* set the key */
- CAST_set_key(&castkey, i, rbuf);
-
/* session id. it's just a hashed version of the object pointer. */
sessid = dhxhash(obj);
memcpy(rbuf, &sessid, sizeof(sessid));
goto passwd_fail;
}
memcpy(rbuf + KEYSIZE, name, KEYSIZE);
-#else
+#else /* 0 */
memset(rbuf + KEYSIZE, 0, KEYSIZE);
-#endif
+#endif /* 0 */
/* encrypt using cast */
CAST_cbc_encrypt(rbuf, rbuf, CRYPTBUFLEN, &castkey, iv, CAST_ENCRYPT);
return AFPERR_PARAM;
}
+/* cleartxt login */
+static int passwd_login(void *obj, struct passwd **uam_pwd,
+ char *ibuf, int ibuflen,
+ char *rbuf, int *rbuflen)
+{
+ char *username;
+ int len, ulen;
+
+ *rbuflen = 0;
+
+ if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
+ (void *) &username, &ulen) < 0)
+ return AFPERR_MISC;
+
+ if (ibuflen <= 1) {
+ return( AFPERR_PARAM );
+ }
+
+ len = (unsigned char) *ibuf++;
+ ibuflen--;
+ if (!len || len > ibuflen || len > ulen ) {
+ return( AFPERR_PARAM );
+ }
+ memcpy(username, ibuf, len );
+ ibuf += len;
+ ibuflen -=len;
+ username[ len ] = '\0';
+
+ if ((unsigned long) ibuf & 1) { /* pad character */
+ ++ibuf;
+ ibuflen--;
+ }
+ return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
+
+}
+
+/* cleartxt login ext
+ * uname format :
+ byte 3
+ 2 bytes len (network order)
+ len bytes unicode name
+*/
+static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
+ char *ibuf, int ibuflen,
+ char *rbuf, int *rbuflen)
+{
+ char *username;
+ int len, ulen;
+ u_int16_t temp16;
+
+ *rbuflen = 0;
+
+ if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
+ (void *) &username, &ulen) < 0)
+ return AFPERR_MISC;
+
+ if (*uname != 3)
+ return AFPERR_PARAM;
+ uname++;
+ memcpy(&temp16, uname, sizeof(temp16));
+ len = ntohs(temp16);
+ if (!len || len > ulen ) {
+ return( AFPERR_PARAM );
+ }
+ memcpy(username, uname +2, len );
+ username[ len ] = '\0';
+ return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
+}
+
static int passwd_logincont(void *obj, struct passwd **uam_pwd,
char *ibuf, int ibuflen,
char *rbuf, int *rbuflen)
u_int16_t sessid;
char *p;
-#ifdef DIGITAL_UNIX_SECURITY
- char *bigcrypt();
- struct pr_passwd *pr;
-#endif /* DIGITAL_UNIX_SECURITY */
-
*rbuflen = 0;
/* check for session id */
BN_free(bn3);
rbuf[PASSWDLEN] = '\0';
-#ifdef DIGITAL_UNIX_SECURITY
- pr = getprpwnam( dhxpwd->pw_name );
- if ( pr == NULL )
- return AFPERR_NOTAUTH;
- if ( strcmp ( bigcrypt ( rbuf, pr->ufld.fd_encrypt ),
- pr->ufld.fd_encrypt ) == 0 ) {
- *uam_pwd = dhxpwd;
- return AFP_OK;
- }
-#else /* DIGITAL_UNIX_SECURITY */
+#ifdef TRU64
+ {
+ int ac;
+ char **av;
+ char hostname[256];
+
+ uam_afp_getcmdline( &ac, &av );
+ sprintf( hostname, "%s@%s", dhxpwd->pw_name, clientname );
+
+ if( uam_sia_validate_user( NULL, ac, av, hostname, dhxpwd->pw_name,
+ NULL, FALSE, NULL, rbuf ) != SIASUCCESS )
+ return AFPERR_NOTAUTH;
+
+ memset( rbuf, 0, PASSWDLEN );
+ *uam_pwd = dhxpwd;
+ return AFP_OK;
+ }
+#else /* TRU64 */
p = crypt( rbuf, dhxpwd->pw_passwd );
memset(rbuf, 0, PASSWDLEN);
if ( strcmp( p, dhxpwd->pw_passwd ) == 0 ) {
*uam_pwd = dhxpwd;
return AFP_OK;
}
-#endif /* DIGITAL_UNIX_SECURITY */
+#endif /* TRU64 */
return AFPERR_NOTAUTH;
}
static int uam_setup(const char *path)
{
- if (uam_register(UAM_SERVER_LOGIN, path, "DHCAST128",
- passwd_login, passwd_logincont, NULL) < 0)
+ if (uam_register(UAM_SERVER_LOGIN_EXT, path, "DHCAST128",
+ passwd_login, passwd_logincont, NULL, passwd_login_ext) < 0)
return -1;
/*uam_register(UAM_SERVER_PRINTAUTH, path, "DHCAST128",
passwd_printer);*/
UAM_MODULE_VERSION,
uam_setup, uam_cleanup
};
-#endif
projects / netatalk.git / blobdiff