aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-15 15:45:45 +0300
committerSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-15 15:45:45 +0300
commite63def3331e1e82fb18f13850bac9543451cfe3b (patch)
tree2a5661fc0f269414cd7785ddaaea658f87ec7ff2 /modules/pam_unix/pam_unix.c~
parentCompleted Makefile for pam_unix (diff)
downloadopenpam-modules-e63def3331e1e82fb18f13850bac9543451cfe3b.tar.gz
openpam-modules-e63def3331e1e82fb18f13850bac9543451cfe3b.tar.bz2
openpam-modules-e63def3331e1e82fb18f13850bac9543451cfe3b.zip
Trying to fall back to passwd
Diffstat (limited to 'modules/pam_unix/pam_unix.c~')
-rw-r--r--modules/pam_unix/pam_unix.c~79
1 files changed, 76 insertions, 3 deletions
diff --git a/modules/pam_unix/pam_unix.c~ b/modules/pam_unix/pam_unix.c~
index 20088ec..9ef7320 100644
--- a/modules/pam_unix/pam_unix.c~
+++ b/modules/pam_unix/pam_unix.c~
@@ -6,6 +6,7 @@
#include <sys/types.h>
#include <unistd.h>
#include <time.h>
+#include <string.h>
#ifndef MAXHOSTNAMELEN
@@ -47,14 +48,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
pwd = getspnam(getlogin());
} else {
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
- PAM_ERROR("Authenticating with uname %s failed.", user);
+ PAM_ERROR("Authenticating with uname [%s] failed.", user);
return (pam_err);
}
pwd = getspnam(user);
}
- PAM_LOG("Authenticating user: %s", user);
+ PAM_LOG("Authenticating user: [%s]", user);
/* get password */
@@ -88,7 +89,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
#else
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL);
#endif
- PAM_LOG("Got password for user %s", user);
+ PAM_LOG("Got password for user [%s]", user);
if (pam_err == PAM_CONV_ERR)
return (pam_err);
@@ -252,8 +253,80 @@ pam_sm_chautok(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
+ /*
+ * NIS support will be left for future implementation.
+ * This is standard unix passwd changing function.
+ */
+ struct spwd *new_pwd, *old_pwd;
+ char oldprefix[HASH_PREFIX_SIZE];
+ const char *user, *old_pass, *new_pass;
+ char *hashedpwd;
+ int pam_err;
+
+ /* identify user */
+
+ if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
+ PAM_LOG("Authenticating as self.");
+ old_pwd = getspnam(getlogin());
+ } else {
+ if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
+ PAM_ERROR("Authenticating with uname [%s] failed.", user);
+ return (pam_err);
+ }
+
+ old_pwd = getspnam(user);
+ }
+
+ PAM_LOG("Got user: [%s]", user);
+
+ if (pwd == NULL) {
+ PAM_ERROR("User [%s] either has a corrupted passwd entry or \
+ is not in the selected database");
+ return (PAM_AUTHTOK_RECOVERY_ERR);
+ }
+
+ /*
+ * When looking through the LinuxPAM code, I came across this :
+ *
+ * ` Various libraries at various times have had bugs related to
+ * '+' or '-' as the first character of a user name. Don't
+ * allow them. `
+ *
+ * I don't know if the problem is still around but just in case...
+ */
+
+ if (user == NULL || user[0] == '-' || user[0] == '+' ) {
+ PAM_ERROR("Bad username [%s]", user);
+ return (PAM_USER_UNKNOWN);
+ }
+
+
+
+ if (flags & PAM_PRELIM_CHECK) {
+ PAM_LOG("PRELIM round");
+
+ if (getuid() == 0 ) {
+ /* root doesn't need old passwd */
+ return (pam_set_item(pamh, PAM_OLDAUTHTOK, ""));
+ }
+
+ if ( (pwd->pw_passwd[0] == '\0' ) &&
+ ( openpam_get_option(pamh, PAM_OPT_NULLOK) ) &&
+ ( openpam_get_option(pamh,PAM_DISALLOW_NULL_AUTHTOK)) ) {
+
+ /*
+ * Something funny could happen here since we don't
+ * ask for a password.
+ */
+ old_pass = "";
+ }
+
+
+
+
return (PAM_SUCCESS);
+
}