a4303046f0
- Update MySQL & LDAP Authentication Methods - Correct bento warning for extra file (Sendmail.conf). - Correct mysql detection code in configure.sasl, and use LIB_DEPENDS for db3. PR: 22462 Submitted by: Scot W. Hetzel <hetzels@westbend.net> MAINTAINER
321 lines
9.2 KiB
Text
321 lines
9.2 KiB
Text
--- lib/checkpw.c.orig Wed Jul 19 20:24:13 2000
|
|
+++ lib/checkpw.c Tue Oct 31 20:52:21 2000
|
|
@@ -95,10 +95,19 @@
|
|
#include <sys/un.h>
|
|
#ifdef HAVE_UNISTD_H
|
|
#include <unistd.h>
|
|
-#endif
|
|
+#endif /* HAVE_UNISTD_H */
|
|
|
|
extern int errno;
|
|
-#endif
|
|
+#endif /* HAVE_PWCHECK */
|
|
+
|
|
+#ifdef HAVE_MYSQL
|
|
+#include <mysql.h>
|
|
+#endif /* HAVE_MYSQL */
|
|
+
|
|
+#ifdef HAVE_LDAP
|
|
+#include <lber.h>
|
|
+#include <ldap.h>
|
|
+#endif /* HAVE_LDAP */
|
|
|
|
#ifdef HAVE_KRB
|
|
|
|
@@ -170,12 +179,20 @@
|
|
memcpy (&temp_key, "kerberos", 8);
|
|
des_fixup_key_parity (&temp_key);
|
|
des_key_sched (&temp_key, schedule);
|
|
+#ifdef __FreeBSD__
|
|
+ des_cbc_cksum ((const unsigned char *)password, &ivec, passlen, schedule, &ivec);
|
|
+#else
|
|
des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec);
|
|
+#endif
|
|
|
|
memcpy (&temp_key, &ivec, sizeof temp_key);
|
|
des_fixup_key_parity (&temp_key);
|
|
des_key_sched (&temp_key, schedule);
|
|
+#ifdef __FreeBSD__
|
|
+ des_cbc_cksum ((const unsigned char *)password, key, passlen, schedule, &ivec);
|
|
+#else
|
|
des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec);
|
|
+#endif
|
|
|
|
des_fixup_key_parity (key);
|
|
|
|
@@ -210,10 +227,17 @@
|
|
return (str);
|
|
}
|
|
|
|
+#ifdef __FreeBSD__
|
|
+static int use_key(const char *user __attribute__((unused)),
|
|
+ char *instance __attribute__((unused)),
|
|
+ const char *realm __attribute__((unused)),
|
|
+ const void *key, des_cblock *returned_key)
|
|
+#else
|
|
static int use_key(char *user __attribute__((unused)),
|
|
char *instance __attribute__((unused)),
|
|
char *realm __attribute__((unused)),
|
|
void *key, des_cblock *returned_key)
|
|
+#endif
|
|
{
|
|
memcpy (returned_key, key, sizeof(des_cblock));
|
|
return 0;
|
|
@@ -838,7 +862,7 @@
|
|
|
|
|
|
/* pwcheck daemon-authenticated login */
|
|
-static int pwcheck_verify_password(sasl_conn_t *conn,
|
|
+static int pwcheck_verify_password(sasl_conn_t *conn __attribute__((unused)),
|
|
const char *userid,
|
|
const char *passwd,
|
|
const char *service __attribute__((unused)),
|
|
@@ -853,8 +877,10 @@
|
|
static char response[1024];
|
|
int start, n;
|
|
char pwpath[1024];
|
|
+#if 0 /* Not used */
|
|
sasl_getopt_t *getopt;
|
|
void *context;
|
|
+#endif
|
|
|
|
if (reply) { *reply = NULL; }
|
|
|
|
@@ -902,6 +928,224 @@
|
|
|
|
#endif
|
|
|
|
+#ifdef HAVE_MYSQL
|
|
+/* DMZ mysql auth 12/29/1999
|
|
+ * Updated to 1.5.24 by SWH 09/12/2000
|
|
+ * changed to malloc qbuf Simon Loader 10/21/2000
|
|
+ */
|
|
+#ifdef USE_CRYPT_PASSWORD
|
|
+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')"
|
|
+#else
|
|
+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = '%s'"
|
|
+#endif
|
|
+
|
|
+static int mysql_verify_password(sasl_conn_t *conn,
|
|
+ const char *userid,
|
|
+ const char *password,
|
|
+ const char *service __attribute__((unused)),
|
|
+ const char *user_realm __attribute__((unused)),
|
|
+ const char **reply)
|
|
+{
|
|
+ unsigned int numrows;
|
|
+ MYSQL mysql,*sock;
|
|
+ MYSQL_RES *result;
|
|
+ char *qbuf;
|
|
+ char *db_user="",
|
|
+ *db_passwd="",
|
|
+ *db_host="",
|
|
+ *db_uidcol="",
|
|
+ *db_pwcol="",
|
|
+ *db_database="",
|
|
+ *db_table="";
|
|
+ sasl_getopt_t *getopt;
|
|
+ void *context;
|
|
+
|
|
+ if (!userid || !password) {
|
|
+ return SASL_BADPARAM;
|
|
+ }
|
|
+ if (reply) { *reply = NULL; }
|
|
+
|
|
+ /* check to see if the user configured a mysqluser/passwd/host/etc */
|
|
+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
|
|
+ getopt(context, NULL, "mysql_user", (const char **) &db_user, NULL);
|
|
+ if (!db_user) db_user = "";
|
|
+ getopt(context, NULL, "mysql_passwd", (const char **) &db_passwd, NULL);
|
|
+ if (!db_passwd) db_passwd = "";
|
|
+ getopt(context, NULL, "mysql_host", (const char **) &db_host, NULL);
|
|
+ if (!db_host) db_host = "";
|
|
+ getopt(context, NULL, "mysql_database", (const char **) &db_database, NULL);
|
|
+ if (!db_database) db_database = "";
|
|
+ getopt(context, NULL, "mysql_table", (const char **) &db_table, NULL);
|
|
+ if (!db_table) db_table = "";
|
|
+ getopt(context, NULL, "mysql_uidcol", (const char **) &db_uidcol, NULL);
|
|
+ if (!db_uidcol) db_uidcol = "";
|
|
+ getopt(context, NULL, "mysql_pwdcol", (const char **) &db_pwcol, NULL);
|
|
+ if (!db_pwcol) db_pwcol = "";
|
|
+ }
|
|
+
|
|
+ if (!(sock = mysql_connect(&mysql,db_host,db_user,db_passwd)))
|
|
+ {
|
|
+ if (reply) { *reply = "cannot connect to MySQL server"; }
|
|
+ return SASL_FAIL;
|
|
+ }
|
|
+
|
|
+ if (mysql_select_db(sock,db_database) < 0)
|
|
+ {
|
|
+ mysql_close(sock);
|
|
+ if (reply) { *reply = "cannot select MySQL database"; }
|
|
+ return SASL_FAIL;
|
|
+ }
|
|
+ /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */
|
|
+ if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol)
|
|
+ +strlen(db_table)+strlen(db_uidcol)
|
|
+ +strlen(userid)+strlen(db_pwcol)
|
|
+ +strlen(password)+1)) == NULL ) {
|
|
+ if (reply) { *reply = "cannot malloc memory for sql query"; }
|
|
+ return SASL_FAIL;
|
|
+ }
|
|
+ sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password);
|
|
+ if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock)))
|
|
+ {
|
|
+ free(qbuf);
|
|
+ mysql_close(sock);
|
|
+ return SASL_FAIL;
|
|
+ }
|
|
+
|
|
+ if (result) //There were some rows found
|
|
+ {
|
|
+ if ((numrows = mysql_affected_rows(&mysql)) != 1)
|
|
+ {
|
|
+ mysql_free_result(result);
|
|
+ mysql_close(sock);
|
|
+ if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; }
|
|
+ free(qbuf);
|
|
+ return SASL_BADAUTH;
|
|
+ } else {
|
|
+ free(qbuf);
|
|
+ mysql_free_result(result);
|
|
+ mysql_close(sock);
|
|
+ return SASL_OK;
|
|
+ }
|
|
+ }
|
|
+ free(qbuf);
|
|
+ mysql_free_result(result);
|
|
+ mysql_close(sock);
|
|
+ return SASL_BADAUTH;
|
|
+}
|
|
+#endif /* HAVE_MYSQL */
|
|
+
|
|
+#ifdef HAVE_LDAP
|
|
+/* simon@surf.org.uk LDAP auth 07/11/2000
|
|
+ * Updated to 1.5.24 by SWH 09/12/2000
|
|
+ * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000
|
|
+ */
|
|
+
|
|
+#define LDAP_SERVER "localhost"
|
|
+#define LDAP_BASEDN "o=JOFA, c=UK"
|
|
+#define LDAP_UIDATTR "uid"
|
|
+
|
|
+#ifndef TRUE
|
|
+# define TRUE 1
|
|
+# define FALSE 0
|
|
+#endif
|
|
+
|
|
+static int ldap_isdigits(char *value)
|
|
+{
|
|
+ char *ptr;
|
|
+ int num = TRUE;
|
|
+
|
|
+ for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) {
|
|
+ if (!isdigit(*ptr))
|
|
+ num = FALSE;
|
|
+ }
|
|
+
|
|
+ return num;
|
|
+}
|
|
+
|
|
+static int ldap_verify_password(sasl_conn_t *conn,
|
|
+ const char *userid,
|
|
+ const char *password,
|
|
+ const char *service __attribute__((unused)),
|
|
+ const char *user_realm __attribute__((unused)),
|
|
+ const char **reply)
|
|
+{
|
|
+
|
|
+ LDAP *ld;
|
|
+ char *dn,
|
|
+ *ldap_server="",
|
|
+ *ldap_basedn="",
|
|
+ *ldap_uidattr="",
|
|
+ *port_num="";
|
|
+ int ldap_port = LDAP_PORT;
|
|
+ sasl_getopt_t *getopt;
|
|
+ void *context;
|
|
+
|
|
+ /* If the password is NULL, reject the login...
|
|
+ * Otherwise the bind will succed as a reference bind. Not good...
|
|
+ */
|
|
+ if (!userid || !password)
|
|
+ {
|
|
+ return SASL_BADPARAM;
|
|
+ }
|
|
+
|
|
+ if (reply) { *reply = NULL; }
|
|
+
|
|
+ /* check to see if the user configured a mysqluser/passwd/host/etc */
|
|
+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
|
|
+ getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL);
|
|
+ if (!ldap_server) ldap_server = LDAP_SERVER;
|
|
+ getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL);
|
|
+ if (!ldap_basedn) {
|
|
+ if (reply) { *reply = "ldap_basedn not defined"; }
|
|
+ return SASL_BADPARAM;
|
|
+ }
|
|
+ getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL);
|
|
+ if (!ldap_uidattr) ldap_uidattr = LDAP_UIDATTR;
|
|
+ getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL);
|
|
+ if (!port_num) {
|
|
+ ldap_port = LDAP_PORT;
|
|
+ } else if (!ldap_isdigits(port_num)) {
|
|
+ if (reply) { *reply = "ldap_port - invalid value"; }
|
|
+ return SASL_BADPARAM;
|
|
+ } else {
|
|
+ ldap_port = atoi(port_num);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* Open the LDAP connection. */
|
|
+ if ((ld = ldap_open(ldap_server, ldap_port)) == NULL)
|
|
+ {
|
|
+ if (reply) { *reply = "cannot connect to LDAP server"; }
|
|
+ return SASL_FAIL;
|
|
+ }
|
|
+
|
|
+ if ( (dn = (char *)malloc(strlen(ldap_uidattr)
|
|
+ +strlen(userid)+strlen(ldap_basedn)+3)) == NULL ) {
|
|
+ if (reply) { *reply = "cannnot allocate memory for ldap dn"; }
|
|
+ return SASL_FAIL;
|
|
+ }
|
|
+ /* Generate a dn that we will try and login with */
|
|
+ sprintf(dn,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn);
|
|
+
|
|
+ /*
|
|
+ * Just try and bind with the dn we have been given
|
|
+ * In most cases the basedn is correct.
|
|
+ * If this is not so I have a version or that too
|
|
+ * Simon@surf.org.uk
|
|
+ */
|
|
+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
|
|
+ free(dn);
|
|
+ ldap_unbind(ld);
|
|
+ return SASL_BADAUTH;
|
|
+ }
|
|
+
|
|
+ free(dn);
|
|
+ ldap_unbind(ld);
|
|
+ return SASL_OK;
|
|
+}
|
|
+
|
|
+#endif /* HAVE_LDAP */
|
|
+
|
|
struct sasl_verify_password_s _sasl_verify_password[] = {
|
|
{ "sasldb", &sasldb_verify_password },
|
|
#ifdef HAVE_KRB
|
|
@@ -921,6 +1165,12 @@
|
|
#endif
|
|
#ifdef HAVE_PWCHECK
|
|
{ "pwcheck", &pwcheck_verify_password },
|
|
+#endif
|
|
+#ifdef HAVE_MYSQL
|
|
+ { "mysql", &mysql_verify_password },
|
|
+#endif
|
|
+#ifdef HAVE_LDAP
|
|
+ { "ldap", &ldap_verify_password },
|
|
#endif
|
|
{ NULL, NULL }
|
|
};
|