${ALL}: FRC
cd $@; ${MAKE} ${MFLAGS} CC="${CC}" \
- ADMIN_GRP="${ADMIN_GRP}" \
MSGDIR="${MSGDIR}" \
ADDLIBS="${ADDLIBS}" DEFS="${DEFS}" OPTOPTS="${OPTOPTS}" \
SBINDIR="${SBINDIR}" BINDIR="${BINDIR}" RESDIR="${RESDIR}" \
INCPATH= -I../../include ${AFSINCPATH}
CFLAGS= ${DEFS} ${AFSDEFS} ${CAPDEFS} ${OPTOPTS} ${INCPATH} -DAPPLCNAME \
- -DADMIN_GRP=\"${ADMIN_GRP}\" -DSERVERTEXT=\"${MSGDIR}\"
-
+ -DSERVERTEXT=\"${MSGDIR}\" -DDROPKLUDGE -DADMIN_GRP
LIBS = -latalk ${AFSLIBS} ${ADDLIBS} ${TCPWRAPLIBS} ${DB2LIBS} \
${RPCSVCLIB} ${AFPLIBS} ${PAMLIBS} ${LIBSHARED}
LIBDIRS= -L../../libatalk ${AFSLIBDIRS} ${TCPWRAPLIBDIRS} \
#include <atalk/compat.h>
+#ifdef ADMIN_GRP
+#include <grp.h>
+#include <sys/types.h>
+#endif
+
#ifndef MIN
#define MIN(a, b) ((a) < (b) ? (a) : (b))
#endif
options->transports = AFPTRANS_ALL;
options->passwdfile = _PATH_AFPDPWFILE;
options->tickleval = 30;
+#ifdef ADMIN_GRP
+ options->admingid = 0;
+#endif ADMIN_GRP
}
/* parse an afpd.conf line. i'm doing it this way because it's
options->server_quantum = strtoul(c, NULL, 0);
+#ifdef ADMIN_GRP
+ if ((c = getoption(buf, "-admingroup"))) {
+ struct group *gr = getgrnam(c);
+ if (gr != NULL) {
+ options->admingid = gr->gr_gid;
+ }
+ }
+#endif
if ((c = getoption(buf, "-uampath")) && (opt = strdup(c)))
options->uampath = opt;
if ((c = getoption(buf, "-uamlist")) && (opt = strdup(c)))
#ifdef ultrix
openlog( p, LOG_PID );
#else ultrix
- openlog( p, LOG_NDELAY|LOG_PID, LOG_DAEMON );
+ openlog( p, LOG_NDELAY|LOG_PID, LOG_LOCAL0 );
#endif ultrix
return 1;
FILE *fp;
#endif /* CAPDIR */
#ifdef ADMIN_GRP
- struct group *grps;
+ int admin = 0;
+ struct afp_options *options = &obj->options;
#endif ADMIN_GRP
if ( pwd->pw_uid == 0 ) { /* don't allow root login */
syslog(LOG_ERR, "login: %m");
return AFPERR_BADUAM;
#endif
-#ifdef ADMIN_GRP
- if ((grps = getgrnam(ADMIN_GRP)) != NULL) {
- while (*(grps->gr_mem) != NULL) {
- if (strcmp(pwd->pw_name, *grps->gr_mem) == 0) {
- syslog(LOG_INFO, "User %s has admin privs, logging in as superuser.",
- pwd->pw_name);
- pwd->pw_gid = grps->gr_gid;
- pwd->pw_uid = 0;
- strcpy (pwd->pw_name, "root");
- break;
- }
- *(grps->gr_mem)++;
- }
- }
-#endif ADMIN_GRP
}
-
- if (setegid( pwd->pw_gid ) < 0 || seteuid( pwd->pw_uid ) < 0) {
- syslog( LOG_ERR, "login: %m" );
- return AFPERR_BADUAM;
- }
+
+ /* Basically if the user is in the admin group, we stay root */
if (( ngroups = getgroups( NGROUPS, groups )) < 0 ) {
syslog( LOG_ERR, "login: getgroups: %m" );
return AFPERR_BADUAM;
}
+#ifdef ADMIN_GRP
+ syslog(LOG_DEBUG, "options->admingid == %d", options->admingid);
+ if (options->admingid != 0) {
+ int i;
+ for (i = 0; i < ngroups; i++) {
+ if (groups[i] == options->admingid) admin = 1;
+ }
+ }
+ if (admin) syslog( LOG_INFO, "login: admin -- %s", pwd->pw_name );
+ if (!admin)
+#endif
+ if (setegid( pwd->pw_gid ) < 0 || seteuid( pwd->pw_uid ) < 0) {
+ syslog( LOG_ERR, "login: %m" );
+ return AFPERR_BADUAM;
+ }
+
+ /* There's probably a better way to do this, but for now, we just
+ play root */
+
+#ifdef ADMIN_GRP
+ if (admin) uuid = 0;
+ else
+#endif ADMIN_GRP
uuid = pwd->pw_uid;
afp_switch = postauth_switch;
break;
case DIRPBIT_UID : /* What kind of loser mounts as root? */
- buf += sizeof( int );
+ memcpy( &aint, buf, sizeof(aint));
+ buf += sizeof( aint );
+ if ( (curdir->d_did == DIRDID_ROOT) &&
+ (setdeskowner( aint, -1 ) < 0)) {
+ switch ( errno ) {
+ case EPERM :
+ case EACCES :
+ err = AFPERR_ACCESS;
+ goto setdirparam_done;
+ break;
+ case EROFS :
+ err = AFPERR_VLOCK;
+ goto setdirparam_done;
+ break;
+ default :
+ syslog( LOG_ERR, "setdirparam: setdeskowner: %m" );
+ if (!isad) {
+ err = AFPERR_PARAM;
+ goto setdirparam_done;
+ }
+ break;
+ }
+ }
+ if ( setdirowner( aint, -1, vol_noadouble(vol) ) < 0 ) {
+ switch ( errno ) {
+ case EPERM :
+ case EACCES :
+ err = AFPERR_ACCESS;
+ goto setdirparam_done;
+ break;
+ case EROFS :
+ err = AFPERR_VLOCK;
+ goto setdirparam_done;
+ break;
+ default :
+ syslog( LOG_ERR, "setdirparam: setdirowner: %m" );
+ break;
+ }
+ }
break;
case DIRPBIT_GID :
#include <sys/param.h>
#include <sys/cdefs.h>
+
+#ifdef ADMIN_GRP
+#include <grp.h>
+#include <sys/types.h>
+#endif
+
#include <netdb.h> /* this isn't header-protected under ultrix */
#include <netatalk/at.h>
#include <atalk/afp.h>
char *pidfile, *defaultvol, *systemvol;
char *guest, *loginmesg, *keyfile, *passwdfile;
char *uamlist;
+#ifdef ADMIN_GRP
+ gid_t admingid;
+#endif ADMIN_GRP
};
#define AFPOBJ_TMPSIZ (MAXPATHLEN)
unsigned char nologin = 0;
-static struct afp_options default_options;
+struct afp_options default_options;
static AFPConfig *configs;
static server_child *server_children;
static fd_set save_rfds;
ma->ma_owner = utombits( mode );
-#ifdef ADMIN_GRP
- if ( uuid == 0 )
- ma->ma_user = AR_UWRITE | AR_UREAD | AR_USEARCH | AR_UOWN;
- else
-#endif
-
- if ( uuid == stat->st_uid ) {
+ if ( (uuid == stat->st_uid) || (uuid == 0)) {
ma->ma_user = ma->ma_owner | AR_UOWN;
} else if ( gmem( stat->st_gid )) {
ma->ma_user = ma->ma_group;