1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-14 23:46:10 +00:00
freebsd-ports/net/radius/files/patch-ad
Jun Kuriyama c9b41dd6a7 I've checked and make changes from submittion as following patch.
(1) PKGNAME satisfies handbook rule.
(2) @dirrm lib/radius fails when lib/radius/acct exists.

Submitted by:	Stefan Esser <se@mi.uni-koeln.de>

-----
diff -urN -x CVS merit/Makefile radius/Makefile
--- merit/Makefile	Fri Sep 18 02:00:05 1998
+++ radius/Makefile	Wed Oct  7 23:54:43 1998
@@ -7,7 +7,7 @@
 #

 DISTNAME=	radius.3.6B.basic
-PKGNAME=	radius-3.6B.basic
+PKGNAME=	radius-basic-3.6B
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.merit.edu/radius/releases/

diff -urN -x CVS merit/pkg/PLIST radius/pkg/PLIST
--- merit/pkg/PLIST	Fri Sep 18 01:58:28 1998
+++ radius/pkg/PLIST	Wed Oct  7 23:51:47 1998
@@ -12,4 +12,5 @@
 lib/radius/db/engine.config.sample
 lib/radius/db/vendors.sample
 @dirrm lib/radius/db
+@dirrm lib/radius/acct
 @dirrm lib/radius
-----
1998-10-08 14:49:28 +00:00

68 lines
1.8 KiB
Plaintext

--- src/rad.kerberos.c~ Fri Jun 26 00:40:50 1998
+++ src/rad.kerberos.c Thu Sep 17 18:50:28 1998
@@ -80,8 +80,8 @@
#include <krb.h>
-static int krb_pass PROTO((AUTH_REQ *, int, char *,
- int (*) (AUTH_REQ *, int, char *)));
+static int krb_pass (AUTH_REQ *, int, char *,
+ int (*) (AUTH_REQ *, int, char *));
extern int debug_flag;
@@ -225,8 +225,14 @@
krbval = INTK_BADPW; /* Fail if type is bad somehow */
/* get the ticket */
- krbval = krb_get_in_tkt (userid, "", realm, "krbtgt", realm,
+ krbval = krb_get_in_tkt (userid, KRB_INSTANCE, realm, "krbtgt", realm,
DEFAULT_TKT_LIFE, passwd_to_key, NULL, passwd);
+ /*
+ * XXX
+ * This can be spoofed fairly easily... Should attempt to authenticate
+ * to some service on this machine (e.g., radius.thishost@REALM)
+ * in order to ensure that the ticket we just got is really valid.
+ */
switch (krbval)
{
case INTK_OK:
@@ -294,6 +300,37 @@
krbval, userid, realm);
break;
}
+#ifdef M_KERB
+ /*
+ * Ticket verification code based loosely on Berkeley klogin.c 8.3
+ */
+ if (krbreturn != EV_ACK) {
+ dest_tkt();
+ memset(passwd, 0, sizeof passwd);
+ } else {
+ struct sockaddr_in sin;
+ char host[MAXHOSTNAMELEN], *p;
+ AUTH_DAT authdata;
+ KTEXT_ST ticket;
+
+ krb_get_local_addr(&sin);
+ gethostname(host, sizeof host);
+ if ((p = strchr(host, '.')) != 0)
+ *p = '\0';
+ krbval = krb_mk_req(&ticket, "radius", host, realm, 33);
+ if (krbval == KSUCCESS) {
+ krbval = krb_rd_req(&ticket, "radius", host,
+ sin.sin_addr.s_addr, &authdata,
+ "");
+ }
+ if (krbval != KSUCCESS) {
+ logit(LOG_DAEMON, LOG_ERR,
+ "Kerberos error verifying ticket for %s: %s",
+ func, krb_err_txt[krbval]);
+ krbreturn = EV_NAK;
+ }
+ }
+#endif /* M_KERB */
dest_tkt (); /* destroy the ticket */
memset (passwd, 0, sizeof (passwd));