my hacks for merit radius

system admin (root@oscar.centraltx.net)
Tue, 3 Sep 1996 22:58:35 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: System Administration: "Re: your mail"
Previous message: Steven P. Crain: "Re: your mail"

please be kind, this is my first attempt to post a patch ever...

the following patch is what we're using with merit radius 2.4.21 to add the
following:

(note: all of theses are only for doing UNIX-PW authentication, hints on
making this more general welcome)

-DUNIX_SHOW_INVALID_PASSWD

when users attempt to login and their passwd is invalid,
log what they did enter. (makes debuging users
failed logins MUCH easier)

-DUNIX_PASSWD_TO_LOWER
-DUNIX_PASSWD_TO_UPPER
-DUNIX_USERID_TO_LOWER
-DUNIX_USERID_TO_UPPER

used to convert all passwd or userid's to upper or lower case,
respectivly. can be used to fake case insensitivity
if your users use all upper case or all lowercase
for their usernames or passwds.

(note: as this is my first patch, it includes our configuration stuff, cause
I'm not quite comfortable hand editing patches yet...)

diff -u --recursive --new-file oldMeritRadius/Makefile meritRadius/Makefile
--- oldMeritRadius/Makefile Thu Feb 22 13:14:50 1996
+++ meritRadius/Makefile Tue Sep 3 21:57:20 1996
@@ -49,17 +49,17 @@
# Where the configuration files live.
RADDB = ./raddb
# Some installation stuff.
-DAEMON_INSDIR = /usr/private/etc
-BIN_INSDIR = /usr/private/etc
+DAEMON_INSDIR = /usr/local/sbin
+BIN_INSDIR = /usr/local/sbin
MAN_INSDIR = /usr/local/man
-RADDB_INSDIR = /usr/private/etc/raddb
-RADACCT_INSDIR = /usr/private/etc/radacct
+RADDB_INSDIR = /etc/radius/raddb
+RADACCT_INSDIR = /etc/radius/radacct
# The server does not need to be owned by root, unless some shadow password
# scheme needs it. You might create a user id "radius" for just this purpose.
# The O macro is for OSF/1 and HP-UX, see below.
O = -o
-RADOWN = root
-RADGRP = bin
+RADOWN = radius
+RADGRP = radius

# Define COMPRESS to hold the name of your favourite compress program:
#COMPRESS = -DRADIUS_COMPRESS=\"/usr/local/bin/gzip\"
@@ -100,7 +100,15 @@
# radiusd -- the default
#
#--------------------------------------------------------------------------
-DEFS = -DHAVE_SETVBUF -DNOSHADOW $(MERIT) $(STUFF)
+#DEFS = -DHAVE_SETVBUF -DNOSHADOW $(MERIT) $(STUFF)
+#RADLIBS =
+#INCS =
+
+#
+# radiusd -- centraltx setup
+#
+#--------------------------------------------------------------------------
+DEFS = -DHAVE_SETVBUF -DNOSHADOW $(MERIT) $(STUFF) -DUNIX_SHOW_INVALID_PASSWD -DUNIX_PASSWD_TO_LOWER -DUNIX_USERID_TO_LOWER
RADLIBS =
INCS =

@@ -211,12 +219,12 @@
#
#--------------------------------------------------------------------------

-CC = cc
-CFLAGS = -g
-LDFLAGS =
-LIBS =
-RANLIB = ranlib
-INSTALL = /bin/install
+#CC = cc
+#CFLAGS = -g
+#LDFLAGS =
+#LIBS =
+#RANLIB = ranlib
+#INSTALL = /bin/install

#
# Solaris 2.x
@@ -252,14 +260,14 @@
#
#--------------------------------------------------------------------------

-#CC = cc
-#CFLAGS = -g
-#LDFLAGS =
+CC = cc
+CFLAGS = -g -O2
+LDFLAGS =
# pick one
#LIBS = -lshadow
-#LIBS =
-#RANLIB = ranlib
-#INSTALL = /usr/bin/install
+LIBS =
+RANLIB = ranlib
+INSTALL = /usr/bin/install

#
# HP-UX 9.05 (the "O" macro is for HP version of install)
diff -u --recursive --new-file oldMeritRadius/src/authenticate.c meritRadius/src/authenticate.c
--- oldMeritRadius/src/authenticate.c Sat Mar 2 15:56:20 1996
+++ meritRadius/src/authenticate.c Tue Sep 3 21:56:25 1996
@@ -704,6 +704,19 @@
return EV_NAK;
}
/* Get encrypted password from UNIX password file */
+
+#if defined(UNIX_USERID_TO_LOWER)
+
+ lowercase_string(name);
+
+#endif /* UNIX_USERID_TO_LOWER */
+
+#if defined(UNIX_USERID_TO_UPPER)
+
+ upcase_string(name);
+
+#endif /* UNIX_USERID_TO_UPPER */
+
if ((pwd = getpwnam (name)) == NULL)
{
memset ((char *) passwd, '\0', sizeof (passwd));
@@ -770,16 +783,64 @@
}
#endif /* !NOSHADOW */

+/* fuZZy 9-3-96 */
+
+#if defined(UNIX_PASSWD_TO_LOWER)
+
+ lowercase_string(passwd);
+
+#endif /* UNIX_PASSWD_TO_LOWER */
+
+#if defined(UNIX_PASSWD_TO_UPPER)
+
+ upcase_string(passwd);
+
+#endif /* UNIX_PASSWD_TO_UPPER */
+
+/* done fuZZy */
+
/* Run encryption algorithm */
encpw = crypt (passwd, encrypted_pass);

+/* 8-13-96 fuZZy */
+
+#if !defined(UNIX_SHOW_INVALID_PASSWD)
+
memset ((char *) passwd, '\0', sizeof (passwd));

+#endif /* UNIX_SHOW_INVALID_PASSWD */
+
+/* done fuZZy */
+
/* Check it */
if (strcmp (encpw, encrypted_pass))
{
+
+/* fuZZy 9-3-96 */
+
+#if defined(UNIX_SHOW_INVALID_PASSWD)
+
+ logit (LOG_AUTH, LOG_WARNING,
+ "%s: user '%s' attempted to login w/ invalid password '%s'",
+ func, name, passwd);
+
+#endif /* UNIX_SHOW_INVALID_PASSWD */
+
+/* done fuZZy */
+
return EV_NAK;
}
+
+/* 8-13-96 fuZZy */
+
+#if defined(UNIX_SHOW_INVALID_PASSWD)
+
+ memset ((char *) passwd, '\0', sizeof (passwd));
+
+#endif /* UNIX_SHOW_INVALID_PASSWD */
+
+/* done fuZZy */
+
#endif /* ULTRIX_ENHANCED */

/* Don't allow authentication with id "root" */
@@ -837,3 +898,51 @@
return EV_ACK;
#endif /* CHK_SHELLS */
} /* end of unix_pass () */
+
+/*************************************************************************
+ *
+ * Function: upcase_string
+ *
+ * Purpose: change a string to all upper case.
+ *
+ *************************************************************************/
+
+/* upcase_string
+ * Upcase a string in place.
+ */
+
+void
+upcase_string (s)
+char *s;
+{
+ while (*s)
+ {
+ *s = _toupper (*s);
+ s++;
+ }
+
+} /* upcase_string */
+
+/*************************************************************************
+ *
+ * Function: lowercase_string
+ *
+ * Purpose: change a string to all lower case.
+ *
+ *************************************************************************/
+
+/* lowercase_string
+ * Lowercase a string in place.
+ */
+
+void
+lowercase_string (s)
+char *s;
+{
+ while (*s)
+ {
+ *s = _tolower (*s);
+ s++;
+ }
+
+} /* lowercase_string */
diff -u --recursive --new-file oldMeritRadius/src/radius.h meritRadius/src/radius.h
--- oldMeritRadius/src/radius.h Sun Mar 3 09:17:13 1996
+++ meritRadius/src/radius.h Thu Aug 29 00:15:24 1996
@@ -296,11 +296,11 @@
/* Default Database File Names */

#ifndef RADIUS_DIR
-#define RADIUS_DIR "/usr/private/etc/raddb"
+#define RADIUS_DIR "/etc/radius/raddb"
#endif

#ifndef RADACCT_DIR
-#define RADACCT_DIR "/usr/private/etc/radacct"
+#define RADACCT_DIR "/etc/radius/radacct"
#endif

/*
diff -u --recursive --new-file oldMeritRadius/src/sendserver.c meritRadius/src/sendserver.c
--- oldMeritRadius/src/sendserver.c Fri Mar 1 14:13:58 1996
+++ meritRadius/src/sendserver.c Thu Aug 29 00:15:24 1996
@@ -90,7 +90,7 @@
#endif

#ifndef DEFAULT_DIR2
-#define DEFAULT_DIR2 "/usr/private/etc/raddb"
+#define DEFAULT_DIR2 "/radius/etc/raddb"
#endif

extern char ourhostname[MAXHOSTNAMELEN];

fuZZy, da tech support daemon

Next message: System Administration: "Re: your mail"
Previous message: Steven P. Crain: "Re: your mail"