X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fauth.c;h=f80aab524988ccb98ee63b5dc1cc876dc6fd93c2;hb=b6f23be393ebbb1d6e5bcb6598526019309aaa86;hp=a62d6003ca7ea45f25b4f7ff7b64bb83dfb9d74f;hpb=4aed8bcc44474e27485a72334805022d6aa604b1;p=citadel.git diff --git a/citadel/auth.c b/citadel/auth.c index a62d6003c..f80aab524 100644 --- a/citadel/auth.c +++ b/citadel/auth.c @@ -1,16 +1,20 @@ /* - * $Id$ - * - * system-level password checking for autologin + * system-level password checking for host auth mode * by Nathan Bryant, March 1999 + * updated by Trey van Riper, June 2005 + * + * Copyright (c) 1999-2016 by the citadel.org team + * + * This program is open source software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 3. * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. */ -#ifdef DLL_EXPORT -#define IN_LIBCIT -#endif - -#if defined(__linux) || defined(__sun) /* needed for crypt(): */ +#if defined(__linux) || defined(__sun) /* needed for crypt(): */ #define _XOPEN_SOURCE #define _XOPEN_SOURCE_EXTENDED 1 #endif @@ -34,11 +38,9 @@ /* * struct appdata: passed to the conversation function */ - -struct appdata -{ - const char *name; - const char *pw; +struct appdata { + const char *name; + const char *pw; }; /* @@ -48,85 +50,102 @@ struct appdata * code, but we can't really support them with the existing client protocol * anyway. the failure mode should be to deny access, in any case. */ - static int conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { - struct pam_response *temp_resp; - struct appdata *data = appdata_ptr; - - if ((temp_resp = malloc(sizeof(struct pam_response[num_msg]))) == NULL) - return PAM_CONV_ERR; - - while (num_msg--) - { - switch ((*msg)[num_msg].msg_style) - { - case PAM_PROMPT_ECHO_ON: - temp_resp[num_msg].resp = strdup(data->name); - break; - case PAM_PROMPT_ECHO_OFF: - temp_resp[num_msg].resp = strdup(data->pw); - break; - default: - temp_resp[num_msg].resp = NULL; + struct pam_response *temp_resp; + struct appdata *data = appdata_ptr; + + if ((temp_resp = + malloc(sizeof(struct pam_response[num_msg]))) == NULL) + return PAM_CONV_ERR; + + while (num_msg--) { + switch ((*msg)[num_msg].msg_style) { + case PAM_PROMPT_ECHO_ON: + temp_resp[num_msg].resp = strdup(data->name); + break; + case PAM_PROMPT_ECHO_OFF: + temp_resp[num_msg].resp = strdup(data->pw); + break; + default: + temp_resp[num_msg].resp = NULL; + } + temp_resp[num_msg].resp_retcode = 0; } - temp_resp[num_msg].resp_retcode = 0; - } - *resp = temp_resp; - return PAM_SUCCESS; + *resp = temp_resp; + return PAM_SUCCESS; } -#endif /* HAVE_PAM_START */ +#endif /* HAVE_PAM_START */ + /* - * validpw(): check that `pass' is the correct password for `uid' - * returns zero if no, nonzero if yes + * check that `pass' is the correct password for `uid' + * returns zero if no, nonzero if yes */ - -int validpw(uid_t uid, const char *pass) +int validate_password(uid_t uid, const char *pass) { + if (pass == NULL) { + return (0); + } #ifdef HAVE_PAM_START - struct pam_conv pc; - struct appdata data; - pam_handle_t *ph; - int i; + struct pam_conv pc; + struct appdata data; + pam_handle_t *ph; + int i; #else - char *crypted_pwd; + char *crypted_pwd; #ifdef HAVE_GETSPNAM - struct spwd *sp; + struct spwd *sp; #endif #endif - struct passwd *pw; - int retval = 0; - - if ((pw = getpwuid(uid)) == NULL) - return retval; + struct passwd *pw; + int retval = 0; + pw = getpwuid(uid); + if (pw == NULL) { + return retval; + } #ifdef HAVE_PAM_START - pc.conv = conv; - pc.appdata_ptr = &data; - data.name = pw->pw_name; - data.pw = pass; - if (pam_start("citadel", pw->pw_name, &pc, &ph) != PAM_SUCCESS) - return retval; - - if ((i = pam_authenticate(ph, PAM_SILENT)) == PAM_SUCCESS) - if ((i = pam_acct_mgmt(ph, PAM_SILENT)) == PAM_SUCCESS) - retval = -1; - - pam_end(ph, i | PAM_DATA_SILENT); + +#ifdef PAM_DATA_SILENT + int flags = PAM_DATA_SILENT; +#else + int flags = 0; +#endif + + pc.conv = conv; + pc.appdata_ptr = &data; + data.name = pw->pw_name; + data.pw = pass; + if (pam_start("citadel", pw->pw_name, &pc, &ph) != PAM_SUCCESS) + return (0); + + if ((i = pam_authenticate(ph, flags)) == PAM_SUCCESS) { + if ((i = pam_acct_mgmt(ph, flags)) == PAM_SUCCESS) { + retval = -1; + } + } + + pam_end(ph, i | flags); #else - crypted_pwd = pw->pw_passwd; + crypted_pwd = pw->pw_passwd; #ifdef HAVE_GETSPNAM - if ((sp = getspnam(pw->pw_name)) != NULL) - crypted_pwd = sp->sp_pwdp; + if (pw == NULL) + return (0); + if (pw->pw_name == NULL) + return (0); + if ((sp = getspnam(pw->pw_name)) != NULL) { + crypted_pwd = sp->sp_pwdp; + } #endif - if (!strcmp(crypt(pass, crypted_pwd), crypted_pwd)) - retval = -1; -#endif /* HAVE_PAM_START */ + if (!strcmp(crypt(pass, crypted_pwd), crypted_pwd)) { + retval = -1; + } +#endif /* HAVE_PAM_START */ - return retval; + return retval; }