2 * auth.c -- system-level password checking for autologin
3 * by Nathan Bryant, March 1999
8 #if defined(__linux) || defined(__sun) /* needed for crypt(): */
10 #define _XOPEN_SOURCE_EXTENDED 1
17 #include <sys/types.h>
27 #include <security/pam_appl.h>
30 * struct appdata: passed to the conversation function
40 * conv(): the PAM conversation function. this assumes that a
41 * PAM_PROMPT_ECHO_ON is asking for a username, and a PAM_PROMPT_ECHO_OFF is
42 * asking for a password. esoteric authentication modules will fail with this
43 * code, but we can't really support them with the existing client protocol
44 * anyway. the failure mode should be to deny access, in any case.
47 static int conv(int num_msg, const struct pam_message **msg,
48 struct pam_response **resp, void *appdata_ptr)
50 struct pam_response *temp_resp;
51 struct appdata *data = appdata_ptr;
53 if ((temp_resp = malloc(sizeof(struct pam_response[num_msg]))) == NULL)
58 switch ((*msg)[num_msg].msg_style)
60 case PAM_PROMPT_ECHO_ON:
61 temp_resp[num_msg].resp = strdup(data->name);
63 case PAM_PROMPT_ECHO_OFF:
64 temp_resp[num_msg].resp = strdup(data->pw);
67 temp_resp[num_msg].resp = NULL;
69 temp_resp[num_msg].resp_retcode = 0;
75 #endif /* HAVE_PAM_START */
78 * validpw(): check that `pass' is the correct password for `uid'
79 * returns zero if no, nonzero if yes
82 int validpw(uid_t uid, const char *pass)
98 if ((pw = getpwuid(uid)) == NULL)
101 #ifdef HAVE_PAM_START
103 pc.appdata_ptr = &data;
104 data.name = pw->pw_name;
106 if (pam_start("citadel", pw->pw_name, &pc, &ph) != PAM_SUCCESS)
109 if ((i = pam_authenticate(ph, PAM_SILENT)) == PAM_SUCCESS)
110 if ((i = pam_acct_mgmt(ph, PAM_SILENT)) == PAM_SUCCESS)
113 pam_end(ph, i | PAM_DATA_SILENT);
115 crypted_pwd = pw->pw_passwd;
118 if ((sp = getspnam(pw->pw_name)) != NULL)
119 crypted_pwd = sp->sp_pwdp;
122 if (!strcmp(crypt(pass, crypted_pwd), crypted_pwd))
124 #endif /* HAVE_PAM_START */