Patch #: 24 Type: operational change Priority: none Modification: add ULTRIX enhanced security for AUFS Submitted: Rusty Wright Archived: munnari.OZ.AU mac/cap.patches/cap60.patch024 Summary: use ULTRIX authorization library File: cap60/applications/aufs/afpos.c File: cap60/Configure *** applications/aufs/afpos.c.orig Tue May 28 21:03:15 1991 --- applications/aufs/afpos.c Wed May 29 19:15:37 1991 *************** *** 1,7 **** /* ! * $Author: djh $ $Date: 1991/05/28 10:41:05 $ ! * $Header: /local/mulga/mac/src/cap60/applications/aufs/RCS/afpos.c,v 2.8 1991/05/28 10:41:05 djh Exp djh $ ! * $Revision: 2.8 $ */ /* --- 1,7 ---- /* ! * $Author: djh $ $Date: 1991/05/29 09:15:27 $ ! * $Header: /mac/src/cap60/applications/aufs/RCS/afpos.c,v 2.9 1991/05/29 09:15:27 djh Exp djh $ ! * $Revision: 2.9 $ */ /* *************** *** 175,180 **** --- 175,185 ---- #include #endif PERMISSIVE_USER_NAME + #ifdef ULTRIX_SECURITY + #include + #include + #endif ULTRIX_SECURITY + #ifdef MAXBSIZE # define IOBSIZE MAXBSIZE /* set to max buf entry size by if there */ #else *************** *** 2876,2881 **** --- 2881,2889 ---- byte passkey[8]; /* password is 8 bytes max */ char *pass; char *crypt(); + #ifdef ULTRIX_SECURITY + char *ultrix_crypt(); + #endif ULTRIX_SECURITY #ifdef LWSRV_AUFS_SECURITY extern char *userlogindir; int namlen; *************** *** 2962,2968 **** --- 2970,2980 ---- logit(0,"Login: user %s has a NULL password",nam); return(aeUserNotAuth); } + #ifdef ULTRIX_SECURITY + if (strcmp(ultrix_crypt(pwd,p),p->pw_passwd) != 0) { + #else ULTRIX_SECURITY if (strcmp(crypt(pwd,p->pw_passwd),p->pw_passwd) != 0) { + #endif ULTRIX_SECURITY logit(0,"Login: Incorrect password for user %s",nam); if (!safedebug) return(aeUserNotAuth); *************** *** 3475,3478 **** } } ! --- 3487,3530 ---- } } ! #ifdef ULTRIX_SECURITY ! char * ! ultrix_crypt(pwd, pw) ! char *pwd; ! struct passwd *pw; ! { ! extern char *crypt(), *crypt16(); ! extern AUTHORIZATION *getauthuid(); ! AUTHORIZATION *au; ! struct svcinfo *si; ! char *passwd; ! ! /* ! * the asterisk means that the real encrypted password ! * is in the auth file. But we really should check to ! * see if the security level is either SEC_UPGRADE or ! * SEC_ENHANCED and the password is an asterisk because ! * the security level could be BSD and someone put an ! * asterisk in to turn an account off, but if that's the ! * case the right thing will happen here anyways (i.e., ! * nothing encrypts to a single asterisk so the test will ! * fail). ! */ ! if (strcmp(pw->pw_passwd, "*") == 0) { ! si = getsvc(); ! if ((si->svcauth.seclevel == SEC_UPGRADE) || ! (si->svcauth.seclevel == SEC_ENHANCED)) { ! /* ! * if they aren't in the auth file return ! * the empty string. this can't match since ! * we've already thrown out empty passwords. ! */ ! if ((au = getauthuid(pw->pw_uid)) == NULL) ! return(""); ! pw->pw_passwd = au->a_password; ! } ! return(crypt16(pwd, pw->pw_passwd)); ! } ! return(crypt(pwd, pw->pw_passwd)); ! } ! #endif ULTRIX_SECURITY *** Configure.orig Wed May 29 19:18:03 1991 --- Configure Wed May 29 19:31:31 1991 *************** *** 1,7 **** #!/bin/sh ! # $Author: djh $ $Date: 1991/05/28 06:10:31 $ ! # $Header: /mac/src/cap60/RCS/Configure,v 2.7 1991/05/28 06:10:31 djh Exp $ ! # $Revision: 2.7 $ # CAP configuration shell script. This ain't perfect, but it's a start. # Execute with /bin/sh Configure if your system won't run it (ksh is okay too) # --- 1,7 ---- #!/bin/sh ! # $Author: djh $ $Date: 1991/05/29 09:31:20 $ ! # $Header: /mac/src/cap60/RCS/Configure,v 2.9 1991/05/29 09:31:20 djh Exp djh $ ! # $Revision: 2.9 $ # CAP configuration shell script. This ain't perfect, but it's a start. # Execute with /bin/sh Configure if your system won't run it (ksh is okay too) # *************** *** 439,444 **** --- 439,447 ---- # + PERMISSIVE_USER_NAME allows AUFS users to have their real name in Chooser # define(`specialcflags',concat(specialcflags,` -DPERMISSIVE_USER_NAME')) # + # + ULTRIX_SECURITY adds ULTRIX enhanced security to aufs + # define(`specialcflags',concat(specialcflags,` -DULTRIX_SECURITY')) + # EOT0 result=0 if [ -f m4.features ]; then *************** *** 805,810 **** --- 808,815 ---- [define([libafpc],concat([-L],libdestdir,[ ],libafpc))]) # any special libraries define([libspecial],[]) + ifelse(os,[ultrix40],[ + define([libspecial],concat(libspecial,[ -lauth]))]) ifelse(os,[xenix5],[ define([libspecial],concat(libspecial,[ -lsocket]))]) ifelse(os,[dynix],[ *** README.orig Wed May 29 19:18:20 1991 --- README Wed May 29 19:23:06 1991 *************** *** 3,9 **** (For use with AppleTalk/Ethernet bridge) o RELEASE NOTES ! o CAP Distribution 6.0, Patch Level 23, May 1991 Introduction ------------ --- 3,9 ---- (For use with AppleTalk/Ethernet bridge) o RELEASE NOTES ! o CAP Distribution 6.0, Patch Level 24, May 1991 Introduction ------------