2 * $Id: uams_passwd.c,v 1.31 2010-03-30 12:44:35 franklahm Exp $
4 * Copyright (c) 1990,1993 Regents of The University of Michigan.
5 * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
6 * All Rights Reserved. See COPYRIGHT.
11 #endif /* HAVE_CONFIG_H */
13 #include <atalk/standards.h>
15 #include <sys/types.h>
21 #else /* STDC_HEADERS */
25 #endif /* HAVE_STRCHR */
26 char *strchr (), *strrchr ();
28 #define memcpy(d,s,n) bcopy ((s), (d), (n))
29 #define memmove(d,s,n) bcopy ((s), (d), (n))
30 #endif /* ! HAVE_MEMCPY */
31 #endif /* STDC_HEADERS */
34 #endif /* HAVE_UNISTD_H */
37 #endif /* ! HAVE_CRYPT_H */
39 #ifdef HAVE_SYS_TIME_H
49 #include <atalk/afp.h>
50 #include <atalk/logger.h>
51 #include <atalk/uam.h>
52 #include <atalk/util.h>
57 #define MIN(a,b) ((a) < (b) ? (a) : (b))
65 static const char *clientname;
68 /*XXX in etc/papd/file.h */
70 extern UAM_MODULE_EXPORT void append(struct papfile *, const char *, int);
72 static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pwd,
73 char *ibuf, size_t ibuflen,
74 char *rbuf _U_, size_t *rbuflen _U_)
84 if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
85 (void *) &clientname, NULL ) < 0 )
89 if (ibuflen < PASSWDLEN) {
90 return( AFPERR_PARAM );
92 ibuf[ PASSWDLEN ] = '\0';
94 if (( pwd = uam_getname(obj, username, ulen)) == NULL ) {
95 return AFPERR_NOTAUTH;
98 LOG(log_info, logtype_uams, "cleartext login: %s", username);
100 if (uam_checkuser(pwd) < 0) {
101 LOG(log_info, logtype_uams, "not a valid user");
102 return AFPERR_NOTAUTH;
106 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
107 LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
108 return AFPERR_NOTAUTH;
110 pwd->pw_passwd = sp->sp_pwdp;
112 if (sp && sp->sp_max != -1 && sp->sp_lstchg) {
113 time_t now = time(NULL) / (60*60*24);
114 int32_t expire_days = sp->sp_lstchg - now + sp->sp_max;
115 if ( expire_days < 0 ) {
116 LOG(log_info, logtype_uams, "Password for user %s expired", username);
117 err = AFPERR_PWDEXPR;
120 #endif /* SHADOWPW */
122 if (!pwd->pw_passwd) {
123 return AFPERR_NOTAUTH;
134 uam_afp_getcmdline( &ac, &av );
135 sprintf( hostname, "%s@%s", username, clientname );
137 if( uam_sia_validate_user( NULL, ac, av, hostname, username,
138 NULL, FALSE, NULL, ibuf ) != SIASUCCESS )
139 return AFPERR_NOTAUTH;
144 p = crypt( ibuf, pwd->pw_passwd );
145 if ( strcmp( p, pwd->pw_passwd ) == 0 )
149 return AFPERR_NOTAUTH;
154 static int passwd_login(void *obj, struct passwd **uam_pwd,
155 char *ibuf, size_t ibuflen,
156 char *rbuf, size_t *rbuflen)
163 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
164 (void *) &username, &ulen) < 0)
168 return( AFPERR_PARAM );
171 len = (unsigned char) *ibuf++;
173 if (!len || len > ibuflen || len > ulen ) {
174 return( AFPERR_PARAM );
176 memcpy(username, ibuf, len );
179 username[ len ] = '\0';
181 if ((unsigned long) ibuf & 1) { /* pad character */
185 return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
189 /* cleartxt login ext
192 2 bytes len (network order)
193 len bytes unicode name
195 static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
196 char *ibuf, size_t ibuflen,
197 char *rbuf, size_t *rbuflen)
205 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
206 (void *) &username, &ulen) < 0)
212 memcpy(&temp16, uname, sizeof(temp16));
214 if (!len || len > ulen ) {
215 return( AFPERR_PARAM );
217 memcpy(username, uname +2, len );
218 username[ len ] = '\0';
219 return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
225 static int passwd_changepw(void *obj, char *username,
226 struct passwd *pwd, char *ibuf,
227 size_t ibuflen, char *rbuf, size_t *rbuflen)
231 #endif /* SHADOWPW */
232 char pw[PASSWDLEN + 1], *p;
233 uid_t uid = geteuid();
235 if (uam_checkuser(pwd) < 0)
236 return AFPERR_ACCESS;
239 memcpy(pw, ibuf, PASSWDLEN);
240 memset(ibuf, 0, PASSWDLEN);
241 pw[PASSWDLEN] = '\0';
244 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
245 LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
248 pwd->pw_passwd = sp->sp_pwdp;
249 #endif /* SHADOWPW */
251 p = crypt(pw, pwd->pw_passwd );
252 if (strcmp( p, pwd->pw_passwd )) {
253 memset(pw, 0, sizeof(pw));
254 return AFPERR_NOTAUTH;
259 ibuf[PASSWDLEN] = '\0';
263 #endif /* SHADOWPW */
269 /* Printer ClearTxtUAM login */
270 static int passwd_printer(char *start, char *stop, char *username, struct papfile *out)
275 #endif /* SHADOWPW */
277 char password[PASSWDLEN + 1] = "\0";
278 static const char *loginok = "0\r";
281 data = (char *)malloc(stop - start + 1);
283 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: malloc");
286 strlcpy(data, start, stop - start + 1);
288 /* We are looking for the following format in data:
289 * (username) (password)
291 * Let's hope username doesn't contain ") ("!
294 /* Parse input for username in () */
295 if ((p = strchr(data, '(' )) == NULL) {
296 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
301 if ((q = strstr(p, ") (" )) == NULL) {
302 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
306 memcpy(username, p, MIN( UAM_USERNAMELEN, q - p ));
308 /* Parse input for password in next () */
310 if ((q = strrchr(p , ')' )) == NULL) {
311 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: password not found in string");
315 memcpy(password, p, MIN(PASSWDLEN, q - p) );
317 /* Done copying username and password, clean up */
320 ulen = strlen(username);
322 if (( pwd = uam_getname(NULL, username, ulen)) == NULL ) {
323 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: ( %s ) not found ",
328 if (uam_checkuser(pwd) < 0) {
329 /* syslog of error happens in uam_checkuser */
334 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
335 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no shadow passwd entry for %s",
339 pwd->pw_passwd = sp->sp_pwdp;
341 if (sp && sp->sp_max != -1 && sp->sp_lstchg) {
342 time_t now = time(NULL) / (60*60*24);
343 int32_t expire_days = sp->sp_lstchg - now + sp->sp_max;
344 if ( expire_days < 0 ) {
345 LOG(log_info, logtype_uams, "Password for user %s expired", username);
350 #endif /* SHADOWPW */
352 if (!pwd->pw_passwd) {
353 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no password for %s",
359 if ( kcheckuser( pwd, password) == 0)
363 p = crypt(password, pwd->pw_passwd);
364 if (strcmp(p, pwd->pw_passwd) != 0) {
365 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: %s: bad password", username);
369 /* Login successful */
370 append(out, loginok, strlen(loginok));
371 LOG(log_info, logtype_uams, "Login ClearTxtUAM: %s", username);
375 static int uam_setup(const char *path)
377 if (uam_register(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd",
378 passwd_login, NULL, NULL, passwd_login_ext) < 0)
380 if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
387 static void uam_cleanup(void)
389 uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd");
390 uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM");
393 UAM_MODULE_EXPORT struct uam_export uams_clrtxt = {
396 uam_setup, uam_cleanup
399 UAM_MODULE_EXPORT struct uam_export uams_passwd = {
402 uam_setup, uam_cleanup