From owner-portmaster-users@mail.msen.com Mon Jun 12 09:59:29 1995 Sender: owner-portmaster-users@mail.msen.com Date: Mon, 12 Jun 1995 09:29:20 -0700 From: scotth@hoshi.corp.sgi.com (Scott Henry) Message-Id: <199506121629.JAA07280@hoshi.corp.sgi.com> To: sean@tcel.com Cc: portmaster-users@msen.com Subject: re: SGI Version of RadiusD? (plus encrypted password change) In-Reply-To: <199506111856.MAA01583@dns.tcel.com> References: <199506111856.MAA01583@dns.tcel.com> Sender: owner-portmaster-users@mail.msen.com Precedence: bulk Status: RO >>>>> "s" == sean writes: s> Does anyone have patches to radiusd to make it !work! with SGI IRIX s> 5.3? Here's what I changed to radiusd-1.16 (Livingston radiusd) to make it work. It contains *lots* more than just "compile" changes, since I also make the patch to keep passwords encrypted on disk (although I never finished the radpass changes, so I'm not sure that everything will compile as is...). BTW, you'd better *not* make the DBM changes here unless you are running XFS... *** Makefile.~1~ Tue Dec 27 09:32:28 1994 --- Makefile Fri Feb 24 13:52:01 1995 *************** *** 31,37 **** $(CC) $(CFLAGS) -o radiusd $(SERVER_OBJS) $(LIBS) radiusd.dbm: $(SERVERDBM_OBJS) ! $(CC) $(CFLAGS) -o radiusd.dbm $(SERVERDBM_OBJS) -ldbm $(LIBS) radiusd.o: $(SRCDIR)/radiusd.c $(INCLUDES) $(CC) $(CFLAGS) -c $(SRCDIR)/radiusd.c --- 31,37 ---- $(CC) $(CFLAGS) -o radiusd $(SERVER_OBJS) $(LIBS) radiusd.dbm: $(SERVERDBM_OBJS) ! $(CC) $(CFLAGS) -o radiusd.dbm $(SERVERDBM_OBJS) $(LIBS) radiusd.o: $(SRCDIR)/radiusd.c $(INCLUDES) $(CC) $(CFLAGS) -c $(SRCDIR)/radiusd.c *************** *** 49,55 **** $(CC) $(CFLAGS) -c $(SRCDIR)/users.c usersdbm.o: $(SRCDIR)/users.c $(INCLUDES) ! $(CC) $(CFLAGS) -DDBM -o usersdbm.o -c $(SRCDIR)/users.c util.o: $(SRCDIR)/util.c $(INCLUDES) $(CC) $(CFLAGS) -c $(SRCDIR)/util.c --- 49,55 ---- $(CC) $(CFLAGS) -c $(SRCDIR)/users.c usersdbm.o: $(SRCDIR)/users.c $(INCLUDES) ! $(CC) $(CFLAGS) -DUSE_DBM -o usersdbm.o -c $(SRCDIR)/users.c util.o: $(SRCDIR)/util.c $(INCLUDES) $(CC) $(CFLAGS) -c $(SRCDIR)/util.c *************** *** 58,67 **** $(CC) $(CFLAGS) -o version.o -c $(SRCDIR)/version.c versiondbm.o: $(SRCDIR)/version.c $(INCLUDES) ! $(CC) $(CFLAGS) -DDBM -o versiondbm.o -c $(SRCDIR)/version.c ! radpass: radpass.o md5.o util.o ! $(CC) $(CFLAGS) -o radpass radpass.o md5.o util.o $(LIBS) radpass.o: $(SRCDIR)/radpass.c $(INCLUDES) $(CC) $(CFLAGS) -c $(SRCDIR)/radpass.c --- 58,67 ---- $(CC) $(CFLAGS) -o version.o -c $(SRCDIR)/version.c versiondbm.o: $(SRCDIR)/version.c $(INCLUDES) ! $(CC) $(CFLAGS) -DUSE_DBM -o versiondbm.o -c $(SRCDIR)/version.c ! radpass: radpass.o md5.o util.o passutil.o ! $(CC) $(CFLAGS) -o radpass radpass.o md5.o util.o passutil.o $(LIBS) radpass.o: $(SRCDIR)/radpass.c $(INCLUDES) $(CC) $(CFLAGS) -c $(SRCDIR)/radpass.c *************** *** 69,76 **** md5.o: $(SRCDIR)/md5.c $(SRCDIR)/md5.h $(CC) $(CFLAGS) -c $(SRCDIR)/md5.c builddbm: builddbm.o ! $(CC) $(CFLAGS) -o builddbm builddbm.o -ldbm $(LIBS) builddbm.o: $(SRCDIR)/builddbm.c $(CC) $(CFLAGS) -c $(SRCDIR)/builddbm.c --- 69,79 ---- md5.o: $(SRCDIR)/md5.c $(SRCDIR)/md5.h $(CC) $(CFLAGS) -c $(SRCDIR)/md5.c + passutil.o: $(SRCDIR)/passutil.c $(INCLUDES) + $(CC) $(CFLAGS) -c $(SRCDIR)/passutil.c + builddbm: builddbm.o ! $(CC) $(CFLAGS) -o builddbm builddbm.o $(LIBS) builddbm.o: $(SRCDIR)/builddbm.c $(CC) $(CFLAGS) -c $(SRCDIR)/builddbm.c *** builddbm.c.~1~ Tue Dec 27 09:32:29 1994 --- builddbm.c Fri Feb 24 15:08:03 1995 *************** *** 55,60 **** --- 55,68 ---- FILE *userfd; + #ifdef dbm_error64 + /* SGI Irix-5.3 or Irix-6.0.1 with XFS is really required... */ + /* since EFS doesn't do holes in files */ + #define store store64 + #define dbminit dbminit64 + #define dbmclose dbmclose64 + #endif /* dbm_error64 */ + main(argc,argv) int argc; char **argv; *** radius.h.~1~ Tue Dec 27 09:32:29 1994 --- radius.h Wed Feb 22 12:13:46 1995 *************** *** 149,156 **** /* Default Database File Names */ ! #define RADIUS_DIR "/etc/raddb" ! #define RADACCT_DIR "/usr/adm/radacct" #define RADIUS_DICTIONARY "dictionary" #define RADIUS_CLIENTS "clients" --- 149,156 ---- /* Default Database File Names */ ! #define RADIUS_DIR "/var/raddb" ! #define RADACCT_DIR "/var/adm/radacct" #define RADIUS_DICTIONARY "dictionary" #define RADIUS_CLIENTS "clients" *** radiusd.c.~1~ Fri Jan 6 13:58:16 1995 --- radiusd.c Wed Feb 22 16:25:28 1995 *************** *** 1035,1040 **** --- 1035,1052 ---- user_msg = (char *)NULL; } } + else if(strlen(check_item->strvalue) == 13) { + /* 13 is the length of a unix crypt()ed password entry */ + /* this allows storing passwords in users file encrypted */ + char *encpw; + char *crypt(); + + encpw = crypt(string, check_item->strvalue); + if (strncmp(encpw, check_item->strvalue, 13) != 0) { + result = -1; + user_msg = (char *)NULL; + } + } else if(strcmp(check_item->strvalue, string) != 0) { result = -1; *** radpass.c.~1~ Tue Dec 27 09:32:30 1994 --- radpass.c Thu Feb 23 12:58:45 1995 *************** *** 28,33 **** --- 28,34 ---- static char sccsid[] = "@(#)radpass.c 1.5 Copyright 1992 Livingston Enterprises Inc"; + #include #include #include #include *************** *** 36,41 **** --- 37,43 ---- #include #include #include + #include #include "radius.h" *************** *** 59,65 **** struct sockaddr saremote; struct sockaddr_in *sin; struct servent *svp; ! u_short svc_port; AUTH_HDR *auth; u_char *username; u_char newpass1[AUTH_PASS_LEN]; --- 61,67 ---- struct sockaddr saremote; struct sockaddr_in *sin; struct servent *svp; ! u_short svc_port; AUTH_HDR *auth; u_char *username; u_char newpass1[AUTH_PASS_LEN]; *************** *** 76,89 **** int secretlen; int i; char *getpass(); progname = argv[0]; ! if(argc != 2) { usage(); } /* Get the user name */ ! username = argv[1]; svp = getservbyname ("radius", "udp"); if (svp == (struct servent *) 0) { --- 78,104 ---- int secretlen; int i; char *getpass(); + char *server; + extern char *optarg; + extern int optind, opterr, optopt; + int c; progname = argv[0]; ! server = NULL; ! while ((c = getopt(argc, argv, "s:")) != EOF) { ! switch (c) { ! case 's': ! server = optarg; ! break; ! } ! } ! ! if(argc < optind) { usage(); } /* Get the user name */ ! username = argv[optind]; svp = getservbyname ("radius", "udp"); if (svp == (struct servent *) 0) { *************** *** 93,99 **** svc_port = ntohs((u_short) svp->s_port); /* Get the IP address of the authentication server */ ! if((auth_ipaddr = get_ipaddr("radius-server")) == (UINT4)0) { fprintf(stderr, "Couldn't find host radius-server\n"); exit(-1); } --- 108,119 ---- svc_port = ntohs((u_short) svp->s_port); /* Get the IP address of the authentication server */ ! if (server == NULL) { ! if ((server = getenv("RADIUS_SERVER")) == NULL) { ! server = "radius-server"; ! } ! } ! if((auth_ipaddr = get_ipaddr(server)) == (u_long)0) { fprintf(stderr, "Couldn't find host radius-server\n"); exit(-1); } *************** *** 142,147 **** --- 162,175 ---- exit(-1); } + memset(newpass2, '\0', AUTH_PASS_LEN); + /* we are only sending unix-crypt passwords to the server for update */ + /* note that newpass1 gets overwritten with the encrypted version */ + if ((result = check_pass(oldpass, newpass1, username))) { + printf("Your new password was too simple. Please try again (%d)\n", result); + exit(1); + } + /* Build a password change request */ auth = (AUTH_HDR *)send_buffer; auth->code = PW_PASSWORD_REQUEST; *************** *** 276,282 **** usage() { ! printf("Usage: %s username\n", progname); exit(-1); } --- 304,310 ---- usage() { ! printf("Usage: %s [-s servername] username\n", progname); exit(-1); } *** users.c.~1~ Fri Jan 6 13:58:16 1995 --- users.c Fri Feb 24 17:15:56 1995 *************** *** 39,50 **** #include #include ! #ifdef DBM #include ! #endif /* DBM */ #include "radius.h" extern char *progname; --- 39,59 ---- #include #include ! #ifdef USE_DBM #include ! #ifdef dbm_error64 ! /* SGI Irix-5.3 or Irix-6.0.1 with XFS is really required... */ ! /* since EFS doesn't do holes in files */ ! #define store store64 ! #define dbminit dbminit64 ! #define dbmclose dbmclose64 ! #define fetch fetch64 ! #endif /* dbm_error64 */ + #endif /* USE_DBM */ + #include "radius.h" extern char *progname; *************** *** 82,91 **** int mode; VALUE_PAIR *check_first; VALUE_PAIR *reply_first; ! #ifdef DBM datum named; datum contentd; ! #endif /* DBM */ /* * Check for valid input, zero length names not permitted --- 91,100 ---- int mode; VALUE_PAIR *check_first; VALUE_PAIR *reply_first; ! #ifdef USE_DBM datum named; datum contentd; ! #endif /* USE_DBM */ /* * Check for valid input, zero length names not permitted *************** *** 114,124 **** * Open the user table */ sprintf(buffer, "%s/%s", radius_dir, RADIUS_USERS); ! #ifdef DBM if(dbminit(buffer) != 0) { ! #else /* DBM */ if((userfd = fopen(buffer, "r")) == (FILE *)NULL) { ! #endif /* DBM */ fprintf(stderr, "%s:Couldn't open %s for reading\n", progname, buffer); return(-1); --- 123,133 ---- * Open the user table */ sprintf(buffer, "%s/%s", radius_dir, RADIUS_USERS); ! #ifdef USE_DBM if(dbminit(buffer) != 0) { ! #else /* USE_DBM */ if((userfd = fopen(buffer, "r")) == (FILE *)NULL) { ! #endif /* USE_DBM */ fprintf(stderr, "%s:Couldn't open %s for reading\n", progname, buffer); return(-1); *************** *** 128,134 **** reply_first = (VALUE_PAIR *)NULL; ! #ifdef DBM named.dptr = name; named.dsize = strlen(name); contentd = fetch(named); --- 137,143 ---- reply_first = (VALUE_PAIR *)NULL; ! #ifdef USE_DBM named.dptr = name; named.dsize = strlen(name); contentd = fetch(named); *************** *** 180,186 **** } dbmclose(); ! #else /* DBM */ while(fgets(buffer, sizeof(buffer), userfd) != (char *)NULL) { if(mode == FIND_MODE_NAME) { --- 189,195 ---- } dbmclose(); ! #else /* USE_DBM */ while(fgets(buffer, sizeof(buffer), userfd) != (char *)NULL) { if(mode == FIND_MODE_NAME) { *************** *** 236,242 **** } } fclose(userfd); ! #endif /* DBM */ /* Update the callers pointers */ if(reply_first != (VALUE_PAIR *)NULL) { --- 245,251 ---- } } fclose(userfd); ! #endif /* USE_DBM */ /* Update the callers pointers */ if(reply_first != (VALUE_PAIR *)NULL) { *** version.c.~1~ Fri Jan 6 13:58:16 1995 --- version.c Wed Feb 22 13:05:46 1995 *************** *** 55,61 **** fprintf(stderr, "%s: RADIUS version %s\n", progname, VERSION); /* here are all the conditional feature flags */ ! #if defined(DBM) fprintf(stderr," DBM"); #endif #if defined(NOSHADOW) --- 55,61 ---- fprintf(stderr, "%s: RADIUS version %s\n", progname, VERSION); /* here are all the conditional feature flags */ ! #if defined(USE_DBM) fprintf(stderr," DBM"); #endif #if defined(NOSHADOW) *************** *** 86,91 **** --- 86,94 ---- #endif #if defined(M_UNIX) fprintf(stderr," M_UNIX"); + #endif + #if defined(__sgi) + fprintf(stderr, "__sgi"); #endif fprintf(stderr,"\n"); exit(-1); =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Scott Henry / Help! My disclaimer is missing! Networking Services, / GIGO *really* means: Garbage in, Gospel Out Silicon Graphics, Inc / non-virtual home page