From: morgana Date: Sat, 29 Jul 2000 18:24:51 +0000 (+0000) Subject: The first half of changes necessary for CAP style authenticated printing. These... X-Git-Tag: netatalk-1-5-rc1~758 X-Git-Url: https://arthur.barton.de/gitweb/?a=commitdiff_plain;h=25bfd99d17d409917ff3790d0cac934de5885e7b;p=netatalk.git The first half of changes necessary for CAP style authenticated printing. These are the changes necessary for afpd. Changes for papd will be forthcoming. See the top-level Makefile's CAPDIR setting for a description of this feature. --- diff --git a/Makefile b/Makefile index da9d5c2d..9c88ea87 100644 --- a/Makefile +++ b/Makefile @@ -69,6 +69,18 @@ TCPWRAPDIR=/usr #AFSDIR=/usr/local/afs #KRBDIR=/usr/local/kerberos +# Directory to store node addresses and login names for CAP style +# authenticated printing. CAP style authenticated printing requires +# that a user mount an appletalk share before they can print. Afpd +# stores the username in a file named after the Appletalk address which +# papd reads to determine if the user is allowed to print. These files +# will be stored in the directory below. Unfortunately, because afpd +# drops privledges, this directory must be writable by any user which +# connects to the server. Usually, this means public write access (777 +# permissions). Uncomment and edit the path if you want CAP style +# authenticated printing support in afpd and papd. +#CAPDIR=/var/spool/capsec + ########################################################################## all install depend clean tags kernel kinstall kpatch: FRC @case `uname -rs` in \ @@ -99,6 +111,7 @@ all install depend clean tags kernel kinstall kpatch: FRC TCPWRAPDIR="${TCPWRAPDIR}" PAMDIR="${PAMDIR}" DB2DIR="${DB2DIR}" \ AFSDIR="${AFSDIR}" KRBDIR="${KRBDIR}" DESDIR="${DESDIR}" \ CRYPTODIR="${CRYPTODIR}" CRACKDIR="${CRACKDIR}" \ + CAPDIR="${CAPDIR}" \ OSVERSION="`uname -r`" MACHINETYPE="`uname -m`" \ $@ diff --git a/etc/Makefile b/etc/Makefile index 48067198..7988bcb3 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -12,7 +12,8 @@ ${ALL}: FRC ETCDIR="${ETCDIR}" LIBDIR="${LIBDIR}" INCDIR="${INCDIR}" \ DESTDIR="${DESTDIR}" AFSDIR="${AFSDIR}" KRBDIR="${KRBDIR}" \ DESDIR="${DESDIR}" TCPWRAPDIR="${TCPWRAPDIR}" PAMDIR="${PAMDIR}" \ - CRYPTODIR="${CRYPTODIR}" DB2DIR="${DB2DIR}" all + CRYPTODIR="${CRYPTODIR}" DB2DIR="${DB2DIR}" \ + CAPDIR="${CAPDIR}" all FRC: @@ -32,6 +33,7 @@ install: ETCDIR="${ETCDIR}" LIBDIR="${LIBDIR}" INCDIR="${INCDIR}" \ DESTDIR="${DESTDIR}" AFSDIR="${AFSDIR}" KRBDIR="${KRBDIR}" \ TCPWRAPDIR="${TCPWRAPDIR}" PAMDIR="${PAMDIR}" \ + CAPDIR="${CAPDIR}" \ INSTALL="${INSTALL}" DESDIR="${DESDIR}" install); \ done diff --git a/etc/afpd/Makefile b/etc/afpd/Makefile index 3bff97eb..5c0c2e9f 100644 --- a/etc/afpd/Makefile +++ b/etc/afpd/Makefile @@ -12,7 +12,7 @@ OBJ = unix.o ofork.o main.o switch.o auth.o volume.o directory.o file.o \ nfsquota.o codepage.o quota.o uam.o afs.o INCPATH= -I../../include ${AFSINCPATH} -CFLAGS= ${DEFS} ${AFSDEFS} ${OPTOPTS} ${INCPATH} -DAPPLCNAME +CFLAGS= ${DEFS} ${AFSDEFS} ${CAPDEFS} ${OPTOPTS} ${INCPATH} -DAPPLCNAME LIBS = -latalk ${AFSLIBS} ${ADDLIBS} ${TCPWRAPLIBS} ${DB2LIBS} \ ${RPCSVCLIB} ${AFPLIBS} ${PAMLIBS} ${LIBSHARED} LIBDIRS= -L../../libatalk ${AFSLIBDIRS} ${TCPWRAPLIBDIRS} \ @@ -45,6 +45,9 @@ all : ${SUBDIRS} fi; \ PAMDEFS="-DUSE_PAM"; \ fi; \ + if [ x"${CAPDIR}" != x ]; then \ + CAPDEFS="-DCAPDIR='\"${CAPDIR}\"'";\ + fi; \ if [ -f /usr/lib/librpcsvc.a -o -f /lib/librpcsvc.a ]; then \ RPCSVCLIB=-lrpcsvc; \ fi; \ @@ -59,7 +62,7 @@ all : ${SUBDIRS} LIBSHARED="$${LIBSHARED}" PAMLIBS="$${PAMLIBS}" \ PAMLIBDIR="$${PAMLIBDIR}" RPCSVCLIB="$${RPCSVCLIB}" \ AFSINCPATH="$${AFSINCPATH}" AFSDEFS="$${AFSDEFS}" \ - DB2INCPATH="$${DB2INCPATH}" \ + CAPDEFS="$${CAPDEFS}" DB2INCPATH="$${DB2INCPATH}" \ afpd ${SUBDIRS}: FRC diff --git a/etc/afpd/afp_asp.c b/etc/afpd/afp_asp.c index 73f46e8a..57c25a7a 100644 --- a/etc/afpd/afp_asp.c +++ b/etc/afpd/afp_asp.c @@ -29,6 +29,11 @@ extern struct oforks *writtenfork; +/* for CAP style authenticated printing */ +#ifdef CAPDIR +extern int addr_net, addr_node, addr_uid; +#endif /* CAPDIR */ + static AFPObj *child; static __inline__ void afp_asp_close(AFPObj *obj) @@ -93,6 +98,11 @@ void afp_over_asp(AFPObj *obj) struct sigaction action; int func, ccnt = 0, reply = 0; +#ifdef CAPDIR + char addr_filename[256]; + struct stat cap_st; +#endif /* CAPDIR */ + obj->exit = afp_asp_die; obj->reply = (int (*)()) asp_cmdreply; obj->attention = (int (*)(void *, AFPUserBytes)) asp_attention; @@ -117,6 +127,11 @@ void afp_over_asp(AFPObj *obj) afp_asp_die(1); } +#ifdef CAPDIR + addr_net = ntohs( asp->asp_sat.sat_addr.s_net ); + addr_node = asp->asp_sat.sat_addr.s_node; +#endif /* CAPDIR */ + syslog( LOG_INFO, "session from %u.%u:%u on %u.%u:%u", ntohs( asp->asp_sat.sat_addr.s_net ), asp->asp_sat.sat_addr.s_node, asp->asp_sat.sat_port, @@ -129,6 +144,20 @@ void afp_over_asp(AFPObj *obj) case ASPFUNC_CLOSE : afp_asp_close(obj); syslog( LOG_INFO, "done" ); + +#ifdef CAPDIR + sprintf(addr_filename, "%s/net%d.%dnode%d", CAPDIR, addr_net/256, addr_net%256, addr_node); + if(stat(addr_filename, &cap_st) == 0) { + if(unlink(addr_filename) == 0) { + syslog(LOG_INFO, "removed %s", addr_filename); + } else { + syslog(LOG_INFO, "error removing %s: %m", addr_filename); + } + } else { + syslog(LOG_INFO, "error stat'ing %s: %m", addr_filename); + } +#endif /* CAPDIR */ + if ( obj->options.flags & OPTION_DEBUG ) { printf( "done\n" ); } diff --git a/etc/afpd/auth.c b/etc/afpd/auth.c index 3f229285..20a830a2 100644 --- a/etc/afpd/auth.c +++ b/etc/afpd/auth.c @@ -59,6 +59,13 @@ static struct uam_obj uam_changepw = {"", "", 0, {{NULL}}, &uam_changepw, static struct uam_obj *afp_uam = NULL; + +/* Variables for CAP style printer authentication */ +#ifdef CAPDIR +extern int addr_net, addr_node, addr_uid; +extern char addr_name[32]; +#endif /* CAPDIR */ + void status_versions( data ) char *data; { @@ -124,6 +131,11 @@ static int send_reply(const AFPObj *obj, const int err) static int login(AFPObj *obj, struct passwd *pwd, void (*logout)(void)) { +#ifdef CAPDIR + char nodename[256]; + FILE *fp; +#endif /* CAPDIR */ + if ( pwd->pw_uid == 0 ) { /* don't allow root login */ syslog( LOG_ERR, "login: root login denied!" ); return AFPERR_NOTAUTH; @@ -131,6 +143,20 @@ static int login(AFPObj *obj, struct passwd *pwd, void (*logout)(void)) syslog( LOG_INFO, "login %s (uid %d, gid %d)", pwd->pw_name, pwd->pw_uid, pwd->pw_gid ); + +#ifdef CAPDIR + if(addr_net && addr_node) { /* Do we have a valid Appletalk address? */ + addr_uid = pwd->pw_uid; + strncpy(addr_name, pwd->pw_name, 32); + sprintf(nodename, "%s/net%d.%dnode%d", CAPDIR, addr_net / 256, addr_net % 256, addr_node); + syslog (LOG_INFO, "registering %s (uid %d) on %u.%u as %s", + addr_name, addr_uid, addr_net, addr_node, nodename); + fp = fopen(nodename, "w"); + fprintf(fp, "%s\n", addr_name); + fclose(fp); + } +#endif /* CAPDIR */ + if (initgroups( pwd->pw_name, pwd->pw_gid ) < 0) { #ifdef RUN_AS_USER syslog(LOG_INFO, "running with uid %d", geteuid()); diff --git a/etc/afpd/main.c b/etc/afpd/main.c index 512091a8..755ca448 100644 --- a/etc/afpd/main.c +++ b/etc/afpd/main.c @@ -45,6 +45,11 @@ static AFPConfig *configs; static server_child *server_children; static fd_set save_rfds; +#ifdef CAPDIR +int addr_net, addr_node, addr_uid; +char addr_name[32]; +#endif CAPDIR + static void afp_exit(const int i) { server_unlock(default_options.pidfile); diff --git a/sys/linux/Makefile b/sys/linux/Makefile index cce91f51..1ef7dd1e 100644 --- a/sys/linux/Makefile +++ b/sys/linux/Makefile @@ -52,6 +52,7 @@ ${ALL}: FRC SBINDIR="${SBINDIR}" BINDIR="${BINDIR}" RESDIR="${RESDIR}" \ ETCDIR="${ETCDIR}" LIBDIR="${LIBDIR}" INCDIR="${INCDIR}" \ DESTDIR="${DESTDIR}" AFSDIR="${AFSDIR}" KRBDIR="${KRBDIR}" \ + CAPDIR="${CAPDIR}" \ AFPLIBS="${AFPLIBS}" LDSHARED="${LDSHARED}" \ LDFLAGS_EXPORT="${LDFLAGS_EXPORT}" \ LDSHAREDFLAGS="${LDSHAREDFLAGS}" CSHAREDFLAGS="${CSHAREDFLAGS}" \