mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-29 21:39:24 +00:00
c9b41dd6a7
(1) PKGNAME satisfies handbook rule. (2) @dirrm lib/radius fails when lib/radius/acct exists. Submitted by: Stefan Esser <se@mi.uni-koeln.de> ----- diff -urN -x CVS merit/Makefile radius/Makefile --- merit/Makefile Fri Sep 18 02:00:05 1998 +++ radius/Makefile Wed Oct 7 23:54:43 1998 @@ -7,7 +7,7 @@ # DISTNAME= radius.3.6B.basic -PKGNAME= radius-3.6B.basic +PKGNAME= radius-basic-3.6B CATEGORIES= net MASTER_SITES= ftp://ftp.merit.edu/radius/releases/ diff -urN -x CVS merit/pkg/PLIST radius/pkg/PLIST --- merit/pkg/PLIST Fri Sep 18 01:58:28 1998 +++ radius/pkg/PLIST Wed Oct 7 23:51:47 1998 @@ -12,4 +12,5 @@ lib/radius/db/engine.config.sample lib/radius/db/vendors.sample @dirrm lib/radius/db +@dirrm lib/radius/acct @dirrm lib/radius -----
68 lines
1.8 KiB
Plaintext
68 lines
1.8 KiB
Plaintext
--- src/rad.kerberos.c~ Fri Jun 26 00:40:50 1998
|
|
+++ src/rad.kerberos.c Thu Sep 17 18:50:28 1998
|
|
@@ -80,8 +80,8 @@
|
|
|
|
#include <krb.h>
|
|
|
|
-static int krb_pass PROTO((AUTH_REQ *, int, char *,
|
|
- int (*) (AUTH_REQ *, int, char *)));
|
|
+static int krb_pass (AUTH_REQ *, int, char *,
|
|
+ int (*) (AUTH_REQ *, int, char *));
|
|
|
|
extern int debug_flag;
|
|
|
|
@@ -225,8 +225,14 @@
|
|
krbval = INTK_BADPW; /* Fail if type is bad somehow */
|
|
|
|
/* get the ticket */
|
|
- krbval = krb_get_in_tkt (userid, "", realm, "krbtgt", realm,
|
|
+ krbval = krb_get_in_tkt (userid, KRB_INSTANCE, realm, "krbtgt", realm,
|
|
DEFAULT_TKT_LIFE, passwd_to_key, NULL, passwd);
|
|
+ /*
|
|
+ * XXX
|
|
+ * This can be spoofed fairly easily... Should attempt to authenticate
|
|
+ * to some service on this machine (e.g., radius.thishost@REALM)
|
|
+ * in order to ensure that the ticket we just got is really valid.
|
|
+ */
|
|
switch (krbval)
|
|
{
|
|
case INTK_OK:
|
|
@@ -294,6 +300,37 @@
|
|
krbval, userid, realm);
|
|
break;
|
|
}
|
|
+#ifdef M_KERB
|
|
+ /*
|
|
+ * Ticket verification code based loosely on Berkeley klogin.c 8.3
|
|
+ */
|
|
+ if (krbreturn != EV_ACK) {
|
|
+ dest_tkt();
|
|
+ memset(passwd, 0, sizeof passwd);
|
|
+ } else {
|
|
+ struct sockaddr_in sin;
|
|
+ char host[MAXHOSTNAMELEN], *p;
|
|
+ AUTH_DAT authdata;
|
|
+ KTEXT_ST ticket;
|
|
+
|
|
+ krb_get_local_addr(&sin);
|
|
+ gethostname(host, sizeof host);
|
|
+ if ((p = strchr(host, '.')) != 0)
|
|
+ *p = '\0';
|
|
+ krbval = krb_mk_req(&ticket, "radius", host, realm, 33);
|
|
+ if (krbval == KSUCCESS) {
|
|
+ krbval = krb_rd_req(&ticket, "radius", host,
|
|
+ sin.sin_addr.s_addr, &authdata,
|
|
+ "");
|
|
+ }
|
|
+ if (krbval != KSUCCESS) {
|
|
+ logit(LOG_DAEMON, LOG_ERR,
|
|
+ "Kerberos error verifying ticket for %s: %s",
|
|
+ func, krb_err_txt[krbval]);
|
|
+ krbreturn = EV_NAK;
|
|
+ }
|
|
+ }
|
|
+#endif /* M_KERB */
|
|
|
|
dest_tkt (); /* destroy the ticket */
|
|
memset (passwd, 0, sizeof (passwd));
|