summaryrefslogtreecommitdiffstats
path: root/libexec/lukemftpd
diff options
context:
space:
mode:
authorobrien <obrien@FreeBSD.org>2006-08-31 17:12:33 +0000
committerobrien <obrien@FreeBSD.org>2006-08-31 17:12:33 +0000
commitc98a455106b1b1db31fe741ac4d1c772f707fca4 (patch)
tree3f939f47cc971600c57c9f6ebe538b9ba19a7fbe /libexec/lukemftpd
parentb606c5a70414070a2c0d2bb21e424f9b39d8923c (diff)
downloadFreeBSD-src-c98a455106b1b1db31fe741ac4d1c772f707fca4.zip
FreeBSD-src-c98a455106b1b1db31fe741ac4d1c772f707fca4.tar.gz
Not needed any more, vendor sources have PAM support.
Diffstat (limited to 'libexec/lukemftpd')
-rw-r--r--libexec/lukemftpd/pamize.h153
1 files changed, 0 insertions, 153 deletions
diff --git a/libexec/lukemftpd/pamize.h b/libexec/lukemftpd/pamize.h
deleted file mode 100644
index 345f4bb..0000000
--- a/libexec/lukemftpd/pamize.h
+++ /dev/null
@@ -1,153 +0,0 @@
-/* $FreeBSD$ */
-
-
-#ifdef USE_PAM
-/*
- * the following code is stolen from imap-uw PAM authentication module and
- * login.c
- */
-#define COPY_STRING(s) (s ? strdup(s) : NULL)
-
-struct cred_t {
- const char *uname; /* user name */
- const char *pass; /* password */
-};
-typedef struct cred_t cred_t;
-
-static int
-auth_conv(int num_msg, const struct pam_message **msg,
- struct pam_response **resp, void *appdata)
-{
- int i;
- cred_t *cred = (cred_t *) appdata;
- struct pam_response *reply;
-
- reply = calloc(num_msg, sizeof *reply);
- if (reply == NULL)
- return PAM_BUF_ERR;
-
- for (i = 0; i < num_msg; i++) {
- switch (msg[i]->msg_style) {
- case PAM_PROMPT_ECHO_ON: /* assume want user name */
- reply[i].resp_retcode = PAM_SUCCESS;
- reply[i].resp = COPY_STRING(cred->uname);
- /* PAM frees resp. */
- break;
- case PAM_PROMPT_ECHO_OFF: /* assume want password */
- reply[i].resp_retcode = PAM_SUCCESS;
- reply[i].resp = COPY_STRING(cred->pass);
- /* PAM frees resp. */
- break;
- case PAM_TEXT_INFO:
- case PAM_ERROR_MSG:
- reply[i].resp_retcode = PAM_SUCCESS;
- reply[i].resp = NULL;
- break;
- default: /* unknown message style */
- free(reply);
- return PAM_CONV_ERR;
- }
- }
-
- *resp = reply;
- return PAM_SUCCESS;
-}
-
-/*
- * Attempt to authenticate the user using PAM. Returns 0 if the user is
- * authenticated, or 1 if not authenticated. If some sort of PAM system
- * error occurs (e.g., the "/etc/pam.conf" file is missing) then this
- * function returns -1. This can be used as an indication that we should
- * fall back to a different authentication mechanism.
- */
-static int
-auth_pam(struct passwd **ppw, const char *pass)
-{
- pam_handle_t *pamh = NULL;
- const char *tmpl_user;
- const void *item;
- int rval;
- int e;
- cred_t auth_cred = { (*ppw)->pw_name, pass };
- struct pam_conv conv = { &auth_conv, &auth_cred };
-
- e = pam_start("ftpd", (*ppw)->pw_name, &conv, &pamh);
- if (e != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, e));
- return -1;
- }
-
- e = pam_set_item(pamh, PAM_RHOST, remotehost);
- if (e != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s",
- pam_strerror(pamh, e));
- return -1;
- }
-
- e = pam_authenticate(pamh, 0);
- switch (e) {
- case PAM_SUCCESS:
- /*
- * With PAM we support the concept of a "template"
- * user. The user enters a login name which is
- * authenticated by PAM, usually via a remote service
- * such as RADIUS or TACACS+. If authentication
- * succeeds, a different but related "template" name
- * is used for setting the credentials, shell, and
- * home directory. The name the user enters need only
- * exist on the remote authentication server, but the
- * template name must be present in the local password
- * database.
- *
- * This is supported by two various mechanisms in the
- * individual modules. However, from the application's
- * point of view, the template user is always passed
- * back as a changed value of the PAM_USER item.
- */
- if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
- PAM_SUCCESS) {
- tmpl_user = (const char *) item;
- if (strcmp((*ppw)->pw_name, tmpl_user) != 0)
- *ppw = getpwnam(tmpl_user);
- } else
- syslog(LOG_ERR, "Couldn't get PAM_USER: %s",
- pam_strerror(pamh, e));
- rval = 0;
- break;
-
- case PAM_AUTH_ERR:
- case PAM_USER_UNKNOWN:
- case PAM_MAXTRIES:
- rval = 1;
- break;
-
- default:
- syslog(LOG_ERR, "pam_authenticate: %s", pam_strerror(pamh, e));
- rval = -1;
- break;
- }
-
- if (rval == 0) {
- e = pam_acct_mgmt(pamh, 0);
- if (e == PAM_NEW_AUTHTOK_REQD) {
- e = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
- if (e != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_chauthtok: %s",
- pam_strerror(pamh, e));
- rval = 1;
- }
- } else if (e != PAM_SUCCESS) {
- rval = 1;
- }
- }
-
- if (rval != 0) {
- if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
- }
- pamh = NULL;
- }
- return rval;
-}
-
-#endif /* USE_PAM */
OpenPOWER on IntegriCloud