2
* $Id: uams_dhx_passwd.c,v 1.16.2.1 2003/06/14 17:12:17 srittau Exp $
2
* $Id: uams_dhx_passwd.c,v 1.18.6.6 2004/03/18 02:56:32 bfernhomberg Exp $
4
4
* Copyright (c) 1990,1993 Regents of The University of Michigan.
5
5
* Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
10
10
#include "config.h"
11
11
#endif /* HAVE_CONFIG_H */
14
#define _XOPEN_SOURCE 500 /* for crypt() */
17
#define _XOPEN_SOURCE /* for crypt() */
14
21
#include <stdlib.h>
15
22
#include <string.h>
16
23
#ifdef HAVE_UNISTD_H
17
24
#include <unistd.h>
18
25
#endif /* HAVE_UNISTD_H */
21
#endif /* ! NO_CRYPT_H */
28
#endif /* ! HAVE_CRYPT_H */
29
#ifdef HAVE_SYS_TIME_H
23
#include <atalk/logger.h>
26
37
#include <shadow.h>
27
38
#endif /* SHADOWPW */
39
#if defined(GNUTLS_DHX)
40
#include <gnutls/openssl.h>
41
#elif defined(OPENSSL_DHX)
30
42
#include <openssl/bn.h>
31
43
#include <openssl/dh.h>
32
44
#include <openssl/cast.h>
64
static int passwd_login(void *obj, struct passwd **uam_pwd,
77
static int pwd_login(void *obj, char *username, int ulen, struct passwd **uam_pwd,
65
78
char *ibuf, int ibuflen,
66
79
char *rbuf, int *rbuflen)
90
if (uam_afpserver_option(obj, UAM_OPTION_USERNAME, (void *) &name, &i) < 0)
94
103
if( uam_afpserver_option( obj, UAM_OPTION_CLIENTNAME,
95
104
(void *) &clientname, NULL ) < 0 )
96
105
return AFPERR_PARAM;
97
106
#endif /* TRU64 */
99
len = (unsigned char) *ibuf++;
101
return( AFPERR_PARAM );
104
memcpy(name, ibuf, len );
107
if ((unsigned long) ibuf & 1) /* padding */
110
if (( dhxpwd = uam_getname(name, i)) == NULL ) {
114
LOG(log_info, logtype_uams, "dhx login: %s", name);
108
if (( dhxpwd = uam_getname(obj, username, ulen)) == NULL ) {
112
LOG(log_info, logtype_uams, "dhx login: %s", username);
115
113
if (uam_checkuser(dhxpwd) < 0)
116
114
return AFPERR_NOTAUTH;
119
117
if (( sp = getspnam( dhxpwd->pw_name )) == NULL ) {
120
LOG(log_info, logtype_uams, "no shadow passwd entry for %s", name);
118
LOG(log_info, logtype_uams, "no shadow passwd entry for %s", username);
121
119
return AFPERR_NOTAUTH;
123
121
dhxpwd->pw_passwd = sp->sp_pwdp;
209
207
return AFPERR_PARAM;
211
static int passwd_login(void *obj, struct passwd **uam_pwd,
212
char *ibuf, int ibuflen,
213
char *rbuf, int *rbuflen)
220
if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
221
(void *) &username, &ulen) < 0)
225
return( AFPERR_PARAM );
228
len = (unsigned char) *ibuf++;
230
if (!len || len > ibuflen || len > ulen ) {
231
return( AFPERR_PARAM );
233
memcpy(username, ibuf, len );
236
username[ len ] = '\0';
238
if ((unsigned long) ibuf & 1) { /* pad character */
242
return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
246
/* cleartxt login ext
249
2 bytes len (network order)
252
static int passwd_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
253
char *ibuf, int ibuflen,
254
char *rbuf, int *rbuflen)
262
if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
263
(void *) &username, &ulen) < 0)
269
memcpy(&temp16, uname, sizeof(temp16));
271
if (!len || len > ulen ) {
272
return( AFPERR_PARAM );
274
memcpy(username, uname +2, len );
275
username[ len ] = '\0';
276
return (pwd_login(obj, username, ulen, uam_pwd, ibuf, ibuflen, rbuf, rbuflen));
212
279
static int passwd_logincont(void *obj, struct passwd **uam_pwd,
213
280
char *ibuf, int ibuflen,
214
281
char *rbuf, int *rbuflen)
285
#endif /* SHADOWPW */
216
286
unsigned char iv[] = "LWallace";
217
287
BIGNUM *bn1, *bn2, *bn3;
218
288
u_int16_t sessid;
290
int err = AFPERR_NOTAUTH;
285
356
memset(rbuf, 0, PASSWDLEN);
286
357
if ( strcmp( p, dhxpwd->pw_passwd ) == 0 ) {
287
358
*uam_pwd = dhxpwd;
362
if (( sp = getspnam( dhxpwd->pw_name )) == NULL ) {
363
LOG(log_info, logtype_uams, "no shadow passwd entry for %s", dhxpwd->pw_name);
364
return (AFPERR_NOTAUTH);
367
/* check for expired password */
368
if (sp && sp->sp_max != -1 && sp->sp_lstchg) {
369
time_t now = time(NULL) / (60*60*24);
370
int32_t expire_days = sp->sp_lstchg - now + sp->sp_max;
371
if ( expire_days < 0 ) {
372
LOG(log_info, logtype_uams, "password for user %s expired", dhxpwd->pw_name);
373
err = AFPERR_PWDEXPR;
376
#endif /* SHADOWPW */
290
378
#endif /* TRU64 */
292
380
return AFPERR_NOTAUTH;
296
384
static int uam_setup(const char *path)
298
if (uam_register(UAM_SERVER_LOGIN, path, "DHCAST128",
299
passwd_login, passwd_logincont, NULL) < 0)
386
if (uam_register(UAM_SERVER_LOGIN_EXT, path, "DHCAST128",
387
passwd_login, passwd_logincont, NULL, passwd_login_ext) < 0)
301
389
/*uam_register(UAM_SERVER_PRINTAUTH, path, "DHCAST128",
302
390
passwd_printer);*/