/*
- * $Id: uams_passwd.c,v 1.10 2001-05-25 13:23:56 rufustfirefly Exp $
+ * $Id: uams_passwd.c,v 1.22 2004-01-14 16:10:29 bfernhomberg Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
* All Rights Reserved. See COPYRIGHT.
*/
+#define _XOPEN_SOURCE /* for crypt() */
+
#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
+#include <config.h>
+#endif /* HAVE_CONFIG_H */
#include <stdio.h>
#include <stdlib.h>
+
+/* STDC check */
+#if STDC_HEADERS
#include <string.h>
+#else /* STDC_HEADERS */
+#ifndef HAVE_STRCHR
+#define strchr index
+#define strrchr index
+#endif /* HAVE_STRCHR */
+char *strchr (), *strrchr ();
+#ifndef HAVE_MEMCPY
+#define memcpy(d,s,n) bcopy ((s), (d), (n))
+#define memmove(d,s,n) bcopy ((s), (d), (n))
+#endif /* ! HAVE_MEMCPY */
+#endif /* STDC_HEADERS */
+
+#ifdef HAVE_UNISTD_H
#include <unistd.h>
-#ifndef NO_CRYPT_H
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_CRYPT_H
#include <crypt.h>
-#endif
+#endif /* HAVE_CRYPT_H */
#include <pwd.h>
-#include <syslog.h>
+#include <atalk/logger.h>
#ifdef SOLARIS
#define SHADOWPW
-#endif SOLARIS
+#endif /* SOLARIS */
#ifdef SHADOWPW
#include <shadow.h>
-#endif SHADOWPW
+#endif /* SHADOWPW */
#include <atalk/afp.h>
#include <atalk/uam.h>
#define PASSWDLEN 8
+#ifndef MIN
+#define MIN(a,b) ((a) < (b) ? (a) : (b))
+#endif /* MIN */
+
+
#ifdef TRU64
-#include <sys/types.h>
-#include <sys/security.h>
-#include <prot.h>
#include <sia.h>
+#include <siad.h>
-static int c2security = 0;
+static char *clientname;
#endif /* TRU64 */
-/* cleartxt login */
-static int passwd_login(void *obj, struct passwd **uam_pwd,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pwd,
+ char *ibuf, int ibuflen,
+ char *rbuf, int *rbuflen)
{
+ char *p;
struct passwd *pwd;
#ifdef SHADOWPW
struct spwd *sp;
#endif /* SHADOWPW */
- char *username, *p;
- int len, ulen;
- *rbuflen = 0;
-
- if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
- (void *) &username, &ulen) < 0)
- return AFPERR_MISC;
+#ifdef TRU64
+ if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
+ (void *) &clientname, NULL ) < 0 )
+ return AFPERR_MISC;
+#endif /* TRU64 */
- len = (unsigned char) *ibuf++;
- if ( len > ulen ) {
- return( AFPERR_PARAM );
+ if (ibuflen < PASSWDLEN) {
+ return( AFPERR_PARAM );
}
-
- memcpy(username, ibuf, len );
- ibuf += len;
- username[ len ] = '\0';
- if ((unsigned long) ibuf & 1) /* pad character */
- ++ibuf;
ibuf[ PASSWDLEN ] = '\0';
if (( pwd = uam_getname(username, ulen)) == NULL ) {
- return AFPERR_PARAM;
+ return AFPERR_PARAM;
}
- syslog(LOG_INFO, "cleartext login: %s", username);
- if (uam_checkuser(pwd) < 0)
- return AFPERR_NOTAUTH;
+ LOG(log_info, logtype_uams, "cleartext login: %s", username);
+
+ if (uam_checkuser(pwd) < 0) {
+ LOG(log_info, logtype_uams, "not a valid user");
+ return AFPERR_NOTAUTH;
+ }
#ifdef SHADOWPW
if (( sp = getspnam( pwd->pw_name )) == NULL ) {
- syslog( LOG_INFO, "no shadow passwd entry for %s", username);
- return AFPERR_NOTAUTH;
+ LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
+ return AFPERR_NOTAUTH;
}
pwd->pw_passwd = sp->sp_pwdp;
-#endif SHADOWPW
+#endif /* SHADOWPW */
- if (!pwd->pw_passwd)
- return AFPERR_NOTAUTH;
+ if (!pwd->pw_passwd) {
+ return AFPERR_NOTAUTH;
+ }
*uam_pwd = pwd;
#ifdef TRU64
- if ( c2security == 1 ) {
- struct pr_passwd *pr = getprpwnam( pwd->pw_name );
- if ( pr == NULL )
+ {
+ int ac;
+ char **av;
+ char hostname[256];
+
+ uam_afp_getcmdline( &ac, &av );
+ sprintf( hostname, "%s@%s", username, clientname );
+
+ if( uam_sia_validate_user( NULL, ac, av, hostname, username,
+ NULL, FALSE, NULL, ibuf ) != SIASUCCESS )
return AFPERR_NOTAUTH;
- if ( strcmp( dispcrypt( ibuf, pr->ufld.fd_encrypt,
- pr->ufld.fd_oldcrypt ), pr->ufld.fd_encrypt ) == 0 ) {
- return AFP_OK;
- }
- } else {
- p = crypt( ibuf, pwd->pw_passwd );
- if ( strcmp( p, pwd->pw_passwd ) == 0 )
- return AFP_OK;
+
+ return AFP_OK;
}
#else /* TRU64 */
p = crypt( ibuf, pwd->pw_passwd );
- if ( strcmp( p, pwd->pw_passwd ) == 0 )
- return AFP_OK;
+ if ( strcmp( p, pwd->pw_passwd ) == 0 )
+ return AFP_OK;
#endif /* TRU64 */
return AFPERR_NOTAUTH;
+
}
+/* cleartxt login */
+static int passwd_login(void *obj, struct passwd **uam_pwd,
+ char *ibuf, int ibuflen,
+ char *rbuf, int *rbuflen)
+{
+ char *username;
+ int len, ulen;
+
+ *rbuflen = 0;
+
+ if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
+ (void *) &username, &ulen) < 0)
+ return AFPERR_MISC;
+
+ if (ibuflen <= 1) {
+ return( AFPERR_PARAM );
+ }
+
+ len = (unsigned char) *ibuf++;
+ ibuflen--;
+ if (!len || len > ibuflen || len > ulen ) {
+ return( AFPERR_PARAM );
+ }
+ memcpy(username, ibuf, len );
+ ibuf += len;
+ ibuflen -=len;
+ username[ len ] = '\0';
+
+ if ((unsigned long) ibuf & 1) { /* pad character */
+ ++ibuf;
+ ibuflen--;
+ }
+ return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
+
+}
+
+/* cleartxt login ext
+ * uname format :
+ byte 3
+ 2 bytes len (network order)
+ len bytes unicode name
+*/
+static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
+ char *ibuf, int ibuflen,
+ char *rbuf, int *rbuflen)
+{
+ char *username;
+ int len, ulen;
+ u_int16_t temp16;
+
+ *rbuflen = 0;
+
+ if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
+ (void *) &username, &ulen) < 0)
+ return AFPERR_MISC;
+
+ if (*uname != 3)
+ return AFPERR_PARAM;
+ uname++;
+ memcpy(&temp16, uname, sizeof(temp16));
+ len = ntohs(temp16);
+ if (!len || len > ulen ) {
+ return( AFPERR_PARAM );
+ }
+ memcpy(username, uname +2, len );
+ username[ len ] = '\0';
+ return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
+}
+
#if 0
/* change passwd */
static int passwd_changepw(void *obj, char *username,
- struct passwd *pwd, char *ibuf,
- int ibuflen, char *rbuf, int *rbuflen)
+ struct passwd *pwd, char *ibuf,
+ int ibuflen, char *rbuf, int *rbuflen)
{
#ifdef SHADOWPW
struct spwd *sp;
-#endif
+#endif /* SHADOWPW */
char pw[PASSWDLEN + 1], *p;
uid_t uid = geteuid();
if (uam_checkuser(pwd) < 0)
- return AFPERR_ACCESS;
+ return AFPERR_ACCESS;
/* old password */
memcpy(pw, ibuf, PASSWDLEN);
#ifdef SHADOWPW
if (( sp = getspnam( pwd->pw_name )) == NULL ) {
- syslog( LOG_INFO, "no shadow passwd entry for %s", username);
- return AFPERR_PARAM;
+ LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
+ return AFPERR_PARAM;
}
pwd->pw_passwd = sp->sp_pwdp;
-#endif SHADOWPW
+#endif /* SHADOWPW */
p = crypt(pw, pwd->pw_passwd );
if (strcmp( p, pwd->pw_passwd )) {
- memset(pw, 0, sizeof(pw));
- return AFPERR_NOTAUTH;
+ memset(pw, 0, sizeof(pw));
+ return AFPERR_NOTAUTH;
}
/* new password */
ibuf += PASSWDLEN;
ibuf[PASSWDLEN] = '\0';
-
+
#ifdef SHADOWPW
-#else
-#endif
+#else /* SHADOWPW */
+#endif /* SHADOWPW */
return AFP_OK;
}
-#endif
+#endif /* 0 */
/* Printer ClearTxtUAM login */
static int passwd_printer(start, stop, username, out)
- char *start, *stop, *username;
- struct papfile *out;
+char *start, *stop, *username;
+struct papfile *out;
{
struct passwd *pwd;
#ifdef SHADOWPW
struct spwd *sp;
-#endif
+#endif /* SHADOWPW */
char *data, *p, *q;
char password[PASSWDLEN + 1] = "\0";
static const char *loginok = "0\r";
int ulen;
- data = (char *)malloc(stop - start + 1);
+ data = (char *)malloc(stop - start + 2);
+ if (!data) {
+ LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: malloc");
+ return(-1);
+ }
strncpy(data, start, stop - start + 1);
+ data[stop - start + 2] = 0;
/* We are looking for the following format in data:
* (username) (password)
/* Parse input for username in () */
if ((p = strchr(data, '(' )) == NULL) {
- syslog(LOG_INFO,"Bad Login ClearTxtUAM: username not found in string");
+ LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
free(data);
return(-1);
}
p++;
if ((q = strstr(data, ") (" )) == NULL) {
- syslog(LOG_INFO,"Bad Login ClearTxtUAM: username not found in string");
+ LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
free(data);
return(-1);
}
- strncpy(username, p, q - p);
+ strncpy(username, p, MIN( UAM_USERNAMELEN, (q - p)) );
+ username[ UAM_USERNAMELEN+1] = '\0';
+
/* Parse input for password in next () */
p = q + 3;
if ((q = strrchr(data, ')' )) == NULL) {
- syslog(LOG_INFO,"Bad Login ClearTxtUAM: password not found in string");
- free(data);
+ LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: password not found in string");
+ free(data);
return(-1);
}
- strncpy(password, p, q - p);
+ strncpy(password, p, MIN(PASSWDLEN, q - p) );
+ password[ PASSWDLEN+1] = '\0';
+
/* Done copying username and password, clean up */
free(data);
ulen = strlen(username);
if (( pwd = uam_getname(username, ulen)) == NULL ) {
- syslog(LOG_INFO, "Bad Login ClearTxtUAM: ( %s ) not found ",
- username);
- return(-1);
+ LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: ( %s ) not found ",
+ username);
+ return(-1);
}
if (uam_checkuser(pwd) < 0) {
- /* syslog of error happens in uam_checkuser */
- return(-1);
+ /* syslog of error happens in uam_checkuser */
+ return(-1);
}
#ifdef SHADOWPW
if (( sp = getspnam( pwd->pw_name )) == NULL ) {
- syslog(LOG_INFO, "Bad Login ClearTxtUAM: no shadow passwd entry for %s",
- username);
- return(-1);
+ LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no shadow passwd entry for %s",
+ username);
+ return(-1);
}
pwd->pw_passwd = sp->sp_pwdp;
-#endif SHADOWPW
+#endif /* SHADOWPW */
if (!pwd->pw_passwd) {
- syslog(LOG_INFO, "Bad Login ClearTxtUAM: no password for %s",
- username);
- return(-1);
+ LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no password for %s",
+ username);
+ return(-1);
}
#ifdef AFS
- if ( kcheckuser( pwd, password) == 0)
- return(0);
-#endif AFS
+ if ( kcheckuser( pwd, password) == 0)
+ return(0);
+#endif /* AFS */
p = crypt(password, pwd->pw_passwd);
if (strcmp(p, pwd->pw_passwd) != 0) {
- syslog(LOG_INFO, "Bad Login ClearTxtUAM: %s: bad password", username);
- return(-1);
+ LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: %s: bad password", username);
+ return(-1);
}
/* Login successful */
append(out, loginok, strlen(loginok));
- syslog(LOG_INFO, "Login ClearTxtUAM: %s", username);
+ LOG(log_info, logtype_uams, "Login ClearTxtUAM: %s", username);
return(0);
}
+#ifdef ATACC
+int uam_setup(const char *path)
+{
+ if (uam_register_fn(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd",
+ passwd_login, NULL, NULL, passwd_login_ext) < 0)
+ return -1;
+ if (uam_register_fn(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
+ passwd_printer) < 0)
+ return -1;
+ return 0;
+}
+#else
static int uam_setup(const char *path)
{
-#ifdef TRU64
- FILE *f;
- char buf[256];
- char siad[] = "siad_ses_init=";
-
- if ( access( SIAIGOODFILE, F_OK ) == -1 ) {
- syslog( LOG_ERR, "clrtxt uam_setup: %s does not exist",
- SIAIGOODFILE);
+ if (uam_register(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd",
+ passwd_login, NULL, NULL, passwd_login_ext) < 0)
return -1;
- }
-
- if ( ( f = fopen(MATRIX_CONF, "r" ) ) == NULL ) {
- syslog( LOG_ERR, "clrtxt uam_setup: %s is unreadable",
- MATRIX_CONF );
+ if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
+ passwd_printer) < 0)
return -1;
- }
-
- while ( fgets( buf, sizeof(buf), f ) != NULL ) {
- if ( strncmp( buf, siad, sizeof(siad) - 1 ) == 0 ) {
- if ( strstr( buf, "OSFC2" ) != NULL )
- c2security = 1;
- break;
- }
- }
- fclose(f);
-
- syslog( LOG_INFO, "clrtxt uam_setup: security level %s",
- c2security == 0 ? "BSD" : "OSFC2" );
-#endif /* TRU64 */
-
- if (uam_register(UAM_SERVER_LOGIN, path, "Cleartxt Passwrd",
- passwd_login, NULL, NULL) < 0)
- return -1;
- if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
- passwd_printer) < 0)
- return -1;
-
- return 0;
+ return 0;
}
+#endif
+
static void uam_cleanup(void)
{
- uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd");
- uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM");
+ uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd");
+ uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM");
}
UAM_MODULE_EXPORT struct uam_export uams_clrtxt = {
- UAM_MODULE_SERVER,
- UAM_MODULE_VERSION,
- uam_setup, uam_cleanup
-};
+ UAM_MODULE_SERVER,
+ UAM_MODULE_VERSION,
+ uam_setup, uam_cleanup
+ };
projects / netatalk.git / blobdiff