diff options
| author |   Seraphim Mellos <mellos@ceid.upatras.gr> | 2008-06-11 19:28:44 +0300 |
|---|---|---|
| committer | Seraphim Mellos <mellos@ceid.upatras.gr> | 2008-06-11 19:28:44 +0300 |
| commit | bf5238eccfe594f3adf00400881ff8250c315c6b (patch) | |
| tree | f5e0be559df3b70a8099e7ce7f2c1ebb9ffd7c24 | |
| parent | Added dummy files. (diff) | |
| download | openpam-modules-bf5238eccfe594f3adf00400881ff8250c315c6b.tar.gz openpam-modules-bf5238eccfe594f3adf00400881ff8250c315c6b.tar.bz2 openpam-modules-bf5238eccfe594f3adf00400881ff8250c315c6b.zip | |
Moved from passwd to shadow
| -rw-r--r-- | src/pam_unix/pam_unix.c | 60 | ||||
| -rw-r--r-- | src/pam_unix/pam_unix.c~ | 153 |
2 files changed, 37 insertions, 176 deletions
diff --git a/src/pam_unix/pam_unix.c b/src/pam_unix/pam_unix.c index e3486dd..112d1d0 100644 --- a/src/pam_unix/pam_unix.c +++ b/src/pam_unix/pam_unix.c @@ -1,10 +1,23 @@ -#include <pwd.h> -/* #include <shadow.h> May not be necessary */ +/* #include <pwd.h> */ +#include <netdb.h> +#include <shadow.h> #include <sys/types.h> #include <unistd.h> -#ifndef (__LINUX__) +#define PAM_OPT_NULLOK "nullok" +#define PAM_OPT_AUTH_AS_SELF "auth_as_self" +#define PAM_OPT_ECHO_PASS "echo_pass" +#define PAM_OPT_DEBUG "debug" + + + +#ifndef MAXHOSTNAMELEN +# define MAXHOSTNAMELEN 256 +#endif + + +#ifndef __linux__ #include <login_cap.h> #endif @@ -15,30 +28,30 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc __unused, const char **argv __unused) { + int argc , const char **argv ) { -#ifndef (__LINUX__) +#ifndef __linux__ login_cap_t *lc; #endif - struct passwd *pwd; + struct spwd *pwd; const char *pass, *crypt_pass, *user; int pam_err; /* identify user */ if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) { - pwd = getpwnam(getlogin()); + pwd = getspnam(getlogin()); } else { if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) return (pam_err); - pwd = getpwnam(user) = NULL; + pwd = getspnam(user); } /* get password */ if (pwd != NULL) { - pass = pwd->pw_passwd; + pass = pwd->sp_pwdp; if (pass[0] == '\0') { if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) && openpam_get_option(pamh, PAM_OPT_NULLOK)) @@ -46,17 +59,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, pass = "*"; } -#ifndef (__LINUX__) +#ifndef __linux__ lc = login_getpwclass(pwd); #endif } else { pass = "*"; -#ifndef (__LINUX__) +#ifndef __linux__ lc = login_getpwclass(NULL); #endif } -#ifndef (__LINUX__) +#ifndef __linux__ prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL); pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt); login_close(lc); @@ -71,8 +84,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, /* check shadow */ - crypt_pass = crypt(pass, pwd->pw_passwd); - if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 ) + crypt_pass = crypt(pass, pwd->sp_pwdp); + if ( strcmp(crypt_pass, pwd->sp_pwdp) != 0 ) pam_err = PAM_AUTH_ERR; else pam_err = PAM_SUCCESS; @@ -81,8 +94,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, } PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) { +pam_sm_setcred(pam_handle_t *pamh , int flags , + int argc , const char *argv[] ) { /* * This functions takes care of renewing/initializing @@ -95,18 +108,19 @@ pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) { +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , + int argc , const char *argv[] ) { -#ifndef (__LINUX__) +#ifndef __linux__ login_cap_t *lc; #endif - struct passwd *pwd; + struct spwd *pwd; int pam_err; const char *user; + time_t tp; const void *rhost, *tty; char rhostip[MAXHOSTNAMELEN] = ""; @@ -130,11 +144,11 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, if (pam_err != PAM_SUCCESS) return (pam_err); - if (*pwd->pw_passwd == '\0' && + if (*pwd->sp_pwdp == '\0' && (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0) return (PAM_NEW_AUTHTOK_REQD); -#ifndef (__LINUX__) +#ifndef __linux__ lc = login_getpwclass(pwd); if (lc == NULL) { @@ -144,7 +158,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, #endif /* Check if pw_change or pw_expire is set */ - if (pwd->pw_change || pwd->pw_expire) + if (pwd->sp_lstchg || pwd->sp_expire) gettimeofday(&tp, NULL); diff --git a/src/pam_unix/pam_unix.c~ b/src/pam_unix/pam_unix.c~ deleted file mode 100644 index e3486dd..0000000 --- a/src/pam_unix/pam_unix.c~ +++ /dev/null @@ -1,153 +0,0 @@ - -#include <pwd.h> -/* #include <shadow.h> May not be necessary */ -#include <sys/types.h> -#include <unistd.h> - -#ifndef (__LINUX__) -#include <login_cap.h> -#endif - -#include <security/pam_modules.h> -#include <security/pam_appl.h> - - - -PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc __unused, const char **argv __unused) { - -#ifndef (__LINUX__) - login_cap_t *lc; -#endif - struct passwd *pwd; - const char *pass, *crypt_pass, *user; - int pam_err; - - /* identify user */ - - if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) { - pwd = getpwnam(getlogin()); - } else { - if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) - return (pam_err); - - pwd = getpwnam(user) = NULL; - } - - /* get password */ - - if (pwd != NULL) { - pass = pwd->pw_passwd; - if (pass[0] == '\0') { - if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) && - openpam_get_option(pamh, PAM_OPT_NULLOK)) - return (PAM_SUCCESS); - - pass = "*"; - } -#ifndef (__LINUX__) - lc = login_getpwclass(pwd); -#endif - } else { - pass = "*"; -#ifndef (__LINUX__) - lc = login_getpwclass(NULL); -#endif - } - -#ifndef (__LINUX__) - prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL); - pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt); - login_close(lc); -#else - pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL); -#endif - - if (pam_err == PAM_CONV_ERR) - return (pam_err); - if (pam_err != PAM_SUCCESS) - return (PAM_AUTH_ERR); - - /* check shadow */ - - crypt_pass = crypt(pass, pwd->pw_passwd); - if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 ) - pam_err = PAM_AUTH_ERR; - else - pam_err = PAM_SUCCESS; - - return (pam_err); -} - -PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) { - - /* - * This functions takes care of renewing/initializing - * user credentials as well as gid/uids. Someday, it - * will be completed. For now, it's not very urgent. - */ - - return (PAM_SUCCESS); -} - - -PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) { - - - -#ifndef (__LINUX__) - login_cap_t *lc; -#endif - - struct passwd *pwd; - int pam_err; - const char *user; - const void *rhost, *tty; - char rhostip[MAXHOSTNAMELEN] = ""; - - /* Sanity checks for uname,pwd,tty,host etc */ - - pam_err = pam_get_user(pamh, &user, NULL); - - if (pam_err != PAM_SUCCESS) - return (pam_err); - - if (user == NULL || (pwd = getpwnam(user)) == NULL) - return (PAM_SERVICE_ERR); - - pam_err = pam_get_item(pamh, PAM_RHOST, &rhost); - - if (pam_err != PAM_SUCCESS) - return (pam_err); - - pam_err = pam_get_item(pamh, PAM_TTY, &tty); - - if (pam_err != PAM_SUCCESS) - return (pam_err); - - if (*pwd->pw_passwd == '\0' && - (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0) - return (PAM_NEW_AUTHTOK_REQD); - -#ifndef (__LINUX__) - lc = login_getpwclass(pwd); - - if (lc == NULL) { - return (PAM_SERVICE_ERR); - - } -#endif - /* Check if pw_change or pw_expire is set */ - - if (pwd->pw_change || pwd->pw_expire) - gettimeofday(&tp, NULL); - - -} - - |