aboutsummaryrefslogtreecommitdiff
path: root/net/radius
diff options
context:
space:
mode:
authorGarrett Wollman <wollman@FreeBSD.org>1997-07-28 15:29:29 +0000
committerGarrett Wollman <wollman@FreeBSD.org>1997-07-28 15:29:29 +0000
commit35d02eb78de79a4b37cd6aa4a2e50ff8a709ec12 (patch)
tree23d1030ef64334d88649a3ddc7bff03c7b36d4c6 /net/radius
parent8b4d4b0b180c43dfc6d66cb58d87887d962ab6dd (diff)
downloadports-35d02eb78de79a4b37cd6aa4a2e50ff8a709ec12.tar.gz
ports-35d02eb78de79a4b37cd6aa4a2e50ff8a709ec12.zip
Notes
Diffstat (limited to 'net/radius')
-rw-r--r--net/radius/files/patch-aa18
-rw-r--r--net/radius/files/patch-ad64
2 files changed, 74 insertions, 8 deletions
diff --git a/net/radius/files/patch-aa b/net/radius/files/patch-aa
index 94b09149a29c..95bc81413f73 100644
--- a/net/radius/files/patch-aa
+++ b/net/radius/files/patch-aa
@@ -1,6 +1,6 @@
diff -ru orig/Makefile ./Makefile
--- orig/Makefile Sun Sep 22 14:00:16 1996
-+++ Makefile Tue Jun 17 16:36:26 1997
++++ Makefile Mon Jul 28 11:07:04 1997
@@ -51,11 +51,11 @@
# Where the configuration files live.
RADDB = ./raddb
@@ -27,7 +27,7 @@ diff -ru orig/Makefile ./Makefile
# Define SRV to hold any combination of server names you'd like to override:
#SRV3 = -DDEFAULT_TACACS_SERVER=\"vms.dns.name\"
-@@ -110,17 +110,21 @@
+@@ -110,17 +110,22 @@
# radiusd -- the default
#
#--------------------------------------------------------------------------
@@ -45,14 +45,15 @@ diff -ru orig/Makefile ./Makefile
-#RADLIBS = /usr/kerberos/lib/libkrb.a /usr/kerberos/lib/libdes.a
-#INCS = -I/usr/kerberos/include
+.if defined(MAKE_EBONES)
-+DEFS = -DHAVE_SETVBUF -DM_KERB -DNOSHADOW $(MERIT) $(STUFF)
++DEFS = -DHAVE_SETVBUF -DM_KERB -DKRB_INSTANCE=\"$(KRB_INSTANCE)\" \
++ -DNOSHADOW $(MERIT) $(STUFF)
+RADLIBS = -lkrb -ldes
+INCS = -I/usr/include/kerberosIV
+.endif
#
# akerb
-@@ -219,12 +223,12 @@
+@@ -219,12 +224,12 @@
#
#--------------------------------------------------------------------------
@@ -71,7 +72,7 @@ diff -ru orig/Makefile ./Makefile
#
# Solaris 2.x
-@@ -304,14 +308,17 @@
+@@ -304,14 +309,17 @@
#
#--------------------------------------------------------------------------
@@ -84,7 +85,7 @@ diff -ru orig/Makefile ./Makefile
-#INSTALL = /usr/bin/install
-
+CC = cc
-+CFLAGS += -DRADIUS_DIR=\"${PREFIX}/lib/radius/db\" \
++CFLAGS += -DRADIUS_DIR=\"${RADDB_INSDIR}\" -DDEFAULT_DIR2=\"${RADDB_INSDIR}\" \
+ -DRADACCT_DIR=\"${PREFIX}/lib/radius/acct\" \
+ -DRADIUS_COMPRESS=\"/usr/bin/gzip\" \
+ $(DEFS) $(INCS)
@@ -97,7 +98,7 @@ diff -ru orig/Makefile ./Makefile
#
# AIX 3.2.5 (if using xlc(1) add -D_ALL_SOURCE to CFLAGS below)
#
-@@ -604,8 +611,6 @@
+@@ -604,8 +612,6 @@
$(MAN_INSDIR)/man5/clients.5
$(INSTALL) $(M) 644 $(O) $(RADOWN) $(G) $(RADGRP) $(MAN)/dictionary.5 \
$(MAN_INSDIR)/man5/dictionary.5
@@ -106,7 +107,7 @@ diff -ru orig/Makefile ./Makefile
$(INSTALL) $(M) 644 $(O) $(RADOWN) $(G) $(RADGRP) $(MAN)/radius.fsm.5 \
$(MAN_INSDIR)/man5/radius.fsm.5
$(INSTALL) $(M) 644 $(O) $(RADOWN) $(G) $(RADGRP) $(MAN)/users.5 \
-@@ -625,17 +630,17 @@
+@@ -625,17 +631,17 @@
/bin/mkdir -p $(RADDB_INSDIR) ;\
fi
$(INSTALL) $(M) 660 $(O) $(RADOWN) $(G) $(RADGRP) $(RADDB)/authfile \
@@ -130,3 +131,4 @@ diff -ru orig/Makefile ./Makefile
-if [ ! -d $(RADACCT_INSDIR) ] ;\
then \
/bin/mkdir -p $(RADACCT_INSDIR) ;\
+
diff --git a/net/radius/files/patch-ad b/net/radius/files/patch-ad
new file mode 100644
index 000000000000..535bd0f0aa90
--- /dev/null
+++ b/net/radius/files/patch-ad
@@ -0,0 +1,64 @@
+diff -ru orig/src/rad.kerberos.c ./src/rad.kerberos.c
+--- orig/src/rad.kerberos.c Wed Sep 18 11:34:21 1996
++++ src/rad.kerberos.c Sat Jul 26 17:33:30 1997
+@@ -177,7 +177,8 @@
+ #if defined(M_KERB)
+ if (strcmp (authreq->direct_aatv->id, "MKERB") == 0)
+ {
+- krbval = krb_get_in_tkt (userid, "", realm, "krbtgt", realm,
++ krbval = krb_get_in_tkt (userid, KRB_INSTANCE, realm, "krbtgt",
++ realm,
+ DEFAULT_TKT_LIFE, mit_passwd_to_key,
+ NULL, passwd);
+ }
+@@ -192,6 +193,12 @@
+ }
+ #endif /* A_KERB */
+
++ /*
++ * XXX
++ * This can be spoofed fairly easily... Should attempt to authenticate
++ * to some service on this machine (e.g., radius.thishost@REALM)
++ * in order to ensure that the ticket we just got is really valid.
++ */
+ switch (krbval)
+ {
+ case INTK_OK:
+@@ -207,6 +214,37 @@
+ func, krbval);
+ break;
+ }
++#ifdef M_KERB
++ /*
++ * Ticket verification code based loosely on Berkeley klogin.c 8.3
++ */
++ if (krbreturn != EV_ACK) {
++ dest_tkt();
++ memset(passwd, 0, sizeof passwd);
++ } else {
++ struct sockaddr_in sin;
++ char host[MAXHOSTNAMELEN], *p;
++ AUTH_DAT authdata;
++ KTEXT_ST ticket;
++
++ krb_get_local_addr(&sin);
++ gethostname(host, sizeof host);
++ if ((p = strchr(host, '.')) != 0)
++ *p = '\0';
++ krbval = krb_mk_req(&ticket, "radius", host, realm, 33);
++ if (krbval == KSUCCESS) {
++ krbval = krb_rd_req(&ticket, "radius", host,
++ sin.sin_addr.s_addr, &authdata,
++ "");
++ }
++ if (krbval != KSUCCESS) {
++ logit(LOG_DAEMON, LOG_ERR,
++ "Kerberos error verifying ticket for %s: %s",
++ func, krb_err_txt[krbval]);
++ krbreturn = EV_NAK;
++ }
++ }
++#endif /* M_KERB */
+
+ dest_tkt (); /* destroy the ticket */
+ memset (passwd, 0, sizeof (passwd));