From 6cec28d59d87ccc3b55b30bfd13f1d400ee68f14 Mon Sep 17 00:00:00 2001 From: jdp Date: Wed, 18 Nov 1998 01:44:37 +0000 Subject: Build structure for contribified Linux-PAM, plus some home-grown modules for FreeBSD's standard authentication methods. Although the Linux-PAM modules are present in the contrib tree, we don't use any of them. The main library "libpam" is composed of sources taken from three places. First are the standard Linux-PAM libpam sources from the contrib tree. Second are the Linux-PAM "libpam_misc" sources, also from the contrib tree. In Linux these form a separate library. But as Mike Smith pointed out to me, that seems pointless, so I have combined them into the libpam library. Third are some additional sources from the "src/lib/libpam" tree with some common functions that make it easier to write modules. Those I wrote myself. This work has been donated to FreeBSD by Juniper Networks, Inc. --- lib/libpam/modules/pam_unix/pam_unix.c | 88 ++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 lib/libpam/modules/pam_unix/pam_unix.c (limited to 'lib/libpam/modules/pam_unix/pam_unix.c') diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c new file mode 100644 index 0000000..e100307 --- /dev/null +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -0,0 +1,88 @@ +/*- + * Copyright 1998 Juniper Networks, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include +#include +#include +#include + +#define PAM_SM_AUTH +#include + +#include "pam_mod_misc.h" + +#define PASSWORD_PROMPT "Password:" + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + int retval; + const char *user; + const char *password; + struct passwd *pwd; + char *encrypted; + int options; + int i; + + options = 0; + for (i = 0; i < argc; i++) + pam_std_option(&options, argv[i]); + if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) + return retval; + if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT, + options)) != PAM_SUCCESS) + return retval; + if ((pwd = getpwnam(user)) != NULL) { + encrypted = crypt(password, pwd->pw_passwd); + if (password[0] == '\0' && pwd->pw_passwd != '\0') + encrypted = ":"; + + retval = strcmp(encrypted, pwd->pw_passwd) == 0 ? + PAM_SUCCESS : PAM_AUTH_ERR; + } else { + /* + * User unknown. Encrypt anyway so that it takes the + * same amount of time. + */ + crypt(password, "xx"); + retval = PAM_AUTH_ERR; + } + /* + * The PAM infrastructure will obliterate the cleartext + * password before returning to the application. + */ + return retval; +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return PAM_SUCCESS; +} -- cgit v1.1