diff options
-rw-r--r-- | net/radius/files/patch-aa | 18 | ||||
-rw-r--r-- | net/radius/files/patch-ad | 64 |
2 files changed, 74 insertions, 8 deletions
diff --git a/net/radius/files/patch-aa b/net/radius/files/patch-aa index 94b0914..95bc814 100644 --- a/net/radius/files/patch-aa +++ b/net/radius/files/patch-aa @@ -1,6 +1,6 @@ diff -ru orig/Makefile ./Makefile --- orig/Makefile Sun Sep 22 14:00:16 1996 -+++ Makefile Tue Jun 17 16:36:26 1997 ++++ Makefile Mon Jul 28 11:07:04 1997 @@ -51,11 +51,11 @@ # Where the configuration files live. RADDB = ./raddb @@ -27,7 +27,7 @@ diff -ru orig/Makefile ./Makefile # Define SRV to hold any combination of server names you'd like to override: #SRV3 = -DDEFAULT_TACACS_SERVER=\"vms.dns.name\" -@@ -110,17 +110,21 @@ +@@ -110,17 +110,22 @@ # radiusd -- the default # #-------------------------------------------------------------------------- @@ -45,14 +45,15 @@ diff -ru orig/Makefile ./Makefile -#RADLIBS = /usr/kerberos/lib/libkrb.a /usr/kerberos/lib/libdes.a -#INCS = -I/usr/kerberos/include +.if defined(MAKE_EBONES) -+DEFS = -DHAVE_SETVBUF -DM_KERB -DNOSHADOW $(MERIT) $(STUFF) ++DEFS = -DHAVE_SETVBUF -DM_KERB -DKRB_INSTANCE=\"$(KRB_INSTANCE)\" \ ++ -DNOSHADOW $(MERIT) $(STUFF) +RADLIBS = -lkrb -ldes +INCS = -I/usr/include/kerberosIV +.endif # # akerb -@@ -219,12 +223,12 @@ +@@ -219,12 +224,12 @@ # #-------------------------------------------------------------------------- @@ -71,7 +72,7 @@ diff -ru orig/Makefile ./Makefile # # Solaris 2.x -@@ -304,14 +308,17 @@ +@@ -304,14 +309,17 @@ # #-------------------------------------------------------------------------- @@ -84,7 +85,7 @@ diff -ru orig/Makefile ./Makefile -#INSTALL = /usr/bin/install - +CC = cc -+CFLAGS += -DRADIUS_DIR=\"${PREFIX}/lib/radius/db\" \ ++CFLAGS += -DRADIUS_DIR=\"${RADDB_INSDIR}\" -DDEFAULT_DIR2=\"${RADDB_INSDIR}\" \ + -DRADACCT_DIR=\"${PREFIX}/lib/radius/acct\" \ + -DRADIUS_COMPRESS=\"/usr/bin/gzip\" \ + $(DEFS) $(INCS) @@ -97,7 +98,7 @@ diff -ru orig/Makefile ./Makefile # # AIX 3.2.5 (if using xlc(1) add -D_ALL_SOURCE to CFLAGS below) # -@@ -604,8 +611,6 @@ +@@ -604,8 +612,6 @@ $(MAN_INSDIR)/man5/clients.5 $(INSTALL) $(M) 644 $(O) $(RADOWN) $(G) $(RADGRP) $(MAN)/dictionary.5 \ $(MAN_INSDIR)/man5/dictionary.5 @@ -106,7 +107,7 @@ diff -ru orig/Makefile ./Makefile $(INSTALL) $(M) 644 $(O) $(RADOWN) $(G) $(RADGRP) $(MAN)/radius.fsm.5 \ $(MAN_INSDIR)/man5/radius.fsm.5 $(INSTALL) $(M) 644 $(O) $(RADOWN) $(G) $(RADGRP) $(MAN)/users.5 \ -@@ -625,17 +630,17 @@ +@@ -625,17 +631,17 @@ /bin/mkdir -p $(RADDB_INSDIR) ;\ fi $(INSTALL) $(M) 660 $(O) $(RADOWN) $(G) $(RADGRP) $(RADDB)/authfile \ @@ -130,3 +131,4 @@ diff -ru orig/Makefile ./Makefile -if [ ! -d $(RADACCT_INSDIR) ] ;\ then \ /bin/mkdir -p $(RADACCT_INSDIR) ;\ + diff --git a/net/radius/files/patch-ad b/net/radius/files/patch-ad new file mode 100644 index 0000000..535bd0f --- /dev/null +++ b/net/radius/files/patch-ad @@ -0,0 +1,64 @@ +diff -ru orig/src/rad.kerberos.c ./src/rad.kerberos.c +--- orig/src/rad.kerberos.c Wed Sep 18 11:34:21 1996 ++++ src/rad.kerberos.c Sat Jul 26 17:33:30 1997 +@@ -177,7 +177,8 @@ + #if defined(M_KERB) + if (strcmp (authreq->direct_aatv->id, "MKERB") == 0) + { +- krbval = krb_get_in_tkt (userid, "", realm, "krbtgt", realm, ++ krbval = krb_get_in_tkt (userid, KRB_INSTANCE, realm, "krbtgt", ++ realm, + DEFAULT_TKT_LIFE, mit_passwd_to_key, + NULL, passwd); + } +@@ -192,6 +193,12 @@ + } + #endif /* A_KERB */ + ++ /* ++ * XXX ++ * This can be spoofed fairly easily... Should attempt to authenticate ++ * to some service on this machine (e.g., radius.thishost@REALM) ++ * in order to ensure that the ticket we just got is really valid. ++ */ + switch (krbval) + { + case INTK_OK: +@@ -207,6 +214,37 @@ + func, krbval); + break; + } ++#ifdef M_KERB ++ /* ++ * Ticket verification code based loosely on Berkeley klogin.c 8.3 ++ */ ++ if (krbreturn != EV_ACK) { ++ dest_tkt(); ++ memset(passwd, 0, sizeof passwd); ++ } else { ++ struct sockaddr_in sin; ++ char host[MAXHOSTNAMELEN], *p; ++ AUTH_DAT authdata; ++ KTEXT_ST ticket; ++ ++ krb_get_local_addr(&sin); ++ gethostname(host, sizeof host); ++ if ((p = strchr(host, '.')) != 0) ++ *p = '\0'; ++ krbval = krb_mk_req(&ticket, "radius", host, realm, 33); ++ if (krbval == KSUCCESS) { ++ krbval = krb_rd_req(&ticket, "radius", host, ++ sin.sin_addr.s_addr, &authdata, ++ ""); ++ } ++ if (krbval != KSUCCESS) { ++ logit(LOG_DAEMON, LOG_ERR, ++ "Kerberos error verifying ticket for %s: %s", ++ func, krb_err_txt[krbval]); ++ krbreturn = EV_NAK; ++ } ++ } ++#endif /* M_KERB */ + + dest_tkt (); /* destroy the ticket */ + memset (passwd, 0, sizeof (passwd)); |