* Makefile.in, configure.in, chkpwd.c, acconfig.h: support for

[citadel.git] / citadel / user_ops.c
diff --git a/citadel/user_ops.c b/citadel/user_ops.c

index 8f3357f419a30cf08ad5a136f7af2335463ca23b..0848a52982d994cebe00f75bd449a4bf1e685278 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -1,14 +1,5 @@
  /* $Id$ */
  
-#ifndef _SGI_SOURCE
-/* needed to properly enable crypt() stuff on some systems */
-#define _XOPEN_SOURCE
-/* needed for str[n]casecmp() on some systems if the above is defined */
-#define _XOPEN_SOURCE_EXTENDED
-/* needed to enable threads on some systems if the above are defined */
-#define _POSIX_C_SOURCE 199506L
-#endif
-
  #include "sysdep.h"
  #include <stdlib.h>
  #include <unistd.h>
@@ -17,6 +8,7 @@
  #include <signal.h>
  #include <pwd.h>
  #include <sys/types.h>
+#include <sys/wait.h>
  #include <sys/time.h>
  #include <string.h>
  #include <syslog.h>
@@ -24,6 +16,9 @@
  #ifdef HAVE_PTHREAD_H
  #include <pthread.h>
  #endif
+#ifndef ENABLE_CHKPWD
+#include "auth.h"
+#endif
  #include "citadel.h"
  #include "server.h"
  #include "database.h"
@@ -52,8 +47,10 @@ int getuser(struct usersupp *usbuf, char name[]) {
  
         memset(usbuf, 0, sizeof(struct usersupp));
         for (a=0; a<=strlen(name); ++a) {
-               lowercase_name[a] = tolower(name[a]);
+               if (a < sizeof(lowercase_name))
+                       lowercase_name[a] = tolower(name[a]);
                 }
+       lowercase_name[sizeof(lowercase_name)-1] = 0;
  
         cdbus = cdb_fetch(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
         if (cdbus == NULL) {
@@ -92,8 +89,10 @@ void putuser(struct usersupp *usbuf, char *name)
         int a;
  
         for (a=0; a<=strlen(name); ++a) {
-               lowercase_name[a] = tolower(name[a]);
+               if (a < sizeof(lowercase_name))
+                       lowercase_name[a] = tolower(name[a]);
                 }
+       lowercase_name[sizeof(lowercase_name)-1] = 0;
  
         cdb_store(CDB_USERSUPP,
                 lowercase_name, strlen(lowercase_name),
@@ -344,12 +343,69 @@ void logout(struct CitContext *who)
         PerformSessionHooks(EVT_LOGOUT);
         }
  
+#ifdef ENABLE_CHKPWD
+/*
+ * an alternate version of validpw() which executes `chkpwd' instead of
+ * verifying the password directly
+ */
+static int validpw(uid_t uid, const char *pass)
+{
+       pid_t pid;
+       int status, pipev[2];
+       char buf[24];
+
+       if (pipe(pipev)) {
+               lprintf(1, "pipe failed (%s): denying autologin access for "
+                          "uid %u\n", strerror(errno), uid);
+               return 0;
+               }
+
+       switch (pid = fork()) {
+           case -1:
+               lprintf(1, "fork failed (%s): denying autologin access for "
+                          "uid %u\n", strerror(errno), uid);
+               close(pipev[0]);
+               close(pipev[1]);
+               return 0;
+
+           case 0:
+               close(pipev[1]);
+               if (dup2(pipev[0], 0) == -1) {
+                       perror("dup2");
+                       exit(1);
+                       }
+               close(pipev[0]);
+
+               execl(BBSDIR "/chkpwd", BBSDIR "/chkpwd", NULL);
+               perror(BBSDIR "/chkpwd");
+               exit(1);
+               }
+
+       close(pipev[0]);
+       write(pipev[1], buf, sprintf(buf, "%u\n", uid));
+       write(pipev[1], pass, strlen(pass));
+       write(pipev[1], "\n", 1);
+       close(pipev[1]);
+
+       while (waitpid(pid, &status, 0) == -1)
+               if (errno != EINTR) {
+                       lprintf(1, "waitpid failed (%s): denying autologin "
+                                  "access for uid %u\n",
+                               strerror(errno), uid);
+                       return 0;
+                       }
+
+       if (WIFEXITED(status) && !WEXITSTATUS(status))
+               return 1;
+
+       return 0;
+       }
+#endif
  
  void cmd_pass(char *buf)
  {
         char password[256];
         int code;
-       struct passwd *p;
  
         extract(password,buf,0);
  
@@ -372,20 +428,17 @@ void cmd_pass(char *buf)
                 strproc(CC->usersupp.password);
                 code = strcasecmp(CC->usersupp.password,password);
                 }
-       else {
-               p = (struct passwd *)getpwuid(CC->usersupp.USuid);
  #ifdef ENABLE_AUTOLOGIN
-               if (p!=NULL) {
-                       if (!strcmp(p->pw_passwd,
-                          (char *)crypt(password,p->pw_passwd))) {
-                               code = 0;
-                               lgetuser(&CC->usersupp, CC->curr_user);
-                               strcpy(CC->usersupp.password, password);
-                               lputuser(&CC->usersupp, CC->curr_user);
-                               }
+       else {
+               if (validpw(CC->usersupp.USuid, password)) {
+                       code = 0;
+                       lgetuser(&CC->usersupp, CC->curr_user);
+                       safestrncpy(CC->usersupp.password, password,
+                                   sizeof CC->usersupp.password);
+                       lputuser(&CC->usersupp, CC->curr_user);
                         }
-#endif
                 }
+#endif
  
         if (!code) {
                 (CC->logged_in) = 1;