X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=etc%2Fuams%2Fuams_pam.c;h=0c2359ca9855b6cb6ded2549ccffcfc2be8a0a93;hb=97947cdd4ed4343ec1ae1df25f9f23d9b3f6432b;hp=461ac0efc06c85b3dee64e5651398d8b79b0eef4;hpb=16c71250cf94fb7b4369df930b701a3c236311b0;p=netatalk.git

diff --git a/etc/uams/uams_pam.c b/etc/uams/uams_pam.c
index 461ac0ef..0c2359ca 100644
--- a/etc/uams/uams_pam.c
+++ b/etc/uams/uams_pam.c
@@ -1,5 +1,5 @@
 /*
- * $Id: uams_pam.c,v 1.14 2002-10-17 18:01:54 didg Exp $
+ * $Id: uams_pam.c,v 1.15.2.1.2.5.2.1 2005-09-27 10:40:41 didg Exp $
  *
  * Copyright (c) 1990,1993 Regents of The University of Michigan.
  * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu) 
@@ -34,13 +34,24 @@ char *strchr (), *strrchr ();
 
 #include <atalk/logger.h>
 
+#ifdef HAVE_SECURITY_PAM_APPL_H
 #include <security/pam_appl.h>
+#endif
+#ifdef HAVE_PAM_PAM_APPL_H
+#include <pam/pam_appl.h>
+#endif
 
 #include <atalk/afp.h>
 #include <atalk/uam.h>
+#include <atalk/util.h>
 
 #define PASSWDLEN 8
 
+#ifndef MIN
+#define MIN(a,b) ((a) < (b) ? (a) : (b))
+#endif /* MIN */
+
+
 /* Static variables used to communicate between the conversation function
  * and the server_login function
  */
@@ -49,6 +60,8 @@ static char *hostname;
 static char *PAM_username;
 static char *PAM_password;
 
+extern void append(void *, const char *, int);
+
 /* PAM conversation function
  * Here we assume (for now, at least) that echo on means login name, and
  * echo off means password.
@@ -56,7 +69,7 @@ static char *PAM_password;
 static int PAM_conv (int num_msg,
                      const struct pam_message **msg,
                      struct pam_response **resp,
-                     void *appdata_ptr) 
+                     void *appdata_ptr _U_) 
 {
   struct pam_response *reply;
   int count;
@@ -126,8 +139,8 @@ static struct pam_conv PAM_conversation = {
 };
 
 static int login(void *obj, char *username, int ulen,  struct passwd **uam_pwd,
-		     char *ibuf, int ibuflen,
-		     char *rbuf, int *rbuflen)
+		     char *ibuf, int ibuflen _U_,
+		     char *rbuf _U_, int *rbuflen _U_)
 {
     struct passwd *pwd;
     int err, PAM_error;
@@ -141,7 +154,7 @@ static int login(void *obj, char *username, int ulen,  struct passwd **uam_pwd,
     
     ibuf[ PASSWDLEN ] = '\0';
 
-    if (( pwd = uam_getname(username, ulen)) == NULL ) {
+    if (( pwd = uam_getname(obj, username, ulen)) == NULL ) {
 	return AFPERR_PARAM;
     }
 
@@ -167,13 +180,14 @@ static int login(void *obj, char *username, int ulen,  struct passwd **uam_pwd,
 
     PAM_error = pam_acct_mgmt(pamh, 0);
     if (PAM_error != PAM_SUCCESS) {
-      if (PAM_error == PAM_ACCT_EXPIRED)
+      if (PAM_error == PAM_NEW_AUTHTOK_REQD) /* Password change required */
 	err = AFPERR_PWDEXPR;
 #ifdef PAM_AUTHTOKEN_REQD
       else if (PAM_error == PAM_AUTHTOKEN_REQD) 
 	err = AFPERR_PWDCHNG;
 #endif /* PAM_AUTHTOKEN_REQD */
-      goto login_err;
+      else
+        goto login_err;
     }
 
 #ifndef PAM_CRED_ESTABLISH
@@ -188,13 +202,16 @@ static int login(void *obj, char *username, int ulen,  struct passwd **uam_pwd,
       goto login_err;
 
     *uam_pwd = pwd;
+
+    if (err == AFPERR_PWDEXPR)
+	return err;
+
     return AFP_OK;
 
 login_err:
     pam_end(pamh, PAM_error);
     pamh = NULL;
     return err;
-
 }
 
 /* --------------------------
@@ -209,10 +226,9 @@ static int pam_login(void *obj, struct passwd **uam_pwd,
 
     *rbuflen = 0;
 
-    if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
-			     (void *) &username, &ulen) < 0)
-      return AFPERR_MISC;
-
+    if (uam_afpserver_option(obj, UAM_OPTION_USERNAME, (void *) &username, &ulen) < 0) {
+        return AFPERR_MISC;
+    }
 
     len = (unsigned char) *ibuf++;
     if ( len > ulen ) {
@@ -223,11 +239,13 @@ static int pam_login(void *obj, struct passwd **uam_pwd,
     ibuf += len;
 
     username[ len ] = '\0';
+
     if ((unsigned long) ibuf & 1)  /* pad character */
       ++ibuf;
     return (login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
 }
 
+/* ----------------------------- */
 static int pam_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
 		     char *ibuf, int ibuflen,
 		     char *rbuf, int *rbuflen)
@@ -238,8 +256,7 @@ static int pam_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
 
     *rbuflen = 0;
 
-    if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
-			     (void *) &username, &ulen) < 0)
+    if (uam_afpserver_option(obj, UAM_OPTION_USERNAME, (void *) &username, &ulen) < 0)
       return AFPERR_MISC;
 
     if (*uname != 3)
@@ -253,11 +270,7 @@ static int pam_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
     }
     memcpy(username, uname +2, len );
     username[ len ] = '\0';
-#if 0
-    if ((unsigned long) ibuf & 1) {  /* pad character */
-      ++ibuf;
-    }
-#endif    
+    
     return (login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
 }
 
@@ -269,9 +282,9 @@ static void pam_logout() {
 }
 
 /* change passwd */
-static int pam_changepw(void *obj, char *username,
-			struct passwd *pwd, char *ibuf, int ibuflen,
-			char *rbuf, int *rbuflen)
+static int pam_changepw(void *obj _U_, char *username,
+			struct passwd *pwd _U_, char *ibuf, int ibuflen _U_,
+			char *rbuf _U_, int *rbuflen _U_)
 {
     char pw[PASSWDLEN + 1];
     pam_handle_t *lpamh;
@@ -337,9 +350,15 @@ int pam_printer(start, stop, username, out)
     char	*data, *p, *q;
     char	password[PASSWDLEN + 1] = "\0";
     static const char *loginok = "0\r";
+    struct passwd *pwd;
 
     data = (char *)malloc(stop - start + 1);
-    strncpy(data, start, stop - start + 1);
+    if (!data) {
+	LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: malloc");
+	return(-1);
+    }
+
+    strlcpy(data, start, stop - start + 1);
 
     /* We are looking for the following format in data:
      * (username) (password)
@@ -354,25 +373,36 @@ int pam_printer(start, stop, username, out)
 	return(-1);
     }
     p++;
-    if ((q = strstr(data, ") (" )) == NULL) {
+    if ((q = strstr(p, ") (" )) == NULL) {
 	LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
 	free(data);
 	return(-1);
     }
-    strncpy(username, p, q - p);
+    memcpy(username, p, MIN(UAM_USERNAMELEN, q - p) );
 
     /* Parse input for password in next () */
     p = q + 3;
-    if ((q = strrchr(data, ')' )) == NULL) {
+    if ((q = strrchr(p, ')' )) == NULL) {
 	LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: password not found in string");
 	free(data);
 	return(-1);
     }
-    strncpy(password, p, q - p);
+    memcpy(password, p, MIN(PASSWDLEN, (q - p)) );
 
     /* Done copying username and password, clean up */
     free(data);
 
+    if (( pwd = uam_getname(NULL, username, strlen(username))) == NULL ) {
+        LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: ( %s ) not found ",
+            username);
+        return(-1);
+    }
+
+    if (uam_checkuser(pwd) < 0) {
+        /* syslog of error happens in uam_checkuser */
+        return(-1);
+    }
+
     PAM_username = username;
     PAM_password = password;