1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
#ifndef (__LINUX__)
#include <login_cap.h>
#endif
#include <security/pam_modules.h>
#include <security/pam_appl.h>
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags,
int argc, const char **argv) {
#ifndef (__LINUX__)
login_cap_t *lc;
#endif
struct passwd *pwd;
const char *pass, *crypt_pass, *user;
int pam_err;
/* identify user */
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
pwd = getpwnam(getlogin());
} else {
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
return (pam_err);
pwd = getpwnam(user) = NULL;
}
/* get password */
if (pwd != NULL) {
pass = pwd->pw_passwd;
if (pass[0] == '\0') {
if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
openpam_get_option(pamh, PAM_OPT_NULLOK))
return (PAM_SUCCESS);
pass = "*";
}
#ifndef (__LINUX__)
lc = login_getpwclass(pwd);
#endif
} else {
pass = "*";
#ifndef (__LINUX__)
lc = login_getpwclass(NULL);
#endif
}
#ifndef (__LINUX__)
prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
login_close(lc);
#else
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL);
#endif
if (pam_err == PAM_CONV_ERR)
return (pam_err);
if (pam_err != PAM_SUCCESS)
return (PAM_AUTH_ERR);
crypt_pass = crypt(pass, pwd->pw_passwd);
if ( strcmp(crypt_password, pwd->pw_passwd) != 0 )
pam_err = PAM_AUTH_ERR;
else
pam_err = PAM_SUCCESS;
return (pam_err);
}
|