2 * $Id: uams_passwd.c,v 1.19.2.1.2.9.2.2 2006-12-03 16:23:08 didg Exp $
4 * Copyright (c) 1990,1993 Regents of The University of Michigan.
5 * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
6 * All Rights Reserved. See COPYRIGHT.
11 #endif /* HAVE_CONFIG_H */
13 #include <sys/types.h>
14 /* crypt needs _XOPEN_SOURCE (500) at least on BSD, but that breaks Solaris compile */
16 #define _XOPEN_SOURCE 500 /* for crypt() */
19 #define _XOPEN_SOURCE /* for crypt() */
27 #else /* STDC_HEADERS */
31 #endif /* HAVE_STRCHR */
32 char *strchr (), *strrchr ();
34 #define memcpy(d,s,n) bcopy ((s), (d), (n))
35 #define memmove(d,s,n) bcopy ((s), (d), (n))
36 #endif /* ! HAVE_MEMCPY */
37 #endif /* STDC_HEADERS */
40 #endif /* HAVE_UNISTD_H */
43 #endif /* ! HAVE_CRYPT_H */
45 #ifdef HAVE_SYS_TIME_H
55 #include <atalk/afp.h>
56 #include <atalk/logger.h>
57 #include <atalk/uam.h>
58 #include <atalk/util.h>
63 #define MIN(a,b) ((a) < (b) ? (a) : (b))
71 static char *clientname;
74 extern void append(void *, const char *, int);
76 static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pwd,
77 char *ibuf, int ibuflen,
78 char *rbuf _U_, int *rbuflen _U_)
88 if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
89 (void *) &clientname, NULL ) < 0 )
93 if (ibuflen < PASSWDLEN) {
94 return( AFPERR_PARAM );
96 ibuf[ PASSWDLEN ] = '\0';
98 if (( pwd = uam_getname(obj, username, ulen)) == NULL ) {
102 LOG(log_info, logtype_uams, "cleartext login: %s", username);
104 if (uam_checkuser(pwd) < 0) {
105 LOG(log_info, logtype_uams, "not a valid user");
106 return AFPERR_NOTAUTH;
110 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
111 LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
112 return AFPERR_NOTAUTH;
114 pwd->pw_passwd = sp->sp_pwdp;
116 if (sp && sp->sp_max != -1 && sp->sp_lstchg) {
117 time_t now = time(NULL) / (60*60*24);
118 int32_t expire_days = sp->sp_lstchg - now + sp->sp_max;
119 if ( expire_days < 0 ) {
120 LOG(log_info, logtype_uams, "Password for user %s expired", username);
121 err = AFPERR_PWDEXPR;
124 #endif /* SHADOWPW */
126 if (!pwd->pw_passwd) {
127 return AFPERR_NOTAUTH;
138 uam_afp_getcmdline( &ac, &av );
139 sprintf( hostname, "%s@%s", username, clientname );
141 if( uam_sia_validate_user( NULL, ac, av, hostname, username,
142 NULL, FALSE, NULL, ibuf ) != SIASUCCESS )
143 return AFPERR_NOTAUTH;
148 p = crypt( ibuf, pwd->pw_passwd );
149 if ( strcmp( p, pwd->pw_passwd ) == 0 )
153 return AFPERR_NOTAUTH;
158 static int passwd_login(void *obj, struct passwd **uam_pwd,
159 char *ibuf, int ibuflen,
160 char *rbuf, int *rbuflen)
167 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
168 (void *) &username, &ulen) < 0)
172 return( AFPERR_PARAM );
175 len = (unsigned char) *ibuf++;
177 if (!len || len > ibuflen || len > ulen ) {
178 return( AFPERR_PARAM );
180 memcpy(username, ibuf, len );
183 username[ len ] = '\0';
185 if ((unsigned long) ibuf & 1) { /* pad character */
189 return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
193 /* cleartxt login ext
196 2 bytes len (network order)
197 len bytes unicode name
199 static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
200 char *ibuf, int ibuflen,
201 char *rbuf, int *rbuflen)
209 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
210 (void *) &username, &ulen) < 0)
216 memcpy(&temp16, uname, sizeof(temp16));
218 if (!len || len > ulen ) {
219 return( AFPERR_PARAM );
221 memcpy(username, uname +2, len );
222 username[ len ] = '\0';
223 return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
229 static int passwd_changepw(void *obj, char *username,
230 struct passwd *pwd, char *ibuf,
231 int ibuflen, char *rbuf, int *rbuflen)
235 #endif /* SHADOWPW */
236 char pw[PASSWDLEN + 1], *p;
237 uid_t uid = geteuid();
239 if (uam_checkuser(pwd) < 0)
240 return AFPERR_ACCESS;
243 memcpy(pw, ibuf, PASSWDLEN);
244 memset(ibuf, 0, PASSWDLEN);
245 pw[PASSWDLEN] = '\0';
248 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
249 LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
252 pwd->pw_passwd = sp->sp_pwdp;
253 #endif /* SHADOWPW */
255 p = crypt(pw, pwd->pw_passwd );
256 if (strcmp( p, pwd->pw_passwd )) {
257 memset(pw, 0, sizeof(pw));
258 return AFPERR_NOTAUTH;
263 ibuf[PASSWDLEN] = '\0';
267 #endif /* SHADOWPW */
273 /* Printer ClearTxtUAM login */
274 static int passwd_printer(start, stop, username, out)
275 char *start, *stop, *username;
281 #endif /* SHADOWPW */
283 char password[PASSWDLEN + 1] = "\0";
284 static const char *loginok = "0\r";
287 data = (char *)malloc(stop - start + 1);
289 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: malloc");
292 strlcpy(data, start, stop - start + 1);
294 /* We are looking for the following format in data:
295 * (username) (password)
297 * Let's hope username doesn't contain ") ("!
300 /* Parse input for username in () */
301 if ((p = strchr(data, '(' )) == NULL) {
302 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
307 if ((q = strstr(p, ") (" )) == NULL) {
308 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
312 memcpy(username, p, MIN( UAM_USERNAMELEN, q - p ));
314 /* Parse input for password in next () */
316 if ((q = strrchr(p , ')' )) == NULL) {
317 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: password not found in string");
321 memcpy(password, p, MIN(PASSWDLEN, q - p) );
323 /* Done copying username and password, clean up */
326 ulen = strlen(username);
328 if (( pwd = uam_getname(NULL, username, ulen)) == NULL ) {
329 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: ( %s ) not found ",
334 if (uam_checkuser(pwd) < 0) {
335 /* syslog of error happens in uam_checkuser */
340 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
341 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no shadow passwd entry for %s",
345 pwd->pw_passwd = sp->sp_pwdp;
347 if (sp && sp->sp_max != -1 && sp->sp_lstchg) {
348 time_t now = time(NULL) / (60*60*24);
349 int32_t expire_days = sp->sp_lstchg - now + sp->sp_max;
350 if ( expire_days < 0 ) {
351 LOG(log_info, logtype_uams, "Password for user %s expired", username);
356 #endif /* SHADOWPW */
358 if (!pwd->pw_passwd) {
359 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no password for %s",
365 if ( kcheckuser( pwd, password) == 0)
369 p = crypt(password, pwd->pw_passwd);
370 if (strcmp(p, pwd->pw_passwd) != 0) {
371 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: %s: bad password", username);
375 /* Login successful */
376 append(out, loginok, strlen(loginok));
377 LOG(log_info, logtype_uams, "Login ClearTxtUAM: %s", username);
382 int uam_setup(const char *path)
384 if (uam_register_fn(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd",
385 passwd_login, NULL, NULL, passwd_login_ext) < 0)
387 if (uam_register_fn(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
394 static int uam_setup(const char *path)
396 if (uam_register(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd",
397 passwd_login, NULL, NULL, passwd_login_ext) < 0)
399 if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
408 static void uam_cleanup(void)
410 uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd");
411 uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM");
414 UAM_MODULE_EXPORT struct uam_export uams_clrtxt = {
417 uam_setup, uam_cleanup
420 UAM_MODULE_EXPORT struct uam_export uams_passwd = {
423 uam_setup, uam_cleanup