2 * $Id: uams_passwd.c,v 1.19.2.1.2.6 2004-02-14 02:47:15 didg Exp $
4 * Copyright (c) 1990,1993 Regents of The University of Michigan.
5 * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
6 * All Rights Reserved. See COPYRIGHT.
9 #define _XOPEN_SOURCE 500 /* for crypt() */
13 #endif /* HAVE_CONFIG_H */
20 #else /* STDC_HEADERS */
24 #endif /* HAVE_STRCHR */
25 char *strchr (), *strrchr ();
27 #define memcpy(d,s,n) bcopy ((s), (d), (n))
28 #define memmove(d,s,n) bcopy ((s), (d), (n))
29 #endif /* ! HAVE_MEMCPY */
30 #endif /* STDC_HEADERS */
33 #endif /* HAVE_UNISTD_H */
36 #endif /* ! HAVE_CRYPT_H */
38 #ifdef HAVE_SYS_TIME_H
48 #include <atalk/afp.h>
49 #include <atalk/logger.h>
50 #include <atalk/uam.h>
51 #include <atalk/util.h>
56 #define MIN(a,b) ((a) < (b) ? (a) : (b))
64 static char *clientname;
67 extern void append(void *, const char *, int);
69 static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pwd,
70 char *ibuf, int ibuflen,
71 char *rbuf, int *rbuflen)
81 if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
82 (void *) &clientname, NULL ) < 0 )
86 if (ibuflen < PASSWDLEN) {
87 return( AFPERR_PARAM );
89 ibuf[ PASSWDLEN ] = '\0';
91 if (( pwd = uam_getname(obj, username, ulen)) == NULL ) {
95 LOG(log_info, logtype_uams, "cleartext login: %s", username);
97 if (uam_checkuser(pwd) < 0) {
98 LOG(log_info, logtype_uams, "not a valid user");
99 return AFPERR_NOTAUTH;
103 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
104 LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
105 return AFPERR_NOTAUTH;
107 pwd->pw_passwd = sp->sp_pwdp;
109 if (sp && sp->sp_max != -1 && sp->sp_lstchg) {
110 time_t now = time(NULL) / (60*60*24);
111 int32_t expire_days = sp->sp_lstchg - now + sp->sp_max;
112 if ( expire_days < 0 ) {
113 LOG(log_info, logtype_uams, "Password for user %s expired", username);
114 err = AFPERR_PWDEXPR;
117 #endif /* SHADOWPW */
119 if (!pwd->pw_passwd) {
120 return AFPERR_NOTAUTH;
131 uam_afp_getcmdline( &ac, &av );
132 sprintf( hostname, "%s@%s", username, clientname );
134 if( uam_sia_validate_user( NULL, ac, av, hostname, username,
135 NULL, FALSE, NULL, ibuf ) != SIASUCCESS )
136 return AFPERR_NOTAUTH;
141 p = crypt( ibuf, pwd->pw_passwd );
142 if ( strcmp( p, pwd->pw_passwd ) == 0 )
146 return AFPERR_NOTAUTH;
151 static int passwd_login(void *obj, struct passwd **uam_pwd,
152 char *ibuf, int ibuflen,
153 char *rbuf, int *rbuflen)
160 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
161 (void *) &username, &ulen) < 0)
165 return( AFPERR_PARAM );
168 len = (unsigned char) *ibuf++;
170 if (!len || len > ibuflen || len > ulen ) {
171 return( AFPERR_PARAM );
173 memcpy(username, ibuf, len );
176 username[ len ] = '\0';
178 if ((unsigned long) ibuf & 1) { /* pad character */
182 return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
186 /* cleartxt login ext
189 2 bytes len (network order)
190 len bytes unicode name
192 static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
193 char *ibuf, int ibuflen,
194 char *rbuf, int *rbuflen)
202 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
203 (void *) &username, &ulen) < 0)
209 memcpy(&temp16, uname, sizeof(temp16));
211 if (!len || len > ulen ) {
212 return( AFPERR_PARAM );
214 memcpy(username, uname +2, len );
215 username[ len ] = '\0';
216 return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
222 static int passwd_changepw(void *obj, char *username,
223 struct passwd *pwd, char *ibuf,
224 int ibuflen, char *rbuf, int *rbuflen)
228 #endif /* SHADOWPW */
229 char pw[PASSWDLEN + 1], *p;
230 uid_t uid = geteuid();
232 if (uam_checkuser(pwd) < 0)
233 return AFPERR_ACCESS;
236 memcpy(pw, ibuf, PASSWDLEN);
237 memset(ibuf, 0, PASSWDLEN);
238 pw[PASSWDLEN] = '\0';
241 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
242 LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
245 pwd->pw_passwd = sp->sp_pwdp;
246 #endif /* SHADOWPW */
248 p = crypt(pw, pwd->pw_passwd );
249 if (strcmp( p, pwd->pw_passwd )) {
250 memset(pw, 0, sizeof(pw));
251 return AFPERR_NOTAUTH;
256 ibuf[PASSWDLEN] = '\0';
260 #endif /* SHADOWPW */
266 /* Printer ClearTxtUAM login */
267 static int passwd_printer(start, stop, username, out)
268 char *start, *stop, *username;
274 #endif /* SHADOWPW */
276 char password[PASSWDLEN + 1] = "\0";
277 static const char *loginok = "0\r";
280 data = (char *)malloc(stop - start + 1);
282 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: malloc");
285 strlcpy(data, start, stop - start + 1);
287 /* We are looking for the following format in data:
288 * (username) (password)
290 * Let's hope username doesn't contain ") ("!
293 /* Parse input for username in () */
294 if ((p = strchr(data, '(' )) == NULL) {
295 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
300 if ((q = strstr(p, ") (" )) == NULL) {
301 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
305 memcpy(username, p, MIN( UAM_USERNAMELEN, q - p ));
307 /* Parse input for password in next () */
309 if ((q = strrchr(p , ')' )) == NULL) {
310 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: password not found in string");
314 memcpy(password, p, MIN(PASSWDLEN, q - p) );
316 /* Done copying username and password, clean up */
319 ulen = strlen(username);
321 if (( pwd = uam_getname(NULL, username, ulen)) == NULL ) {
322 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: ( %s ) not found ",
327 if (uam_checkuser(pwd) < 0) {
328 /* syslog of error happens in uam_checkuser */
333 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
334 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no shadow passwd entry for %s",
338 pwd->pw_passwd = sp->sp_pwdp;
340 if (sp && sp->sp_max != -1 && sp->sp_lstchg) {
341 time_t now = time(NULL) / (60*60*24);
342 int32_t expire_days = sp->sp_lstchg - now + sp->sp_max;
343 if ( expire_days < 0 ) {
344 LOG(log_info, logtype_uams, "Password for user %s expired", username);
349 #endif /* SHADOWPW */
351 if (!pwd->pw_passwd) {
352 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no password for %s",
358 if ( kcheckuser( pwd, password) == 0)
362 p = crypt(password, pwd->pw_passwd);
363 if (strcmp(p, pwd->pw_passwd) != 0) {
364 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: %s: bad password", username);
368 /* Login successful */
369 append(out, loginok, strlen(loginok));
370 LOG(log_info, logtype_uams, "Login ClearTxtUAM: %s", username);
375 int uam_setup(const char *path)
377 if (uam_register_fn(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd",
378 passwd_login, NULL, NULL, passwd_login_ext) < 0)
380 if (uam_register_fn(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
387 static int uam_setup(const char *path)
389 if (uam_register(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd",
390 passwd_login, NULL, NULL, passwd_login_ext) < 0)
392 if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
401 static void uam_cleanup(void)
403 uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd");
404 uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM");
407 UAM_MODULE_EXPORT struct uam_export uams_clrtxt = {
410 uam_setup, uam_cleanup