aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-11 19:28:44 +0300
committerSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-11 19:28:44 +0300
commitbf5238eccfe594f3adf00400881ff8250c315c6b (patch)
treef5e0be559df3b70a8099e7ce7f2c1ebb9ffd7c24
parentAdded dummy files. (diff)
downloadopenpam-modules-bf5238eccfe594f3adf00400881ff8250c315c6b.tar.gz
openpam-modules-bf5238eccfe594f3adf00400881ff8250c315c6b.tar.bz2
openpam-modules-bf5238eccfe594f3adf00400881ff8250c315c6b.zip
Moved from passwd to shadow
-rw-r--r--src/pam_unix/pam_unix.c60
-rw-r--r--src/pam_unix/pam_unix.c~153
2 files changed, 37 insertions, 176 deletions
diff --git a/src/pam_unix/pam_unix.c b/src/pam_unix/pam_unix.c
index e3486dd..112d1d0 100644
--- a/src/pam_unix/pam_unix.c
+++ b/src/pam_unix/pam_unix.c
@@ -1,10 +1,23 @@
-#include <pwd.h>
-/* #include <shadow.h> May not be necessary */
+/* #include <pwd.h> */
+#include <netdb.h>
+#include <shadow.h>
#include <sys/types.h>
#include <unistd.h>
-#ifndef (__LINUX__)
+#define PAM_OPT_NULLOK "nullok"
+#define PAM_OPT_AUTH_AS_SELF "auth_as_self"
+#define PAM_OPT_ECHO_PASS "echo_pass"
+#define PAM_OPT_DEBUG "debug"
+
+
+
+#ifndef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN 256
+#endif
+
+
+#ifndef __linux__
#include <login_cap.h>
#endif
@@ -15,30 +28,30 @@
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags,
- int argc __unused, const char **argv __unused) {
+ int argc , const char **argv ) {
-#ifndef (__LINUX__)
+#ifndef __linux__
login_cap_t *lc;
#endif
- struct passwd *pwd;
+ struct spwd *pwd;
const char *pass, *crypt_pass, *user;
int pam_err;
/* identify user */
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
- pwd = getpwnam(getlogin());
+ pwd = getspnam(getlogin());
} else {
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
return (pam_err);
- pwd = getpwnam(user) = NULL;
+ pwd = getspnam(user);
}
/* get password */
if (pwd != NULL) {
- pass = pwd->pw_passwd;
+ pass = pwd->sp_pwdp;
if (pass[0] == '\0') {
if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
openpam_get_option(pamh, PAM_OPT_NULLOK))
@@ -46,17 +59,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
pass = "*";
}
-#ifndef (__LINUX__)
+#ifndef __linux__
lc = login_getpwclass(pwd);
#endif
} else {
pass = "*";
-#ifndef (__LINUX__)
+#ifndef __linux__
lc = login_getpwclass(NULL);
#endif
}
-#ifndef (__LINUX__)
+#ifndef __linux__
prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
login_close(lc);
@@ -71,8 +84,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* check shadow */
- crypt_pass = crypt(pass, pwd->pw_passwd);
- if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 )
+ crypt_pass = crypt(pass, pwd->sp_pwdp);
+ if ( strcmp(crypt_pass, pwd->sp_pwdp) != 0 )
pam_err = PAM_AUTH_ERR;
else
pam_err = PAM_SUCCESS;
@@ -81,8 +94,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
}
PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
- int argc __unused, const char *argv[] __unused) {
+pam_sm_setcred(pam_handle_t *pamh , int flags ,
+ int argc , const char *argv[] ) {
/*
* This functions takes care of renewing/initializing
@@ -95,18 +108,19 @@ pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
- int argc __unused, const char *argv[] __unused) {
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
+ int argc , const char *argv[] ) {
-#ifndef (__LINUX__)
+#ifndef __linux__
login_cap_t *lc;
#endif
- struct passwd *pwd;
+ struct spwd *pwd;
int pam_err;
const char *user;
+ time_t tp;
const void *rhost, *tty;
char rhostip[MAXHOSTNAMELEN] = "";
@@ -130,11 +144,11 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
if (pam_err != PAM_SUCCESS)
return (pam_err);
- if (*pwd->pw_passwd == '\0' &&
+ if (*pwd->sp_pwdp == '\0' &&
(flags & PAM_DISALLOW_NULL_AUTHTOK) != 0)
return (PAM_NEW_AUTHTOK_REQD);
-#ifndef (__LINUX__)
+#ifndef __linux__
lc = login_getpwclass(pwd);
if (lc == NULL) {
@@ -144,7 +158,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
#endif
/* Check if pw_change or pw_expire is set */
- if (pwd->pw_change || pwd->pw_expire)
+ if (pwd->sp_lstchg || pwd->sp_expire)
gettimeofday(&tp, NULL);
diff --git a/src/pam_unix/pam_unix.c~ b/src/pam_unix/pam_unix.c~
deleted file mode 100644
index e3486dd..0000000
--- a/src/pam_unix/pam_unix.c~
+++ /dev/null
@@ -1,153 +0,0 @@
-
-#include <pwd.h>
-/* #include <shadow.h> May not be necessary */
-#include <sys/types.h>
-#include <unistd.h>
-
-#ifndef (__LINUX__)
-#include <login_cap.h>
-#endif
-
-#include <security/pam_modules.h>
-#include <security/pam_appl.h>
-
-
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags,
- int argc __unused, const char **argv __unused) {
-
-#ifndef (__LINUX__)
- login_cap_t *lc;
-#endif
- struct passwd *pwd;
- const char *pass, *crypt_pass, *user;
- int pam_err;
-
- /* identify user */
-
- if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
- pwd = getpwnam(getlogin());
- } else {
- if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
- return (pam_err);
-
- pwd = getpwnam(user) = NULL;
- }
-
- /* get password */
-
- if (pwd != NULL) {
- pass = pwd->pw_passwd;
- if (pass[0] == '\0') {
- if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
- openpam_get_option(pamh, PAM_OPT_NULLOK))
- return (PAM_SUCCESS);
-
- pass = "*";
- }
-#ifndef (__LINUX__)
- lc = login_getpwclass(pwd);
-#endif
- } else {
- pass = "*";
-#ifndef (__LINUX__)
- lc = login_getpwclass(NULL);
-#endif
- }
-
-#ifndef (__LINUX__)
- prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
- pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
- login_close(lc);
-#else
- pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL);
-#endif
-
- if (pam_err == PAM_CONV_ERR)
- return (pam_err);
- if (pam_err != PAM_SUCCESS)
- return (PAM_AUTH_ERR);
-
- /* check shadow */
-
- crypt_pass = crypt(pass, pwd->pw_passwd);
- if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 )
- pam_err = PAM_AUTH_ERR;
- else
- pam_err = PAM_SUCCESS;
-
- return (pam_err);
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
- int argc __unused, const char *argv[] __unused) {
-
- /*
- * This functions takes care of renewing/initializing
- * user credentials as well as gid/uids. Someday, it
- * will be completed. For now, it's not very urgent.
- */
-
- return (PAM_SUCCESS);
-}
-
-
-PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
- int argc __unused, const char *argv[] __unused) {
-
-
-
-#ifndef (__LINUX__)
- login_cap_t *lc;
-#endif
-
- struct passwd *pwd;
- int pam_err;
- const char *user;
- const void *rhost, *tty;
- char rhostip[MAXHOSTNAMELEN] = "";
-
- /* Sanity checks for uname,pwd,tty,host etc */
-
- pam_err = pam_get_user(pamh, &user, NULL);
-
- if (pam_err != PAM_SUCCESS)
- return (pam_err);
-
- if (user == NULL || (pwd = getpwnam(user)) == NULL)
- return (PAM_SERVICE_ERR);
-
- pam_err = pam_get_item(pamh, PAM_RHOST, &rhost);
-
- if (pam_err != PAM_SUCCESS)
- return (pam_err);
-
- pam_err = pam_get_item(pamh, PAM_TTY, &tty);
-
- if (pam_err != PAM_SUCCESS)
- return (pam_err);
-
- if (*pwd->pw_passwd == '\0' &&
- (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0)
- return (PAM_NEW_AUTHTOK_REQD);
-
-#ifndef (__LINUX__)
- lc = login_getpwclass(pwd);
-
- if (lc == NULL) {
- return (PAM_SERVICE_ERR);
-
- }
-#endif
- /* Check if pw_change or pw_expire is set */
-
- if (pwd->pw_change || pwd->pw_expire)
- gettimeofday(&tp, NULL);
-
-
-}
-
-