diff --git a/CHANGES b/CHANGES index bca685c..70b98e8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ Sorry, this is in German only. :-( -Aenderungen in mars_nwe bis zum : 08-Feb-96 +Aenderungen in mars_nwe bis zum : 10-Feb-96 -------------------------------- Erste 'oeffentliche' Version ^^^^^^^^^^ VERSION 0.94 ^^^^^^^^ @@ -78,6 +78,11 @@ Erste 'oeffentliche' Version - Schalter 'm' fuer removable volumes ( z.B. CDROMS ) eingebaut. (Lauri Tischler) - func 0x17, ufunc 0x15 eingebaut. +- Makefile und mk.li abgeaendert. Laeuft nun auf der USL auch + mit Standardmake. +- Passwort Strategy erweitert. Nun ist es auch moeglich ueber + entry '7' in der ini Datei System-Passwoerter zu verwenden. + Es werden dann unencryted Passwoerter verwendet. diff --git a/Makefile b/Makefile index 236ca9b..d41af0b 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,12 @@ -# Makefile mars_nwe: 31-Jan-96 +# Makefile mars_nwe: 10-Feb-96 VPATH= +.EXPORT_ALL_VARIABLES: +# defaults, can be overwritten in mk.li +V_VPATH=.. +OBJDIR=obj + all: rmeflag mk.li config.h nw.ini @if [ -r .eflag ] ; then \ echo ""; \ @@ -33,6 +38,9 @@ clean: mk.li nw.ini distrib: mk.li nw.ini ./mk.li $@ +diff: + ./mk.li $@ + mk.li: examples/mk.li @if [ -r $@ ] ; then \ cp -f $@ $@.org && ( \ @@ -44,7 +52,7 @@ mk.li: examples/mk.li echo "" ) ; fi @ echo "" @ echo "" - @ - cp -i examples/$@ . + @- cp -i examples/$@ . @ touch -c $@ @ echo "" @ echo "********************************************************" diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..fb9553f --- /dev/null +++ b/NEWS @@ -0,0 +1,38 @@ +------13-Feb-96--------- +New alternative password strategy in mars_nwe: +There is an new entry '7' in ini/conf file. + +The user has now 4 ways to choose. +1. entry '7' = '0'. + maximal security by forbid unencryted password calls, + but till now no chance to modify passwords with client requests. + +2. entry '7' = '1'. + good security by only allow unencryted change password call. + Here the user can use an old SETPAS or SYSCON program which + make the changing of passwords with unencryted calls. + +3. entry '7' = '8'. + less security by allow all unencryted password calls. + Like 2. but the user can also use old LOGIN program + with unencryted passwords. Mars_nwe will allow password + from the bindery and system-user-password. + +4. entry '7' = '9'. + Like 3. but in additional the routine 0x17 ufunc=0x17 + (get crypt key) will allways fail. + So the LOGIN.EXE and SYSCON.EXE means that this is an old server + with only unencrypted passwords and will switch to the old unencryted + calls. + +With the unencryted calls the clear passwords will go through the +wire, so mars_nwe can compare the passwords as well with the +stored bindery passwords as with the system passwords (crypt). +But there is a little hint. Passwords will ever be uppercase sent +from LOGIN.EXE or SYSCON.EXE +Mars_nwe makes three tries. +First try is with bindery-password, second try is with system +user-password and third try is making the password downcase and +compare with systen-user-password again. +When a user changes his password, only the bindery password will +be changed. diff --git a/emutli.h b/emutli.h index 3a69659..0a9c7b9 100644 --- a/emutli.h +++ b/emutli.h @@ -17,6 +17,9 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#ifndef _EMUTLI_H_ +#define _EMUTLI_H_ + #include typedef unsigned char uint8; @@ -130,5 +133,5 @@ extern void set_emu_tli(void); #define IPX_FRAME_ETHERII IPX_RT_BLUEBOOK #endif - +#endif diff --git a/examples/config.h b/examples/config.h index d12be24..8a12a86 100644 --- a/examples/config.h +++ b/examples/config.h @@ -1,5 +1,6 @@ /* config.h: 08-Feb-96 */ /* some of this config is needed by make, others by cc */ +#define DO_DEBUG 1 /* Debugging einschalten */ #define FILENAME_NW_INI "/etc/nwserv.conf" /* full name of ini (conf) file */ #define PATHNAME_PROGS "/sbin" /* path location of progs */ #define PATHNAME_BINDERY "/etc" /* path location of bindery */ diff --git a/examples/mk.li b/examples/mk.li index 78a075c..4732dc0 100755 --- a/examples/mk.li +++ b/examples/mk.li @@ -1,5 +1,5 @@ #!/bin/sh -# mk.li 30-Jan-96 ### +# mk.li 10-Feb-96 ### # please edit this file ! mk() @@ -7,10 +7,14 @@ mk() MYBASE=`pwd`; ERRFILE=$TMP/`basename $MYBASE`.err; rm -f $ERRFILE; - if [ ! -d obj ] ; then mkdir obj; fi - cd obj; - $MAKE -f ../makefile.unx $@ 2>&1 | tee $ERRFILE; - cd ..; + if [ $V_VPATH = '..' ] ; then + if [ ! -d $OBJDIR ] ; then mkdir $OBJDIR; fi + cd $OBJDIR; + fi + $MAKE -f $V_VPATH/makefile.unx $@ 2>&1 | tee $ERRFILE; + if [ $V_VPATH = '..' ] ; then + cd ..; + fi chmod 666 $ERRFILE } @@ -19,13 +23,16 @@ UNX=`uname -s | $TOLOWER` case $UNX in linux) - CC=cc; - CCP="cc -E"; + V_VPATH=".." + OBJDIR="obj" + CC=cc + CPP="cc -E" # CFLAGS="-pipe -O2 -fomit-frame-pointer" # problems gcc2.5.8 ^^^^^^^^^^^^^^^^^^^^^ - CFLAGS="-pipe" + CFLAGS="-pipe -Wall" HOSTCFLAGS="-DLINUX" NDBMLIB="-ldbm" + CRYPTLIB="" NSLLIB="" MAKE=make TMP=/tmp @@ -33,13 +40,16 @@ case $UNX in ;; ########### USL UNIX ############## unix_sv) + V_VPATH="." + OBJDIR="." CC=cc - CCP="gcc -E" - CFLAGS="-pipe" + CPP="cc -E" + CFLAGS= HOSTCFLAGS="" NDBMLIB="/usr/ucblib/libucb.a" + CRYPTLIB="-lgen" NSLLIB="-lnsl" - MAKE=gmake + MAKE=make TMP=/tmp INSTALL=/usr/ucb/install ;; @@ -48,12 +58,15 @@ case $UNX in esac export CC -export CCP +export CPP export CFLAGS export HOSTCFLAGS export NDBMLIB +export CRYPTLIB export NSLLIB export TMP export INSTALL +export V_VPATH +export OBJDIR mk $@ diff --git a/examples/nw.ini b/examples/nw.ini index d67d6eb..d764313 100644 --- a/examples/nw.ini +++ b/examples/nw.ini @@ -1,5 +1,5 @@ # (C)opyright 1993, 1995, Martin Stover, Softwareentwicklung, Marburg -# last change: 08-Feb-96 +# last change: 13-Feb-96 # MAR.S NW-Server Emulator # Einfache Konfiguration, alles ab # ist Kommentar. # Jeder Eintrag beginnt mit einer Zahl und dann folgt der Inhalt. @@ -53,15 +53,22 @@ # since V 0.96pl8. To test them, this entry must be set to '1'. # and config.h must be altered to allow namespace calls. 6 0 # tells server version: 2.15=0, 3.11=1 +# Password handling +7 0 # 0 = use only encrypted passwords stuff (default) + # 1 = allow the unencrypted change password routine. + # 8 = allow all unencrypted stuff. + # 9 = use all unencryted calls + get crypt key will allways fail + # so the login program will use the old unencryted calls. ###################################### # GID and UID for _minimal_ rights # will be used for not logins 10 200 # GID 11 201 # UID ############################# -# the following passwords can be removed after the first +# the following passwords should be removed after the first # start, because these entries will be inserted (crypted) into -# the bindery +# the bindery. If you specify a password here, then this password +# will be put into bindery after every start of mars_nwe. # one entry 12 for SUPERVISOR ## NW-Name UNIX-Name [PASSWORD] 12 SUPERVISOR root MYPW # Supervisor diff --git a/makefile.unx b/makefile.unx index 19fec7c..dfdfa3d 100644 --- a/makefile.unx +++ b/makefile.unx @@ -1,14 +1,15 @@ #if 0 -#makefile.unx 07-Feb-96 +#makefile.unx 10-Feb-96 #endif -VPATH=.. + +VPATH=$(V_VPATH) + O=.o C=.c -DEBUG=-DDB V_H=0 V_L=96 -P_L=8 +P_L=9 #define D_P_L 1 DISTRIB=mars_nwe #if D_P_L @@ -47,9 +48,9 @@ distrib: $(DESTMAKEFILE) distrib_bin: $(DESTMAKEFILE) $(MAKE) -f $(DESTMAKEFILE) n_$@ -$(DESTMAKEFILE): makefile.unx config.h +$(DESTMAKEFILE): $(VPATH)/makefile.unx $(VPATH)/config.h rm -f $@ - cp ../makefile.unx makefile.c + cp $(VPATH)/makefile.unx makefile.c $(CPP) $(HOSTCFLAGS) -I$(VPATH) makefile.c > $@ rm -f makefile.c #endif @@ -103,40 +104,42 @@ OBJS= net1$(O) tools$(O) connect$(O) nwdbm$(O) $(NWROUTE_O) \ HOBJ3= $(PROG3)$(O) connect$(O) namspace$(O) nwvolume$(O) nwfile$(O) -$(PROG1): $(PROG1)$(O) $(OBJ1) - $(CC) -o ../$(PROG1) $(PROG1)$(O) $(OBJ1) $(NSLLIB) +#if 0 +#$(PROG1): $(PROG1)$(O) $(OBJ1) +# $(CC) -o $(VPATH)/$(PROG1) $(PROG1)$(O) $(OBJ1) $(NSLLIB) +#endif $(PROG2): $(PROG2)$(O) $(OBJ2) - $(CC) -o ../$(PROG2) $(PROG2)$(O) $(OBJ2) $(NSLLIB) + $(CC) -o $(VPATH)/$(PROG2) $(PROG2)$(O) $(OBJ2) $(NSLLIB) #if 0 -#$(CC) -o ../$(PROG2) $(PROG2)$(O) $(OBJ2) $(NDBMLIB) $(NSLLIB) +#$(CC) -o $(VPATH)/$(PROG2) $(PROG2)$(O) $(OBJ2) $(NDBMLIB) $(NSLLIB) #endif $(PROG3): $(PROG3)$(O) $(OBJ3) - $(CC) -o ../$(PROG3) $(PROG3)$(O) $(OBJ3) $(NSLLIB) + $(CC) -o $(VPATH)/$(PROG3) $(PROG3)$(O) $(OBJ3) $(NSLLIB) $(PROG4): $(PROG4)$(O) $(OBJ4) - $(CC) -o ../$(PROG4) $(PROG4)$(O) $(OBJ4) $(NDBMLIB) $(NSLLIB) + $(CC) -o $(VPATH)/$(PROG4) $(PROG4)$(O) $(OBJ4) $(NDBMLIB) $(CRYPTLIB) $(NSLLIB) $(PROG5): $(PROG5)$(O) $(OBJ5) - $(CC) -o ../$(PROG5) $(PROG5)$(O) $(OBJ5) $(NSLLIB) + $(CC) -o $(VPATH)/$(PROG5) $(PROG5)$(O) $(OBJ5) $(NSLLIB) $(HOBJ3): namspace.h connect.h nwvolume.h nwfile.h $(OBJS): net.h config.h $(C)$(O): - $(CC) -c $(CFLAGS) $(HOSTCFLAGS) $(DEBUG)\ + $(CC) -c $(CFLAGS) $(HOSTCFLAGS) \ -D_VERS_H_=$(V_H) -D_VERS_L_=$(V_L) -D_VERS_P_=$(P_L) $< n_all: $(PROGS) n_install_ini: - cd .. && $(INSTALL) -m 664 nw.ini $(M_FILENAME_NW_INI) && cd obj + cd $(VPATH) && $(INSTALL) -m 664 nw.ini $(M_FILENAME_NW_INI) && cd $(OBJDIR) n_install: - cd .. && $(INSTALL) -d $(M_PATHNAME_PROGS) && cd obj - cd .. && $(INSTALL) $(PROGS) $(M_PATHNAME_PROGS) && cd obj - @cd .. && (if [ -r $(M_FILENAME_NW_INI) ] ; then \ + cd $(VPATH) && $(INSTALL) -d $(M_PATHNAME_PROGS) && cd $(OBJDIR) + cd $(VPATH) && $(INSTALL) $(PROGS) $(M_PATHNAME_PROGS) && cd $(OBJDIR) + @cd $(VPATH) && (if [ -r $(M_FILENAME_NW_INI) ] ; then \ echo ""; \ echo "********************************************************"; \ echo ""; \ @@ -154,20 +157,20 @@ echo "$(M_FILENAME_NW_INI) created from nw.ini"; \ echo ""; \ echo "********************************************************"; \ echo ""; \ -fi; cd obj ) +fi; cd $(OBJDIR) ) n_clean1: - cd .. && (rm -f ~* examples/~* examples/.e.pck; cd obj) + cd $(VPATH) && (rm -f ~* examples/~* examples/.e.pck; cd $(OBJDIR)) n_clean: n_clean1 rm -f *.o - cd .. && (rm -f $(PROGS); cd obj ) + cd $(VPATH) && (rm -f $(PROGS); cd $(OBJDIR) ) n_distclean: n_clean - cd .. && (rm -f *.dir *.pag; cd obj) + cd $(VPATH) && (rm -f *.dir *.pag; cd $(OBJDIR)) n_make_dir: n_clean1 - cd .. && (rm -rf obj/../$(DISTRIB) \ + cd $(VPATH) && (rm -rf $(OBJDIR)/$(VPATH)/$(DISTRIB) \ ; mkdir $(DISTRIB) \ ; mkdir $(DISTRIB)/examples \ ; ln -f \ @@ -175,6 +178,7 @@ n_make_dir: n_clean1 makefile.unx \ Makefile \ COPYING \ + NEWS \ CHANGES \ README \ README.ger \ @@ -186,17 +190,17 @@ n_make_dir: n_clean1 ; ln -f \ examples/$(STERN) \ $(DISTRIB)/examples/. \ -; cd obj ) +; cd $(OBJDIR) ) n_diff: n_make_dir - cd .. && ( \ + cd $(VPATH) && ( \ makepatch $(DISTRIB).org $(DISTRIB) > $(PATCHF) \ ; gzip -9 -f $(PATCHF) \ -; cd obj ) +; cd $(OBJDIR) ) n_distrib: n_diff -mkdir /tmp/x - cd .. && (tar cvzf $(DISTRIBF).tgz $(DISTRIB) \ + cd $(VPATH) && (tar cvzf $(DISTRIBF).tgz $(DISTRIB) \ ; uue $(DISTRIBF).tgz; mv -f $(DISTRIB)-$(V_H).uue $(DISTRIBF).uue \ ; cp -a $(DISTRIB)/$(DISTRIB).lsm /tmp/yy \ ; echo "" >> /tmp/yy \ @@ -206,19 +210,20 @@ n_distrib: n_diff ; rm $(DISTRIBF).uue \ ; mv $(DISTRIBF).tgz /tmp/x/. \ ; cp -a $(DISTRIB)/$(DISTRIB).lsm /tmp/x/. \ -; cd obj ) +; cd $(OBJDIR) ) n_distrib_bin: - cd .. && (tar cvzf /tmp/$(DISTRIB).bin.tgz \ + cd $(VPATH) && (tar cvzf /tmp/$(DISTRIB).bin.tgz \ $(PROGS) \ COPYING \ INSTALL \ INSTALL.ger \ + NEWS \ CHANGES \ README \ README.ger \ $(DISTRIB).lsm \ examples \ -; cd obj) +; cd $(OBJDIR)) diff --git a/mars_nwe.lsm b/mars_nwe.lsm index 1ae6f7c..316d798 100644 --- a/mars_nwe.lsm +++ b/mars_nwe.lsm @@ -1,7 +1,7 @@ Begin3 Title: mars_nwe -Version: 0.96pl8 -Entered-date: 08-Feb-96 +Version: 0.96pl9 +Entered-date: 13-Feb-96 Description: full novell-server-emulator (src),beta supports file-services, bindery-services, printing-services, routing-services @@ -9,7 +9,7 @@ Keywords: novell, netware, server, ipx, ncp, tli Author: mstover@freeway.de (Martin Stover) Maintained-by: mstover@freeway.de (Martin Stover) Primary-site: linux01.gwdg.de /pub/ncpfs - 120kB mars_nwe-0.96.pl7.tgz + 110kB mars_nwe-0.96.pl9.tgz Alternate-site: ftp.uni-duisburg.de /pub/linux/ipxware Platforms: Linux (1.2.xx, 1.3.32, > 1.3.55 tested, others should work) Copying-policy: GNU diff --git a/namspace.c b/namspace.c index aadd44e..edc843f 100644 --- a/namspace.c +++ b/namspace.c @@ -219,7 +219,7 @@ int touch_handle_entry(int dbase) char *debug_nwpath_name(N_NW_PATH *p) /* for debugging */ { -#ifdef DB +#if DO_DEBUG static char nwpathname[512]; char volname[300]; if (nw_get_volume_name(p->volume, volname) < 0) diff --git a/ncpserv.c b/ncpserv.c index 1d4bfff..d2fd163 100644 --- a/ncpserv.c +++ b/ncpserv.c @@ -1,5 +1,5 @@ /* ncpserv.c */ -#define REVISION_DATE "08-Feb-96" +#define REVISION_DATE "13-Feb-96" /* (C)opyright (C) 1993,1996 Martin Stover, Marburg, Germany * * This program is free software; you can redistribute it and/or modify @@ -112,7 +112,7 @@ typedef struct { ipxAddr_t client_adr; /* address client */ uint32 object_id; /* logged object */ /* 0 = not logged in */ - uint8 crypt_key[8]; /* password generierung */ + uint8 crypt_key[8]; /* password generation */ uint8 message[60]; /* saved BCastmessage */ int sequence; /* previous sequence */ int retry; /* one reply being serviced is sent */ @@ -159,7 +159,7 @@ static int new_conn_nr(void) return(0); /* nothing free */ } -int free_conn_nr(int nr) +static int free_conn_nr(int nr) { if (nr && --nr < anz_connect) { connections[nr].fd = -1; @@ -168,7 +168,7 @@ int free_conn_nr(int nr) return(-1); } -int find_conn_nr(ipxAddr_t *addr) +static int find_conn_nr(ipxAddr_t *addr) { int j = -1; while (++j < anz_connect) { @@ -179,7 +179,7 @@ int find_conn_nr(ipxAddr_t *addr) return(0); } -void clear_connection(int conn) +static void clear_connection(int conn) { nwserv_close_wdog(conn); if (conn > 0 && --conn < anz_connect) { @@ -188,7 +188,7 @@ void clear_connection(int conn) close(c->fd); c->fd = -1; if (c->pid > -1) { - kill(c->pid, SIGTERM); /* hier nochmal's killen */ + kill(c->pid, SIGTERM); /* kill it */ c->pid = -1; } } @@ -202,9 +202,15 @@ void clear_connection(int conn) } } -int find_get_conn_nr(ipxAddr_t *addr) +static int find_get_conn_nr(ipxAddr_t *addr) { int connection=find_conn_nr(addr); +#if 0 + if (connection) { + clear_connection(connection); + connection=0; + } +#endif if (!connection){ if ((connection = new_conn_nr()) > 0){ CONNECTION *c=&(connections[connection-1]); @@ -464,16 +470,24 @@ static int handle_fxx(CONNECTION *c, int gelen, int func) NETOBJ obj; char password[80]; obj.type = GET_BE16(p); - strmaxcpy((char*)obj.name, (char*)(p+3), (int) *(p+2)); + xstrmaxcpy(obj.name, p+3, (int) *(p+2)); upstr(obj.name); - strmaxcpy(password, (char*)(p1+1), - max(sizeof(password)-1, (int) *p1)); - XDPRINTF((1, 0, "TODO:LOGIN unencrypted PW NAME='%s', PASSW='%s'", + xstrmaxcpy(password, p1+1, (int) *p1); + XDPRINTF((10, 0, "LOGIN unencrypted PW NAME='%s', PASSW='%s'", obj.name, password)); if (0 == (result = find_obj_id(&obj, 0))) { - /* TODO: check password !!!!!!! */ - ;; - result = 0xff; + if (password_scheme & PW_SCHEME_LOGIN) { +#if 0 + if (obj.id == 1) { + result=-0xff; /* SUPERVISOR ever encryted !! */ + XDPRINTF((1, 0, "Supervisor tried unencrypted LOGIN")); + } else +#endif + result=nw_test_unenpasswd(obj.id, password); + } else { + XDPRINTF((1, 0, "unencryted logins are not enabled")); + result=-0xff; + } } if (!result) { c->object_id = obj.id; /* actuell Object ID */ @@ -547,13 +561,15 @@ static int handle_fxx(CONNECTION *c, int gelen, int func) uint8 *pp = responsedata; data_len = k; while (k--) *pp++ = *p++ = -#if 0 +#ifndef _MAR_TESTS_ (uint8) rand(); #else (uint8) k; #endif /* if all here are same (1 or 2) then the resulting key is */ /* 00000000 */ + if (password_scheme & PW_SCHEME_GET_KEY_FAIL) + completition=0xfb; } break; @@ -562,7 +578,8 @@ static int handle_fxx(CONNECTION *c, int gelen, int func) NETOBJ obj; int result; obj.type = GET_BE16(p); - strmaxcpy((char*)obj.name, (char*)(p+3), *(p+2)); + obj.id = 0; + xstrmaxcpy(obj.name, (char*)(p+3), *(p+2)); upstr(obj.name); XDPRINTF((2, 0, "LOGIN CRYPTED PW NAME='%s'",obj.name)); if (0 == (result = find_obj_id(&obj, 0))) @@ -573,7 +590,13 @@ static int handle_fxx(CONNECTION *c, int gelen, int func) get_guid((int*)(rdata+2), (int*)(rdata+2+sizeof(int)), obj.id); in_len=12 + 2*sizeof(int); return(-1); /* nwconn must do the rest */ - } else completition = (uint8) -result; + } else { + if ((password_scheme & PW_SCHEME_LOGIN) && + result == -0xff && obj.id != 1) /* not supervisor */ + completition = 0xfb; /* We lie here, to force LOGIN */ + else /* to use the old call */ + completition = (uint8) -result; + } } break; @@ -720,7 +743,7 @@ static int handle_fxx(CONNECTION *c, int gelen, int func) uint8 *p = rdata; NETOBJ obj; obj.type = GET_BE16(p+1); - strmaxcpy((char*)obj.name, (char*)(p+4), (int) *(p+3)); + xstrmaxcpy(obj.name, (char*)(p+4), (int) *(p+3)); result = nw_change_obj_security(&obj, (int)*p); } if (result < 0) completition = (uint8) -result; @@ -756,8 +779,6 @@ static int handle_fxx(CONNECTION *c, int gelen, int func) if (result < 0) completition = (uint8) -result; } break; - - case 0x3b : { /* Change Prop Security */ uint8 *p = rdata; int object_type = GET_BE16(p); @@ -847,21 +868,34 @@ static int handle_fxx(CONNECTION *c, int gelen, int func) if (result) completition = (uint8) -result; } break; - case 0x40: { /* change object password */ - uint8 *p = rdata; - NETOBJ obj; - int result; - obj.type = GET_BE16(p); - strmaxcpy((char*)obj.name, (char*)(p+3), *(p+2)); - upstr(obj.name); - if (0 == (result = find_obj_id(&obj, 0))) { - ;; + case 0x40: { /* change object password */ + if (password_scheme & PW_SCHEME_CHANGE_PW) { + uint8 *p = rdata; + uint8 oldpassword[50]; + uint8 newpassword[50]; + NETOBJ obj; + int result; + obj.type = GET_BE16(p); + p+=2; + xstrmaxcpy(obj.name, p+1, (int) *p); + upstr(obj.name); + p += ((*p)+1); + xstrmaxcpy(oldpassword, p+1, (int) *p); + p += ((*p)+1); + xstrmaxcpy(newpassword, p+1, (int) *p); + if (0 == (result = find_obj_id(&obj, 0))) { + XDPRINTF((6, 0, "CHPW: OLD=`%s`, NEW=`%s`", oldpassword, + newpassword)); + if (c->object_id == 1 || + 0 == (result=nw_test_unenpasswd(obj.id, oldpassword))) + result=nw_set_passwd(obj.id, newpassword); + } + if (result < 0) completition = (uint8) -result; + } else { + XDPRINTF((1, 0, "Change object password unencryted not enabled")); + completition=0xff; } - if (result < 0) completition = (uint8) -result; - XDPRINTF((1, 0, "TODO: Change Obj PW from OBJECT='%s', result=%d", - obj.name, result)); - completition=0xff; - } break; + } break; case 0x41 : { /* add Bindery Object to Set */ uint8 *p = rdata; @@ -1039,7 +1073,7 @@ static int handle_fxx(CONNECTION *c, int gelen, int func) /* !!!!!! TO DO */ NETOBJ obj; obj.id = GET_BE32(rdata); - XDPRINTF((1, 0, "TODO:READ QUEUE STATUS von Q=0x%lx", obj.id)); + XDPRINTF((1, 0, "TODO:READ QUEUE STATUS of Q=0x%lx", obj.id)); completition=0xd5; /* no Queue Job */ }break; @@ -1450,7 +1484,7 @@ int main(int argc, char *argv[]) int anz=write(c->fd, (char*)ncprequest, in_len); XDPRINTF((10,0, "write to %d, anz = %d", c->fd, anz)); if (func == 0x19) { /* logout */ - c->object_id = 0; /* not LOGGED */ + c->object_id = 0; /* not LOGIN */ } } c->sequence = ncprequest->sequence; /* save last sequence */ @@ -1492,7 +1526,7 @@ int main(int argc, char *argv[]) CONNECTION *c = &(connections[connection-1]); int anz; c->message[0] = '\0'; - c->object_id = 0; /* firsttime set 0 for NOT LOGGED */ + c->object_id = 0; /* firsttime set 0 for NOT LOGIN */ c->sequence = 0; anz=write(c->fd, (char*)ncprequest, in_len); XDPRINTF((10, 0, "write to oldconn %d, anz = %d", c->fd, anz)); diff --git a/net.h b/net.h index eb69779..9f3bd89 100644 --- a/net.h +++ b/net.h @@ -1,4 +1,4 @@ -/* net.h 08-Feb-96 */ +/* net.h 11-Feb-96 */ /* (C)opyright (C) 1993,1996 Martin Stover, Marburg, Germany * @@ -95,6 +95,10 @@ /* ===================> config.h <======================= */ #include "config.h" +#ifndef DO_DEBUG +# define DO_DEBUG 1 +#endif + #ifndef MAX_CONNECTIONS # define MAX_CONNECTIONS 5 /* maximum Number of Connections */ #endif diff --git a/nwclient.c b/nwclient.c index b7f0c37..1e78ab3 100644 --- a/nwclient.c +++ b/nwclient.c @@ -1,4 +1,4 @@ -/* nwclient.c: 24-Dec-95 */ +/* nwclient.c: 10-Feb-96 */ /* * Einfacher Testclient, wird von nwserv (im Client Modus) gestartet * Dieses Modul hilft dabei, NCP Responses eines @@ -31,7 +31,7 @@ static ipxAddr_t my_addr; static int fd_ipx; static int fd_wdog; -static int open_socket() +static int open_socket(int *sock_nr) { int ipx_fd=t_open("/dev/ipx", O_RDWR, NULL); struct t_bind bind; @@ -39,7 +39,11 @@ static int open_socket() t_error("t_open !Ok"); return(-1); } - U16_TO_BE16(0, my_addr.sock); + if (sock_nr) { + U16_TO_BE16(*sock_nr, my_addr.sock); + } else { + U16_TO_BE16(0, my_addr.sock); + } bind.addr.len = sizeof(ipxAddr_t); bind.addr.maxlen = sizeof(ipxAddr_t); bind.addr.buf = (char*)&my_addr; @@ -49,14 +53,17 @@ static int open_socket() t_close(ipx_fd); return(-1); } + if (sock_nr) *sock_nr=GET_BE16(my_addr.sock); XDPRINTF((1,0, "socket bound TO %s", visable_ipx_adr(&my_addr) )); return(ipx_fd); } static int init_client() { - return( (fd_ipx = open_socket()) > -1 - && (fd_wdog = open_socket()) > -1 ? 0 : 1); + int sock_nr=0; + return( (fd_ipx = open_socket(&sock_nr)) > -1 + && sock_nr++ + && (fd_wdog = open_socket(&sock_nr)) > -1 ? 0 : 1); } /* DATA OUT */ @@ -196,6 +203,7 @@ static int get_conn_nr(void) { ncp_request(0x1111, sequence, 0xff, 0, 0xff, 0, 0, "Get Connection Nr."); + if (!handle_event()) { connection = ncpresponse->connection; XDPRINTF((1, 0, "NWCLIENT GOT CONNECTION NR:%d", connection)); @@ -716,6 +724,7 @@ int main(int argc, char **argv) get_server_time(); do_5f(); + file_search_init(NULL, 1, NULL); get_bindery_access(); get_bindery_object_id(1, "SUPERVISOR"); diff --git a/nwconn.c b/nwconn.c index c5a5a68..e753c9a 100644 --- a/nwconn.c +++ b/nwconn.c @@ -1,4 +1,4 @@ -/* nwconn.c 07-Feb-96 */ +/* nwconn.c 10-Feb-96 */ /* one process / connection */ /* (C)opyright (C) 1993,1996 Martin Stover, Marburg, Germany @@ -204,7 +204,7 @@ static void handle_ncp_serv() case 0x16 : { - uint8 len = *(requestdata+1); + /* uint8 len = *(requestdata+1); */ uint8 *p = requestdata +2; if (0 == *p){ /****** * SetDirektoryHandle *************/ @@ -472,7 +472,7 @@ static void handle_ncp_serv() } else if (*p == 0x20){ /* scan volume user disk restrictions */ uint8 volnr = *(p+1); - uint32 sequenz = GET_BE32(p+2); + /* uint32 sequenz = GET_BE32(p+2); */ struct XDATA { uint8 entries; /* 0x0 */ /*--- per entry (max.entries = 12) ----*/ @@ -636,7 +636,7 @@ static void handle_ncp_serv() #if 1 case 0x17 : { /* FILE SERVER ENVIRONMENT */ - uint8 len = *(requestdata+1); + /* uint8 len = *(requestdata+1); */ uint8 ufunc = *(requestdata+2); switch (ufunc) { case 0x14: @@ -698,9 +698,9 @@ static void handle_ncp_serv() } break; - case 0x68: /* creat queue job and file old */ - case 0x79: { /* creat queue job and file */ - /* somme of this call is handled in ncpserv !! */ + case 0x68: /* create queue job and file old */ + case 0x79: { /* create queue job and file */ + /* some of this call is handled in ncpserv !! */ struct INPUT { uint8 header[7]; /* Requestheader */ uint8 packetlen[2]; /* low high */ @@ -746,7 +746,7 @@ static void handle_ncp_serv() break; case 0xf3: { /* Map Direktory Number TO PATH */ - XDPRINTF((2,0, "TODO: Map Direktory Number TO PATH")); + XDPRINTF((2,0, "TODO: Map Directory Number TO PATH")); completition = 0xff; } break; @@ -1027,12 +1027,12 @@ static void handle_ncp_serv() } break; - case 0x46 : /* chmod Datei ??? */ + case 0x46 : /* chmod file ??? */ { struct INPUT { uint8 header[7]; /* Requestheader */ uint8 attrib; /* 0x80, od 0x0 */ - /* 0x80 z.B. fr Sharable */ + /* 0x80 for example for sharable */ uint8 dir_handle; /* ??? z.B.0x1 */ uint8 modus; /* z.B.0x6 */ uint8 len; diff --git a/nwdbm.c b/nwdbm.c index 3070fca..0ae18a6 100644 --- a/nwdbm.c +++ b/nwdbm.c @@ -1,4 +1,4 @@ -/* nwdbm.c 13-Jan-96 data base for mars_nwe */ +/* nwdbm.c 12-Feb-96 data base for mars_nwe */ /* (C)opyright (C) 1993,1995 Martin Stover, Marburg, Germany * * This program is free software; you can redistribute it and/or modify @@ -26,12 +26,18 @@ #include "nwcrypt.h" #ifdef LINUX # include +# define SHADOW_PWD 0 #else # include +# define SHADOW_PWD 1 #endif +#if SHADOW_PWD +# include +#endif int tells_server_version=0; +int password_scheme=0; static char *fnprop = "nwprop"; static char *fnval = "nwval"; @@ -903,20 +909,33 @@ uint32 nw_new_create_prop(uint32 wanted_id, return(obj.id); } -struct passwd *nw_getpwnam(uint32 obj_id) +typedef struct { + int pw_uid; + int pw_gid; + char pw_passwd[80]; +} MYPASSWD; + +static MYPASSWD *nw_getpwnam(uint32 obj_id) { - static struct passwd pwstat; + static MYPASSWD pwstat; char buff[200]; if (nw_get_prop_val_str(obj_id, "UNIX_USER", buff) > 0){ struct passwd *pw = getpwnam(buff); if (NULL != pw) { memcpy(&pwstat, pw, sizeof(struct passwd)); + pwstat.pw_uid = pw->pw_uid; + pwstat.pw_gid = pw->pw_gid; + xstrcpy(pwstat.pw_passwd, pw->pw_passwd); +#if SHADOW_PWD + if (pwstat.pw_passwd[0] == 'x' && pwstat.pw_passwd[1]=='\0') { + struct spwd *spw=getspnam(buff); + if (spw) xstrcpy(pwstat.pw_passwd, spw->sp_pwdp); + } +#endif XDPRINTF((2,0, "FOUND obj_id=0x%x, pwnam=%s, gid=%d, uid=%d", obj_id, buff, pw->pw_gid, pw->pw_uid)); - endpwent (); return(&pwstat); } - endpwent (); } XDPRINTF((2,0, "NOT FOUND PWNAM of obj_id=0x%x", obj_id)); return(NULL); @@ -925,7 +944,7 @@ struct passwd *nw_getpwnam(uint32 obj_id) int get_guid(int *gid, int *uid, uint32 obj_id) /* searched for gid und uid of actual obj */ { - struct passwd *pw = nw_getpwnam(obj_id); + MYPASSWD *pw = nw_getpwnam(obj_id); if (NULL != pw) { *gid = pw->pw_gid; *uid = pw->pw_uid; @@ -937,6 +956,15 @@ int get_guid(int *gid, int *uid, uint32 obj_id) } } +static int crypt_pw_ok(uint8 *password, char *passwd) +/* returns 0 if not ok */ +{ + char pnul[2] = {'\0', '\0'}; + char *pp = (password) ? (char*)password : pnul; + char *p = crypt(pp, passwd); + return( (strcmp(p, passwd)) ? 0 : 1 ); +} + int nw_test_passwd(uint32 obj_id, uint8 *vgl_key, uint8 *akt_key) /* returns 0, if password ok and -0xff if not ok */ { @@ -946,7 +974,42 @@ int nw_test_passwd(uint32 obj_id, uint8 *vgl_key, uint8 *akt_key) memcpy(keybuff, vgl_key, sizeof(keybuff)); nw_encrypt(keybuff, buf, keybuff); return (memcmp(akt_key, keybuff, sizeof(keybuff)) ? -0xff : 0); - } else return(0); /* no password */ + } else { + if (password_scheme & PW_SCHEME_LOGIN) { + MYPASSWD *pw = nw_getpwnam(obj_id); + if (pw && *(pw->pw_passwd) && !crypt_pw_ok(NULL, pw->pw_passwd)) + return(-0xff); + if (obj_id == 1) return(-0xff); + } + return(0); /* no password */ + } +} + +int nw_test_unenpasswd(uint32 obj_id, uint8 *password) +{ + uint8 passwordu[100]; + uint8 passwd[200]; + uint8 stored_passwd[200]; + MYPASSWD *pw; + if (password && *password + && nw_get_prop_val_str(obj_id, "PASSWORD", stored_passwd) > 0 ) { + uint8 s_uid[4]; + U32_TO_BE32(obj_id, s_uid); + xstrcpy(passwordu, password); + upstr(passwordu); + shuffle(s_uid, passwordu, strlen(passwordu), passwd); + if (!memcmp(passwd, stored_passwd, 16)) return(0); + } + if (NULL != (pw = nw_getpwnam(obj_id))) { + int pwok = crypt_pw_ok(password, pw->pw_passwd); + if (!pwok) { + uint8 passwordu[100]; + xstrcpy(passwordu, password); + downstr(passwordu); + pwok = crypt_pw_ok(passwordu, pw->pw_passwd); + } + return((pwok) ? 0 : -0xff); + } else return(-0xff); } int nw_set_enpasswd(uint32 obj_id, uint8 *passwd) @@ -993,6 +1056,7 @@ int nw_set_passwd(uint32 obj_id, char *password) return(nw_set_enpasswd(obj_id, NULL)); } + int prop_add_new_member(uint32 obj_id, int prop_id, uint32 member_id) /* addiert member to set, if member not in set */ { @@ -1123,6 +1187,17 @@ void nw_fill_standard(char *servername, ipxAddr_t *adr) while (0 != (what =get_ini_entry(f, 0, (char*)buff, sizeof(buff)))) { if (6 == what) { /* Server Version */ tells_server_version = atoi(buff); + } else if (7 == what) { /* password_scheme */ + int pwscheme = atoi(buff); + password_scheme = 0; + switch (pwscheme) { + case 9 : password_scheme |= PW_SCHEME_GET_KEY_FAIL; + case 8 : password_scheme |= PW_SCHEME_LOGIN; + case 1 : password_scheme |= PW_SCHEME_CHANGE_PW; + break; + default : password_scheme = 0; + break; + } /* switch */ } else if (21 == what) { /* QUEUES */ char name[100]; char directory[200]; diff --git a/nwdbm.h b/nwdbm.h index be69747..7b5663f 100644 --- a/nwdbm.h +++ b/nwdbm.h @@ -1,4 +1,4 @@ -/* nwdbm.h 08-Jan-96 */ +/* nwdbm.h 12-Feb-96 */ /* (C)opyright (C) 1993,1995 Martin Stover, Marburg, Germany * * This program is free software; you can redistribute it and/or modify @@ -15,6 +15,8 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#ifndef _NWDBM_H_ +#define _NWDBM_H_ #define NETOBJ_KEY_SIZE 4 @@ -59,6 +61,12 @@ typedef struct { #define P_FL_SET 0x2 extern int tells_server_version; +extern int password_scheme; + +#define PW_SCHEME_CHANGE_PW 1 +#define PW_SCHEME_LOGIN 2 +#define PW_SCHEME_GET_KEY_FAIL 4 + extern int nw_get_prop(int object_type, uint8 *object_name, int object_namlen, @@ -171,9 +179,12 @@ extern uint32 nw_new_create_prop(uint32 wanted_id, extern int get_guid(int *gid, int *uid, uint32 obj_id); extern int nw_test_passwd(uint32 obj_id, uint8 *vgl_key, uint8 *akt_key); +extern int nw_test_unenpasswd(uint32 obj_id, uint8 *password); +extern int nw_set_passwd(uint32 obj_id, char *password); + extern int nw_get_q_dirname(uint32 q_id, uint8 *buff); extern int nw_get_q_prcommand(uint32 q_id, uint8 *buff); extern void nw_fill_standard(char *servername, ipxAddr_t *adr); extern void nw_init_dbm(char *servername, ipxAddr_t *adr); - +#endif diff --git a/nwserv.c b/nwserv.c index b239363..d37a475 100644 --- a/nwserv.c +++ b/nwserv.c @@ -1,4 +1,4 @@ -/* nwserv.c 08-Feb-96 */ +/* nwserv.c 10-Feb-96 */ /* (C)opyright (C) 1993,1996 Martin Stover, Marburg, Germany * * This program is free software; you can redistribute it and/or modify @@ -67,8 +67,9 @@ static uint16 sock_nummern [NEEDED_SOCKETS]; int sockfd [NEEDED_SOCKETS]; static struct pollfd polls[NEEDED_POLLS]; - +#if 0 static uint16 spx_diag_socket; /* SPX DIAGNOSE SOCKET */ +#endif static ipxAddr_t nw386_adr; /* Address of NW-TEST Server */ static int nw386_found = 0; static int client_mode = 0; diff --git a/tools.h b/tools.h index 0943322..529bec9 100644 --- a/tools.h +++ b/tools.h @@ -1,4 +1,4 @@ -/* tools.h : 28-Jan-96 */ +/* tools.h : 10-Feb-96 */ /* (C)opyright (C) 1993,1995 Martin Stover, Marburg, Germany * @@ -16,8 +16,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#ifndef _TOOLS_H_ +#define _TOOLS_H_ -/* Prozesse die tools verwenden */ +/* processes which need tools */ #define NWSERV 1 #define NCPSERV 2 #define NWCONN 3 @@ -33,6 +35,9 @@ extern int x_x_xnewstr(uint8 **p, uint8 *s); extern char *xmalloc(uint size); extern char *xcmalloc(uint size); extern int strmaxcpy(uint8 *dest, uint8 *source, int len); +#define xstrcpy(d, s) strmaxcpy((d), (s), sizeof(d)-1) +#define xstrmaxcpy(d, s, len) strmaxcpy((d), (s), min(sizeof(d)-1, (len)) ) + extern void dprintf(char *p, ...); extern void xdprintf(int dlevel, int mode, char *p, ...); extern void errorp(int mode, char *what, char *p, ...); @@ -50,7 +55,7 @@ extern uint8 *upstr(uint8 *s); extern int nw_debug; -#ifdef DB +#if DO_DEBUG # define DPRINTF(x) dprintf x # define XDPRINTF(x) xdprintf x # define D() XDPRINTF((3, 0, "Z: %d" , __LINE__)); @@ -60,3 +65,5 @@ extern int nw_debug; # define D() /* */ #endif +#endif /* _TOOLS_H_ */ +