-($Id: ChangeLog,v 1.51 2001-06-20 18:33:03 rufustfirefly Exp $)
+($Id: ChangeLog,v 1.52 2001-06-25 15:18:00 rufustfirefly Exp $)
+
+2001-06-25 jeff b <jeff@univrel.pr.uconn.edu>
+ * etc/afpd/auth.c, etc/afpd/main.c, etc/afpd/uam.c,
+ etc/uams/uams_dhx_passwd.c, etc/uams/uams_passwd.c,
+ include/atalk/uam.h: TRU64 authentication patch to allow
+ any security scheme to be used on the TRU64 side (Burkhard
+ Schmidt)
2001-06-20 jeff b <jeff@univrel.pr.uconn.edu>
* configure.in: check for linux/quota.h before enabling
/*
- * $Id: auth.c,v 1.15 2001-06-20 18:33:04 rufustfirefly Exp $
+ * $Id: auth.c,v 1.16 2001-06-25 15:18:01 rufustfirefly Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
#include <grp.h>
#include <syslog.h>
+#ifdef TRU64
+#include <netdb.h>
+#include <arpa/inet.h>
+#include <sia.h>
+#include <siad.h>
+
+extern void afp_get_cmdline( int *ac, char ***av );
+#endif /* TRU64 */
+
#include "globals.h"
#include "auth.h"
#include "uam_auth.h"
if (admin) syslog( LOG_INFO, "admin login -- %s", pwd->pw_name );
if (!admin)
#endif /* DEBUG */
+#ifdef TRU64
+ {
+ struct DSI *dsi = obj->handle;
+ struct hostent *hp;
+ char *clientname;
+ int argc;
+ char **argv;
+ char hostname[256];
+
+ afp_get_cmdline( &argc, &argv );
+
+ hp = gethostbyaddr( (char *) &dsi->client.sin_addr,
+ sizeof( struct in_addr ),
+ dsi->client.sin_family );
+
+ if( hp )
+ clientname = hp->h_name;
+ else
+ clientname = inet_ntoa( dsi->client.sin_addr );
+
+ sprintf( hostname, "%s@%s", pwd->pw_name, clientname );
+
+ if( sia_become_user( NULL, argc, argv, hostname, pwd->pw_name,
+ NULL, FALSE, NULL, NULL,
+ SIA_BEU_REALLOGIN ) != SIASUCCESS )
+ return AFPERR_BADUAM;
+
+ syslog( LOG_INFO, "session from %s (%s)", hostname,
+ inet_ntoa( dsi->client.sin_addr ) );
+
+ if (setegid( pwd->pw_gid ) < 0 || seteuid( pwd->pw_uid ) < 0) {
+ syslog( LOG_ERR, "login: %m" );
+ return AFPERR_BADUAM;
+ }
+ }
+#else /* TRU64 */
if (setegid( pwd->pw_gid ) < 0 || seteuid( pwd->pw_uid ) < 0) {
syslog( LOG_ERR, "login: %m" );
return AFPERR_BADUAM;
}
+#endif /* TRU64 */
/* There's probably a better way to do this, but for now, we just
play root */
/*
- * $Id: main.c,v 1.9 2001-06-20 18:33:04 rufustfirefly Exp $
+ * $Id: main.c,v 1.10 2001-06-25 15:18:01 rufustfirefly Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
#include <sys/security.h>
#include <prot.h>
#include <sia.h>
+
+static int argc = 0;
+static char **argv = NULL;
#endif /* TRU64 */
#ifdef DID_MTAB
static server_child *server_children;
static fd_set save_rfds;
+#ifdef TRU64
+void afp_get_cmdline( int *ac, char ***av)
+{
+ *ac = argc;
+ *av = argv;
+}
+#endif /* TRU64 */
+
static void afp_exit(const int i)
{
server_unlock(default_options.pidfile);
sigset_t sigs;
#ifdef TRU64
+ argc = ac;
+ argv = av;
set_auth_parameters( ac, av );
#endif /* TRU64 */
/*
- * $Id: uam.c,v 1.9 2001-06-20 18:33:04 rufustfirefly Exp $
+ * $Id: uam.c,v 1.10 2001-06-25 15:18:01 rufustfirefly Exp $
*
* Copyright (c) 1999 Adrian Sun (asun@zoology.washington.edu)
* All Rights Reserved. See COPYRIGHT.
#include "auth.h"
#include "uam_auth.h"
+#ifdef TRU64
+#include <netdb.h>
+#include <arpa/inet.h>
+#endif /* TRU64 */
+
/* --- server uam functions -- */
/* uam_load. uams must have a uam_setup function. */
case UAM_OPTION_PROTOCOL:
*buf = (void *) obj->proto;
break;
-
+#ifdef TRU64
+ case UAM_OPTION_CLIENTNAME:
+ {
+ struct DSI *dsi = obj->handle;
+ struct hostent *hp;
+
+ hp = gethostbyaddr( (char *) &dsi->client.sin_addr,
+ sizeof( struct in_addr ),
+ dsi->client.sin_family );
+ if( hp )
+ *buf = (void *) hp->h_name;
+ else
+ *buf = (void *) inet_ntoa( dsi->client.sin_addr );
+ }
+ break;
+#endif /* TRU64 */
case UAM_OPTION_COOKIE:
/* it's up to the uam to actually store something useful here.
* this just passes back a handle to the cookie. the uam side
return len;
}
+#ifdef TRU64
+void uam_afp_getcmdline( int *ac, char ***av )
+{
+ afp_get_cmdline( ac, av );
+}
+#endif /* TRU64 */
+
/* --- papd-specific functions (just placeholders) --- */
void append(void *pf, char *data, int len)
{
/*
- * $Id: uams_dhx_passwd.c,v 1.8 2001-05-22 19:13:36 rufustfirefly Exp $
+ * $Id: uams_dhx_passwd.c,v 1.9 2001-06-25 15:18:01 rufustfirefly Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
static u_int8_t randbuf[16];
#ifdef TRU64
-#include <sys/types.h>
-#include <sys/security.h>
-#include <prot.h>
#include <sia.h>
+#include <siad.h>
-static int c2security = 0;
+static char *clientname;
#endif /* TRU64 */
/* dhx passwd */
if (uam_afpserver_option(obj, UAM_OPTION_USERNAME, (void *) &name, &i) < 0)
return AFPERR_PARAM;
+#ifdef TRU64
+ if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
+ (void *) &clientname, NULL ) < 0 )
+ return AFPERR_PARAM;
+#endif /* TRU64 */
+
len = (unsigned char) *ibuf++;
if ( len > i ) {
return( AFPERR_PARAM );
rbuf[PASSWDLEN] = '\0';
#ifdef TRU64
- if ( c2security == 1 ) {
- struct pr_passwd *pr = getprpwnam( dhxpwd->pw_name );
- if ( pr == NULL )
- return AFPERR_NOTAUTH;
- if ( strcmp( dispcrypt( rbuf, pr->ufld.fd_encrypt,
- pr->ufld.fd_oldcrypt ), pr->ufld.fd_encrypt ) == 0 ) {
- *uam_pwd = dhxpwd;
- return AFP_OK;
- }
- } else {
- p = crypt( rbuf, dhxpwd->pw_passwd );
- memset(rbuf, 0, PASSWDLEN);
- if ( strcmp( p, dhxpwd->pw_passwd ) == 0 ) {
- *uam_pwd = dhxpwd;
- return AFP_OK;
- }
+ {
+ int ac;
+ char **av;
+ char hostname[256];
+
+ uam_afp_getcmdline( &ac, &av );
+ sprintf( hostname, "%s@%s", dhxpwd->pw_name, clientname );
+
+ if( sia_validate_user( NULL, ac, av, hostname, dhxpwd->pw_name,
+ NULL, FALSE, NULL, rbuf ) != SIASUCCESS )
+ return AFPERR_NOTAUTH;
+
+ memset( rbuf, 0, PASSWDLEN );
+ *uam_pwd = dhxpwd;
+ return AFP_OK;
}
#else /* TRU64 */
p = crypt( rbuf, dhxpwd->pw_passwd );
static int uam_setup(const char *path)
{
-#ifdef TRU64
- FILE *f;
- char buf[256];
- char siad[] = "siad_ses_init=";
-
- if ( access( SIAIGOODFILE, F_OK ) == -1 ) {
- syslog( LOG_ERR, "dhx uam_setup: %s does not exist",
- SIAIGOODFILE);
- return -1;
- }
-
- if ( ( f = fopen(MATRIX_CONF, "r" ) ) == NULL ) {
- syslog( LOG_ERR, "dhx uam_setup: %s is unreadable",
- MATRIX_CONF );
- return -1;
- }
-
- while ( fgets( buf, sizeof(buf), f ) != NULL ) {
- if ( strncmp( buf, siad, sizeof(siad) - 1 ) == 0 ) {
- if ( strstr( buf, "OSFC2" ) != NULL )
- c2security = 1;
- break;
- }
- }
-
- fclose(f);
-
- syslog( LOG_INFO, "dhx uam_setup: security level %s",
- c2security == 0 ? "BSD" : "OSFC2" );
-#endif /* TRU64 */
-
if (uam_register(UAM_SERVER_LOGIN, path, "DHCAST128",
passwd_login, passwd_logincont, NULL) < 0)
return -1;
/*
- * $Id: uams_passwd.c,v 1.10 2001-05-25 13:23:56 rufustfirefly Exp $
+ * $Id: uams_passwd.c,v 1.11 2001-06-25 15:18:01 rufustfirefly Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
#define PASSWDLEN 8
#ifdef TRU64
-#include <sys/types.h>
-#include <sys/security.h>
-#include <prot.h>
#include <sia.h>
+#include <siad.h>
-static int c2security = 0;
+static char *clientname;
#endif /* TRU64 */
/* cleartxt login */
(void *) &username, &ulen) < 0)
return AFPERR_MISC;
+#ifdef TRU64
+ if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
+ (void *) &clientname, NULL ) < 0 )
+ return AFPERR_MISC;
+#endif /* TRU64 */
+
len = (unsigned char) *ibuf++;
if ( len > ulen ) {
return( AFPERR_PARAM );
*uam_pwd = pwd;
#ifdef TRU64
- if ( c2security == 1 ) {
- struct pr_passwd *pr = getprpwnam( pwd->pw_name );
- if ( pr == NULL )
+ {
+ int ac;
+ char **av;
+ char hostname[256];
+
+ uam_afp_getcmdline( &ac, &av );
+ sprintf( hostname, "%s@%s", username, clientname );
+
+ if( sia_validate_user( NULL, ac, av, hostname, username,
+ NULL, FALSE, NULL, ibuf ) != SIASUCCESS )
return AFPERR_NOTAUTH;
- if ( strcmp( dispcrypt( ibuf, pr->ufld.fd_encrypt,
- pr->ufld.fd_oldcrypt ), pr->ufld.fd_encrypt ) == 0 ) {
- return AFP_OK;
- }
- } else {
- p = crypt( ibuf, pwd->pw_passwd );
- if ( strcmp( p, pwd->pw_passwd ) == 0 )
- return AFP_OK;
+
+ return AFP_OK;
}
#else /* TRU64 */
p = crypt( ibuf, pwd->pw_passwd );
static int uam_setup(const char *path)
{
-#ifdef TRU64
- FILE *f;
- char buf[256];
- char siad[] = "siad_ses_init=";
-
- if ( access( SIAIGOODFILE, F_OK ) == -1 ) {
- syslog( LOG_ERR, "clrtxt uam_setup: %s does not exist",
- SIAIGOODFILE);
- return -1;
- }
-
- if ( ( f = fopen(MATRIX_CONF, "r" ) ) == NULL ) {
- syslog( LOG_ERR, "clrtxt uam_setup: %s is unreadable",
- MATRIX_CONF );
- return -1;
- }
-
- while ( fgets( buf, sizeof(buf), f ) != NULL ) {
- if ( strncmp( buf, siad, sizeof(siad) - 1 ) == 0 ) {
- if ( strstr( buf, "OSFC2" ) != NULL )
- c2security = 1;
- break;
- }
- }
-
- fclose(f);
-
- syslog( LOG_INFO, "clrtxt uam_setup: security level %s",
- c2security == 0 ? "BSD" : "OSFC2" );
-#endif /* TRU64 */
-
if (uam_register(UAM_SERVER_LOGIN, path, "Cleartxt Passwrd",
passwd_login, NULL, NULL) < 0)
return -1;
#define UAM_OPTION_HOSTNAME (1 << 5) /* get host name */
#define UAM_OPTION_COOKIE (1 << 6) /* cookie handle */
#define UAM_OPTION_PROTOCOL (1 << 7) /* DSI or ASP */
+#ifdef TRU64
+#define UAM_OPTION_CLIENTNAME (1 << 8) /* get client IP address */
+#endif /* TRU64 */
/* some password options. you pass these in the length parameter and
* get back the corresponding option. not all of these are implemented. */
extern int uam_afp_read __P((void *, char *, int *,
int (*)(void *, void *, const int)));
extern int uam_afpserver_option __P((void *, const int, void *, int *));
+#ifdef TRU64
+extern void uam_afp_getcmdline __P((int *, char ***));
+#endif /* TRU64 */
/* switch.c */
#define UAM_AFPSERVER_PREAUTH (0)