--- /dev/null
+--- mod_auth_yp.c Sun Nov 23 00:26:37 2003
++++ mod_auth_yp.c.sz Sun Nov 23 00:24:18 2003
+@@ -34,6 +34,7 @@
+ typedef struct auth_yp_config_struct {
+ char *auth_yp_domain;
+ char *auth_yp_pwtable;
++ char *auth_yp_shtable;
+ char *auth_yp_grptable;
+ int auth_yp_authoritative;
+ int auth_yp;
+@@ -45,9 +46,10 @@
+ (auth_yp_config_rec *) ap_pcalloc(p, sizeof(auth_yp_config_rec));
+ sec->auth_yp_domain = NULL;
+ sec->auth_yp_pwtable = NULL; /* just to illustrate the default really */
++ sec->auth_yp_shtable = NULL;
+ sec->auth_yp_grptable = NULL; /* unless you have a broken HP cc */
+ sec->auth_yp_authoritative = 1; /* keep the fortress secure by default */
+- sec->auth_yp = NULL;
++ sec->auth_yp = 0;
+ return sec;
+ }
+
+@@ -64,7 +66,10 @@
+ "NIS domain name"},
+ {"AuthYPUserTable", set_auth_yp_slot,
+ (void *) XtOffsetOf(auth_yp_config_rec, auth_yp_pwtable), OR_AUTHCFG, TAKE1,
+- "NIS table containing user IDs and passwords"},
++ "NIS table containing user IDs, user groups and passwords"},
++ {"AuthYPShadowTable", set_auth_yp_slot,
++ (void *) XtOffsetOf(auth_yp_config_rec, auth_yp_shtable), OR_AUTHCFG, TAKE1,
++ "NIS table containing usernames and passwords"},
+ {"AuthYPGroupTable", set_auth_yp_slot,
+ (void *) XtOffsetOf(auth_yp_config_rec, auth_yp_grptable), OR_AUTHCFG, TAKE1,
+ "NIS table containing group names and member user IDs"},
+@@ -99,29 +104,41 @@
+ }
+ }
+
+-static char *user_in_yp_group(request_rec *r, const char *group_to_check, char *auth_yp_grptable, char *auth_yp_domain)
++static char *user_in_yp_group(request_rec *r, const char *group_to_check, char *auth_yp_pwtable, char *auth_yp_grptable, char *auth_yp_domain)
+ {
+ char *user=r->connection->user;
+-char *domainname, *value, *groups;
+-char groupline[MAX_STRING_LEN], uname[MAX_STRING_LEN];
++char *domainname, *value, *groups, *usergroup;
++char groupline[MAX_STRING_LEN], userline[MAX_STRING_LEN], uname[MAX_STRING_LEN];
+ int err, valuelen, unameidx, colons;
++int gid, ugid;
++char *gididx, *ugididx;
+
+ domainname=get_yp_domain(r, auth_yp_domain);
+ if(!domainname) return NULL;
+
+ if(!auth_yp_grptable) auth_yp_grptable="group.byname";
++if(!auth_yp_pwtable) auth_yp_pwtable="passwd.byname";
+
+ err=yp_match(domainname, auth_yp_grptable, group_to_check, strlen(group_to_check), &value, &valuelen);
+-if(err != 0)
+- {
++if(err != 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "%s", yperr_string(err) );
+ return NULL;
+- }
++}
+
+ strncpy(groupline, value, valuelen);
+ groupline[valuelen]=(char)NULL;
+-for(colons=3, groups=groupline; colons; groups++)
+- if(*groups == ':') colons--;
++
++for(colons=2, groups=groupline; colons; groups++)
++ if(*groups == ':') colons--;
++
++gididx = groups;
++while(isdigit((int)*groups)) {
++ groups++;
++}
++*groups = (char)NULL;
++gid = atoi(gididx);
++
++groups++;
+
+ while(isprint((int)*groups))
+ {
+@@ -137,10 +154,36 @@
+ if(!strcmp(user, uname))
+ {
+ /* printf("Found %s\n", argv[2]); */
+- return group_to_check;
++ return (char *)group_to_check;
+ }
+ }
+ /* printf("Unable to find %s\n", argv[2]); */
++// return NULL;
++// je¶li nie ma w group.byname
++
++err=yp_match(domainname, auth_yp_pwtable, user, strlen(user), &value, &valuelen);
++if(err != 0)
++ {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "%s", yperr_string(err) );
++ return NULL;
++ }
++strncpy(userline, value, valuelen);
++userline[valuelen]=(char)NULL;
++
++for(colons=3, usergroup=userline; colons; usergroup++)
++ if(*usergroup == ':') colons--;
++
++ugididx = usergroup;
++
++while(isdigit((int)*usergroup)) {
++ usergroup++;
++}
++*usergroup = (char)NULL;
++ugid = atoi(ugididx);
++
++if (ugid == gid) {
++ return (char*) group_to_check;
++}
+ return NULL;
+ }
+
+@@ -202,7 +245,7 @@
+ /* If YP is not enabled - IanP */
+ if(!sec->auth_yp) return DECLINED;
+
+- if (!(real_pw = get_pw(r, c->user, sec->auth_yp_pwtable, sec->auth_yp_domain))) {
++ if (!(real_pw = get_pw(r, c->user, (sec->auth_yp_shtable ? sec->auth_yp_shtable : sec->auth_yp_pwtable) , sec->auth_yp_domain))) {
+ if (!(sec->auth_yp_authoritative))
+ return DECLINED;
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+@@ -271,7 +314,7 @@
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t); /* w=group name - IanP */
+ /* New Function - IanP */
+- if(user_in_yp_group(r, w, sec->auth_yp_grptable, sec->auth_yp_domain))
++ if(user_in_yp_group(r, w, sec->auth_yp_pwtable, sec->auth_yp_grptable, sec->auth_yp_domain))
+ return OK;
+ }
+ } else if (sec->auth_yp_authoritative) {
--- /dev/null
+--- mod_auth_yp.c Sun Nov 23 00:26:37 2003
++++ mod_auth_yp.c.sz Sun Nov 23 00:24:18 2003
+@@ -34,6 +34,7 @@
+ typedef struct auth_yp_config_struct {
+ char *auth_yp_domain;
+ char *auth_yp_pwtable;
++ char *auth_yp_shtable;
+ char *auth_yp_grptable;
+ int auth_yp_authoritative;
+ int auth_yp;
+@@ -45,9 +46,10 @@
+ (auth_yp_config_rec *) ap_pcalloc(p, sizeof(auth_yp_config_rec));
+ sec->auth_yp_domain = NULL;
+ sec->auth_yp_pwtable = NULL; /* just to illustrate the default really */
++ sec->auth_yp_shtable = NULL;
+ sec->auth_yp_grptable = NULL; /* unless you have a broken HP cc */
+ sec->auth_yp_authoritative = 1; /* keep the fortress secure by default */
+- sec->auth_yp = NULL;
++ sec->auth_yp = 0;
+ return sec;
+ }
+
+@@ -64,7 +66,10 @@
+ "NIS domain name"},
+ {"AuthYPUserTable", set_auth_yp_slot,
+ (void *) XtOffsetOf(auth_yp_config_rec, auth_yp_pwtable), OR_AUTHCFG, TAKE1,
+- "NIS table containing user IDs and passwords"},
++ "NIS table containing user IDs, user groups and passwords"},
++ {"AuthYPShadowTable", set_auth_yp_slot,
++ (void *) XtOffsetOf(auth_yp_config_rec, auth_yp_shtable), OR_AUTHCFG, TAKE1,
++ "NIS table containing usernames and passwords"},
+ {"AuthYPGroupTable", set_auth_yp_slot,
+ (void *) XtOffsetOf(auth_yp_config_rec, auth_yp_grptable), OR_AUTHCFG, TAKE1,
+ "NIS table containing group names and member user IDs"},
+@@ -99,29 +104,41 @@
+ }
+ }
+
+-static char *user_in_yp_group(request_rec *r, const char *group_to_check, char *auth_yp_grptable, char *auth_yp_domain)
++static char *user_in_yp_group(request_rec *r, const char *group_to_check, char *auth_yp_pwtable, char *auth_yp_grptable, char *auth_yp_domain)
+ {
+ char *user=r->connection->user;
+-char *domainname, *value, *groups;
+-char groupline[MAX_STRING_LEN], uname[MAX_STRING_LEN];
++char *domainname, *value, *groups, *usergroup;
++char groupline[MAX_STRING_LEN], userline[MAX_STRING_LEN], uname[MAX_STRING_LEN];
+ int err, valuelen, unameidx, colons;
++int gid, ugid;
++char *gididx, *ugididx;
+
+ domainname=get_yp_domain(r, auth_yp_domain);
+ if(!domainname) return NULL;
+
+ if(!auth_yp_grptable) auth_yp_grptable="group.byname";
++if(!auth_yp_pwtable) auth_yp_pwtable="passwd.byname";
+
+ err=yp_match(domainname, auth_yp_grptable, group_to_check, strlen(group_to_check), &value, &valuelen);
+-if(err != 0)
+- {
++if(err != 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "%s", yperr_string(err) );
+ return NULL;
+- }
++}
+
+ strncpy(groupline, value, valuelen);
+ groupline[valuelen]=(char)NULL;
+-for(colons=3, groups=groupline; colons; groups++)
+- if(*groups == ':') colons--;
++
++for(colons=2, groups=groupline; colons; groups++)
++ if(*groups == ':') colons--;
++
++gididx = groups;
++while(isdigit((int)*groups)) {
++ groups++;
++}
++*groups = (char)NULL;
++gid = atoi(gididx);
++
++groups++;
+
+ while(isprint((int)*groups))
+ {
+@@ -137,10 +154,36 @@
+ if(!strcmp(user, uname))
+ {
+ /* printf("Found %s\n", argv[2]); */
+- return group_to_check;
++ return (char *)group_to_check;
+ }
+ }
+ /* printf("Unable to find %s\n", argv[2]); */
++// return NULL;
++// je¶li nie ma w group.byname
++
++err=yp_match(domainname, auth_yp_pwtable, user, strlen(user), &value, &valuelen);
++if(err != 0)
++ {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "%s", yperr_string(err) );
++ return NULL;
++ }
++strncpy(userline, value, valuelen);
++userline[valuelen]=(char)NULL;
++
++for(colons=3, usergroup=userline; colons; usergroup++)
++ if(*usergroup == ':') colons--;
++
++ugididx = usergroup;
++
++while(isdigit((int)*usergroup)) {
++ usergroup++;
++}
++*usergroup = (char)NULL;
++ugid = atoi(ugididx);
++
++if (ugid == gid) {
++ return (char*) group_to_check;
++}
+ return NULL;
+ }
+
+@@ -202,7 +245,7 @@
+ /* If YP is not enabled - IanP */
+ if(!sec->auth_yp) return DECLINED;
+
+- if (!(real_pw = get_pw(r, c->user, sec->auth_yp_pwtable, sec->auth_yp_domain))) {
++ if (!(real_pw = get_pw(r, c->user, (sec->auth_yp_shtable ? sec->auth_yp_shtable : sec->auth_yp_pwtable) , sec->auth_yp_domain))) {
+ if (!(sec->auth_yp_authoritative))
+ return DECLINED;
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+@@ -271,7 +314,7 @@
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t); /* w=group name - IanP */
+ /* New Function - IanP */
+- if(user_in_yp_group(r, w, sec->auth_yp_grptable, sec->auth_yp_domain))
++ if(user_in_yp_group(r, w, sec->auth_yp_pwtable, sec->auth_yp_grptable, sec->auth_yp_domain))
+ return OK;
+ }
+ } else if (sec->auth_yp_authoritative) {
projects / packages / apache1-mod_auth_yp.git / commitdiff