/*
- * $Id: auth.c,v 1.23 2002-01-19 21:29:55 jmarcus Exp $
+ * $Id: auth.c,v 1.24 2002-01-24 16:31:20 jmarcus Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
#include "status.h"
int afp_version = 11;
+static int afp_version_index;
+
uid_t uuid;
#if defined( __svr4__ ) && !defined( NGROUPS )
#define NGROUPS NGROUPS_MAX
return AFPERR_NOTAUTH;
}
- LOG(log_info, logtype_default, "login %s (uid %d, gid %d)", pwd->pw_name,
- pwd->pw_uid, pwd->pw_gid );
+ LOG(log_info, logtype_default, "login %s (uid %d, gid %d) %s", pwd->pw_name,
+ pwd->pw_uid, pwd->pw_gid , afp_versions[afp_version_index]);
if (obj->proto == AFPPROTO_ASP) {
ASP asp = obj->handle;
*rbuflen = 0;
+
if ( nologin & 1)
return send_reply(obj, AFPERR_SHUTDOWN );
+ if (ibuflen <= 1)
+ return send_reply(obj, AFPERR_BADVERS );
+
ibuf++;
len = (unsigned char) *ibuf++;
+
+ ibuflen -= 2;
+ if (!len || len > ibuflen)
+ return send_reply(obj, AFPERR_BADVERS );
+
num = sizeof( afp_versions ) / sizeof( afp_versions[ 0 ]);
for ( i = 0; i < num; i++ ) {
if ( strncmp( ibuf, afp_versions[ i ].av_name , len ) == 0 ) {
afp_version = afp_versions[ i ].av_number;
+ afp_version_index = i;
break;
}
}
if ( i == num ) /* An inappropo version */
return send_reply(obj, AFPERR_BADVERS );
ibuf += len;
+ ibuflen -= len;
+
+ if (ibuflen <= 1)
+ return send_reply(obj, AFPERR_BADUAM);
len = (unsigned char) *ibuf++;
+ ibuflen--;
+
+ if (!len || len > ibuflen)
+ return send_reply(obj, AFPERR_BADUAM);
+
if ((afp_uam = auth_uamfind(UAM_SERVER_LOGIN, ibuf, len)) == NULL)
return send_reply(obj, AFPERR_BADUAM);
ibuf += len;
+ ibuflen -= len;
i = afp_uam->u.uam_login.login(obj, &pwd, ibuf, ibuflen, rbuf, rbuflen);
if (i || !pwd)
/*
- * $Id: uams_passwd.c,v 1.14 2002-01-04 04:45:48 sibaz Exp $
+ * $Id: uams_passwd.c,v 1.15 2002-01-24 16:31:20 jmarcus Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
/* cleartxt login */
static int passwd_login(void *obj, struct passwd **uam_pwd,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ char *ibuf, int ibuflen,
+ char *rbuf, int *rbuflen)
{
struct passwd *pwd;
#ifdef SHADOWPW
*rbuflen = 0;
if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
- (void *) &username, &ulen) < 0)
- return AFPERR_MISC;
+ (void *) &username, &ulen) < 0)
+ return AFPERR_MISC;
#ifdef TRU64
if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
return AFPERR_MISC;
#endif /* TRU64 */
+ if (ibuflen <= 1) {
+ return( AFPERR_PARAM );
+ }
+
len = (unsigned char) *ibuf++;
- if ( len > ulen ) {
- return( AFPERR_PARAM );
+ ibuflen--;
+ if (!len || len > ibuflen || len > ulen ) {
+ return( AFPERR_PARAM );
}
memcpy(username, ibuf, len );
ibuf += len;
+ ibuflen -=len;
username[ len ] = '\0';
- if ((unsigned long) ibuf & 1) /* pad character */
- ++ibuf;
+
+ if ((unsigned long) ibuf & 1) { /* pad character */
+ ++ibuf;
+ ibuflen--;
+ }
+ if (ibuflen < PASSWDLEN) {
+ return( AFPERR_PARAM );
+ }
ibuf[ PASSWDLEN ] = '\0';
if (( pwd = uam_getname(username, ulen)) == NULL ) {
- return AFPERR_PARAM;
+ return AFPERR_PARAM;
}
LOG(log_info, logtype_default, "cleartext login: %s", username);
- if (uam_checkuser(pwd) < 0)
- return AFPERR_NOTAUTH;
+ if (uam_checkuser(pwd) < 0) {
+ LOG(log_info, logtype_default, "not a valid user");
+ return AFPERR_NOTAUTH;
+ }
#ifdef SHADOWPW
if (( sp = getspnam( pwd->pw_name )) == NULL ) {
- LOG(log_info, logtype_default, "no shadow passwd entry for %s", username);
- return AFPERR_NOTAUTH;
+ LOG(log_info, logtype_default, "no shadow passwd entry for %s", username);
+ return AFPERR_NOTAUTH;
}
pwd->pw_passwd = sp->sp_pwdp;
#endif /* SHADOWPW */
- if (!pwd->pw_passwd)
- return AFPERR_NOTAUTH;
+ if (!pwd->pw_passwd) {
+ return AFPERR_NOTAUTH;
+ }
*uam_pwd = pwd;
}
#else /* TRU64 */
p = crypt( ibuf, pwd->pw_passwd );
- if ( strcmp( p, pwd->pw_passwd ) == 0 )
- return AFP_OK;
+ if ( strcmp( p, pwd->pw_passwd ) == 0 )
+ return AFP_OK;
#endif /* TRU64 */
return AFPERR_NOTAUTH;
#if 0
/* change passwd */
static int passwd_changepw(void *obj, char *username,
- struct passwd *pwd, char *ibuf,
- int ibuflen, char *rbuf, int *rbuflen)
+ struct passwd *pwd, char *ibuf,
+ int ibuflen, char *rbuf, int *rbuflen)
{
#ifdef SHADOWPW
struct spwd *sp;
uid_t uid = geteuid();
if (uam_checkuser(pwd) < 0)
- return AFPERR_ACCESS;
+ return AFPERR_ACCESS;
/* old password */
memcpy(pw, ibuf, PASSWDLEN);
#ifdef SHADOWPW
if (( sp = getspnam( pwd->pw_name )) == NULL ) {
- LOG(log_info, logtype_default, "no shadow passwd entry for %s", username);
- return AFPERR_PARAM;
+ LOG(log_info, logtype_default, "no shadow passwd entry for %s", username);
+ return AFPERR_PARAM;
}
pwd->pw_passwd = sp->sp_pwdp;
#endif /* SHADOWPW */
p = crypt(pw, pwd->pw_passwd );
if (strcmp( p, pwd->pw_passwd )) {
- memset(pw, 0, sizeof(pw));
- return AFPERR_NOTAUTH;
+ memset(pw, 0, sizeof(pw));
+ return AFPERR_NOTAUTH;
}
/* new password */
ibuf += PASSWDLEN;
ibuf[PASSWDLEN] = '\0';
-
+
#ifdef SHADOWPW
#else /* SHADOWPW */
#endif /* SHADOWPW */
return AFP_OK;
-}
+}
#endif /* 0 */
/* Printer ClearTxtUAM login */
static int passwd_printer(start, stop, username, out)
- char *start, *stop, *username;
- struct papfile *out;
+char *start, *stop, *username;
+struct papfile *out;
{
struct passwd *pwd;
#ifdef SHADOWPW
p = q + 3;
if ((q = strrchr(data, ')' )) == NULL) {
LOG(log_info, logtype_default,"Bad Login ClearTxtUAM: password not found in string");
- free(data);
+ free(data);
return(-1);
}
strncpy(password, p, q - p);
ulen = strlen(username);
if (( pwd = uam_getname(username, ulen)) == NULL ) {
- LOG(log_info, logtype_default, "Bad Login ClearTxtUAM: ( %s ) not found ",
- username);
- return(-1);
+ LOG(log_info, logtype_default, "Bad Login ClearTxtUAM: ( %s ) not found ",
+ username);
+ return(-1);
}
if (uam_checkuser(pwd) < 0) {
- /* syslog of error happens in uam_checkuser */
- return(-1);
+ /* syslog of error happens in uam_checkuser */
+ return(-1);
}
#ifdef SHADOWPW
if (( sp = getspnam( pwd->pw_name )) == NULL ) {
- LOG(log_info, logtype_default, "Bad Login ClearTxtUAM: no shadow passwd entry for %s",
- username);
- return(-1);
+ LOG(log_info, logtype_default, "Bad Login ClearTxtUAM: no shadow passwd entry for %s",
+ username);
+ return(-1);
}
pwd->pw_passwd = sp->sp_pwdp;
#endif /* SHADOWPW */
if (!pwd->pw_passwd) {
- LOG(log_info, logtype_default, "Bad Login ClearTxtUAM: no password for %s",
- username);
- return(-1);
+ LOG(log_info, logtype_default, "Bad Login ClearTxtUAM: no password for %s",
+ username);
+ return(-1);
}
#ifdef AFS
- if ( kcheckuser( pwd, password) == 0)
- return(0);
+ if ( kcheckuser( pwd, password) == 0)
+ return(0);
#endif /* AFS */
p = crypt(password, pwd->pw_passwd);
if (strcmp(p, pwd->pw_passwd) != 0) {
- LOG(log_info, logtype_default, "Bad Login ClearTxtUAM: %s: bad password", username);
- return(-1);
+ LOG(log_info, logtype_default, "Bad Login ClearTxtUAM: %s: bad password", username);
+ return(-1);
}
/* Login successful */
static int uam_setup(const char *path)
{
- if (uam_register(UAM_SERVER_LOGIN, path, "Cleartxt Passwrd",
- passwd_login, NULL, NULL) < 0)
- return -1;
- if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
- passwd_printer) < 0)
- return -1;
-
- return 0;
+ if (uam_register(UAM_SERVER_LOGIN, path, "Cleartxt Passwrd",
+ passwd_login, NULL, NULL) < 0)
+ return -1;
+ if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
+ passwd_printer) < 0)
+ return -1;
+
+ return 0;
}
static void uam_cleanup(void)
{
- uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd");
- uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM");
+ uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd");
+ uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM");
}
UAM_MODULE_EXPORT struct uam_export uams_clrtxt = {
- UAM_MODULE_SERVER,
- UAM_MODULE_VERSION,
- uam_setup, uam_cleanup
-};
+ UAM_MODULE_SERVER,
+ UAM_MODULE_VERSION,
+ uam_setup, uam_cleanup
+ };