aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-15 16:08:08 +0300
committerSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-15 16:08:08 +0300
commit1f47b1dfa29b07489e64b442d3a15b303e434546 (patch)
tree9c62885a6f62768da2867040b4a524ae591ebf54 /modules/pam_unix/pam_unix.c~
parentTrying to fall back to passwd (diff)
downloadopenpam-modules-1f47b1dfa29b07489e64b442d3a15b303e434546.tar.gz
openpam-modules-1f47b1dfa29b07489e64b442d3a15b303e434546.tar.bz2
openpam-modules-1f47b1dfa29b07489e64b442d3a15b303e434546.zip
Solved some issues with passwd/shadow
Diffstat (limited to 'modules/pam_unix/pam_unix.c~')
-rw-r--r--modules/pam_unix/pam_unix.c~45
1 files changed, 24 insertions, 21 deletions
diff --git a/modules/pam_unix/pam_unix.c~ b/modules/pam_unix/pam_unix.c~
index 9ef7320..72dbac0 100644
--- a/modules/pam_unix/pam_unix.c~
+++ b/modules/pam_unix/pam_unix.c~
@@ -1,6 +1,6 @@
#define _XOPEN_SOURCE
-/* #include <pwd.h> */
+#include <pwd.h>
#include <netdb.h>
#include <shadow.h>
#include <sys/types.h>
@@ -22,6 +22,11 @@
#endif
+#define PASSWORD_HASH "md5"
+#define DEFAULT_WARN (2L * 7L * 86400L) /* two weeks */
+#define SALTSIZE 32
+
+
#include <security/pam_modules.h>
#include <security/pam_appl.h>
#include <security/pam_mod_misc.h>
@@ -37,7 +42,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
#ifndef __linux__
login_cap_t *lc;
#endif
- struct spwd *pwd;
+ struct passwd *pwd;
const char *pass, *crypt_pass, *user;
int pam_err;
@@ -45,14 +50,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
PAM_LOG("Authenticating as self.");
- pwd = getspnam(getlogin());
+ pwd = getpwnam(getlogin());
} else {
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
PAM_ERROR("Authenticating with uname [%s] failed.", user);
return (pam_err);
}
- pwd = getspnam(user);
+ pwd = getpwnam(user);
}
PAM_LOG("Authenticating user: [%s]", user);
@@ -61,7 +66,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
if (pwd != NULL) {
PAM_LOG("Doing real authentication");
- pass = pwd->sp_pwdp;
+ pass = pwd->pw_passwd;
if (pass[0] == '\0') {
if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
openpam_get_option(pamh, PAM_OPT_NULLOK)){
@@ -96,10 +101,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
if (pam_err != PAM_SUCCESS)
return (PAM_AUTH_ERR);
- /* check shadow */
+ /* check passwd entry */
- crypt_pass = crypt(pass, pwd->sp_pwdp);
- if ( strcmp(crypt_pass, pwd->sp_pwdp) != 0 ) {
+ crypt_pass = crypt(pass, pwd->pw_passwd);
+ if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 ) {
PAM_ERROR("Wrong password. Authentication failed.");
pam_err = PAM_AUTH_ERR;
} else {
@@ -155,7 +160,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
if (pam_err != PAM_SUCCESS)
return (pam_err);
- if (user == NULL || (pwd = getspnam(user)) == NULL)
+ if (user == NULL || (pwd = getpwnam(user)) == NULL)
return (PAM_SERVICE_ERR);
#ifndef __linux__
@@ -188,7 +193,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
}
#endif
- /* Check if pw_lstchg or pw_expire is set */
+ /* Check if pw_lstchg or sp_expire is set */
if (pwd->sp_lstchg || pwd->sp_expire)
curtime = time(NULL) / (60 * 60 * 24);
@@ -198,9 +203,9 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
login_close(lc);
#endif
return (PAM_ACCT_EXPIRED);
- } else if ( ( pwd->sp_expire - curtime < pwd->sp_warn) ) {
+ } else if ( ( pwd->sp_expire - curtime < DEFAULT_WARN) ) {
// pam_error(pamh, "Warning: your account expires on %s",
-// ctime(&pwd->pw_expire));
+// ctime(&pwd->sp_expire));
}
}
@@ -257,8 +262,7 @@ pam_sm_chautok(pam_handle_t *pamh, int flags,
* NIS support will be left for future implementation.
* This is standard unix passwd changing function.
*/
- struct spwd *new_pwd, *old_pwd;
- char oldprefix[HASH_PREFIX_SIZE];
+ struct passwd *new_pwd, *old_pwd;
const char *user, *old_pass, *new_pass;
char *hashedpwd;
int pam_err;
@@ -267,21 +271,21 @@ pam_sm_chautok(pam_handle_t *pamh, int flags,
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
PAM_LOG("Authenticating as self.");
- old_pwd = getspnam(getlogin());
+ old_pwd = getpwnam(getlogin());
} else {
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
PAM_ERROR("Authenticating with uname [%s] failed.", user);
return (pam_err);
}
- old_pwd = getspnam(user);
+ old_pwd = getpwnam(user);
}
PAM_LOG("Got user: [%s]", user);
- if (pwd == NULL) {
+ if (old_pwd == NULL) {
PAM_ERROR("User [%s] either has a corrupted passwd entry or \
- is not in the selected database");
+ is not in the selected database", user);
return (PAM_AUTHTOK_RECOVERY_ERR);
}
@@ -310,10 +314,9 @@ pam_sm_chautok(pam_handle_t *pamh, int flags,
return (pam_set_item(pamh, PAM_OLDAUTHTOK, ""));
}
- if ( (pwd->pw_passwd[0] == '\0' ) &&
+ if ( (old_pwd->pw_passwd[0] == '\0' ) &&
( openpam_get_option(pamh, PAM_OPT_NULLOK) ) &&
- ( openpam_get_option(pamh,PAM_DISALLOW_NULL_AUTHTOK)) ) {
-
+ !(flags & PAM_DISALLOW_NULL_AUTHTOK) ) {
/*
* Something funny could happen here since we don't
* ask for a password.