You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Dirk.vanGulik" <Di...@jrc.it> on 1996/06/19 19:39:19 UTC
nis control
----------
X-Sun-Data-Type: text
X-Sun-Data-Description: text
X-Sun-Data-Name: text
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 10
Hi Henri,
Find attached the hacked NIS module, for mod_auth_nis,
it did what we wanted it to do; feel free to hack it
but assume that it is broken and dead and unsecure.
See you in montreal,
Dirk.
----------
X-Sun-Data-Type: c-file
X-Sun-Data-Description: c-file
X-Sun-Data-Name: mod_auth_nis.c
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 203
/* ====================================================================
* Copyright (c) 1995 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* 4. The names "Apache Server" and "Apache Group" must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 5. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
* IT'S CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Group and was originally based
* on public domain software written at the National Center for
* Supercomputing Applications, University of Illinois, Urbana-Champaign.
* For more information on the Apache Group and the Apache HTTP server
* project, please see <http://www.apache.org/>.
*
*/
/*
* http_auth: authentication
*
* Dirk.vanGulik@jrc.it
*
* Very quick and dirty hack to get NIS working; can be
* improved a lot as we do all the reading/opening every
* time, rather than caching it decently !
*
* SHADOW assumes old/new style passwords, see getpwnam() and getspnam()
*/
#include <pwd.h>
#define SHADOW 1
#define MULTITREADING 0
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
#include "http_protocol.h"
typedef struct auth_nis_config_struct {
int auth_nis; /* contains true/false */
} auth_config_rec;
void *create_nis_auth_dir_config (pool *p, char *d)
{
return pcalloc (p, sizeof(auth_config_rec));
}
char *
nis_set_flag_slot (cmd_parms * cmd, char *struct_ptr, int arg)
{
(int) *(char **) (struct_ptr + ((int) cmd->info)) = arg;
return NULL;
}
command_rec auth_nis_cmds[] = {
{ "AuthUserNis", nis_set_flag_slot,
(void*)XtOffsetOf(auth_config_rec,auth_nis), OR_AUTHCFG, FLAG,
" NIS/YP checking on/off"
},
{ NULL }
};
module auth_nis_module;
char *get_nis_pw(request_rec *r, char *user)
{
#ifdef MULTITREADING
struct passwd *result;
struct passwd tmp;
char buff[MAX_STRING_LEN];
#ifdef SHADOW
result=getspnam_r(user,tmp,buff,MAX_STRING_LEN);
#else
result=getpwnam_r(user,tmp,buff,MAX_STRING_LEN);
#endif
#else
struct passwd *result;
#ifdef SHADOW
result=getspnam(user);
#else
result=getpwnam(user);
#endif
#endif
/* success ? */
if (!result) {
if (errno)
log_reason ("Problem with NIS: %s", strerror(errno), r);
return NULL;
};
if (!result->pw_passwd) {
#ifndef SHADOW
log_reason ("No NIS password for %s (Are you using shadow)", user, r);
#endif
return NULL;
};
return pstrdup (r->pool, result->pw_passwd);
}
/* These functions return 0 if client is OK, and proper error status
* if not... either AUTH_REQUIRED, if we made a check, and it failed, or
* SERVER_ERROR, if things are so totally confused that we couldn't
* figure out how to tell if the client is authorized or not.
*
* If they return DECLINED, and all other modules also decline, that's
* treated by the server core as a configuration error, logged and
* reported as such.
*/
/* Determine user ID, and check if it really is that user, for HTTP
* basic authentication...
*/
int authenticate_nis_basic_user (request_rec *r)
{
auth_config_rec *sec =
(auth_config_rec *)get_module_config (r->per_dir_config, &auth_nis_module);
conn_rec *c = r->connection;
char *sent_pw, *real_pw;
char errstr[MAX_STRING_LEN];
int res;
if ((res = get_basic_auth_pw (r, &sent_pw))) return res;
if(!sec->auth_nis)
return DECLINED;
if (!(real_pw = get_nis_pw(r, c->user))) {
sprintf(errstr,"user %s not found",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
}
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
sprintf(errstr,"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
}
return OK;
}
module auth_nis_module = {
STANDARD_MODULE_STUFF,
NULL, /* initializer */
create_nis_auth_dir_config, /* dir config creater */
NULL, /* dir merger --- default is to override */
NULL, /* server config */
NULL, /* merge server config */
auth_nis_cmds, /* command table */
NULL, /* handlers */
NULL, /* filename translation */
authenticate_nis_basic_user, /* check_user_id */
NULL, /* check auth */
NULL, /* check access */
NULL, /* type_checker */
NULL, /* fixups */
NULL /* logger */
};