diff -P -c -r inn-CURRENT-20010301/authprogs/Makefile inn-CURRENT-20010301-modified/authprogs/Makefile *** inn-CURRENT-20010301/authprogs/Makefile Thu Mar 1 05:00:04 2001 --- inn-CURRENT-20010301-modified/authprogs/Makefile Fri Mar 2 23:30:38 2001 *************** *** 8,13 **** --- 8,15 ---- LIBSMB = smbval/smbvalid.a + LIBAUTH = libauth.o + SOURCES = ckpasswd.c domain.c ident.c pwcheck.c radius.c auth_smb.c INSTALLED = $(D)$(PATHAUTHPASSWD)/ckpasswd \ *************** *** 17,23 **** $(D)$(PATHAUTHRESOLV)/domain \ $(D)$(PATHAUTHRESOLV)/ident ! all: $(LIBSMB) $(ALL) clobber clean: rm -f *.o $(ALL) --- 19,25 ---- $(D)$(PATHAUTHRESOLV)/domain \ $(D)$(PATHAUTHRESOLV)/ident ! all: $(LIBSMB) $(LIBAUTH) $(ALL) clobber clean: rm -f *.o $(ALL) *************** *** 32,48 **** LINK = $(LIBLD) $(LDFLAGS) -o $@ NEWSLIBS = $(LIBINN) $(LIBS) ! ckpasswd: ckpasswd.o ; $(LINK) ckpasswd.o $(DBMLIB) $(LIBS) ! domain: domain.o $(LIBINN) ; $(LINK) domain.o $(NEWSLIBS) ! ident: ident.o ; $(LINK) ident.o $(LIBS) ! pwcheck: pwcheck.o ; $(LINK) pwcheck.o $(LIBS) ! radius: radius.o $(LIBINN) ; $(LINK) radius.o $(NEWSLIBS) ! auth_smb: auth_smb.o $(LIBSMB) ; $(LINK) auth_smb.o $(LIBSMB) $(LIBS) $(LIBINN): ; (cd ../lib ; $(MAKE)) $(LIBSTORAGE): ; (cd ../storage ; $(MAKE)) $(LIBSMB): ; (cd smbval ; $(MAKE)) ## Installation rules. Installation commands set in Makefile.global. --- 34,57 ---- LINK = $(LIBLD) $(LDFLAGS) -o $@ NEWSLIBS = $(LIBINN) $(LIBS) + AUTHLIBS = $(LIBAUTH) $(LIBS) + AUTH_INN = $(LIBINN) $(LIBAUTH) + + CK_LIBS = $(DBMLIB) $(AUTHLIBS) + RAD_LIBS = $(AUTH_INN) $(LIBS) ! ckpasswd: ckpasswd.o $(LIBAUTH) ; $(LINK) ckpasswd.o $(CK_LIBS) ! domain: domain.o $(LIBINN) ; $(LINK) domain.o $(NEWSLIBS) ! ident: ident.o $(LIBAUTH) ; $(LINK) ident.o $(AUTHLIBS) ! pwcheck: pwcheck.o $(LIBAUTH) ; $(LINK) pwcheck.o $(AUTHLIBS) ! radius: radius.o $(AUTH_INN) ; $(LINK) radius.o $(RAD_LIBS) ! auth_smb: auth_smb.o $(LIBSMB) ; $(LINK) auth_smb.o $(LIBSMB) $(LIBS) $(LIBINN): ; (cd ../lib ; $(MAKE)) $(LIBSTORAGE): ; (cd ../storage ; $(MAKE)) $(LIBSMB): ; (cd smbval ; $(MAKE)) + $(LIBAUTH): libauth.h libauth.c + ## Installation rules. Installation commands set in Makefile.global. diff -P -c -r inn-CURRENT-20010301/authprogs/ckpasswd.c inn-CURRENT-20010301-modified/authprogs/ckpasswd.c *** inn-CURRENT-20010301/authprogs/ckpasswd.c Thu Mar 1 05:00:04 2001 --- inn-CURRENT-20010301-modified/authprogs/ckpasswd.c Fri Mar 2 21:54:53 2001 *************** *** 3,10 **** ** The default username/password authenticator. */ ! #include "config.h" ! #include "clibrary.h" #include #include --- 3,10 ---- ** The default username/password authenticator. */ ! #include "libauth.h" ! #include #include *************** *** 153,178 **** } if (argc != optind) exit(2); ! uname[0] = '\0'; ! pass[0] = '\0'; ! /* make sure that strlen(buff) is always less than sizeof(buff) */ ! buff[sizeof(buff)-1] = '\0'; ! /* get the username and password from stdin */ ! while (fgets(buff, sizeof(buff)-1, stdin) != (char*) 0) { ! /* strip '\r\n' */ ! buff[strlen(buff)-1] = '\0'; ! if (strlen(buff) && (buff[strlen(buff)-1] == '\r')) ! buff[strlen(buff)-1] = '\0'; ! ! #define NAMESTR "ClientAuthname: " ! #define PASSSTR "ClientPassword: " ! if (!strncmp(buff, NAMESTR, strlen(NAMESTR))) ! strcpy(uname, buff+sizeof(NAMESTR)-1); ! if (!strncmp(buff, PASSSTR, strlen(PASSSTR))) ! strcpy(pass, buff+sizeof(PASSSTR)-1); } - if (!uname[0] || !pass[0]) - exit(3); /* got username and password, check if they're valid */ #if HAVE_GETSPNAM --- 153,163 ---- } if (argc != optind) exit(2); ! ! if (get_auth(uname,pass) != 0) { ! fprintf(stderr, "ckpasswd: internal error.\n"); ! exit(1); } /* got username and password, check if they're valid */ #if HAVE_GETSPNAM diff -P -c -r inn-CURRENT-20010301/authprogs/ident.c inn-CURRENT-20010301-modified/authprogs/ident.c *** inn-CURRENT-20010301/authprogs/ident.c Thu Mar 1 05:00:05 2001 --- inn-CURRENT-20010301-modified/authprogs/ident.c Sat Mar 3 01:07:42 2001 *************** *** 2,9 **** ** ** ident authenticator. */ ! #include "config.h" ! #include "clibrary.h" #include #include #include --- 2,9 ---- ** ** ident authenticator. */ ! #include "libauth.h" ! #include #include #include *************** *** 27,33 **** char *p; int got; char *endstr; ! int gotcliaddr, gotcliport, gotlocaddr, gotlocport; memset(&sin, '\0', sizeof(sin)); sin.sin_family = AF_INET; --- 27,33 ---- char *p; int got; char *endstr; ! char result = 0; memset(&sin, '\0', sizeof(sin)); sin.sin_family = AF_INET; *************** *** 63,99 **** } } - /* read the connection info from stdin */ - #define IPNAME "ClientIP: " - #define PORTNAME "ClientPort: " - #define LOCIP "LocalIP: " - #define LOCPORT "LocalPort: " memset(&cli, '\0', sizeof(cli)); - cli.sin_family = AF_INET; memset(&loc, '\0', sizeof(loc)); - loc.sin_family = AF_INET; - - gotcliaddr = gotcliport = gotlocaddr = gotlocport = 0; - while(fgets(buf, sizeof(buf), stdin) != (char*) 0) { - /* strip '\n' */ - buf[strlen(buf)-1] = '\0'; - - if (!strncmp(buf, IPNAME, strlen(IPNAME))) { - cli.sin_addr.s_addr = inet_addr(buf+strlen(IPNAME)); - gotcliaddr = 1; - } else if (!strncmp(buf, PORTNAME, strlen(PORTNAME))) { - cli.sin_port = htons(atoi(buf+strlen(PORTNAME))); - gotcliport = 1; - } else if (!strncmp(buf, LOCIP, strlen(LOCIP))) { - loc.sin_addr.s_addr = inet_addr(buf+strlen(LOCIP)); - gotlocaddr = 1; - } else if (!strncmp(buf, LOCPORT, strlen(LOCPORT))) { - loc.sin_port = htons(atoi(buf+strlen(LOCPORT))); - gotlocport = 1; - } - } ! if (!gotcliaddr || !gotcliport || !gotlocaddr || !gotlocport) { fprintf(stderr, "ident: didn't get ident parameter\n"); exit(1); } --- 63,73 ---- } } memset(&cli, '\0', sizeof(cli)); memset(&loc, '\0', sizeof(loc)); ! /* read the connection info from stdin */ ! if (get_res(&loc,&cli) != (char) GOT_ALL) { fprintf(stderr, "ident: didn't get ident parameter\n"); exit(1); } diff -P -c -r inn-CURRENT-20010301/authprogs/ident.new inn-CURRENT-20010301-modified/authprogs/ident.new *** inn-CURRENT-20010301/authprogs/ident.new Wed Dec 31 19:00:00 1969 --- inn-CURRENT-20010301-modified/authprogs/ident.new Sat Mar 3 00:35:12 2001 *************** *** 0 **** --- 1,165 ---- + /* $Id: ident.c,v 1.8 2001/02/07 09:07:18 rra Exp $ + ** + ** ident authenticator. + */ + #include "libauth.h" + + #include + #include + #include + #include + #include + #include + + #include "libinn.h" + #include "macros.h" + + int main(int argc, char *argv[]) + { + struct servent *s; + char buf[2048]; + struct sockaddr_in sin, loc, cli; + int sock; + int opt; + int truncate = 0; + extern char *optarg; + char *iter; + char *p; + int got; + char *endstr; + char result; + + memset(&sin, '\0', sizeof(sin)); + sin.sin_family = AF_INET; + + #define IDENT_PORT 113 + + s = getservbyname("ident", "tcp"); + if (!s) + sin.sin_port = htons(IDENT_PORT); + else + sin.sin_port = s->s_port; + + while ((opt = getopt(argc, argv, "p:t")) != -1) { + switch (opt) { + case 'p': + for (iter = optarg; *iter; iter++) + if (*iter < '0' || *iter > '9') + break; + if (*iter) { + /* not entirely numeric */ + if ((s = getservbyname(optarg, "tcp")) == (struct servent *) 0) { + fprintf(stderr, "ident: can't getservbyname(%s/tcp)\n", optarg); + exit(1); + } + sin.sin_port = s->s_port; + } else + sin.sin_port = atoi(optarg); + sin.sin_port = htons(sin.sin_port); + break; + case 't': + truncate = 1; + break; + } + } + + //if (get_res(sin,loc,cli,buf) != (unsigned int) GOTALL) { + result = get_res(sin,loc,cli); + if (result != (char) GOTALL) { + fprintf(stderr, "ident: didn't get ident parameter%x\n",result); + exit(1); + } + /* got all the client parameters, create our local socket. */ + if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + fprintf(stderr, "ident: couldn't create socket: %s\n", strerror(errno)); + exit(1); + } + opt = loc.sin_port; + loc.sin_port = 0; + if (bind(sock, (struct sockaddr*) &loc, sizeof(loc)) < 0) { + fprintf(stderr, "ident: couldn't bind socket: %s\n", strerror(errno)); + exit(1); + } + loc.sin_port = opt; + sin.sin_addr.s_addr = cli.sin_addr.s_addr; + if (connect(sock, (struct sockaddr*) &sin, sizeof(sin)) < 0) { + if (errno != ECONNREFUSED) { + fprintf(stderr, "ident: couldn't connect to %s:%d: %s\n", + inet_ntoa(sin.sin_addr), ntohs(sin.sin_port), strerror(errno)); + } + exit(1); + } + + /* send the request out */ + sprintf(buf, "%d , %d\r\n", ntohs(cli.sin_port), ntohs(loc.sin_port)); + got = 0; + while (got != strlen(buf)) { + opt = write(sock, buf+got, strlen(buf)-got); + if (opt < 0) + exit(1); + else if (!opt) + exit(1); + got += opt; + } + + /* get the answer back */ + got = 0; + do { + opt = read(sock, buf+got, sizeof(buf)-got); + if (opt < 0) + exit(1); + else if (!opt) + exit(1); + while (opt--) + if (buf[got] != '\n') + got++; + } while (buf[got] != '\n'); + buf[got] = '\0'; + if (buf[got-1] == '\r') + buf[got-1] = '\0'; + + /* buf now contains the entire ident response. */ + if (!(iter = strchr(buf, ':'))) + /* malformed response */ + exit(1); + iter++; + + while (*iter && ISWHITE(*iter)) + iter++; + endstr = iter; + while (*endstr && *endstr != ':' && !ISWHITE(*endstr)) + endstr++; + if (!*endstr) + /* malformed response */ + exit(1); + if (*endstr != ':') { + *endstr++ = '\0'; + while (*endstr != ':') + endstr++; + } + + *endstr = '\0'; + + if (!strcmp(iter, "ERROR")) + exit(1); + else if (strcmp(iter, "USERID") != 0) + /* malformed response */ + exit(1); + + /* skip the operating system */ + if (!(iter = strchr(endstr+1, ':'))) + exit(1); + + /* everything else is username */ + iter++; + while (*iter && ISWHITE(*iter)) + iter++; + if (!*iter || *iter == '[') + /* null, or encrypted response */ + exit(1); + if ((truncate == 1) && ((p = strchr(iter, '@')) != NULL)) + *p = '\0'; + printf("User:%s\n", iter); + + exit(0); + } diff -P -c -r inn-CURRENT-20010301/authprogs/libauth.c inn-CURRENT-20010301-modified/authprogs/libauth.c *** inn-CURRENT-20010301/authprogs/libauth.c Wed Dec 31 19:00:00 1969 --- inn-CURRENT-20010301-modified/authprogs/libauth.c Sat Mar 3 01:09:46 2001 *************** *** 0 **** --- 1,72 ---- + /* + ** + ** Common code for authenticators and resolvers. + ** + */ + + #include "libauth.h" + + + int + get_auth(char* uname, char* pass) + { + char buff[SMBUF]; + + uname[0] = '\0'; + pass[0] = '\0'; + /* make sure that strlen(buff) is always less than sizeof(buff) */ + buff[sizeof(buff)-1] = '\0'; + /* get the username and password from stdin */ + while (fgets(buff, sizeof(buff)-1, stdin) != (char*) 0) { + /* strip '\r\n' */ + buff[strlen(buff)-1] = '\0'; + if (strlen(buff) && (buff[strlen(buff)-1] == '\r')) + buff[strlen(buff)-1] = '\0'; + + if (!strncmp(buff, NAMESTR, strlen(NAMESTR))) + strcpy(uname, buff+sizeof(NAMESTR)-1); + if (!strncmp(buff, PASSSTR, strlen(PASSSTR))) + strcpy(pass, buff+sizeof(PASSSTR)-1); + } + if (uname[0] == '\0' || pass[0] == '\0' ) + return(3); + + return(0); + } + + + + char + get_res(struct sockaddr_in* loc, + struct sockaddr_in* cli) + { + char result = 0; + char buf[2048]; + + cli->sin_family = AF_INET; + loc->sin_family = AF_INET; + + /* read the connection info from stdin */ + + while(fgets(buf, sizeof(buf), stdin) != (char*) 0) { + /* strip '\n' */ + buf[strlen(buf)-1] = '\0'; + + if (!strncmp(buf, IPNAME, strlen(IPNAME))) { + cli->sin_addr.s_addr = inet_addr(buf+strlen(IPNAME)); + result = result | GOTCLIADDR; + } else if (!strncmp(buf, PORTNAME, strlen(PORTNAME))) { + cli->sin_port = htons(atoi(buf+strlen(PORTNAME))); + result = result | GOTCLIPORT; + } else if (!strncmp(buf, LOCIP, strlen(LOCIP))) { + loc->sin_addr.s_addr = inet_addr(buf+strlen(LOCIP)); + result = result | GOTLOCADDR; + } else if (!strncmp(buf, LOCPORT, strlen(LOCPORT))) { + loc->sin_port = htons(atoi(buf+strlen(LOCPORT))); + result = result | GOTLOCPORT; + } + } + + return(result); + } + diff -P -c -r inn-CURRENT-20010301/authprogs/libauth.h inn-CURRENT-20010301-modified/authprogs/libauth.h *** inn-CURRENT-20010301/authprogs/libauth.h Wed Dec 31 19:00:00 1969 --- inn-CURRENT-20010301-modified/authprogs/libauth.h Sat Mar 3 01:09:15 2001 *************** *** 0 **** --- 1,53 ---- + /* + ** + ** Common headers for authenticators and resolvers. + ** + */ + + #include "config.h" + #include "clibrary.h" + + #include + + + /*********************** Authenticators ************************/ + + #define NAMESTR "ClientAuthname: " + #define PASSSTR "ClientPassword: " + + /* + * Takes in two buffers for the results and reads username and + * password as passed from nnrpd via stdin. Exit values: + * 0 - got nonnull username and password sucessfully + * 3 - one of the inputs from nnrpd was an empty string + * (in this case, the result is usable if desired, just + * be aware that one of the strings starts with \0) + */ + extern int + get_auth(char* uname, char* pass); + + + + /*********************** Resolvers ************************/ + + #define IPNAME "ClientIP: " + #define PORTNAME "ClientPort: " + #define LOCIP "LocalIP: " + #define LOCPORT "LocalPort: " + + #define GOTCLIADDR 0x1 + #define GOTCLIPORT 0x2 + #define GOTLOCADDR 0x4 + #define GOTLOCPORT 0x8 + #define GOT_ALL (GOTCLIADDR | GOTCLIPORT | GOTLOCADDR | GOTLOCPORT) + + + /* + * Parses the client and local IP and ports from stdin and stores them + * into the argument structs. Returns the OR of the GOT... constants + * defined above for those fields which were found. Returns GOT_ALL + * if all fields wre found. + */ + extern char + get_res(struct sockaddr_in* loc, + struct sockaddr_in* cli); diff -P -c -r inn-CURRENT-20010301/authprogs/pwcheck.c inn-CURRENT-20010301-modified/authprogs/pwcheck.c *** inn-CURRENT-20010301/authprogs/pwcheck.c Sat Nov 20 19:14:32 1999 --- inn-CURRENT-20010301-modified/authprogs/pwcheck.c Fri Mar 2 21:53:57 2001 *************** *** 33,40 **** # tech-transfer@andrew.cmu.edu * */ ! #include "config.h" ! #include "clibrary.h" #include #include #include --- 33,39 ---- # tech-transfer@andrew.cmu.edu * */ ! #include "libauth.h" #include #include #include *************** *** 54,80 **** int main() { ! char uname[SMBUF], pass[SMBUF], buff[SMBUF]; ! uname[0] = '\0'; ! pass[0] = '\0'; ! /* get the username and password from stdin */ ! while (fgets(buff, sizeof(buff), stdin) != (char*) 0) { ! /* strip '\r\n' */ ! buff[strlen(buff)-1] = '\0'; ! if (strlen(buff) && (buff[strlen(buff)-1] == '\r')) ! buff[strlen(buff)-1] = '\0'; ! ! #define NAMESTR "ClientAuthname: " ! #define PASSSTR "ClientPassword: " ! if (!strncmp(buff, NAMESTR, strlen(NAMESTR))) ! strcpy(uname, buff+sizeof(NAMESTR)-1); ! if (!strncmp(buff, PASSSTR, strlen(PASSSTR))) ! strcpy(pass, buff+sizeof(PASSSTR)-1); } - - if (!uname[0] || !pass[0]) - exit(3); if(!login_plaintext(uname, pass)) { fprintf(stderr, "valid passwd\n"); --- 53,64 ---- int main() { ! char uname[SMBUF], pass[SMBUF]; ! if (get_auth(uname,pass) != 0) { ! fprintf(stderr, "pwcheck: internal error.\n"); ! exit(1); } if(!login_plaintext(uname, pass)) { fprintf(stderr, "valid passwd\n"); diff -P -c -r inn-CURRENT-20010301/authprogs/radius.c inn-CURRENT-20010301-modified/authprogs/radius.c *** inn-CURRENT-20010301/authprogs/radius.c Thu Mar 1 05:00:05 2001 --- inn-CURRENT-20010301-modified/authprogs/radius.c Fri Mar 2 21:54:26 2001 *************** *** 3,10 **** ** Authenticate a user against a remote radius server. */ ! #include "config.h" ! #include "clibrary.h" #include #include #include --- 3,9 ---- ** Authenticate a user against a remote radius server. */ ! #include "libauth.h" #include #include #include *************** *** 402,408 **** int opt; int havefile, haveother; char uname[SMBUF], pass[SMBUF]; - char buff[SMBUF]; FILE *f; rad_config_t radconfig; int retval; --- 401,406 ---- *************** *** 518,542 **** exit(1); } ! uname[0] = '\0'; ! pass[0] = '\0'; ! /* get the username and password from stdin */ ! buff[sizeof(buff)-1] = '\0'; ! while (fgets(buff, sizeof(buff)-1, stdin) != (char*) 0) { ! /* strip '\r\n' */ ! buff[strlen(buff)-1] = '\0'; ! if (strlen(buff) && (buff[strlen(buff)-1] == '\r')) ! buff[strlen(buff)-1] = '\0'; ! ! #define NAMESTR "ClientAuthname: " ! #define PASSSTR "ClientPassword: " ! if (!strncmp(buff, NAMESTR, strlen(NAMESTR))) ! strncpy(uname, buff+sizeof(NAMESTR)-1, sizeof(uname)); ! if (!strncmp(buff, PASSSTR, strlen(PASSSTR))) ! strncpy(pass, buff+sizeof(PASSSTR)-1, sizeof(pass)); } - if (!uname[0] || !pass[0]) - exit(3); /* got username and password, check that they're valid */ retval = rad_auth(&radconfig, uname, pass); --- 516,525 ---- exit(1); } ! if (get_auth(uname,pass) != 0) { ! fprintf(stderr, "radius: internal error.\n"); ! exit(1); } /* got username and password, check that they're valid */ retval = rad_auth(&radconfig, uname, pass);