#AFSDIR=/usr/local/afs
#KRBDIR=/usr/local/kerberos
+# Directory to store node addresses and login names for CAP style
+# authenticated printing. CAP style authenticated printing requires
+# that a user mount an appletalk share before they can print. Afpd
+# stores the username in a file named after the Appletalk address which
+# papd reads to determine if the user is allowed to print. These files
+# will be stored in the directory below. Unfortunately, because afpd
+# drops privledges, this directory must be writable by any user which
+# connects to the server. Usually, this means public write access (777
+# permissions). Uncomment and edit the path if you want CAP style
+# authenticated printing support in afpd and papd.
+#CAPDIR=/var/spool/capsec
+
##########################################################################
all install depend clean tags kernel kinstall kpatch: FRC
@case `uname -rs` in \
TCPWRAPDIR="${TCPWRAPDIR}" PAMDIR="${PAMDIR}" DB2DIR="${DB2DIR}" \
AFSDIR="${AFSDIR}" KRBDIR="${KRBDIR}" DESDIR="${DESDIR}" \
CRYPTODIR="${CRYPTODIR}" CRACKDIR="${CRACKDIR}" \
+ CAPDIR="${CAPDIR}" \
OSVERSION="`uname -r`" MACHINETYPE="`uname -m`" \
$@
ETCDIR="${ETCDIR}" LIBDIR="${LIBDIR}" INCDIR="${INCDIR}" \
DESTDIR="${DESTDIR}" AFSDIR="${AFSDIR}" KRBDIR="${KRBDIR}" \
DESDIR="${DESDIR}" TCPWRAPDIR="${TCPWRAPDIR}" PAMDIR="${PAMDIR}" \
- CRYPTODIR="${CRYPTODIR}" DB2DIR="${DB2DIR}" all
+ CRYPTODIR="${CRYPTODIR}" DB2DIR="${DB2DIR}" \
+ CAPDIR="${CAPDIR}" all
FRC:
ETCDIR="${ETCDIR}" LIBDIR="${LIBDIR}" INCDIR="${INCDIR}" \
DESTDIR="${DESTDIR}" AFSDIR="${AFSDIR}" KRBDIR="${KRBDIR}" \
TCPWRAPDIR="${TCPWRAPDIR}" PAMDIR="${PAMDIR}" \
+ CAPDIR="${CAPDIR}" \
INSTALL="${INSTALL}" DESDIR="${DESDIR}" install); \
done
nfsquota.o codepage.o quota.o uam.o afs.o
INCPATH= -I../../include ${AFSINCPATH}
-CFLAGS= ${DEFS} ${AFSDEFS} ${OPTOPTS} ${INCPATH} -DAPPLCNAME
+CFLAGS= ${DEFS} ${AFSDEFS} ${CAPDEFS} ${OPTOPTS} ${INCPATH} -DAPPLCNAME
LIBS = -latalk ${AFSLIBS} ${ADDLIBS} ${TCPWRAPLIBS} ${DB2LIBS} \
${RPCSVCLIB} ${AFPLIBS} ${PAMLIBS} ${LIBSHARED}
LIBDIRS= -L../../libatalk ${AFSLIBDIRS} ${TCPWRAPLIBDIRS} \
fi; \
PAMDEFS="-DUSE_PAM"; \
fi; \
+ if [ x"${CAPDIR}" != x ]; then \
+ CAPDEFS="-DCAPDIR='\"${CAPDIR}\"'";\
+ fi; \
if [ -f /usr/lib/librpcsvc.a -o -f /lib/librpcsvc.a ]; then \
RPCSVCLIB=-lrpcsvc; \
fi; \
LIBSHARED="$${LIBSHARED}" PAMLIBS="$${PAMLIBS}" \
PAMLIBDIR="$${PAMLIBDIR}" RPCSVCLIB="$${RPCSVCLIB}" \
AFSINCPATH="$${AFSINCPATH}" AFSDEFS="$${AFSDEFS}" \
- DB2INCPATH="$${DB2INCPATH}" \
+ CAPDEFS="$${CAPDEFS}" DB2INCPATH="$${DB2INCPATH}" \
afpd
${SUBDIRS}: FRC
extern struct oforks *writtenfork;
+/* for CAP style authenticated printing */
+#ifdef CAPDIR
+extern int addr_net, addr_node, addr_uid;
+#endif /* CAPDIR */
+
static AFPObj *child;
static __inline__ void afp_asp_close(AFPObj *obj)
struct sigaction action;
int func, ccnt = 0, reply = 0;
+#ifdef CAPDIR
+ char addr_filename[256];
+ struct stat cap_st;
+#endif /* CAPDIR */
+
obj->exit = afp_asp_die;
obj->reply = (int (*)()) asp_cmdreply;
obj->attention = (int (*)(void *, AFPUserBytes)) asp_attention;
afp_asp_die(1);
}
+#ifdef CAPDIR
+ addr_net = ntohs( asp->asp_sat.sat_addr.s_net );
+ addr_node = asp->asp_sat.sat_addr.s_node;
+#endif /* CAPDIR */
+
syslog( LOG_INFO, "session from %u.%u:%u on %u.%u:%u",
ntohs( asp->asp_sat.sat_addr.s_net ),
asp->asp_sat.sat_addr.s_node, asp->asp_sat.sat_port,
case ASPFUNC_CLOSE :
afp_asp_close(obj);
syslog( LOG_INFO, "done" );
+
+#ifdef CAPDIR
+ sprintf(addr_filename, "%s/net%d.%dnode%d", CAPDIR, addr_net/256, addr_net%256, addr_node);
+ if(stat(addr_filename, &cap_st) == 0) {
+ if(unlink(addr_filename) == 0) {
+ syslog(LOG_INFO, "removed %s", addr_filename);
+ } else {
+ syslog(LOG_INFO, "error removing %s: %m", addr_filename);
+ }
+ } else {
+ syslog(LOG_INFO, "error stat'ing %s: %m", addr_filename);
+ }
+#endif /* CAPDIR */
+
if ( obj->options.flags & OPTION_DEBUG ) {
printf( "done\n" );
}
static struct uam_obj *afp_uam = NULL;
+
+/* Variables for CAP style printer authentication */
+#ifdef CAPDIR
+extern int addr_net, addr_node, addr_uid;
+extern char addr_name[32];
+#endif /* CAPDIR */
+
void status_versions( data )
char *data;
{
static int login(AFPObj *obj, struct passwd *pwd, void (*logout)(void))
{
+#ifdef CAPDIR
+ char nodename[256];
+ FILE *fp;
+#endif /* CAPDIR */
+
if ( pwd->pw_uid == 0 ) { /* don't allow root login */
syslog( LOG_ERR, "login: root login denied!" );
return AFPERR_NOTAUTH;
syslog( LOG_INFO, "login %s (uid %d, gid %d)", pwd->pw_name,
pwd->pw_uid, pwd->pw_gid );
+
+#ifdef CAPDIR
+ if(addr_net && addr_node) { /* Do we have a valid Appletalk address? */
+ addr_uid = pwd->pw_uid;
+ strncpy(addr_name, pwd->pw_name, 32);
+ sprintf(nodename, "%s/net%d.%dnode%d", CAPDIR, addr_net / 256, addr_net % 256, addr_node);
+ syslog (LOG_INFO, "registering %s (uid %d) on %u.%u as %s",
+ addr_name, addr_uid, addr_net, addr_node, nodename);
+ fp = fopen(nodename, "w");
+ fprintf(fp, "%s\n", addr_name);
+ fclose(fp);
+ }
+#endif /* CAPDIR */
+
if (initgroups( pwd->pw_name, pwd->pw_gid ) < 0) {
#ifdef RUN_AS_USER
syslog(LOG_INFO, "running with uid %d", geteuid());
static server_child *server_children;
static fd_set save_rfds;
+#ifdef CAPDIR
+int addr_net, addr_node, addr_uid;
+char addr_name[32];
+#endif CAPDIR
+
static void afp_exit(const int i)
{
server_unlock(default_options.pidfile);
SBINDIR="${SBINDIR}" BINDIR="${BINDIR}" RESDIR="${RESDIR}" \
ETCDIR="${ETCDIR}" LIBDIR="${LIBDIR}" INCDIR="${INCDIR}" \
DESTDIR="${DESTDIR}" AFSDIR="${AFSDIR}" KRBDIR="${KRBDIR}" \
+ CAPDIR="${CAPDIR}" \
AFPLIBS="${AFPLIBS}" LDSHARED="${LDSHARED}" \
LDFLAGS_EXPORT="${LDFLAGS_EXPORT}" \
LDSHAREDFLAGS="${LDSHAREDFLAGS}" CSHAREDFLAGS="${CSHAREDFLAGS}" \