imapext-2007

diff src/osdep/unix/ckp_pmb.c @ 0:ada5e610ab86

find changesets by author, revision, files, or words in the commit message
imap-2007e
author yuuji@gentei.org
date Mon, 14 Sep 2009 15:17:45 +0900
parents
children
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/src/osdep/unix/ckp_pmb.c	Mon Sep 14 15:17:45 2009 +0900
     1.3 @@ -0,0 +1,128 @@
     1.4 +/* ========================================================================
     1.5 + * Copyright 1988-2006 University of Washington
     1.6 + *
     1.7 + * Licensed under the Apache License, Version 2.0 (the "License");
     1.8 + * you may not use this file except in compliance with the License.
     1.9 + * You may obtain a copy of the License at
    1.10 + *
    1.11 + *     http://www.apache.org/licenses/LICENSE-2.0
    1.12 + *
    1.13 + * 
    1.14 + * ========================================================================
    1.15 + */
    1.16 +
    1.17 +/*
    1.18 + * Program:	Pluggable Authentication Modules login services, buggy systems
    1.19 + *		(use this instead of ckp_pam.c on Solaris)
    1.20 + *
    1.21 + * Author:	Mark Crispin
    1.22 + *		Networks and Distributed Computing
    1.23 + *		Computing & Communications
    1.24 + *		University of Washington
    1.25 + *		Administration Building, AG-44
    1.26 + *		Seattle, WA  98195
    1.27 + *		Internet: MRC@CAC.Washington.EDU
    1.28 + *
    1.29 + * Date:	1 August 1988
    1.30 + * Last Edited:	31 August 2006
    1.31 + */
    1.32 +
    1.33 +
    1.34 +#include <security/pam_appl.h>
    1.35 +
    1.36 +static char *pam_uname;		/* user name */
    1.37 +static char *pam_pass;		/* password */
    1.38 +
    1.39 +/* PAM conversation function
    1.40 + * Accepts: number of messages
    1.41 + *	    vector of messages
    1.42 + *	    pointer to response return
    1.43 + *	    application data
    1.44 + * Returns: PAM_SUCCESS if OK, response vector filled in, else PAM_CONV_ERR
    1.45 + */
    1.46 +
    1.47 +static int checkpw_conv (int num_msg,const struct pam_message **msg,
    1.48 +			 struct pam_response **resp,void *appdata_ptr)
    1.49 +{
    1.50 +  int i;
    1.51 +  struct pam_response *reply = fs_get (sizeof (struct pam_response) * num_msg);
    1.52 +  for (i = 0; i < num_msg; i++) switch (msg[i]->msg_style) {
    1.53 +  case PAM_PROMPT_ECHO_ON:	/* assume want user name */
    1.54 +    reply[i].resp_retcode = PAM_SUCCESS;
    1.55 +    reply[i].resp = cpystr (pam_uname);
    1.56 +    break;
    1.57 +  case PAM_PROMPT_ECHO_OFF:	/* assume want password */
    1.58 +    reply[i].resp_retcode = PAM_SUCCESS;
    1.59 +    reply[i].resp = cpystr (pam_pass);
    1.60 +    break;
    1.61 +  case PAM_TEXT_INFO:
    1.62 +  case PAM_ERROR_MSG:
    1.63 +    reply[i].resp_retcode = PAM_SUCCESS;
    1.64 +    reply[i].resp = NULL;
    1.65 +    break;
    1.66 +  default:			/* unknown message style */
    1.67 +    fs_give ((void **) &reply);
    1.68 +    return PAM_CONV_ERR;
    1.69 +  }
    1.70 +  *resp = reply;
    1.71 +  return PAM_SUCCESS;
    1.72 +}
    1.73 +
    1.74 +
    1.75 +/* PAM cleanup
    1.76 + * Accepts: handle
    1.77 + */
    1.78 +
    1.79 +static void checkpw_cleanup (pam_handle_t *hdl)
    1.80 +{
    1.81 +#if 0	/* see checkpw() for why this is #if 0 */
    1.82 +  pam_close_session (hdl,NIL);	/* close session [uw]tmp */
    1.83 +#endif
    1.84 +  pam_setcred (hdl,PAM_DELETE_CRED);
    1.85 +  pam_end (hdl,PAM_SUCCESS);
    1.86 +}
    1.87 +
    1.88 +/* Server log in
    1.89 + * Accepts: user name string
    1.90 + *	    password string
    1.91 + * Returns: T if password validated, NIL otherwise
    1.92 + */
    1.93 +
    1.94 +struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[])
    1.95 +{
    1.96 +  pam_handle_t *hdl;
    1.97 +  struct pam_conv conv;
    1.98 +  char *name = cpystr (pw->pw_name);
    1.99 +  conv.conv = &checkpw_conv;
   1.100 +  pam_uname = pw->pw_name;
   1.101 +  pam_pass = pass;
   1.102 +  if (pw = ((pam_start ((char *) mail_parameters (NIL,GET_SERVICENAME,NIL),
   1.103 +			pw->pw_name,&conv,&hdl) == PAM_SUCCESS) &&
   1.104 +	    (pam_set_item (hdl,PAM_RHOST,tcp_clientaddr ()) == PAM_SUCCESS) &&
   1.105 +	    (pam_authenticate (hdl,NIL) == PAM_SUCCESS) &&
   1.106 +	    (pam_acct_mgmt (hdl,NIL) == PAM_SUCCESS) &&
   1.107 +	    (pam_setcred (hdl,PAM_ESTABLISH_CRED) == PAM_SUCCESS)) ?
   1.108 +      getpwnam (name) : NIL) {
   1.109 +#if 0
   1.110 +    /*
   1.111 +     * Some people have reported that this causes a SEGV in strncpy() from
   1.112 +     * pam_unix.so.1
   1.113 +     */
   1.114 +    /*
   1.115 +     * This pam_open_session() call is inconsistant with how we handle other
   1.116 +     * platforms, where we don't write [uw]tmp records.  However, unlike our
   1.117 +     * code on other platforms, pam_acct_mgmt() will check those records for
   1.118 +     * inactivity and deny the authentication.
   1.119 +     */
   1.120 +    pam_open_session (hdl,NIL);	/* make sure account doesn't go inactive */
   1.121 +#endif
   1.122 +				/* arm hook to delete credentials */
   1.123 +    mail_parameters (NIL,SET_LOGOUTHOOK,(void *) checkpw_cleanup);
   1.124 +    mail_parameters (NIL,SET_LOGOUTDATA,(void *) hdl);
   1.125 +  }
   1.126 +  else checkpw_cleanup (hdl);	/* clean up */
   1.127 +  fs_give ((void **) &name);
   1.128 +				/* reset log facility in case PAM broke it */
   1.129 +  if (myServerName) openlog (myServerName,LOG_PID,syslog_facility);
   1.130 +  return pw;
   1.131 +}

UW-IMAP'd extensions by yuuji