X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fauth.c;h=f80aab524988ccb98ee63b5dc1cc876dc6fd93c2;hb=HEAD;hp=0b251280dec3c8c34cf1ce61828cd9d75ce1b10d;hpb=068d33e5d8569b2c4a2c8582178427892b0a8dee;p=citadel.git diff --git a/citadel/auth.c b/citadel/auth.c deleted file mode 100644 index 0b251280d..000000000 --- a/citadel/auth.c +++ /dev/null @@ -1,140 +0,0 @@ -// system-level password checking for host auth mode -// by Nathan Bryant, March 1999 -// updated by Trey van Riper, June 2005 -// -// Copyright (c) 1999-2016 by the citadel.org team -// -// This program is open source software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License, version 3. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. - -#if defined(__linux) || defined(__sun) // needed for crypt(): -#define _XOPEN_SOURCE -#define _XOPEN_SOURCE_EXTENDED 1 -#endif - -#include -#include -#include -#include -#include - -#include "auth.h" -#include "sysdep.h" - -#ifdef HAVE_GETSPNAM -#include -#endif - -#ifdef HAVE_PAM_START -#include - -// struct appdata: passed to the conversation function -struct appdata { - const char *name; - const char *pw; -}; - -// conv(): the PAM conversation function. this assumes that a -// PAM_PROMPT_ECHO_ON is asking for a username, and a PAM_PROMPT_ECHO_OFF is -// asking for a password. esoteric authentication modules will fail with this -// code, but we can't really support them with the existing client protocol -// anyway. the failure mode should be to deny access, in any case. -static int conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { - struct pam_response *temp_resp; - struct appdata *data = appdata_ptr; - - if ((temp_resp = - malloc(sizeof(struct pam_response[num_msg]))) == NULL) - return PAM_CONV_ERR; - - while (num_msg--) { - switch ((*msg)[num_msg].msg_style) { - case PAM_PROMPT_ECHO_ON: - temp_resp[num_msg].resp = strdup(data->name); - break; - case PAM_PROMPT_ECHO_OFF: - temp_resp[num_msg].resp = strdup(data->pw); - break; - default: - temp_resp[num_msg].resp = NULL; - } - temp_resp[num_msg].resp_retcode = 0; - } - - *resp = temp_resp; - return PAM_SUCCESS; -} -#endif // HAVE_PAM_START - - -// check that `pass' is the correct password for `uid' -// returns zero if no, nonzero if yes -int validate_password(uid_t uid, const char *pass) { - if (pass == NULL) { - return (0); - } -#ifdef HAVE_PAM_START - struct pam_conv pc; - struct appdata data; - pam_handle_t *ph; - int i; -#else - char *crypted_pwd; -#ifdef HAVE_GETSPNAM - struct spwd *sp; -#endif -#endif - struct passwd *pw; - int retval = 0; - - pw = getpwuid(uid); - if (pw == NULL) { - return retval; - } -#ifdef HAVE_PAM_START - -#ifdef PAM_DATA_SILENT - int flags = PAM_DATA_SILENT; -#else - int flags = 0; -#endif - - pc.conv = conv; - pc.appdata_ptr = &data; - data.name = pw->pw_name; - data.pw = pass; - if (pam_start("citadel", pw->pw_name, &pc, &ph) != PAM_SUCCESS) - return (0); - - if ((i = pam_authenticate(ph, flags)) == PAM_SUCCESS) { - if ((i = pam_acct_mgmt(ph, flags)) == PAM_SUCCESS) { - retval = -1; - } - } - - pam_end(ph, i | flags); -#else - crypted_pwd = pw->pw_passwd; - -#ifdef HAVE_GETSPNAM - if (pw == NULL) - return (0); - if (pw->pw_name == NULL) - return (0); - if ((sp = getspnam(pw->pw_name)) != NULL) { - crypted_pwd = sp->sp_pwdp; - } -#endif - - if (!strcmp(crypt(pass, crypted_pwd), crypted_pwd)) { - retval = -1; - } -#endif // HAVE_PAM_START - - return retval; -}