imapext-2007
diff src/osdep/unix/ckp_pmb.c @ 0:ada5e610ab86
imap-2007e
author | yuuji@gentei.org |
---|---|
date | Mon, 14 Sep 2009 15:17:45 +0900 |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/src/osdep/unix/ckp_pmb.c Mon Sep 14 15:17:45 2009 +0900 1.3 @@ -0,0 +1,128 @@ 1.4 +/* ======================================================================== 1.5 + * Copyright 1988-2006 University of Washington 1.6 + * 1.7 + * Licensed under the Apache License, Version 2.0 (the "License"); 1.8 + * you may not use this file except in compliance with the License. 1.9 + * You may obtain a copy of the License at 1.10 + * 1.11 + * http://www.apache.org/licenses/LICENSE-2.0 1.12 + * 1.13 + * 1.14 + * ======================================================================== 1.15 + */ 1.16 + 1.17 +/* 1.18 + * Program: Pluggable Authentication Modules login services, buggy systems 1.19 + * (use this instead of ckp_pam.c on Solaris) 1.20 + * 1.21 + * Author: Mark Crispin 1.22 + * Networks and Distributed Computing 1.23 + * Computing & Communications 1.24 + * University of Washington 1.25 + * Administration Building, AG-44 1.26 + * Seattle, WA 98195 1.27 + * Internet: MRC@CAC.Washington.EDU 1.28 + * 1.29 + * Date: 1 August 1988 1.30 + * Last Edited: 31 August 2006 1.31 + */ 1.32 + 1.33 + 1.34 +#include <security/pam_appl.h> 1.35 + 1.36 +static char *pam_uname; /* user name */ 1.37 +static char *pam_pass; /* password */ 1.38 + 1.39 +/* PAM conversation function 1.40 + * Accepts: number of messages 1.41 + * vector of messages 1.42 + * pointer to response return 1.43 + * application data 1.44 + * Returns: PAM_SUCCESS if OK, response vector filled in, else PAM_CONV_ERR 1.45 + */ 1.46 + 1.47 +static int checkpw_conv (int num_msg,const struct pam_message **msg, 1.48 + struct pam_response **resp,void *appdata_ptr) 1.49 +{ 1.50 + int i; 1.51 + struct pam_response *reply = fs_get (sizeof (struct pam_response) * num_msg); 1.52 + for (i = 0; i < num_msg; i++) switch (msg[i]->msg_style) { 1.53 + case PAM_PROMPT_ECHO_ON: /* assume want user name */ 1.54 + reply[i].resp_retcode = PAM_SUCCESS; 1.55 + reply[i].resp = cpystr (pam_uname); 1.56 + break; 1.57 + case PAM_PROMPT_ECHO_OFF: /* assume want password */ 1.58 + reply[i].resp_retcode = PAM_SUCCESS; 1.59 + reply[i].resp = cpystr (pam_pass); 1.60 + break; 1.61 + case PAM_TEXT_INFO: 1.62 + case PAM_ERROR_MSG: 1.63 + reply[i].resp_retcode = PAM_SUCCESS; 1.64 + reply[i].resp = NULL; 1.65 + break; 1.66 + default: /* unknown message style */ 1.67 + fs_give ((void **) &reply); 1.68 + return PAM_CONV_ERR; 1.69 + } 1.70 + *resp = reply; 1.71 + return PAM_SUCCESS; 1.72 +} 1.73 + 1.74 + 1.75 +/* PAM cleanup 1.76 + * Accepts: handle 1.77 + */ 1.78 + 1.79 +static void checkpw_cleanup (pam_handle_t *hdl) 1.80 +{ 1.81 +#if 0 /* see checkpw() for why this is #if 0 */ 1.82 + pam_close_session (hdl,NIL); /* close session [uw]tmp */ 1.83 +#endif 1.84 + pam_setcred (hdl,PAM_DELETE_CRED); 1.85 + pam_end (hdl,PAM_SUCCESS); 1.86 +} 1.87 + 1.88 +/* Server log in 1.89 + * Accepts: user name string 1.90 + * password string 1.91 + * Returns: T if password validated, NIL otherwise 1.92 + */ 1.93 + 1.94 +struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[]) 1.95 +{ 1.96 + pam_handle_t *hdl; 1.97 + struct pam_conv conv; 1.98 + char *name = cpystr (pw->pw_name); 1.99 + conv.conv = &checkpw_conv; 1.100 + pam_uname = pw->pw_name; 1.101 + pam_pass = pass; 1.102 + if (pw = ((pam_start ((char *) mail_parameters (NIL,GET_SERVICENAME,NIL), 1.103 + pw->pw_name,&conv,&hdl) == PAM_SUCCESS) && 1.104 + (pam_set_item (hdl,PAM_RHOST,tcp_clientaddr ()) == PAM_SUCCESS) && 1.105 + (pam_authenticate (hdl,NIL) == PAM_SUCCESS) && 1.106 + (pam_acct_mgmt (hdl,NIL) == PAM_SUCCESS) && 1.107 + (pam_setcred (hdl,PAM_ESTABLISH_CRED) == PAM_SUCCESS)) ? 1.108 + getpwnam (name) : NIL) { 1.109 +#if 0 1.110 + /* 1.111 + * Some people have reported that this causes a SEGV in strncpy() from 1.112 + * pam_unix.so.1 1.113 + */ 1.114 + /* 1.115 + * This pam_open_session() call is inconsistant with how we handle other 1.116 + * platforms, where we don't write [uw]tmp records. However, unlike our 1.117 + * code on other platforms, pam_acct_mgmt() will check those records for 1.118 + * inactivity and deny the authentication. 1.119 + */ 1.120 + pam_open_session (hdl,NIL); /* make sure account doesn't go inactive */ 1.121 +#endif 1.122 + /* arm hook to delete credentials */ 1.123 + mail_parameters (NIL,SET_LOGOUTHOOK,(void *) checkpw_cleanup); 1.124 + mail_parameters (NIL,SET_LOGOUTDATA,(void *) hdl); 1.125 + } 1.126 + else checkpw_cleanup (hdl); /* clean up */ 1.127 + fs_give ((void **) &name); 1.128 + /* reset log facility in case PAM broke it */ 1.129 + if (myServerName) openlog (myServerName,LOG_PID,syslog_facility); 1.130 + return pw; 1.131 +}