X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=netatalk.git;a=blobdiff_plain;f=etc%2Fuams%2Fuams_passwd.c;h=3e8333b0fc80252798979833b4206ba5f3590ea0;hp=235655c169868ec5410f20f927a3ae853536fe4b;hb=75fe310224dffb96868d7f2cb1ec9125a84f2a08;hpb=7a63c2875fbbfdf407618814098d2fb1babdf2ea diff --git a/etc/uams/uams_passwd.c b/etc/uams/uams_passwd.c index 235655c1..3e8333b0 100644 --- a/etc/uams/uams_passwd.c +++ b/etc/uams/uams_passwd.c @@ -1,5 +1,5 @@ /* - * $Id: uams_passwd.c,v 1.20 2003-05-14 15:13:50 didg Exp $ + * $Id: uams_passwd.c,v 1.28 2009-11-05 14:38:07 franklahm Exp $ * * Copyright (c) 1990,1993 Regents of The University of Michigan. * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu) @@ -7,12 +7,20 @@ */ #ifdef HAVE_CONFIG_H -#include "config.h" +#include #endif /* HAVE_CONFIG_H */ +#include +/* crypt needs _XOPEN_SOURCE (500) at least on BSD, but that breaks Solaris compile */ +#ifdef NETBSD +#define _XOPEN_SOURCE 500 /* for crypt() */ +#endif +#ifdef FREEBSD +#define _XOPEN_SOURCE /* for crypt() */ +#endif + #include #include - /* STDC check */ #if STDC_HEADERS #include @@ -27,26 +35,27 @@ char *strchr (), *strrchr (); #define memmove(d,s,n) bcopy ((s), (d), (n)) #endif /* ! HAVE_MEMCPY */ #endif /* STDC_HEADERS */ - #ifdef HAVE_UNISTD_H #include #endif /* HAVE_UNISTD_H */ -#ifndef NO_CRYPT_H +#ifdef HAVE_CRYPT_H #include -#endif /* ! NO_CRYPT_H */ +#endif /* ! HAVE_CRYPT_H */ #include -#include - -#ifdef SOLARIS -#define SHADOWPW -#endif /* SOLARIS */ - +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_TIME_H +#include +#endif #ifdef SHADOWPW #include #endif /* SHADOWPW */ #include +#include #include +#include #define PASSWDLEN 8 @@ -59,15 +68,20 @@ char *strchr (), *strrchr (); #include #include -static char *clientname; +static const char *clientname; #endif /* TRU64 */ +/*XXX in etc/papd/file.h */ +struct papfile; +extern void append(struct papfile *, const char *, int); + static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pwd, - char *ibuf, int ibuflen, - char *rbuf, int *rbuflen) + char *ibuf, size_t ibuflen, + char *rbuf _U_, size_t *rbuflen _U_) { char *p; struct passwd *pwd; + int err = AFP_OK; #ifdef SHADOWPW struct spwd *sp; #endif /* SHADOWPW */ @@ -83,7 +97,7 @@ static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pw } ibuf[ PASSWDLEN ] = '\0'; - if (( pwd = uam_getname(username, ulen)) == NULL ) { + if (( pwd = uam_getname(obj, username, ulen)) == NULL ) { return AFPERR_PARAM; } @@ -100,6 +114,15 @@ static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pw return AFPERR_NOTAUTH; } pwd->pw_passwd = sp->sp_pwdp; + + if (sp && sp->sp_max != -1 && sp->sp_lstchg) { + time_t now = time(NULL) / (60*60*24); + int32_t expire_days = sp->sp_lstchg - now + sp->sp_max; + if ( expire_days < 0 ) { + LOG(log_info, logtype_uams, "Password for user %s expired", username); + err = AFPERR_PWDEXPR; + } + } #endif /* SHADOWPW */ if (!pwd->pw_passwd) { @@ -121,12 +144,12 @@ static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pw NULL, FALSE, NULL, ibuf ) != SIASUCCESS ) return AFPERR_NOTAUTH; - return AFP_OK; + return err; } #else /* TRU64 */ p = crypt( ibuf, pwd->pw_passwd ); if ( strcmp( p, pwd->pw_passwd ) == 0 ) - return AFP_OK; + return err; #endif /* TRU64 */ return AFPERR_NOTAUTH; @@ -135,11 +158,11 @@ static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pw /* cleartxt login */ static int passwd_login(void *obj, struct passwd **uam_pwd, - char *ibuf, int ibuflen, - char *rbuf, int *rbuflen) + char *ibuf, size_t ibuflen, + char *rbuf, size_t *rbuflen) { char *username; - int len, ulen; + size_t len, ulen; *rbuflen = 0; @@ -147,7 +170,7 @@ static int passwd_login(void *obj, struct passwd **uam_pwd, (void *) &username, &ulen) < 0) return AFPERR_MISC; - if (ibuflen <= 1) { + if (ibuflen < 2) { return( AFPERR_PARAM ); } @@ -176,11 +199,11 @@ static int passwd_login(void *obj, struct passwd **uam_pwd, len bytes unicode name */ static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd, - char *ibuf, int ibuflen, - char *rbuf, int *rbuflen) + char *ibuf, size_t ibuflen, + char *rbuf, size_t *rbuflen) { char *username; - int len, ulen; + size_t len, ulen; u_int16_t temp16; *rbuflen = 0; @@ -207,7 +230,7 @@ static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd, /* change passwd */ static int passwd_changepw(void *obj, char *username, struct passwd *pwd, char *ibuf, - int ibuflen, char *rbuf, int *rbuflen) + size_t ibuflen, char *rbuf, size_t *rbuflen) { #ifdef SHADOWPW struct spwd *sp; @@ -250,9 +273,7 @@ static int passwd_changepw(void *obj, char *username, /* Printer ClearTxtUAM login */ -static int passwd_printer(start, stop, username, out) -char *start, *stop, *username; -struct papfile *out; +static int passwd_printer(char *start, char *stop, char *username, struct papfile *out) { struct passwd *pwd; #ifdef SHADOWPW @@ -263,13 +284,12 @@ struct papfile *out; static const char *loginok = "0\r"; int ulen; - data = (char *)malloc(stop - start + 2); + data = (char *)malloc(stop - start + 1); if (!data) { LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: malloc"); return(-1); } - strncpy(data, start, stop - start + 1); - data[stop - start + 2] = 0; + strlcpy(data, start, stop - start + 1); /* We are looking for the following format in data: * (username) (password) @@ -284,32 +304,28 @@ struct papfile *out; return(-1); } p++; - if ((q = strstr(data, ") (" )) == NULL) { + if ((q = strstr(p, ") (" )) == NULL) { LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string"); free(data); return(-1); } - strncpy(username, p, MIN( UAM_USERNAMELEN, (q - p)) ); - username[ UAM_USERNAMELEN+1] = '\0'; - + memcpy(username, p, MIN( UAM_USERNAMELEN, q - p )); /* Parse input for password in next () */ p = q + 3; - if ((q = strrchr(data, ')' )) == NULL) { + if ((q = strrchr(p , ')' )) == NULL) { LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: password not found in string"); free(data); return(-1); } - strncpy(password, p, MIN(PASSWDLEN, q - p) ); - password[ PASSWDLEN+1] = '\0'; - + memcpy(password, p, MIN(PASSWDLEN, q - p) ); /* Done copying username and password, clean up */ free(data); ulen = strlen(username); - if (( pwd = uam_getname(username, ulen)) == NULL ) { + if (( pwd = uam_getname(NULL, username, ulen)) == NULL ) { LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: ( %s ) not found ", username); return(-1); @@ -327,6 +343,16 @@ struct papfile *out; return(-1); } pwd->pw_passwd = sp->sp_pwdp; + + if (sp && sp->sp_max != -1 && sp->sp_lstchg) { + time_t now = time(NULL) / (60*60*24); + int32_t expire_days = sp->sp_lstchg - now + sp->sp_max; + if ( expire_days < 0 ) { + LOG(log_info, logtype_uams, "Password for user %s expired", username); + return (-1); + } + } + #endif /* SHADOWPW */ if (!pwd->pw_passwd) { @@ -352,19 +378,6 @@ struct papfile *out; return(0); } -#ifdef ATACC -int uam_setup(const char *path) -{ - if (uam_register_fn(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd", - passwd_login, NULL, NULL, passwd_login_ext) < 0) - return -1; - if (uam_register_fn(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM", - passwd_printer) < 0) - return -1; - - return 0; -} -#else static int uam_setup(const char *path) { if (uam_register(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd", @@ -377,8 +390,6 @@ static int uam_setup(const char *path) return 0; } -#endif - static void uam_cleanup(void) { uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd"); @@ -390,3 +401,9 @@ UAM_MODULE_EXPORT struct uam_export uams_clrtxt = { UAM_MODULE_VERSION, uam_setup, uam_cleanup }; + +UAM_MODULE_EXPORT struct uam_export uams_passwd = { + UAM_MODULE_SERVER, + UAM_MODULE_VERSION, + uam_setup, uam_cleanup + };