Re: Little update to authpf
Hi, About a year ago I've sent a simple patch for authpf, which adds some nice (as I think) feature to authpf. My patch was reviewed and extended (and corrected) by couple of people, but since then did not get into cvs. So now is my second try. I'd really like to get this kind of functionality in authpf. And now the details: - authpf can show a message to an user successfully logged in - this message is read from /etc/authpf/authpf.message - the message is the same for every user - i'll want to change it ;-) Patch (in the form proposed here on list last year) is below. This time I've added adequate manpage changes. -- Greetings Rafal Bisingier Index: authpf.8 === RCS file: /cvs/src/usr.sbin/authpf/authpf.8,v retrieving revision 1.47 diff -u -r1.47 authpf.8 --- authpf.86 Jan 2009 03:11:50 - 1.47 +++ authpf.86 Sep 2009 22:29:19 - @@ -178,9 +178,13 @@ On successful invocation, .Nm displays a message telling the user he or she has been authenticated. -It will additionally display the contents of the file -.Pa /etc/authpf/authpf.message -if the file exists and is readable. +It will additionally display the contents of the file called +.Pa authpf.message . +This file will first be searched for in +.Pa /etc/authpf/users/$USER/ +and then in +.Pa /etc/authpf/ . +Only first of these files will be used if both are present. .Pp There exist two methods for providing additional granularity to the control offered by Index: authpf.c === RCS file: /cvs/src/usr.sbin/authpf/authpf.c,v retrieving revision 1.112 diff -u -r1.112 authpf.c --- authpf.c10 Jan 2009 19:08:53 - 1.112 +++ authpf.c6 Sep 2009 22:29:19 - @@ -320,10 +320,20 @@ } while (1) { + struct stat sb; + char *path_message; printf(\r\nHello %s. , luser); printf(You are authenticated from host \%s\\r\n, ipsrc); setproctitle(%...@%s, luser, ipsrc); - print_message(PATH_MESSAGE); + if (asprintf(path_message, %s/%s/authpf.message, + PATH_USER_DIR, luser) == -1) + do_death(1); + if (stat(path_message, sb) == -1 || ! S_ISREG(sb.st_mode)) { + free(path_message); + if ((path_message = strdup(PATH_MESSAGE)) == NULL) + do_death(1); + } + print_message(path_message); while (1) { sleep(10); if (want_death)
Re: Little update to authpf
hmm, on Sun, Sep 06, 2009 at 11:15:36PM +0200, Rafal Bisingier said that + struct stat sb; + char *path_message; printf(\r\nHello %s. , luser); printf(You are authenticated from host \%s\\r\n, ipsrc); setproctitle(%...@%s, luser, ipsrc); wouldn't it make sense to make all the messages configurable? (as authpf might be used in ISP environments) -f -- monotheism is a gift from the gods.
Little update to authpf
Hi all, I do not know if this is the correct list, or even method to send patches, but did not found anything appropriate on the OpenBSD website. I'd like to propose a little feature enhancement for the authpf. Here are the details: - authpf can show a message to an user successfully logged in - this message is read from /etc/authpf/authpf.message - the message is the same for every user - i'll want to change it ;-) Below is a patch which change current behavior, so that the message is searched first in the /etc/authpf/USER dir, and if it's not found there, then the old behavior is used (so fully backward compatible). The patch looks very simple, but I did NOT tested it at all! Anyway it would be nice, if something like this make it's way into the HEAD. ;-) PS. Sorry for any language errors -- Greetings Rafal Bisingier diff -u authpf.c.orig authpf.c --- authpf.c.orig 2008-09-09 17:23:43.315714111 +0200 +++ authpf.c2008-09-10 21:07:06.258107858 +0200 @@ -314,10 +314,16 @@ signal(SIGQUIT, need_death); signal(SIGTSTP, need_death); while (1) { + char*fn = NULL; printf(\r\nHello %s. , luser); printf(You are authenticated from host \%s\\r\n, ipsrc); setproctitle([EMAIL PROTECTED], luser, ipsrc); - print_message(PATH_MESSAGE); + if (asprintf(fn, %s/%s/authpf.message, + PATH_USER_DIR, luser) == -1) + print_message(PATH_MESSAGE); + else + print_message(fn); + free(fn); while (1) { sleep(10); if (want_death)
Re: Little update to authpf
On Thu, Sep 11, 2008 at 2:09 PM, Rafal Bisingier [EMAIL PROTECTED]wrote: Below is a patch which change current behavior, so that the message is searched first in the /etc/authpf/USER dir, and if it's not found Would/etc/authpf/authpf.USER.messagenot be better? Sample change if (asprintf(fn, %s/authpf.%s.message, PATH_USER_DIR, luser) == -1) print_message(PATH_MESSAGE); else print_message(fn); Sample change Please bear in mind that I can at best read C so the above is probably wrong.
Re: Little update to authpf
Hi, On Thu, 11 Sep 2008 14:26:42 +0200 Ross Cameron [EMAIL PROTECTED] wrote: On Thu, Sep 11, 2008 at 2:09 PM, Rafal Bisingier [EMAIL PROTECTED]wrote: Below is a patch which change current behavior, so that the message is searched first in the /etc/authpf/USER dir, and if it's not found Would/etc/authpf/authpf.USER.messagenot be better? Sample change if (asprintf(fn, %s/authpf.%s.message, PATH_USER_DIR, luser) == -1) print_message(PATH_MESSAGE); else print_message(fn); Sample change Please bear in mind that I can at best read C so the above is probably wrong. Well, the /etc/authpf/user directory is already used for storing per user rules, and some other info, so adding there a message-file looks sensible for me... ;-) -- Greetings Rafal Bisingier
Re: Little update to authpf
I think you might want to check to see if the file exists not just if the asprintf succeeds.. But yes I do agree this is useful functionality that I've tested quite thoroughly... Index: authpf.c === RCS file: /cvs/src/usr.sbin/authpf/authpf.c,v retrieving revision 1.107 diff -u -r1.107 authpf.c --- authpf.c14 Feb 2008 01:49:17 - 1.107 +++ authpf.c11 Sep 2008 12:49:09 - @@ -314,10 +314,22 @@ signal(SIGQUIT, need_death); signal(SIGTSTP, need_death); while (1) { + struct stat sb; + char *path_message; + printf(\r\nHello %s. , luser); printf(You are authenticated from host \%s\\r\n, ipsrc); setproctitle([EMAIL PROTECTED], luser, ipsrc); - print_message(PATH_MESSAGE); + + if (asprintf(path_message, %s/%s/authpf.message, + PATH_USER_DIR, luser) == -1) + do_death(1); + if (stat(path_message, sb) == -1) { + free(path_message); + if ((path_message = strdup(PATH_MESSAGE)) == NULL) + do_death(1); + } + print_message(path_message); while (1) { sleep(10); if (want_death) -- Todd Fries .. [EMAIL PROTECTED] _ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | ..in support of free software solutions. \ 250797 (FWD) | \ \\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Rafal Bisingier on 20080911 14:09.42, we have: | Hi all, | | I do not know if this is the correct list, or even method to send | patches, but did not found anything appropriate on the OpenBSD website. | | I'd like to propose a little feature enhancement for the authpf. Here | are the details: | - authpf can show a message to an user successfully logged in | - this message is read from /etc/authpf/authpf.message | - the message is the same for every user | - i'll want to change it ;-) | | Below is a patch which change current behavior, so that the message is | searched first in the /etc/authpf/USER dir, and if it's not found | there, then the old behavior is used (so fully backward compatible). | The patch looks very simple, but I did NOT tested it at all! Anyway it | would be nice, if something like this make it's way into the HEAD. ;-) | | PS. Sorry for any language errors | | -- | Greetings | Rafal Bisingier | | | diff -u authpf.c.orig authpf.c | --- authpf.c.orig 2008-09-09 17:23:43.315714111 +0200 | +++ authpf.c 2008-09-10 21:07:06.258107858 +0200 | @@ -314,10 +314,16 @@ | signal(SIGQUIT, need_death); | signal(SIGTSTP, need_death); | while (1) { | + char*fn = NULL; | printf(\r\nHello %s. , luser); | printf(You are authenticated from host \%s\\r\n, | ipsrc); setproctitle([EMAIL PROTECTED], luser, ipsrc); | - print_message(PATH_MESSAGE); | + if (asprintf(fn, %s/%s/authpf.message, | + PATH_USER_DIR, luser) == -1) | + print_message(PATH_MESSAGE); | + else | + print_message(fn); | + free(fn); | while (1) { | sleep(10); | if (want_death)
Re: Little update to authpf
Hi! On Thu, Sep 11, 2008 at 07:52:14AM -0500, Todd T. Fries wrote: I think you might want to check to see if the file exists not just if the asprintf succeeds.. But yes I do agree this is useful functionality that I've tested quite thoroughly... Another nit in the patch: Index: authpf.c === RCS file: /cvs/src/usr.sbin/authpf/authpf.c,v retrieving revision 1.107 diff -u -r1.107 authpf.c --- authpf.c 14 Feb 2008 01:49:17 - 1.107 +++ authpf.c 11 Sep 2008 12:49:09 - @@ -314,10 +314,22 @@ signal(SIGQUIT, need_death); signal(SIGTSTP, need_death); while (1) { + struct stat sb; + char *path_message; + printf(\r\nHello %s. , luser); printf(You are authenticated from host \%s\\r\n, ipsrc); setproctitle([EMAIL PROTECTED], luser, ipsrc); - print_message(PATH_MESSAGE); + + if (asprintf(path_message, %s/%s/authpf.message, + PATH_USER_DIR, luser) == -1) + do_death(1); + if (stat(path_message, sb) == -1) { How about checking whether it's a regular file, too? if (stat(path_message, sb) == -1 || ! S_ISREG(sb.st_mode)) { ... } [...] Kind regards, Hannah.
Re: Little update to authpf
* Hannah Schroeter [EMAIL PROTECTED] [2008-09-11 15:20]: Hi! On Thu, Sep 11, 2008 at 07:52:14AM -0500, Todd T. Fries wrote: I think you might want to check to see if the file exists not just if the asprintf succeeds.. But yes I do agree this is useful functionality that I've tested quite thoroughly... Another nit in the patch: Index: authpf.c === RCS file: /cvs/src/usr.sbin/authpf/authpf.c,v retrieving revision 1.107 diff -u -r1.107 authpf.c --- authpf.c 14 Feb 2008 01:49:17 - 1.107 +++ authpf.c 11 Sep 2008 12:49:09 - @@ -314,10 +314,22 @@ signal(SIGQUIT, need_death); signal(SIGTSTP, need_death); while (1) { +struct stat sb; +char *path_message; + printf(\r\nHello %s. , luser); printf(You are authenticated from host \%s\\r\n, ipsrc); setproctitle([EMAIL PROTECTED], luser, ipsrc); -print_message(PATH_MESSAGE); + +if (asprintf(path_message, %s/%s/authpf.message, +PATH_USER_DIR, luser) == -1) +do_death(1); +if (stat(path_message, sb) == -1) { How about checking whether it's a regular file, too? to preven symlinks? nah... -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Little update to authpf
Hi! On Thu, Sep 11, 2008 at 03:28:07PM +0200, Henning Brauer wrote: * Hannah Schroeter [EMAIL PROTECTED] [2008-09-11 15:20]: On Thu, Sep 11, 2008 at 07:52:14AM -0500, Todd T. Fries wrote: I think you might want to check to see if the file exists not just if the asprintf succeeds.. But yes I do agree this is useful functionality that I've tested quite thoroughly... Another nit in the patch: Index: authpf.c === RCS file: /cvs/src/usr.sbin/authpf/authpf.c,v retrieving revision 1.107 diff -u -r1.107 authpf.c --- authpf.c14 Feb 2008 01:49:17 - 1.107 +++ authpf.c11 Sep 2008 12:49:09 - @@ -314,10 +314,22 @@ signal(SIGQUIT, need_death); signal(SIGTSTP, need_death); while (1) { + struct stat sb; + char *path_message; + printf(\r\nHello %s. , luser); printf(You are authenticated from host \%s\\r\n, ipsrc); setproctitle([EMAIL PROTECTED], luser, ipsrc); - print_message(PATH_MESSAGE); + + if (asprintf(path_message, %s/%s/authpf.message, + PATH_USER_DIR, luser) == -1) + do_death(1); + if (stat(path_message, sb) == -1) { How about checking whether it's a regular file, too? to preven symlinks? nah... stat follows symlinks, so that's no problem. However it'll prevent directories, pipes, sockets and devices. Kind regards, Hannah.
Re: Little update to authpf
* Hannah Schroeter [EMAIL PROTECTED] [2008-09-11 15:56]: How about checking whether it's a regular file, too? to preven symlinks? nah... stat follows symlinks, so that's no problem. However it'll prevent directories, pipes, sockets and devices. d'oh. of course. ignore me. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Little update to authpf
Hi, On Thu, 11 Sep 2008 07:52:14 -0500 Todd T. Fries [EMAIL PROTECTED] wrote: I think you might want to check to see if the file exists not just if the asprintf succeeds.. Yes, that's a really good idea... ;-) But yes I do agree this is useful functionality that I've tested quite thoroughly... So, will it be available in OpenBSD 4.5? ;-) -- Greetings Rafal Bisingier