[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_keylogin and patches



Hello,

I have put pam_keylogin 1.0 on 
ftp://weber.uni-paderborn.de/pub/linux/NIS/pam_keylogin-1.0.tar.gz

Now all my problems with this are solved.

I have added a patch for Linux-PAM. I have make it against 0.59preA,
but it should work against the oder versions, too.
It fixes 2 things: Some glibc patches to compile with the latest
glibc snapshot. 
For NIS+, a process, which will get the user passwd, must run
under the id of this user, and the secret key of this user must
be known to the local keyserv. The second part is solved by
pam_keylogin, the first part by my patch. I hope it will go into
the offical sources.

  Greetings,
    Thorsten

-- 
Thorsten Kukuk  kukuk@vt.uni-paderborn.de
                http://www-vt.uni-paderborn.de/~kukuk
Linux is like a Vorlon.  It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.

diff -u -r --new-file Linux-PAM-0.59/modules/pam_rhosts/pam_rhosts_auth.c Linux-PAM-0.59-patched/modules/pam_rhosts/pam_rhosts_auth.c
--- Linux-PAM-0.59/modules/pam_rhosts/pam_rhosts_auth.c	Mon Aug  4 02:14:14 1997
+++ Linux-PAM-0.59-patched/modules/pam_rhosts/pam_rhosts_auth.c	Wed Sep 24 18:20:00 1997
@@ -36,6 +36,8 @@
  * SUCH DAMAGE.
  */
 
+#define _BSD_SOURCE
+
 #define USER_RHOSTS_FILE "/.rhosts"     /* prefixed by user's home dir */
 
 #ifdef linux
@@ -45,7 +47,6 @@
 #include <sys/types.h>
 #include <sys/uio.h>
 #include <string.h>
-#define __USE_BSD
 #include <unistd.h>
 #include <stdlib.h>
 #include <sys/param.h>
@@ -61,7 +62,6 @@
 #include <sys/time.h>
 #include <arpa/inet.h>
 
-#define __USE_BSD
 #ifndef MAXDNAME
 #define MAXDNAME  256
 #endif
diff -u -r --new-file Linux-PAM-0.59/modules/pam_unix/Makefile Linux-PAM-0.59-patched/modules/pam_unix/Makefile
--- Linux-PAM-0.59/modules/pam_unix/Makefile	Sat Apr  5 08:21:26 1997
+++ Linux-PAM-0.59-patched/modules/pam_unix/Makefile	Thu Sep 25 09:21:56 1997
@@ -20,7 +20,7 @@
 ########################################################################
 
 # do you want shadow?
-#USE_SHADOW=-D"HAVE_SHADOW_H"
+USE_SHADOW=-D"HAVE_SHADOW_H"
 
 # do you want cracklib?
 USE_CRACKLIB=-D"USE_CRACKLIB"
diff -u -r --new-file Linux-PAM-0.59/modules/pam_unix/pam_unix_acct.c Linux-PAM-0.59-patched/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-0.59/modules/pam_unix/pam_unix_acct.c	Fri Nov  8 00:07:54 1996
+++ Linux-PAM-0.59-patched/modules/pam_unix/pam_unix_acct.c	Wed Sep 24 18:17:44 1997
@@ -42,6 +42,7 @@
 #ifdef HAVE_SHADOW_H
 #include <shadow.h>
 #endif
+#include <time.h>
 
 #define PAM_SM_ACCOUNT
 
diff -u -r --new-file Linux-PAM-0.59/modules/pam_unix/pam_unix_auth.c Linux-PAM-0.59-patched/modules/pam_unix/pam_unix_auth.c
--- Linux-PAM-0.59/modules/pam_unix/pam_unix_auth.c	Sat Nov  9 20:44:40 1996
+++ Linux-PAM-0.59-patched/modules/pam_unix/pam_unix_auth.c	Wed Sep 24 18:23:48 1997
@@ -78,6 +78,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <pwd.h>
+#include <sys/types.h>
 
 #ifndef NDEBUG
 
@@ -138,9 +139,9 @@
  */
 
 static int _pam_auth_unix(	pam_handle_t *pamh,
-				int flags, 
+				int flags,
 				int argc,
-				const char **argv	) 
+				const char **argv	)
 {
         int retval;
 	struct passwd *pw;
@@ -166,24 +167,38 @@
 
 	pam_get_item( pamh, PAM_AUTHTOK, (void*) &p );
 
-	if ( !p ) 
+	if ( !p )
 		{
 			retval = _set_auth_tok( pamh, flags, argc, argv );
-			if ( retval != PAM_SUCCESS ) 
+			if ( retval != PAM_SUCCESS )
 				return retval;
  		}
-	
-	/* 
+
+	/*
 	   We have to call pam_get_item() again because value of p should
-	   change 
+	   change
 	 */
-	
+
 	pam_get_item( pamh, PAM_AUTHTOK, (void*) &p );
 
 
 	pw = getpwnam ( name );
 
-	if (pw) 
+	/* For NIS+, root on a client will not get the encrypted password */
+	if (pw && (strcmp (pw->pw_passwd, "*NP*") == 0))
+	  {
+	    uid_t save_uid;
+
+	    save_uid = geteuid ();
+	    if (seteuid (pw->pw_uid) >= 0)
+	      {
+		pw = getpwnam ( name );
+
+		seteuid (save_uid);
+	      }
+	  }
+
+	if (pw)
 		{
 
 #ifdef HAVE_SHADOW_H



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []