X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fauth.c;h=0b251280dec3c8c34cf1ce61828cd9d75ce1b10d;hb=068d33e5d8569b2c4a2c8582178427892b0a8dee;hp=248b74bbea3162a2963e7a5ab8b3366fe0cff27a;hpb=6946ee9e9f23584fbc2b6a83ab9a2c24dddf2547;p=citadel.git

diff --git a/citadel/auth.c b/citadel/auth.c
index 248b74bbe..0b251280d 100644
--- a/citadel/auth.c
+++ b/citadel/auth.c
@@ -1,20 +1,18 @@
-/*
- * system-level password checking for host auth mode
- * by Nathan Bryant, March 1999
- * updated by Trey van Riper, June 2005
- *
- * Copyright (c) 1999-2016 by the citadel.org team
- *
- * This program is open source software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License, version 3.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- */
-
-#if defined(__linux) || defined(__sun) /* needed for crypt(): */
+// system-level password checking for host auth mode
+// by Nathan Bryant, March 1999
+// updated by Trey van Riper, June 2005
+//
+// Copyright (c) 1999-2016 by the citadel.org team
+//
+// This program is open source software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+#if defined(__linux) || defined(__sun)	// needed for crypt():
 #define _XOPEN_SOURCE
 #define _XOPEN_SOURCE_EXTENDED 1
 #endif
@@ -35,66 +33,51 @@
 #ifdef HAVE_PAM_START
 #include <security/pam_appl.h>
 
-/*
- * struct appdata: passed to the conversation function
- */
-
-struct appdata
-{
-  const char *name;
-  const char *pw;
+// struct appdata: passed to the conversation function
+struct appdata {
+	const char *name;
+	const char *pw;
 };
 
-/*
- * conv(): the PAM conversation function. this assumes that a
- * PAM_PROMPT_ECHO_ON is asking for a username, and a PAM_PROMPT_ECHO_OFF is
- * asking for a password. esoteric authentication modules will fail with this
- * code, but we can't really support them with the existing client protocol
- * anyway. the failure mode should be to deny access, in any case.
- */
-
-static int conv(int num_msg, const struct pam_message **msg,
-		struct pam_response **resp, void *appdata_ptr)
-{
-  struct pam_response *temp_resp;
-  struct appdata *data = appdata_ptr;
-
-  if ((temp_resp = malloc(sizeof(struct pam_response[num_msg]))) == NULL)
-    return PAM_CONV_ERR;
-
-  while (num_msg--)
-    {
-      switch ((*msg)[num_msg].msg_style)
-	{
-	case PAM_PROMPT_ECHO_ON:
-	  temp_resp[num_msg].resp = strdup(data->name);
-	  break;
-	case PAM_PROMPT_ECHO_OFF:
-	  temp_resp[num_msg].resp = strdup(data->pw);
-	  break;
-	default:
-	  temp_resp[num_msg].resp = NULL;
+// conv(): the PAM conversation function. this assumes that a
+// PAM_PROMPT_ECHO_ON is asking for a username, and a PAM_PROMPT_ECHO_OFF is
+// asking for a password. esoteric authentication modules will fail with this
+// code, but we can't really support them with the existing client protocol
+// anyway. the failure mode should be to deny access, in any case.
+static int conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) {
+	struct pam_response *temp_resp;
+	struct appdata *data = appdata_ptr;
+
+	if ((temp_resp =
+	     malloc(sizeof(struct pam_response[num_msg]))) == NULL)
+		return PAM_CONV_ERR;
+
+	while (num_msg--) {
+		switch ((*msg)[num_msg].msg_style) {
+		case PAM_PROMPT_ECHO_ON:
+			temp_resp[num_msg].resp = strdup(data->name);
+			break;
+		case PAM_PROMPT_ECHO_OFF:
+			temp_resp[num_msg].resp = strdup(data->pw);
+			break;
+		default:
+			temp_resp[num_msg].resp = NULL;
+		}
+		temp_resp[num_msg].resp_retcode = 0;
 	}
-      temp_resp[num_msg].resp_retcode = 0;
-    }
 
-  *resp = temp_resp;
-  return PAM_SUCCESS;
+	*resp = temp_resp;
+	return PAM_SUCCESS;
 }
-#endif /* HAVE_PAM_START */
-
+#endif				// HAVE_PAM_START
 
-/*
- * check that `pass' is the correct password for `uid'
- * returns zero if no, nonzero if yes
- */
 
-int validate_password(uid_t uid, const char *pass)
-{
+// check that `pass' is the correct password for `uid'
+// returns zero if no, nonzero if yes
+int validate_password(uid_t uid, const char *pass) {
 	if (pass == NULL) {
-		return(0);
+		return (0);
 	}
-
 #ifdef HAVE_PAM_START
 	struct pam_conv pc;
 	struct appdata data;
@@ -113,7 +96,6 @@ int validate_password(uid_t uid, const char *pass)
 	if (pw == NULL) {
 		return retval;
 	}
-
 #ifdef HAVE_PAM_START
 
 #ifdef PAM_DATA_SILENT
@@ -127,7 +109,7 @@ int validate_password(uid_t uid, const char *pass)
 	data.name = pw->pw_name;
 	data.pw = pass;
 	if (pam_start("citadel", pw->pw_name, &pc, &ph) != PAM_SUCCESS)
-		return(0);
+		return (0);
 
 	if ((i = pam_authenticate(ph, flags)) == PAM_SUCCESS) {
 		if ((i = pam_acct_mgmt(ph, flags)) == PAM_SUCCESS) {
@@ -140,8 +122,10 @@ int validate_password(uid_t uid, const char *pass)
 	crypted_pwd = pw->pw_passwd;
 
 #ifdef HAVE_GETSPNAM
-	if (pw == NULL) return(0);
-	if (pw->pw_name == NULL) return(0);
+	if (pw == NULL)
+		return (0);
+	if (pw->pw_name == NULL)
+		return (0);
 	if ((sp = getspnam(pw->pw_name)) != NULL) {
 		crypted_pwd = sp->sp_pwdp;
 	}
@@ -150,7 +134,7 @@ int validate_password(uid_t uid, const char *pass)
 	if (!strcmp(crypt(pass, crypted_pwd), crypted_pwd)) {
 		retval = -1;
 	}
-#endif				/* HAVE_PAM_START */
+#endif				// HAVE_PAM_START
 
 	return retval;
 }