Subject: afpd guest access
From: wesley.craig@umich.edu
Date: Thu Sep 09 1993 - 14:10:35 EDT
This is in answer to the mail just sent about disabling guest access to
afpd. Obviously, this patch will appear in later versions.
:wes
------- Forwarded Message
From: wesley.craig@umich.edu
To: whalenm@ozone.tsg.com (Matthew Whalen)
Subject: Re: netatalk
In-reply-to: Your message of "Thu, 02 Sep 1993 14:36:58 EDT."
<9309021836.AA01019@ozone.tsg.com.>
Date: Fri, 03 Sep 1993 15:42:32 -0400
Sender: wes@terminator.rs.itd.umich.edu
> From: whalenm@ozone.tsg.com (Matthew Whalen)
> To: wesley.craig@umich.edu
> How do I disable quest access for afpd?
Apply this patch. Then use -G on the command line.
:wes
- --- cut ---
*** netatalk-1.3b2/etc/afpd/main.c- Sun Aug 8 14:15:31 1993
- --- netatalk-1.3b2/etc/afpd/main.c Fri Sep 3 14:52:00 1993
***************
*** 1,24 ****
/*
! * Copyright (c) 1990,1991 Regents of The University of Michigan.
! * All Rights Reserved.
! *
! * Permission to use, copy, modify, and distribute this software and
! * its documentation for any purpose and without fee is hereby granted,
! * provided that the above copyright notice appears in all copies and
! * that both that copyright notice and this permission notice appear
! * in supporting documentation, and that the name of The University
! * of Michigan not be used in advertising or publicity pertaining to
! * distribution of the software without specific, written prior
! * permission. This software is supplied as is without expressed or
! * implied warranties of any kind.
! *
! * Research Systems Unix Group
! * The University of Michigan
! * c/o Mike Clark
! * 535 W. William Street
! * Ann Arbor, Michigan
! * +1-313-763-0525
! * netatalk@itd.umich.edu
*/
#include <sys/errno.h>
- --- 1,6 ----
/*
! * Copyright (c) 1990,1993 Regents of The University of Michigan.
! * All Rights Reserved. See COPYRIGHT.
*/
#include <sys/errno.h>
***************
*** 54,59 ****
- --- 36,42 ----
int nologin = 0;
int connections = 5;
char *defaultvol = _PATH_AFPDCONF;
+ char *guest = "nobody";
char *Obj, *Type = "AFPServer", *Zone = "*";
ASP child;
***************
*** 151,157 ****
*p = '\0';
}
! while (( c = getopt( ac, av, "dn:f:c:" )) != EOF ) {
switch ( c ) {
case 'd' :
debug++;
- --- 134,140 ----
*p = '\0';
}
! while (( c = getopt( ac, av, "dn:f:c:g:G" )) != EOF ) {
switch ( c ) {
case 'd' :
debug++;
***************
*** 165,170 ****
- --- 148,159 ----
case 'c' :
connections = atoi( optarg );
break;
+ case 'g' :
+ guest = optarg;
+ break;
+ case 'G' :
+ guest = 0;
+ break;
default :
fprintf( stderr, "Unknown option -- '%c'\n", c );
exit( 1 );
***************
*** 290,296 ****
switch (( c = asp_getrequest( child, &buf, &buflen ))) {
case ASPFUNC_CLOSE :
asp_close( child );
! syslog( LOG_INFO, "close session" );
exit( 0 );
break;
case ASPFUNC_CMD :
- --- 279,285 ----
switch (( c = asp_getrequest( child, &buf, &buflen ))) {
case ASPFUNC_CLOSE :
asp_close( child );
! syslog( LOG_INFO, "done" );
exit( 0 );
break;
case ASPFUNC_CMD :
*** netatalk-1.3b2/etc/afpd/auth.c- Fri Aug 13 14:01:41 1993
- --- netatalk-1.3b2/etc/afpd/auth.c Fri Sep 3 14:48:53 1993
***************
*** 1,24 ****
/*
! * Copyright (c) 1990,1991 Regents of The University of Michigan.
! * All Rights Reserved.
! *
! * Permission to use, copy, modify, and distribute this software and
! * its documentation for any purpose and without fee is hereby granted,
! * provided that the above copyright notice appears in all copies and
! * that both that copyright notice and this permission notice appear
! * in supporting documentation, and that the name of The University
! * of Michigan not be used in advertising or publicity pertaining to
! * distribution of the software without specific, written prior
! * permission. This software is supplied as is without expressed or
! * implied warranties of any kind.
! *
! * Research Systems Unix Group
! * The University of Michigan
! * c/o Mike Clark
! * 535 W. William Street
! * Ann Arbor, Michigan
! * +1-313-763-0525
! * netatalk@itd.umich.edu
*/
#include <stdio.h>
- --- 1,6 ----
/*
! * Copyright (c) 1990,1993 Regents of The University of Michigan.
! * All Rights Reserved. See COPYRIGHT.
*/
#include <stdio.h>
***************
*** 56,63 ****
{ "AFPVersion 2.0", 20 },
};
struct afp_uams afp_uams[] = {
- - { "No User Authent", noauth_login, NULL },
#ifdef KRBUAM
{ "AFS Kerberos", krb_login, krb_logincont },
#endif
- --- 38,48 ----
{ "AFPVersion 2.0", 20 },
};
+ /*
+ * Note: "NoAuth" must be last, to allow guest to be turned off on the
+ * command line.
+ */
struct afp_uams afp_uams[] = {
#ifdef KRBUAM
{ "AFS Kerberos", krb_login, krb_logincont },
#endif
***************
*** 64,69 ****
- --- 49,55 ----
#ifdef CLRTXTUAM
{ "Cleartxt passwrd", clrtxt_login, NULL },
#endif
+ { "No User Authent", noauth_login, NULL },
};
struct afp_uams *afp_uam = NULL;
***************
*** 94,99 ****
- --- 80,88 ----
status = (struct afp_status *)data;
num = sizeof( afp_uams ) / sizeof( afp_uams[ 0 ] );
+ if ( guest == 0 ) {
+ num--;
+ }
data += ntohs( status->as_uamsoff );
*data++ = num;
for ( i = 0; i < num; i++ ) {
***************
*** 137,142 ****
- --- 126,134 ----
len = *ibuf++;
ibuflen--;
num = sizeof( afp_uams ) / sizeof( afp_uams[ 0 ]);
+ if ( guest == 0 ) {
+ num--;
+ }
for ( i = 0; i < num; i++ ) {
if ( strncmp( ibuf, afp_uams[ i ].au_name, len ) == 0 ) {
afp_uam = &afp_uams[ i ];
***************
*** 174,181 ****
*rbuflen = 0;
syslog( LOG_INFO, "login noauth" );
! if (( pwent = getpwnam( "nobody" )) == NULL ) {
! syslog( LOG_ERR, "noauth_login: getpwname( nobody ): %m" );
return( AFPERR_BADUAM );
}
- --- 166,173 ----
*rbuflen = 0;
syslog( LOG_INFO, "login noauth" );
! if (( pwent = getpwnam( guest )) == NULL ) {
! syslog( LOG_ERR, "noauth_login: getpwname( %s ): %m", guest );
return( AFPERR_BADUAM );
}
***************
*** 203,208 ****
- --- 195,205 ----
uid_t uid;
gid_t gid;
{
+ if ( uid == 0 ) { /* don't allow root login */
+ syslog( LOG_ERR, "login: root login denied!" );
+ return( AFPERR_NOTAUTH );
+ }
+
syslog( LOG_INFO, "login %s (uid %d, gid %d)", name, uid, gid );
if ( initgroups( name, gid ) < 0 ||
setregid( gid, gid ) < 0 ||
***************
*** 366,371 ****
- --- 363,369 ----
*rbuflen = 0;
ibuf += 2;
bcopy( ibuf, &clen, sizeof( short ));
+ clen = ntohs( clen );
ibuf += sizeof( short );
pcbc_encrypt((C_Block *)ibuf, (C_Block *)ibuf,
*** netatalk-1.3b2/etc/afpd/globals.h- Tue Jun 8 15:46:08 1993
- --- netatalk-1.3b2/etc/afpd/globals.h Fri Sep 3 14:45:42 1993
***************
*** 1,24 ****
/*
! * Copyright (c) 1990,1991 Regents of The University of Michigan.
! * All Rights Reserved.
! *
! * Permission to use, copy, modify, and distribute this software and
! * its documentation for any purpose and without fee is hereby granted,
! * provided that the above copyright notice appears in all copies and
! * that both that copyright notice and this permission notice appear
! * in supporting documentation, and that the name of The University
! * of Michigan not be used in advertising or publicity pertaining to
! * distribution of the software without specific, written prior
! * permission. This software is supplied as is without expressed or
! * implied warranties of any kind.
! *
! * Research Systems Unix Group
! * The University of Michigan
! * c/o Mike Clark
! * 535 W. William Street
! * Ann Arbor, Michigan
! * +1-313-763-0525
! * netatalk@itd.umich.edu
*/
extern int debug;
- --- 1,6 ----
/*
! * Copyright (c) 1990,1993 Regents of The University of Michigan.
! * All Rights Reserved. See COPYRIGHT.
*/
extern int debug;
***************
*** 30,32 ****
- --- 12,15 ----
extern struct dir *curdir;
extern char getwdbuf[];
extern char *Obj;
+ extern char *guest;
- --- cut ---
------- End of Forwarded Message
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:19:51 EST