2 * Copyright (c) 1990,1993 Regents of The University of Michigan.
3 * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
4 * All Rights Reserved. See COPYRIGHT.
9 #endif /* HAVE_CONFIG_H */
11 #include <atalk/standards.h>
13 #include <sys/types.h>
20 #endif /* ! HAVE_CRYPT_H */
27 #include <arpa/inet.h>
29 #include <atalk/afp.h>
30 #include <atalk/logger.h>
31 #include <atalk/uam.h>
32 #include <atalk/util.h>
33 #include <atalk/compat.h>
38 #define MIN(a,b) ((a) < (b) ? (a) : (b))
46 static const char *clientname;
49 /*XXX in etc/papd/file.h */
51 extern UAM_MODULE_EXPORT void append(struct papfile *, const char *, int);
53 static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pwd,
54 char *ibuf, size_t ibuflen,
55 char *rbuf _U_, size_t *rbuflen _U_)
65 if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
66 (void *) &clientname, NULL ) < 0 )
70 if (ibuflen < PASSWDLEN) {
71 return( AFPERR_PARAM );
73 ibuf[ PASSWDLEN ] = '\0';
75 if (( pwd = uam_getname(obj, username, ulen)) == NULL ) {
76 return AFPERR_NOTAUTH;
79 LOG(log_info, logtype_uams, "cleartext login: %s", username);
81 if (uam_checkuser(pwd) < 0) {
82 LOG(log_info, logtype_uams, "not a valid user");
83 return AFPERR_NOTAUTH;
87 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
88 LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
89 return AFPERR_NOTAUTH;
91 pwd->pw_passwd = sp->sp_pwdp;
93 if (sp->sp_max != -1 && sp->sp_lstchg) {
94 time_t now = time(NULL) / (60*60*24);
95 int32_t expire_days = sp->sp_lstchg - now + sp->sp_max;
96 if ( expire_days < 0 ) {
97 LOG(log_info, logtype_uams, "Password for user %s expired", username);
101 #endif /* SHADOWPW */
103 if (!pwd->pw_passwd) {
104 return AFPERR_NOTAUTH;
115 uam_afp_getcmdline( &ac, &av );
116 sprintf( hostname, "%s@%s", username, clientname );
118 if( uam_sia_validate_user( NULL, ac, av, hostname, username,
119 NULL, FALSE, NULL, ibuf ) != SIASUCCESS )
120 return AFPERR_NOTAUTH;
125 p = crypt( ibuf, pwd->pw_passwd );
126 if ( strcmp( p, pwd->pw_passwd ) == 0 )
130 return AFPERR_NOTAUTH;
135 static int passwd_login(void *obj, struct passwd **uam_pwd,
136 char *ibuf, size_t ibuflen,
137 char *rbuf, size_t *rbuflen)
144 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
145 (void *) &username, &ulen) < 0)
149 return( AFPERR_PARAM );
152 len = (unsigned char) *ibuf++;
154 if (!len || len > ibuflen || len > ulen ) {
155 return( AFPERR_PARAM );
157 memcpy(username, ibuf, len );
160 username[ len ] = '\0';
162 if ((unsigned long) ibuf & 1) { /* pad character */
166 return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
170 /* cleartxt login ext
173 2 bytes len (network order)
174 len bytes unicode name
176 static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
177 char *ibuf, size_t ibuflen,
178 char *rbuf, size_t *rbuflen)
186 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
187 (void *) &username, &ulen) < 0)
193 memcpy(&temp16, uname, sizeof(temp16));
195 if (!len || len > ulen ) {
196 return( AFPERR_PARAM );
198 memcpy(username, uname +2, len );
199 username[ len ] = '\0';
200 return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
206 static int passwd_changepw(void *obj, char *username,
207 struct passwd *pwd, char *ibuf,
208 size_t ibuflen, char *rbuf, size_t *rbuflen)
212 #endif /* SHADOWPW */
213 char pw[PASSWDLEN + 1], *p;
214 uid_t uid = geteuid();
216 if (uam_checkuser(pwd) < 0)
217 return AFPERR_ACCESS;
220 memcpy(pw, ibuf, PASSWDLEN);
221 memset(ibuf, 0, PASSWDLEN);
222 pw[PASSWDLEN] = '\0';
225 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
226 LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
229 pwd->pw_passwd = sp->sp_pwdp;
230 #endif /* SHADOWPW */
232 p = crypt(pw, pwd->pw_passwd );
233 if (strcmp( p, pwd->pw_passwd )) {
234 memset(pw, 0, sizeof(pw));
235 return AFPERR_NOTAUTH;
240 ibuf[PASSWDLEN] = '\0';
244 #endif /* SHADOWPW */
250 /* Printer ClearTxtUAM login */
251 static int passwd_printer(char *start, char *stop, char *username, struct papfile *out)
256 #endif /* SHADOWPW */
258 char password[PASSWDLEN + 1] = "\0";
259 static const char *loginok = "0\r";
262 data = (char *)malloc(stop - start + 1);
264 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: malloc");
267 strlcpy(data, start, stop - start + 1);
269 /* We are looking for the following format in data:
270 * (username) (password)
272 * Let's hope username doesn't contain ") ("!
275 /* Parse input for username in () */
276 if ((p = strchr(data, '(' )) == NULL) {
277 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
282 if ((q = strstr(p, ") (" )) == NULL) {
283 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: username not found in string");
287 memcpy(username, p, MIN( UAM_USERNAMELEN, q - p ));
289 /* Parse input for password in next () */
291 if ((q = strrchr(p , ')' )) == NULL) {
292 LOG(log_info, logtype_uams,"Bad Login ClearTxtUAM: password not found in string");
296 memcpy(password, p, MIN(PASSWDLEN, q - p) );
298 /* Done copying username and password, clean up */
301 ulen = strlen(username);
303 if (( pwd = uam_getname(NULL, username, ulen)) == NULL ) {
304 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: ( %s ) not found ",
309 if (uam_checkuser(pwd) < 0) {
310 /* syslog of error happens in uam_checkuser */
315 if (( sp = getspnam( pwd->pw_name )) == NULL ) {
316 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no shadow passwd entry for %s",
320 pwd->pw_passwd = sp->sp_pwdp;
322 if (sp->sp_max != -1 && sp->sp_lstchg) {
323 time_t now = time(NULL) / (60*60*24);
324 int32_t expire_days = sp->sp_lstchg - now + sp->sp_max;
325 if ( expire_days < 0 ) {
326 LOG(log_info, logtype_uams, "Password for user %s expired", username);
331 #endif /* SHADOWPW */
333 if (!pwd->pw_passwd) {
334 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no password for %s",
340 if ( kcheckuser( pwd, password) == 0)
344 p = crypt(password, pwd->pw_passwd);
345 if (strcmp(p, pwd->pw_passwd) != 0) {
346 LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: %s: bad password", username);
350 /* Login successful */
351 append(out, loginok, strlen(loginok));
352 LOG(log_info, logtype_uams, "Login ClearTxtUAM: %s", username);
356 static int uam_setup(const char *path)
358 if (uam_register(UAM_SERVER_LOGIN_EXT, path, "Cleartxt Passwrd",
359 passwd_login, NULL, NULL, passwd_login_ext) < 0)
361 if (uam_register(UAM_SERVER_PRINTAUTH, path, "ClearTxtUAM",
368 static void uam_cleanup(void)
370 uam_unregister(UAM_SERVER_LOGIN, "Cleartxt Passwrd");
371 uam_unregister(UAM_SERVER_PRINTAUTH, "ClearTxtUAM");
374 UAM_MODULE_EXPORT struct uam_export uams_clrtxt = {
377 uam_setup, uam_cleanup
380 UAM_MODULE_EXPORT struct uam_export uams_passwd = {
383 uam_setup, uam_cleanup