X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=netatalk.git;a=blobdiff_plain;f=etc%2Fuams%2Fuams_passwd.c;h=49b4e72ea2408e2d04c361d5e4881f312f09b923;hp=94c50cb3d4c409680c7643b9415bae0e672301ca;hb=2726bc50a91ff4fc06813edaab91e3596df37e8f;hpb=0c15770b3bc9fa7d6dbdc5a7d0fa01ca21778260 diff --git a/etc/uams/uams_passwd.c b/etc/uams/uams_passwd.c index 94c50cb3..49b4e72e 100644 --- a/etc/uams/uams_passwd.c +++ b/etc/uams/uams_passwd.c @@ -1,136 +1,224 @@ /* - * $Id: uams_passwd.c,v 1.10 2001-05-25 13:23:56 rufustfirefly Exp $ + * $Id: uams_passwd.c,v 1.22 2004-01-14 16:10:29 bfernhomberg Exp $ * * Copyright (c) 1990,1993 Regents of The University of Michigan. * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu) * All Rights Reserved. See COPYRIGHT. */ +#define _XOPEN_SOURCE /* for crypt() */ + #ifdef HAVE_CONFIG_H -#include "config.h" -#endif +#include +#endif /* HAVE_CONFIG_H */ #include #include + +/* STDC check */ +#if STDC_HEADERS #include +#else /* STDC_HEADERS */ +#ifndef HAVE_STRCHR +#define strchr index +#define strrchr index +#endif /* HAVE_STRCHR */ +char *strchr (), *strrchr (); +#ifndef HAVE_MEMCPY +#define memcpy(d,s,n) bcopy ((s), (d), (n)) +#define memmove(d,s,n) bcopy ((s), (d), (n)) +#endif /* ! HAVE_MEMCPY */ +#endif /* STDC_HEADERS */ + +#ifdef HAVE_UNISTD_H #include -#ifndef NO_CRYPT_H +#endif /* HAVE_UNISTD_H */ +#ifdef HAVE_CRYPT_H #include -#endif +#endif /* HAVE_CRYPT_H */ #include -#include +#include #ifdef SOLARIS #define SHADOWPW -#endif SOLARIS +#endif /* SOLARIS */ #ifdef SHADOWPW #include -#endif SHADOWPW +#endif /* SHADOWPW */ #include #include #define PASSWDLEN 8 +#ifndef MIN +#define MIN(a,b) ((a) < (b) ? (a) : (b)) +#endif /* MIN */ + + #ifdef TRU64 -#include -#include -#include #include +#include -static int c2security = 0; +static char *clientname; #endif /* TRU64 */ -/* cleartxt login */ -static int passwd_login(void *obj, struct passwd **uam_pwd, - char *ibuf, int ibuflen, - char *rbuf, int *rbuflen) +static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pwd, + char *ibuf, int ibuflen, + char *rbuf, int *rbuflen) { + char *p; struct passwd *pwd; #ifdef SHADOWPW struct spwd *sp; #endif /* SHADOWPW */ - char *username, *p; - int len, ulen; - *rbuflen = 0; - - if (uam_afpserver_option(obj, UAM_OPTION_USERNAME, - (void *) &username, &ulen) < 0) - return AFPERR_MISC; +#ifdef TRU64 + if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME, + (void *) &clientname, NULL ) < 0 ) + return AFPERR_MISC; +#endif /* TRU64 */ - len = (unsigned char) *ibuf++; - if ( len > ulen ) { - return( AFPERR_PARAM ); + if (ibuflen < PASSWDLEN) { + return( AFPERR_PARAM ); } - - memcpy(username, ibuf, len ); - ibuf += len; - username[ len ] = '\0'; - if ((unsigned long) ibuf & 1) /* pad character */ - ++ibuf; ibuf[ PASSWDLEN ] = '\0'; if (( pwd = uam_getname(username, ulen)) == NULL ) { - return AFPERR_PARAM; + return AFPERR_PARAM; } - syslog(LOG_INFO, "cleartext login: %s", username); - if (uam_checkuser(pwd) < 0) - return AFPERR_NOTAUTH; + LOG(log_info, logtype_uams, "cleartext login: %s", username); + + if (uam_checkuser(pwd) < 0) { + LOG(log_info, logtype_uams, "not a valid user"); + return AFPERR_NOTAUTH; + } #ifdef SHADOWPW if (( sp = getspnam( pwd->pw_name )) == NULL ) { - syslog( LOG_INFO, "no shadow passwd entry for %s", username); - return AFPERR_NOTAUTH; + LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username); + return AFPERR_NOTAUTH; } pwd->pw_passwd = sp->sp_pwdp; -#endif SHADOWPW +#endif /* SHADOWPW */ - if (!pwd->pw_passwd) - return AFPERR_NOTAUTH; + if (!pwd->pw_passwd) { + return AFPERR_NOTAUTH; + } *uam_pwd = pwd; #ifdef TRU64 - if ( c2security == 1 ) { - struct pr_passwd *pr = getprpwnam( pwd->pw_name ); - if ( pr == NULL ) + { + int ac; + char **av; + char hostname[256]; + + uam_afp_getcmdline( &ac, &av ); + sprintf( hostname, "%s@%s", username, clientname ); + + if( uam_sia_validate_user( NULL, ac, av, hostname, username, + NULL, FALSE, NULL, ibuf ) != SIASUCCESS ) return AFPERR_NOTAUTH; - if ( strcmp( dispcrypt( ibuf, pr->ufld.fd_encrypt, - pr->ufld.fd_oldcrypt ), pr->ufld.fd_encrypt ) == 0 ) { - return AFP_OK; - } - } else { - p = crypt( ibuf, pwd->pw_passwd ); - if ( strcmp( p, pwd->pw_passwd ) == 0 ) - return AFP_OK; + + return AFP_OK; } #else /* TRU64 */ p = crypt( ibuf, pwd->pw_passwd ); - if ( strcmp( p, pwd->pw_passwd ) == 0 ) - return AFP_OK; + if ( strcmp( p, pwd->pw_passwd ) == 0 ) + return AFP_OK; #endif /* TRU64 */ return AFPERR_NOTAUTH; + } +/* cleartxt login */ +static int passwd_login(void *obj, struct passwd **uam_pwd, + char *ibuf, int ibuflen, + char *rbuf, int *rbuflen) +{ + char *username; + int len, ulen; + + *rbuflen = 0; + + if (uam_afpserver_option(obj, UAM_OPTION_USERNAME, + (void *) &username, &ulen) < 0) + return AFPERR_MISC; + + if (ibuflen <= 1) { + return( AFPERR_PARAM ); + } + + len = (unsigned char) *ibuf++; + ibuflen--; + if (!len || len > ibuflen || len > ulen ) { + return( AFPERR_PARAM ); + } + memcpy(username, ibuf, len ); + ibuf += len; + ibuflen -=len; + username[ len ] = '\0'; + + if ((unsigned long) ibuf & 1) { /* pad character */ + ++ibuf; + ibuflen--; + } + return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen)); + +} + +/* cleartxt login ext + * uname format : + byte 3 + 2 bytes len (network order) + len bytes unicode name +*/ +static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd, + char *ibuf, int ibuflen, + char *rbuf, int *rbuflen) +{ + char *username; + int len, ulen; + u_int16_t temp16; + + *rbuflen = 0; + + if (uam_afpserver_option(obj, UAM_OPTION_USERNAME, + (void *) &username, &ulen) < 0) + return AFPERR_MISC; + + if (*uname != 3) + return AFPERR_PARAM; + uname++; + memcpy(&temp16, uname, sizeof(temp16)); + len = ntohs(temp16); + if (!len || len > ulen ) { + return( AFPERR_PARAM ); + } + memcpy(username, uname +2, len ); + username[ len ] = '\0'; + return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen)); +} + #if 0 /* change passwd */ static int passwd_changepw(void *obj, char *username, - struct passwd *pwd, char *ibuf, - int ibuflen, char *rbuf, int *rbuflen) + struct passwd *pwd, char *ibuf, + int ibuflen, char *rbuf, int *rbuflen) { #ifdef SHADOWPW struct spwd *sp; -#endif +#endif /* SHADOWPW */ char pw[PASSWDLEN + 1], *p; uid_t uid = geteuid(); if (uam_checkuser(pwd) < 0) - return AFPERR_ACCESS; + return AFPERR_ACCESS; /* old password */ memcpy(pw, ibuf, PASSWDLEN); @@ -139,46 +227,51 @@ static int passwd_changepw(void *obj, char *username, #ifdef SHADOWPW if (( sp = getspnam( pwd->pw_name )) == NULL ) { - syslog( LOG_INFO, "no shadow passwd entry for %s", username); - return AFPERR_PARAM; + LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username); + return AFPERR_PARAM; } pwd->pw_passwd = sp->sp_pwdp; -#endif SHADOWPW +#endif /* SHADOWPW */ p = crypt(pw, pwd->pw_passwd ); if (strcmp( p, pwd->pw_passwd )) { - memset(pw, 0, sizeof(pw)); - return AFPERR_NOTAUTH; + memset(pw, 0, sizeof(pw)); + return AFPERR_NOTAUTH; } /* new password */ ibuf += PASSWDLEN; ibuf[PASSWDLEN] = '\0'; - + #ifdef SHADOWPW -#else -#endif +#else /* SHADOWPW */ +#endif /* SHADOWPW */ return AFP_OK; } -#endif +#endif /* 0 */ /* Printer ClearTxtUAM login */ static int passwd_printer(start, stop, username, out) - char *start, *stop, *username; - struct papfile *out; +char *start, *stop, *username; +struct papfile *out; { struct passwd *pwd; #ifdef SHADOWPW struct spwd *sp; -#endif +#endif /* SHADOWPW */ char *data, *p, *q; char password[PASSWDLEN + 1] = "\0"; static const char *loginok = "0\r"; int ulen; - data = (char *)malloc(stop - start + 1); + data = (char *)malloc(stop - start + 2); + if (!data) { + LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: malloc"); + return(-1); + } strncpy(data, start, stop - start + 1); + data[stop - start + 2] = 0; /* We are looking for the following format in data: * (username) (password) @@ -188,26 +281,30 @@ static int passwd_printer(start, stop, username, out) /* Parse input for username in () */ if ((p = strchr(data, '(' )) == NULL) { - syslog(LOG_INFO,"Bad Login ClearTxtUAM: username not found in string"); + LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string"); free(data); return(-1); } p++; if ((q = strstr(data, ") (" )) == NULL) { - syslog(LOG_INFO,"Bad Login ClearTxtUAM: username not found in string"); + LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string"); free(data); return(-1); } - strncpy(username, p, q - p); + strncpy(username, p, MIN( UAM_USERNAMELEN, (q - p)) ); + username[ UAM_USERNAMELEN+1] = '\0'; + /* Parse input for password in next () */ p = q + 3; if ((q = strrchr(data, ')' )) == NULL) { - syslog(LOG_INFO,"Bad Login ClearTxtUAM: password not found in string"); - free(data); + LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: password not found in string"); + free(data); return(-1); } - strncpy(password, p, q - p); + strncpy(password, p, MIN(PASSWDLEN, q - p) ); + password[ PASSWDLEN+1] = '\0'; + /* Done copying username and password, clean up */ free(data); @@ -215,100 +312,83 @@ static int passwd_printer(start, stop, username, out) ulen = strlen(username); if (( pwd = uam_getname(username, ulen)) == NULL ) { - syslog(LOG_INFO, "Bad Login ClearTxtUAM: ( %s ) not found ", - username); - return(-1); + LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: ( %s ) not found ", + username); + return(-1); } if (uam_checkuser(pwd) < 0) { - /* syslog of error happens in uam_checkuser */ - return(-1); + /* syslog of error happens in uam_checkuser */ + return(-1); } #ifdef SHADOWPW if (( sp = getspnam( pwd->pw_name )) == NULL ) { - syslog(LOG_INFO, "Bad Login ClearTxtUAM: no shadow passwd entry for %s", - username); - return(-1); + LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no shadow passwd entry for %s", + username); + return(-1); } pwd->pw_passwd = sp->sp_pwdp; -#endif SHADOWPW +#endif /* SHADOWPW */ if (!pwd->pw_passwd) { - syslog(LOG_INFO, "Bad Login ClearTxtUAM: no password for %s", - username); - return(-1); + LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no password for %s", + username); + return(-1); } #ifdef AFS - if ( kcheckuser( pwd, password) == 0) - return(0); -#endif AFS + if ( kcheckuser( pwd, password) == 0) + return(0); +#endif /* AFS */ p = crypt(password, pwd->pw_passwd); if (strcmp(p, pwd->pw_passwd) != 0) { - syslog(LOG_INFO, "Bad Login ClearTxtUAM: %s: bad password", username); - return(-1); + LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: %s: bad password", username); + return(-1); } /* Login successful */ append(out, loginok, strlen(loginok)); - syslog(LOG_INFO, "Login ClearTxtUAM: %s", username); + LOG(log_info, logtype_uams, "Login ClearTxtUAM: %s", username); return(0); } +#ifdef ATACC +int uam_setup(const char *path) +{ + if (uam_register_fn(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd", + passwd_login, NULL, NULL, passwd_login_ext) < 0) + return -1; + if (uam_register_fn(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM", + passwd_printer) < 0) + return -1; + return 0; +} +#else static int uam_setup(const char *path) { -#ifdef TRU64 - FILE *f; - char buf[256]; - char siad[] = "siad_ses_init="; - - if ( access( SIAIGOODFILE, F_OK ) == -1 ) { - syslog( LOG_ERR, "clrtxt uam_setup: %s does not exist", - SIAIGOODFILE); + if (uam_register(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd", + passwd_login, NULL, NULL, passwd_login_ext) < 0) return -1; - } - - if ( ( f = fopen(MATRIX_CONF, "r" ) ) == NULL ) { - syslog( LOG_ERR, "clrtxt uam_setup: %s is unreadable", - MATRIX_CONF ); + if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM", + passwd_printer) < 0) return -1; - } - - while ( fgets( buf, sizeof(buf), f ) != NULL ) { - if ( strncmp( buf, siad, sizeof(siad) - 1 ) == 0 ) { - if ( strstr( buf, "OSFC2" ) != NULL ) - c2security = 1; - break; - } - } - fclose(f); - - syslog( LOG_INFO, "clrtxt uam_setup: security level %s", - c2security == 0 ? "BSD" : "OSFC2" ); -#endif /* TRU64 */ - - if (uam_register(UAM_SERVER_LOGIN, path, "Cleartxt Passwrd", - passwd_login, NULL, NULL) < 0) - return -1; - if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM", - passwd_printer) < 0) - return -1; - - return 0; + return 0; } +#endif + static void uam_cleanup(void) { - uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd"); - uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM"); + uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd"); + uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM"); } UAM_MODULE_EXPORT struct uam_export uams_clrtxt = { - UAM_MODULE_SERVER, - UAM_MODULE_VERSION, - uam_setup, uam_cleanup -}; + UAM_MODULE_SERVER, + UAM_MODULE_VERSION, + uam_setup, uam_cleanup + };