[svn-upgrade] Integrating new upstream version, shadow (4.0.8)
This commit is contained in:
nekral-guest
183
lib/pwauth.c
183
lib/pwauth.c
@ -29,9 +29,9 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#ifndef USE_PAM
|
||||
#include "rcsid.h"
|
||||
RCSID("$Id: pwauth.c,v 1.14 2003/05/12 04:58:56 kloczek Exp $")
|
||||
|
||||
RCSID ("$Id: pwauth.c,v 1.17 2005/04/17 15:21:42 kloczek Exp $")
|
||||
#include <sys/types.h>
|
||||
#include <signal.h>
|
||||
#include <fcntl.h>
|
||||
@ -41,23 +41,14 @@ RCSID("$Id: pwauth.c,v 1.14 2003/05/12 04:58:56 kloczek Exp $")
|
||||
#include "defines.h"
|
||||
#include "pwauth.h"
|
||||
#include "getdef.h"
|
||||
|
||||
#ifdef SKEY
|
||||
#include <skey.h>
|
||||
#endif
|
||||
|
||||
#ifdef OPIE
|
||||
#include <opie.h>
|
||||
#endif
|
||||
|
||||
#ifdef __linux__ /* standard password prompt by default */
|
||||
static const char *PROMPT = gettext_noop("Password: ");
|
||||
#ifdef __linux__ /* standard password prompt by default */
|
||||
static const char *PROMPT = gettext_noop ("Password: ");
|
||||
#else
|
||||
static const char *PROMPT = gettext_noop("%s's Password: ");
|
||||
static const char *PROMPT = gettext_noop ("%s's Password: ");
|
||||
#endif
|
||||
|
||||
extern char *getpass();
|
||||
extern char *getpass_with_echo();
|
||||
extern char *getpass ();
|
||||
extern char *getpass_with_echo ();
|
||||
|
||||
int wipe_clear_pass = 1;
|
||||
char *clear_pass = NULL;
|
||||
@ -71,41 +62,12 @@ char *clear_pass = NULL;
|
||||
*/
|
||||
|
||||
int
|
||||
pw_auth(const char *cipher, const char *user, int reason, const char *input)
|
||||
pw_auth (const char *cipher, const char *user, int reason, const char *input)
|
||||
{
|
||||
char prompt[1024];
|
||||
char *clear = NULL;
|
||||
char prompt[1024];
|
||||
char *clear = NULL;
|
||||
const char *cp;
|
||||
int retval;
|
||||
#ifdef SKEY
|
||||
int use_skey = 0;
|
||||
char challenge_info[40];
|
||||
struct skey skey;
|
||||
#endif
|
||||
|
||||
#ifdef OPIE
|
||||
int use_opie = 0;
|
||||
char o_challenge_info[OPIE_CHALLENGE_MAX + 1];
|
||||
struct opie opie;
|
||||
/*
|
||||
* This implementation is based almost entirely on the SKEY code
|
||||
* above. Thus the opie struct is called skey, etc. I am unaware
|
||||
* if the system works at the same time, but I cannot imagine why
|
||||
* anyone would want to do this....
|
||||
* -- A.R.
|
||||
* Mod: 5/14/98 A.R.
|
||||
* Made the OPIE code separate from the S/Key code. Now
|
||||
* (conceivably) both can be compiled in and function apart from
|
||||
* one another (assuming a sysadmin really wants to maintain OPIE
|
||||
* and an S/Key databases....).
|
||||
*
|
||||
* Also cleaned up the code a bit. Will be adding second-prompt
|
||||
* support (the traditional Echo-on S/Key/OPIE-only prompts to let
|
||||
* the users see the one-time passwords they are typing/pasting
|
||||
* in....
|
||||
* -- A.R.
|
||||
*/
|
||||
#endif
|
||||
int retval;
|
||||
|
||||
/*
|
||||
* There are programs for adding and deleting authentication data.
|
||||
@ -117,7 +79,6 @@ pw_auth(const char *cipher, const char *user, int reason, const char *input)
|
||||
/*
|
||||
* There are even programs for changing the user name ...
|
||||
*/
|
||||
|
||||
if (reason == PW_CHANGE && input != (char *) 0)
|
||||
return 0;
|
||||
|
||||
@ -129,7 +90,6 @@ pw_auth(const char *cipher, const char *user, int reason, const char *input)
|
||||
* know it. This is a policy decision that might have to be
|
||||
* revisited.
|
||||
*/
|
||||
|
||||
if (reason == PW_CHANGE && getuid () == 0)
|
||||
return 0;
|
||||
|
||||
@ -141,65 +101,21 @@ pw_auth(const char *cipher, const char *user, int reason, const char *input)
|
||||
* the user could just hit <ENTER>, so it doesn't really
|
||||
* matter.
|
||||
*/
|
||||
|
||||
if (cipher == (char *) 0 || *cipher == '\0')
|
||||
return 0;
|
||||
|
||||
#ifdef SKEY
|
||||
/*
|
||||
* If the user has an S/KEY entry show them the pertinent info
|
||||
* and then we can try validating the created cyphertext and the SKEY.
|
||||
* If there is no SKEY information we default to not using SKEY.
|
||||
*/
|
||||
|
||||
if (skeychallenge (&skey, user, challenge_info) == 0)
|
||||
use_skey = 1;
|
||||
#endif
|
||||
|
||||
#ifdef OPIE
|
||||
/*
|
||||
* Ditto above, for OPIE passwords.
|
||||
* -- AR
|
||||
*/
|
||||
|
||||
o_challenge_info[0] = '\0';
|
||||
if (opiechallenge(&opie, user, o_challenge_info) == 0)
|
||||
use_opie = 1;
|
||||
|
||||
if (use_opie == 0)
|
||||
opieverify(&opie, (char *)NULL);
|
||||
/*
|
||||
* This call to opieverify is necessary within OPIE's interface:
|
||||
* Every call to opiechallenge(), which checks to see if the user
|
||||
* has an OPIE password, and if so get the challenge, must be
|
||||
* accompanied by exactly one call to opieverify, which clears
|
||||
* any outstanding locks, and otherwise cleans up.
|
||||
* -- AR
|
||||
*/
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Prompt for the password as required. FTPD and REXECD both
|
||||
* get the cleartext password for us.
|
||||
*/
|
||||
|
||||
if (reason != PW_FTP && reason != PW_REXEC && !input) {
|
||||
if (! (cp = getdef_str ("LOGIN_STRING")))
|
||||
if (!(cp = getdef_str ("LOGIN_STRING")))
|
||||
cp = _(PROMPT);
|
||||
#ifdef SKEY
|
||||
if (use_skey)
|
||||
printf ("[%s]\n", challenge_info);
|
||||
#endif
|
||||
|
||||
#ifdef OPIE
|
||||
if (use_opie)
|
||||
printf("[ %s ]\n", o_challenge_info);
|
||||
#endif
|
||||
|
||||
snprintf(prompt, sizeof prompt, cp, user);
|
||||
clear = getpass(prompt);
|
||||
snprintf (prompt, sizeof prompt, cp, user);
|
||||
clear = getpass (prompt);
|
||||
if (!clear) {
|
||||
static char c[1];
|
||||
|
||||
c[0] = '\0';
|
||||
clear = c;
|
||||
}
|
||||
@ -209,70 +125,9 @@ pw_auth(const char *cipher, const char *user, int reason, const char *input)
|
||||
/*
|
||||
* Convert the cleartext password into a ciphertext string.
|
||||
* If the two match, the return value will be zero, which is
|
||||
* SUCCESS. Otherwise we see if SKEY is being used and check
|
||||
* the results there as well.
|
||||
* SUCCESS.
|
||||
*/
|
||||
|
||||
retval = strcmp(pw_encrypt(input, cipher), cipher);
|
||||
|
||||
#ifdef OPIE
|
||||
/*
|
||||
* This is required because using OPIE, opieverify() MUST be called
|
||||
* opiechallenge() above even if OPIE isn't being used in this case,
|
||||
* so locks get released, etc.
|
||||
* -- AR
|
||||
*/
|
||||
|
||||
if ((retval == 0) && use_opie)
|
||||
opieverify(&opie, (char *)NULL);
|
||||
#endif
|
||||
|
||||
#if (defined(SKEY) || defined(OPIE))
|
||||
/*
|
||||
* If (1) The password fails to match, and
|
||||
* (2) The password is empty and
|
||||
* (3) We are using OPIE or S/Key, then
|
||||
* ...Re-prompt, with echo on.
|
||||
* -- AR 8/22/1999
|
||||
*/
|
||||
if (retval && !input[0] &&
|
||||
(0
|
||||
#ifdef SKEY
|
||||
|| use_skey
|
||||
#endif
|
||||
#ifdef OPIE
|
||||
|| use_opie
|
||||
#endif
|
||||
)) {
|
||||
strncat(prompt, _("(Echo on) "),
|
||||
(sizeof(prompt) - strlen(prompt)));
|
||||
clear = getpass_with_echo(prompt);
|
||||
if (!clear) {
|
||||
static char c[1];
|
||||
c[0] = '\0';
|
||||
clear = c;
|
||||
}
|
||||
input = clear;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef SKEY
|
||||
if (retval && use_skey) {
|
||||
int passcheck = -1;
|
||||
|
||||
if (skeyverify(&skey, input) == 0)
|
||||
passcheck = skey.n;
|
||||
if (passcheck > 0)
|
||||
retval = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef OPIE
|
||||
if (retval && use_opie) {
|
||||
if (opieverify(&opie, input) == 0)
|
||||
retval = 0;
|
||||
}
|
||||
#endif /* OPIE */
|
||||
retval = strcmp (pw_encrypt (input, cipher), cipher);
|
||||
|
||||
/*
|
||||
* Things like RADIUS authentication may need the password -
|
||||
@ -280,9 +135,9 @@ pw_auth(const char *cipher, const char *user, int reason, const char *input)
|
||||
* not wipe it (the caller should wipe clear_pass when it is
|
||||
* no longer needed). --marekm
|
||||
*/
|
||||
|
||||
clear_pass = clear;
|
||||
if (wipe_clear_pass && clear && *clear)
|
||||
strzero(clear);
|
||||
strzero (clear);
|
||||
return retval;
|
||||
}
|
||||
#endif /* !USE_PAM */
|
||||
|
||||
Reference in New Issue
Block a user