mike@relgyro.stanford.edu (Mike Macgirvin) (09/09/89)
Here are the diffs to the hack I did to r_pcnfsd.c to allow acces to other than the default group. It is a terrible hack, but accomplishes the intended task on PCNFS version 3.0 or less. I recommend that anybody interested in this feature upgrade to 3.0.1. This was supplied per Geoff's request on rolling all this stuff together. Again, this is only a hack. I don't care if this stuff is added to the official patches. Description: On PCNFS version 3.0 or earlier, the DOS user only has access to ONE group, the default group from the passwd file. Files to which they normally have access under Unix because of group permissions, are not accessible under DOS. This modification to r_pcnfsd.c allows the user to log in to a different group by clever trickery of the NET NAME command. The key is to supply NET NAME with a name AND group separated by a backslash. There is a limit to 8 characters that are transmitted by DOS to the authentication procedure, so names and groups can be designated by NUMBER, as well as name. Example: NET NAME mike\30 * This logs me in as 'mike' with access to group '30' rather than my default. NET NAME mike * works as before to log me into my default group. Assuming my UID is '20', I can also use: NET NAME 20\30 * to access group '30'. If group '30' is named 'foo', I could use: NET NAME mike\foo * The problem arises using: NET NAME mike\staff * because 'mike\staff' is greater than 8 characters and will be truncated by the sending PC. Using numeric 0 for UID or GID is not allowed by the software; this was a side effect of the pretzel logic, but turned out not to be a bad idea. Root can still log in by name, but not to group wheel. ------cut--------diff starts here ------------------------------------ 101d100 < #include <grp.h> 109d107 < 494d491 < char *newgroup = username; 496,501c493 < int cnt; < int setgroup = 0; /* flag, are we changing groups? */ < int gid = 0; < int uid = (-1); < struct passwd *pwent, *getpwuid(), *getpwnam(); < struct group *grent, *getgrgid(), *getgrnam(); --- > struct passwd *p; 504,506c496,498 < pwent = getpwnam("nobody"); < r.ar_uid = pwent ? pwent->pw_uid : -2; < r.ar_gid = pwent ? pwent->pw_gid : -2; --- > p = getpwnam ("nobody"); > r.ar_uid = p ? p -> pw_uid : -2; > r.ar_gid = p ? p -> pw_gid : -2; 510,526d501 < for(cnt = 0;(username[cnt]);cnt ++) < if(username[cnt] == '\\') /* look for backslash */ < { < username[cnt] = 0; /* we're changing groups */ < newgroup = &username[cnt+1]; < setgroup = 1; < } < if(uid = atoi(username)) /* find uid by name or number */ < { < if((pwent = getpwuid(uid)) == NULL) < return((char *) &r); < } < else < { < if((pwent = getpwnam(username)) == NULL) < return((char *) &r); < } 527a503,508 > if (buggit) > fprintf(stderr, "AUTHPROC username=%s\n", username); > > p = getpwnam(username); > if (p == NULL) > return ((char *) &r); 529c510 < c2 = strlen(pwent->pw_passwd); --- > c2 = strlen(p->pw_passwd); 531,553c512,514 < (strcmp(pwent->pw_passwd, crypt(password, pwent->pw_passwd)))) < { < return ((char *) &r); < } < r.ar_gid = (-1); < if(setgroup) /* we're changing groups */ < { < if(gid = atoi(newgroup)) /* find gid by name or number */ < { < if((grent = getgrgid(gid)) == NULL) < return((char *) &r); < } < else < { < if((grent = getgrnam(newgroup)) == NULL) < return((char *) &r); < } /* check that user is allowed in this group */ < for(cnt = 0;grent->gr_mem[cnt] != NULL;cnt ++) < if((strcmp(grent->gr_mem[cnt],pwent->pw_name)) == 0) < r.ar_gid = grent->gr_gid; < if(r.ar_gid == (-1)) < return((char *) &r); < } --- > (strcmp(p->pw_passwd, crypt(password, p->pw_passwd)))) { > return ((char *) &r); > } 555,557c516,517 < r.ar_uid = pwent->pw_uid; < if(r.ar_gid == (-1)) < r.ar_gid = pwent->pw_gid; --- > r.ar_uid = p->pw_uid; > r.ar_gid = p->pw_gid; ------------------cut---------diff ends here ---------------------------- /*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + I only speak for myself, and MY brain has been turned to MUSH! + + Mike Macgirvin + + - Systems Administrator Stanford Relativity Gyroscope Experiment (GP-B) + + - Internet: mike@relgyro.stanford.edu (36.64.0.50) + + - Bitnet: mike%relgyro.stanford.edu@stanford + + - Uucp: uunet!relgyro.stanford.edu!mike + + "'Scuse me, while I kiss the sky" - Robert James Marshall (Jimi) Hendrix + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/