Re: patch for net/netatalk and net/netatalk3

Tue, 05 Jul 2016 06:20:08 -0700 

On 2016/07/05 15:07, Nils Frohberg wrote:
> Ping. Updated patch for net/netatalk3 below (REVISION=2).
> 
> (cc maintainter (ajacoutot@))
> 
> > I had another look at the netatalk3 port and came up with the
> > following patch. It works for me but that's not a thorough test
> > (and only for dhx2). It's a more invasive patch than my previous
> > one, but if this is better I can apply the same to net/netatalk.
> > 
> > I looked for the SHADOWPW ifdefs and added an additional
> > getpwnam_shadow(3) call in front of the crypt(3) calls (and one
> > additional one to the clear text pw check). I also memset the
> > pw_passwd fields to 0 and added check for crypt(3) returning NULL.
> > 
> > FWIW, here's the patch:
> 
> diff -ruN net/netatalk3.orig/Makefile net/netatalk3/Makefile
> --- net/netatalk3.orig/Makefile       Tue Jul  5 14:47:24 2016
> +++ net/netatalk3/Makefile    Tue Jul  5 14:47:05 2016
> @@ -3,7 +3,7 @@
>  COMMENT=             AFP file and print services for IP networks
>  
>  V=                   3.1.8
> -REVISION=            1
> +REVISION=            2
>  DISTNAME=            netatalk-${V}
>  EXTRACT_SUFX=                .tar.bz2
>  PKGSPEC =               netatalk->=3,<4
> diff -ruN net/netatalk3.orig/patches/patch-etc_uams_uams_dhx2_passwd_c 
> net/netatalk3/patches/patch-etc_uams_uams_dhx2_passwd_c
> --- net/netatalk3.orig/patches/patch-etc_uams_uams_dhx2_passwd_c      Thu Jan 
>  1 01:00:00 1970
> +++ net/netatalk3/patches/patch-etc_uams_uams_dhx2_passwd_c   Thu Jun  9 
> 16:08:04 2016
> @@ -0,0 +1,26 @@
> +$OpenBSD$
> +--- etc/uams/uams_dhx2_passwd.c.orig Thu Jun  9 15:55:58 2016
> ++++ etc/uams/uams_dhx2_passwd.c      Thu Jun  9 15:59:50 2016
> +@@ -545,12 +545,21 @@ static int logincont2(void *obj _U_, struct passwd **u
> +     /* ---- Start authentication --- */
> +     ret = AFPERR_NOTAUTH;
> + 
> ++    if ((dhxpwd = getpwnam_shadow(dhxpwd->pw_name)) == NULL) {
> ++        LOG(log_info, logtype_uams,
> ++          "could not get shadow passwd for %s", dhxpwd->pw_name);
> ++        ret = AFPERR_NOTAUTH;
> ++        goto exit;
> ++    }
> ++
> +     p = crypt( ibuf, dhxpwd->pw_passwd );
> +     memset(ibuf, 0, 255);
> +-    if ( strcmp( p, dhxpwd->pw_passwd ) == 0 ) {
> ++    if ( (p != NULL) && (strcmp( p, dhxpwd->pw_passwd ) == 0) ) {
> ++        memset(dhxpwd->pw_passwd, 0, strlen(dhxpwd->pw_passwd));
> +         *uam_pwd = dhxpwd;
> +         ret = AFP_OK;
> +     }
> ++    memset(dhxpwd->pw_passwd, 0, strlen(dhxpwd->pw_passwd));

I think only the second memset makes sense here.

> + 
> + #ifdef SHADOWPW
> +     if (( sp = getspnam( dhxpwd->pw_name )) == NULL ) {
> diff -ruN net/netatalk3.orig/patches/patch-etc_uams_uams_dhx_passwd_c 
> net/netatalk3/patches/patch-etc_uams_uams_dhx_passwd_c
> --- net/netatalk3.orig/patches/patch-etc_uams_uams_dhx_passwd_c       Thu Jan 
>  1 01:00:00 1970
> +++ net/netatalk3/patches/patch-etc_uams_uams_dhx_passwd_c    Thu Jun  9 
> 16:11:20 2016
> @@ -0,0 +1,25 @@
> +$OpenBSD$
> +--- etc/uams/uams_dhx_passwd.c.orig  Thu Jun  9 15:59:59 2016
> ++++ etc/uams/uams_dhx_passwd.c       Thu Jun  9 16:11:14 2016
> +@@ -342,12 +342,20 @@ static int passwd_logincont(void *obj, struct passwd *
> +         return AFP_OK;
> +     }
> + #else /* TRU64 */
> ++    if ((dhxpwd = getpwnam_shadow(dhxpwd->pw_name)) == NULL) {
> ++        LOG(log_info, logtype_uams,
> ++          "could not get shadow passwd for %s", dhxpwd->pw_name);
> ++    return (AFPERR_NOTAUTH);
> ++    }
> ++
> +     p = crypt( rbuf, dhxpwd->pw_passwd );
> +     memset(rbuf, 0, PASSWDLEN);
> +-    if ( strcmp( p, dhxpwd->pw_passwd ) == 0 ) {
> ++    if ( (p != NULL) && (strcmp( p, dhxpwd->pw_passwd ) == 0) ) {
> ++      memset(dhxpwd->pw_passwd, 0, strlen(dhxpwd->pw_passwd));
> +       *uam_pwd = dhxpwd;
> +       err = AFP_OK;
> +     }
> ++    memset(dhxpwd->pw_passwd, 0, strlen(dhxpwd->pw_passwd));

and here.

> + #ifdef SHADOWPW
> +     if (( sp = getspnam( dhxpwd->pw_name )) == NULL ) {
> +     LOG(log_info, logtype_uams, "no shadow passwd entry for %s", 
> dhxpwd->pw_name);
> diff -ruN net/netatalk3.orig/patches/patch-etc_uams_uams_passwd_c 
> net/netatalk3/patches/patch-etc_uams_uams_passwd_c
> --- net/netatalk3.orig/patches/patch-etc_uams_uams_passwd_c   Thu Jan  1 
> 01:00:00 1970
> +++ net/netatalk3/patches/patch-etc_uams_uams_passwd_c        Thu Jun  9 
> 17:36:08 2016
> @@ -0,0 +1,37 @@
> +$OpenBSD$
> +--- etc/uams/uams_passwd.c.orig      Thu Dec 11 12:27:44 2014
> ++++ etc/uams/uams_passwd.c   Thu Jun  9 17:34:40 2016
> +@@ -229,11 +229,19 @@ static int passwd_changepw(void *obj, char *username,
> +     pwd->pw_passwd = sp->sp_pwdp;
> + #endif /* SHADOWPW */
> + 
> ++    if ((pwd = getpwnam_shadow(pwd->pw_name)) == NULL) {
> ++        LOG(log_info, logtype_uams,
> ++          "could not get shadow passwd for %s", pwd->pw_name);
> ++        ret = AFPERR_NOTAUTH;
> ++        goto exit;
> ++    }
> ++
> +     p = crypt(pw, pwd->pw_passwd );
> +-    if (strcmp( p, pwd->pw_passwd )) {
> ++    if ((p == NULL) || strcmp( p, pwd->pw_passwd ))) {
> +         memset(pw, 0, sizeof(pw));
> +         return AFPERR_NOTAUTH;
> +     }
> ++    memset(pwd->pw_passwd, 0, strlen(pwd->pw_passwd));
> + 
> +     /* new password */
> +     ibuf += PASSWDLEN;
> +@@ -329,6 +337,12 @@ static int passwd_printer(char  *start, char *stop, cha
> +     }
> + 
> + #endif /* SHADOWPW */
> ++
> ++    if ((pwd = getpwnam_shadow(pwd->pw_name)) == NULL) {
> ++        LOG(log_info, logtype_uams,
> ++          "could not get shadow passwd for %s", pwd->pw_name);
> ++        return(-1);
> ++    }
> + 
> +     if (!pwd->pw_passwd) {
> +         LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no password for 
> %s",
> 

Rest looks good to me, but I'm not running netatalk on OpenBSD
any more so can't test..

Reply via email to