diff --git a/.downloads/ncpfs-2.2.3.tar.gz b/.downloads/ncpfs-2.2.3.tar.gz new file mode 100644 index 0000000..d05face Binary files /dev/null and b/.downloads/ncpfs-2.2.3.tar.gz differ diff --git a/Changes b/Changes index 21fe6b4..3d28bf1 100644 --- a/Changes +++ b/Changes @@ -1,3 +1,39 @@ +ChangeSet@1.254, 2003-03-13 15:54:06+01:00 + ncpfs-2.2.3 + TAG: ncpfs-2.2.3 + +ChangeSet@1.253, 2003-03-13 15:37:42+01:00 + When user presents name with context to login prompt, it is not good idea + to append context once more to the username... + + Also add leading dot to the FQDN so that ncpmount works even if /etc/ncpfs.conf + is not empty. + +ChangeSet@1.252, 2003-03-13 15:10:12+01:00 + Add -L option to pam_ncp_auth to ignore services restrictions based on access point. + +ChangeSet@1.251, 2003-03-13 15:00:45+01:00 + Fix typo in logged ncpmount command line in pam_ncp_auth. + +ChangeSet@1.250, 2003-03-13 14:50:52+01:00 + Ignore failure in initgroups(). Spotted by Mikael. + +ChangeSet@1.249, 2003-03-13 14:31:55+01:00 + Ignore prefix "/dev/" in tty name. Spotted by Mikael. + +ChangeSet@1.248, 2003-02-25 22:56:17+01:00 + Allow short -p/-i variants for --auto_primary/--auto_interface. Also allow + --auto-primary/--auto-interface. + + Allow 0/1 as OFF/ON equivalent. + +ChangeSet@1.247, 2003-02-25 21:57:38+01:00 + Fix signed/unsigned char problems on arm, ppc and s390. Fixes Debian bug #182162. + +ChangeSet@1.246, 2003-02-15 10:29:01+01:00 + ncpfs-2.2.2 + TAG: ncpfs-2.2.2 + ChangeSet@1.245, 2003-02-15 10:14:01+01:00 Update Czech translations. diff --git a/configure b/configure index c393074..4723a38 100755 --- a/configure +++ b/configure @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac 2.2.2. +# From configure.ac 2.2.3. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.57 for ncpfs 2.2.2. +# Generated by GNU Autoconf 2.57 for ncpfs 2.2.3. # # Report bugs to . # @@ -269,8 +269,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='ncpfs' PACKAGE_TARNAME='-ncpfs-' -PACKAGE_VERSION='2.2.2' -PACKAGE_STRING='ncpfs 2.2.2' +PACKAGE_VERSION='2.2.3' +PACKAGE_STRING='ncpfs 2.2.3' PACKAGE_BUGREPORT='vandrove@vc.cvut.cz' ac_unique_file="lib/ncplib.c" @@ -781,7 +781,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ncpfs 2.2.2 to adapt to many kinds of systems. +\`configure' configures ncpfs 2.2.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -842,7 +842,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ncpfs 2.2.2:";; + short | recursive ) echo "Configuration of ncpfs 2.2.3:";; esac cat <<\_ACEOF @@ -954,7 +954,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -ncpfs configure 2.2.2 +ncpfs configure 2.2.3 generated by GNU Autoconf 2.57 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 @@ -969,7 +969,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ncpfs $as_me 2.2.2, which was +It was created by ncpfs $as_me 2.2.3, which was generated by GNU Autoconf 2.57. Invocation command line was $ $0 $@ @@ -11008,7 +11008,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by ncpfs $as_me 2.2.2, which was +This file was extended by ncpfs $as_me 2.2.3, which was generated by GNU Autoconf 2.57. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -11071,7 +11071,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -ncpfs config.status 2.2.2 +ncpfs config.status 2.2.3 configured by $0, generated by GNU Autoconf 2.57, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff --git a/configure.ac b/configure.ac index 5c479d4..37ae230 100644 --- a/configure.ac +++ b/configure.ac @@ -1,8 +1,8 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.50) -AC_INIT([[ncpfs]],[[2.2.2]],[[vandrove@vc.cvut.cz]]) +AC_INIT([[ncpfs]],[[2.2.3]],[[vandrove@vc.cvut.cz]]) AC_CONFIG_SRCDIR([[lib/ncplib.c]]) -AC_REVISION([[2.2.2]]) +AC_REVISION([[2.2.3]]) AC_CONFIG_HEADER(include/config.h) diff --git a/contrib/pam/pam_ncp_auth.c b/contrib/pam/pam_ncp_auth.c index cf758da..260a814 100644 --- a/contrib/pam/pam_ncp_auth.c +++ b/contrib/pam/pam_ncp_auth.c @@ -569,20 +569,21 @@ trim(char *string) *aux = 0; } -#define QF_VERBOSE 0x0001 -#define QF_DEBUG 0x0002 -#define QF_NOSU 0x0004 -#define QF_NOSUEQ 0x0008 -#define QF_AUTOCREATE 0x0010 -#define QF_AUTOMODIFY 0x0020 -#define QF_BINDERY 0x0040 +#define QF_VERBOSE 0x0001 +#define QF_DEBUG 0x0002 +#define QF_NOSU 0x0004 +#define QF_NOSUEQ 0x0008 +#define QF_AUTOCREATE 0x0010 +#define QF_AUTOMODIFY 0x0020 +#define QF_BINDERY 0x0040 +#define QF_NO_PEER_CHECKS 0x0080 +// rev 1.25 add an extra -A server parameter to ncpmount (with -A option on command line) +#define QF_USE_NETWARE_IP 0x1000 // version 1.24. automatically create home directory on local machine for new users // it is on by default // should be turned of by -n option if homes are on a remote NFS server (automounted) -#define QF_CREATEHOME 0x4000 -#define QF_MOUNTLOCALLY 0x2000 -// rev 1.25 add an extra -A server parameter to ncpmount (with -A option on command line) -#define QF_USE_NETWARE_IP 0x1000 +#define QF_MOUNTLOCALLY 0x2000 +#define QF_CREATEHOME 0x4000 // test v 1.25 impersonnating to current user when accessing his NFS mounted home #define IMPERSONNATE 1 @@ -1291,6 +1292,7 @@ struct nw_user_info { pam_handle_t *pamh; struct pam_ncp_state state; int qflag; + char *fqdn; /* User's FQDN from NDS */ char *nwhomeServer; //PP CN of the server extracted from NDS prop Home Directory char *nwhomeVolume; //PP real name of the volume (SYS...)extracted from NDS prop Home Directory char *nwhomePath; //PP "unixified" and "uppercased" extracted from NDS prop Home Directory @@ -1320,6 +1322,7 @@ init_nw_user_info(struct nw_user_info *ui) ui->uid = (uid_t) -1; ui->gid = (gid_t) -1; ui->groups = NULL; + ui->fqdn = NULL; ui->nwhomeServer = NULL; //PP ui->nwhomeVolume = NULL; //PP ui->nwhomePath = NULL; //PP @@ -1343,6 +1346,7 @@ free_nw_user_info(struct nw_user_info *ui) FREEFIELD(gecos); FREEFIELD(shell); FREEFIELD(dir); + FREEFIELD(fqdn); FREEFIELD(nwhomeServer); FREEFIELD(nwhomeVolume); FREEFIELD(nwhomePath); @@ -2421,6 +2425,14 @@ nw_retrieve_nds_user_info(struct nw_user_info *ui, NWCONN_HANDLE conn, NWObjectI err = PAM_AUTHTOK_ERR; goto bailoutctx; } + { + ui->fqdn = strdup(username); + if (!ui->fqdn) { + syslog(LOG_WARNING, "Not enough memory for strdup()\n"); + err = PAM_SYSTEM_ERR; + goto bailoutctx; + } + } //PP a good spot to retrieve user's defaultNameCtx and defaultTree { char *p = username; @@ -2539,8 +2551,15 @@ exechelper(const char *program, const char *argv[], const char *username) exit(111); } if (initgroups(username, pwd->pw_gid)) { - syslog(LOG_ERR, "Oops, initgroups failed for user %s: %s\n", username, strerror(errno)); - exit(112); + /* initgroups() fails on shutdown as we + do not run as 'root' at shutdown time... + Just ignore error from initgroups, + but treat setgid/setuid problems still + as fatal. */ + if (errno != EPERM) { + syslog(LOG_ERR, "Oops, initgroups failed for user %s: %s\n", username, strerror(errno)); + exit(112); + } } if (setgid(pwd->pw_gid)) { syslog(LOG_ERR, "Oops, setgid failed for user %s: %s\n", username, strerror(errno)); @@ -3484,13 +3503,13 @@ mount_nwhome(const char *unixname, const char *uname, // nw FQDN name char s[4096]; /* buf... buf... buffer overflow... */ // do not log a clear password in /var/log/secure ! - sprintf(s, "running as %s %s", unixname, NCPMOUNT_PATH); + sprintf(s, "running as %s \"%s", unixname, NCPMOUNT_PATH); for (j = 1; j < i; j++) { if (strlen(s) + strlen(argv[j]) >= sizeof (s) - 2) break; /* fix the possible buffer overflow */ if (strcmp(argv[j], "-P")) { - strcat(s, argv[j]); strcat(s, " "); + strcat(s, argv[j]); } else { j++; } @@ -3598,10 +3617,13 @@ nw_automount_home(const char *uname, struct nw_user_info *ui, const struct passw /* v 1.13 if we allow contextless login, we must pass to ncpmount a FQDN and not a CN ! */ - if (ui->name && ui->defaultNameCtx) - fqdn = concat3a(ui->name, '.', ui->defaultNameCtx); - else + if (ui->fqdn) { + /* Add leading dot to denote absolute DN... */ + fqdn = concat2a(".", ui->fqdn); + } else { + /* Bindery... */ fqdn = uname; + } err = mount_nwhome(uname, // unix name for su fqdn, // NW name for ncpmount @@ -3836,6 +3858,11 @@ process_zenflag_remote(pam_handle_t * pamh, const char *user, struct nw_user_inf #if 0 test_pam_items(user, pamh); #endif + if (ui->qflag & QF_NO_PEER_CHECKS) { + if (ui->qflag & QF_DEBUG) + syslog(LOG_NOTICE, "Remote host and tty port are not checked\n"); + return PAM_SUCCESS; + } err = pam_get_item(pamh, PAM_TTY, (const void **) &tty); if (err != PAM_SUCCESS) return PAM_SYSTEM_ERR; @@ -3845,10 +3872,15 @@ process_zenflag_remote(pam_handle_t * pamh, const char *user, struct nw_user_inf // PP not really sure this is good enough // JFB added tty="vc/" for Mandrake 8.2 - if (tty && (!memcmp(tty, "tty", 3) || !memcmp(tty, ":0", 2) || !memcmp(tty, "vc/", 2))) { - if (ui->qflag & QF_DEBUG) - syslog(LOG_NOTICE, "local acces OK to %s", tty); - return PAM_SUCCESS; + if (tty) { + if (!memcmp(tty, "/dev/", 5)) { + tty += 5; + } + if (!memcmp(tty, "tty", 3) || !memcmp(tty, ":0", 2) || !memcmp(tty, "vc/", 2)) { + if (ui->qflag & QF_DEBUG) + syslog(LOG_NOTICE, "local acces OK to %s", tty); + return PAM_SUCCESS; + } } err = pam_get_item(pamh, PAM_RHOST, (const void **) &rhost); @@ -4017,6 +4049,10 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) break; // PP v 1.24 (homes are NFS mounted !) case 'A': inf.qflag |= QF_USE_NETWARE_IP; // PP v 1.24 + break; + case 'L': + inf.qflag |= QF_NO_PEER_CHECKS; + break; default:; /* just silently ignore unknown option... */ } } diff --git a/ipx-1.0/ipx_configure.8 b/ipx-1.0/ipx_configure.8 index 8bb1c96..f422116 100644 --- a/ipx-1.0/ipx_configure.8 +++ b/ipx-1.0/ipx_configure.8 @@ -3,9 +3,9 @@ ipx_configure \- query/configure IPX behavior .SH SYNOPSIS .B ipx_configure -[\-\-help] -[\-\-auto_interface=[on|off]] -[\-\-auto_primary=[on|off]] +[ \fB\-\-help\fP | \fB-h\fP ] +[ \fB\-\-auto_interface=\fP\fIon|off\fP | \fB-i\fP \fIon|off\fP ] +[ \fB\-\-auto_primary=\fP\fIon|off\fP | \fB-p\fP \fIon|off\fP ] .SH DESCRIPTION .B ipx_configure queries or configures IPX behavior with respect to automatic IPX @@ -20,18 +20,30 @@ Without arguments, returns the current configuration state. The behavior with arguments is described in the section .B OPTIONS. -.SS OPTIONS -.TP -.I "\-\-auto_interface=[on|off]" +.SH OPTIONS +\fB\-\-auto_interface=\fP\fIon|off\fP +.br +\fB\-i\fP \fIon|off\fP +.RS 3 This argument either turns on or off the behavior of automatically creating -interfaces. -.TP -.I "\-\-auto_primary=[on|off]" +interfaces. +.RE + +\fB\-\-auto_primary=\fP\fIon|off\fP +.br +\fB\-p\fP \fIon|off\fP +.RS 3 This argument either turns on or off the behavior of automatically selecting a primary interface. -.TP -.I "\-\-help" +.RE + +.B "\-\-help" +.br +.B "\-h" +.RS 3 Print out information about utility. +.RE + .SH FILES .I /proc/net/ipx_interface .SH BUGS diff --git a/ipx-1.0/ipx_configure.c b/ipx-1.0/ipx_configure.c index ccbb141..c1795fb 100644 --- a/ipx-1.0/ipx_configure.c +++ b/ipx-1.0/ipx_configure.c @@ -20,10 +20,12 @@ struct option options[] = { - {"auto_primary", required_argument, NULL, 1}, - {"auto_interface", required_argument, NULL, 2}, - {"help", no_argument, NULL, 3}, - {NULL, 0, NULL, 0} + { "auto_primary", required_argument, NULL, 'p'}, + { "auto-primary", required_argument, NULL, 'p'}, + { "auto_interface", required_argument, NULL, 'i'}, + { "auto-interface", required_argument, NULL, 'i'}, + { "help", no_argument, NULL, 'h'}, + { NULL, 0, NULL, 0} }; static char *progname; @@ -45,13 +47,15 @@ map_string_to_bool(char *opt) if ((strcasecmp(opt, "ON") == 0) || (strcasecmp(opt, "TRUE") == 0) || (strcasecmp(opt, "SET") == 0) || - (strcasecmp(opt, "YES") == 0)) + (strcasecmp(opt, "YES") == 0) || + (strcasecmp(opt, "1") == 0)) { return 1; } else if ((strcasecmp(opt, "OFF") == 0) || (strcasecmp(opt, "FALSE") == 0) || (strcasecmp(opt, "CLEAR") == 0) || - (strcasecmp(opt, "NO") == 0)) + (strcasecmp(opt, "NO") == 0) || + (strcasecmp(opt, "0") == 0)) { return 0; } @@ -63,8 +67,7 @@ main(int argc, char **argv) { int s; int result; - char val; - int option_index = 0; + int val; int got_auto_pri = 0; int got_auto_itf = 0; ipx_config_data data; @@ -87,12 +90,12 @@ main(int argc, char **argv) } exit(-1); } - while ((result = getopt_long(argc, argv, "", options, - &option_index)) != -1) + while ((result = getopt_long(argc, argv, "hi:p:", options, + NULL)) != -1) { switch (result) { - case 1: + case 'p': if (got_auto_pri) break; got_auto_pri++; @@ -103,7 +106,11 @@ main(int argc, char **argv) usage(); exit(-1); } - result = ioctl(s, SIOCAIPXPRISLT, &val); + { + unsigned char v = val; + + result = ioctl(s, SIOCAIPXPRISLT, &v); + } if (result < 0) { fprintf(stderr, _("%s: ioctl: %s\n"), progname, @@ -111,7 +118,7 @@ main(int argc, char **argv) exit(-1); } break; - case 2: + case 'i': if (got_auto_itf) break; got_auto_itf++; @@ -122,7 +129,11 @@ main(int argc, char **argv) usage(); exit(-1); } - result = ioctl(s, SIOCAIPXITFCRT, &val); + { + unsigned char v = val; + + result = ioctl(s, SIOCAIPXITFCRT, &v); + } if (result < 0) { fprintf(stderr, _("%s: ioctl: %s\n"), progname, @@ -130,7 +141,7 @@ main(int argc, char **argv) exit(-1); } break; - case 3: + case 'h': usage(); break; }