Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!uakari.primate.wisc.edu!dogie.macc.wisc.edu!psl.wisc.edu!bill
From: bill@pslu1.psl.wisc.edu (Bill Roth)
Newsgroups: comp.unix.ultrix
Subject: Security Patches for Ultrix 4.0
Keywords: Ultrix, Security, baroque, stalinist
Message-ID: <1990Dec10.184721.22171@pslu1.psl.wisc.edu>
Date: 10 Dec 90 18:47:21 GMT
Sender: bill@pslu1.psl.wisc.edu
Reply-To: bill@psl.wisc.edu (Bill Roth)
Organization: Physical Sciences Lab, UW-Madison
Lines: 197

Below is the patch file for xdm and xlock if you wish to use them
under DEC's ultrix 4.0 with any security level higher than BSD.

One addition that is not in the patch file, is: you will have to place
the "-lauth" in the SYS_LIBRARIES line of the Imake file for xdm.

I have not patched the patchlevel.h files for either xdm or xlock,
assuming that there is an quasi-official means for doing this. 

There is not warranty, either expressed or implied by the receipt and
usage of this patch. That said, if it doesn't work, I'll give you a
hand in fixing it, if I can. 
----------------------------------------------------------------------
*** contrib/clients/xlock/xlock.c.old	Mon Dec 10 11:16:16 1990
--- contrib/clients/xlock/xlock.c	Mon Dec 10 11:49:16 1990
***************
*** 100,105 ****
--- 100,111 ----
  extern char *crypt();
  extern char *getenv();
  
+ #ifdef ultrix
+ #include <sys/types.h>
+ #include <sys/svcinfo.h>
+ #include <auth.h>
+ #endif ultrix
+ 
  typedef struct {
      char       *cmdline_arg;
      int		(*lp_reinit) ();
***************
*** 382,388 ****
--- 388,398 ----
  int
  getPassword()
  {
+ #ifdef ultrix
+ #define PASSLENGTH 45 /* just to be safe */
+ #else
  #define PASSLENGTH 20
+ #endif ultrix
      char	buffer[PASSLENGTH];
      char	userpass[PASSLENGTH];
      char	rootpass[PASSLENGTH];
***************
*** 397,402 ****
--- 407,417 ----
      int		y,
  		left,
  		done;
+ #ifdef ultrix
+  	char *crypt16(char *,char *);
+  	AUTHORIZATION *auth,*getauthuid();
+  	struct svcinfo *svc,*getsvc();
+ #endif ultrix
  
      XGetWindowAttributes(dsp, w, &xgwa);
  
***************
*** 432,442 ****
  
      y += font->ascent + font->descent + 2;
  
      pw = getpwuid(0);
      strcpy(rootpass, pw->pw_passwd);
- 
      pw = getpwuid(getuid());
      strcpy(userpass, pw->pw_passwd);
  
      done = False;
      while (!done) {
--- 447,474 ----
  
      y += font->ascent + font->descent + 2;
  
+ #ifdef ultrix
+ svc = getsvc();
+ if (svc) {
+    if (svc->svcauth.seclevel > SEC_BSD) {
+      auth = getauthuid(0);
+      strcpy(rootpass,auth->a_password);
+      auth = getauthuid(getuid());
+      strcpy(userpass,auth->a_password);
+    }
+ else { /* must be BSD */
      pw = getpwuid(0);
      strcpy(rootpass, pw->pw_passwd);
      pw = getpwuid(getuid());
      strcpy(userpass, pw->pw_passwd);
+   }
+ }
+ #else
+     pw = getpwuid(0);
+     strcpy(rootpass, pw->pw_passwd);
+     pw = getpwuid(getuid());
+     strcpy(userpass, pw->pw_passwd);
+ #endif ultrix
  
      done = False;
      while (!done) {
***************
*** 454,461 ****
--- 486,504 ----
  
  	XDrawString(dsp, w, textgc, ICONX, y, validate, strlen(validate));
  
+ #ifdef ultrix
+ if (svc->svcauth.seclevel > SEC_BSD) {
+ 	done = !((strcmp(crypt16(buffer, userpass), userpass))
+ 		 && (skipRoot || strcmp(crypt16(buffer, rootpass), rootpass)));
+       }
+ else {
  	done = !((strcmp(crypt(buffer, userpass), userpass))
  		 && (skipRoot || strcmp(crypt(buffer, rootpass), rootpass)));
+       }
+ #else
+ 	done = !((strcmp(crypt(buffer, userpass), userpass))
+ 		 && (skipRoot || strcmp(crypt(buffer, rootpass), rootpass)));
+ #endif ultrix
  
  	if (!done) {
  	    XFlush(dsp);
*** contrib/clients/xlock/Imakefile.old	Mon Dec 10 12:14:39 1990
--- contrib/clients/xlock/Imakefile	Mon Dec 10 11:52:22 1990
***************
*** 18,24 ****
  #
         INCLUDES = -I$(TOP) -I$(TOP)/X11
  LOCAL_LIBRARIES = 
!   SYS_LIBRARIES = -lm $(XLIB) 
             SRCS = xlock.c hopalong.c life.c qix.c \
  		XCrHsbCmap.c HSBmap.c XCrDynCmap.c
             OBJS = xlock.o hopalong.o life.o qix.o \
--- 18,24 ----
  #
         INCLUDES = -I$(TOP) -I$(TOP)/X11
  LOCAL_LIBRARIES = 
!   SYS_LIBRARIES = -lm $(XLIB) -lauth
             SRCS = xlock.c hopalong.c life.c qix.c \
  		XCrHsbCmap.c HSBmap.c XCrDynCmap.c
             OBJS = xlock.o hopalong.o life.o qix.o \
*** mit/clients/xdm/verify.c.orig	Tue Nov  6 15:44:24 1990
--- mit/clients/xdm/verify.c	Mon Nov 19 18:23:08 1990
***************
*** 31,36 ****
--- 31,42 ----
  # include	<grp.h>
  # endif
  
+ #ifdef ultrix
+ #include <sys/types.h>
+ #include <sys/svcinfo.h>
+ #include <auth.h>
+ #endif ultrix
+ 
  struct passwd joeblow = {
  	"Nobody", "***************"
  };
***************
*** 46,56 ****
--- 52,80 ----
  	char		*shell, *home;
  	char		**argv;
  
+ #ifdef ultrix
+ 	char *crypt16(char *,char *);
+ 	char *pass;
+ 	AUTHORIZATION *auth,*getauthuid();
+ 	struct svcinfo *svc,*getsvc();
+ #endif ultrix
+ 
  	p = getpwnam (greet->name);
  	if (!p || strlen (greet->name) == 0)
  		p = &joeblow;
  	Debug ("Verify %s %s\n", greet->name, greet->password);
+ #ifdef ultrix    /* HACK!!*/
+ svc = getsvc();
+ if (svc) {
+   if (svc->svcauth.seclevel > SEC_BSD) {
+     auth = getauthuid(p->pw_uid);
+     p->pw_passwd = auth->a_password;
+   }
+ }
+        	if (strcmp (crypt16 (greet->password, p->pw_passwd), p->pw_passwd)) {
+ #else
  	if (strcmp (crypt (greet->password, p->pw_passwd), p->pw_passwd)) {
+ #endif ultrix
  		Debug ("verify failed\n");
  		bzero(greet->password, strlen(greet->password));
  		return 0;


-- 

------------------------------------------------------------------------
Bill Roth,  University of Wisconsin Physical Sciences Laboratory
email: bill@pslu1.psl.wisc.edu bill@wiscpsl.bitnet   /  (608)-873-6651