1
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
3
* passwd.c --- verifying typed passwords with the OS.
5
* xscreensaver, Copyright (c) 1993-2004 Jamie Zawinski <jwz@jwz.org>
7
* Permission to use, copy, modify, distribute, and sell this software and its
8
* documentation for any purpose is hereby granted without fee, provided that
9
* the above copyright notice appear in all copies and that both that
10
* copyright notice and this permission notice appear in supporting
11
* documentation. No representations are made about the suitability of this
12
* software for any purpose. It is provided "as is" without express or
18
#ifndef NO_LOCKING /* whole file */
32
gboolean (*initialize) (int argc, char **argv, gboolean verbose);
33
gboolean (*priv_initialize) (int argc, char **argv, gboolean verbose);
34
gboolean (*validate) (const char *typed_passwd, gboolean verbose);
36
gboolean priv_initialized;
41
extern gboolean kerberos_lock_init (int argc, char **argv, gboolean verbose);
42
extern gboolean kerberos_passwd_valid_p (const char *typed_passwd, gboolean verbose);
45
# include "passwd-pam.h"
47
#ifdef PASSWD_HELPER_PROGRAM
48
extern gboolean ext_priv_init (int argc, char **argv, gboolean verbose);
49
extern gboolean ext_passwd_valid (const char *typed_passwd, gboolean verbose);
51
#include "passwd-pwent.h"
53
/* The authorization methods to try, in order.
54
Note that the last one (the pwent version) is actually two auth methods,
55
since that code tries shadow passwords, and then non-shadow passwords.
56
(It's all in the same file since the APIs are randomly nearly-identical.)
59
static struct auth_methods methods[] = {
61
{ "Kerberos", kerberos_lock_init, NULL, kerberos_passwd_valid, FALSE, FALSE },
64
{ "PAM", NULL, pam_priv_init, pam_passwd_valid, FALSE, FALSE },
66
# ifdef PASSWD_HELPER_PROGRAM
67
{ "external", NULL, ext_priv_init, ext_passwd_valid, FALSE, FALSE },
69
{ "normal", pwent_lock_init, pwent_priv_init, pwent_passwd_valid, FALSE, FALSE }
74
lock_priv_init (int argc,
79
gboolean any_ok = FALSE;
81
for (i = 0; i < G_N_ELEMENTS (methods); i++) {
83
g_message ("priv initializing %s passwords", methods [i].name);
85
if (!methods [i].priv_initialize)
86
methods [i].priv_initialized = TRUE;
88
methods [i].priv_initialized
89
= methods [i].priv_initialize (argc, argv, verbose);
91
if (methods [i].priv_initialized)
94
g_warning ("priv initialization of %s passwords failed.", methods [i].name);
107
gboolean any_ok = FALSE;
109
for (i = 0; i < G_N_ELEMENTS (methods); i++) {
110
if (!methods[i].priv_initialized) /* Bail if lock_priv_init failed. */
114
g_message ("initializing %s passwords", methods [i].name);
116
if (!methods[i].initialize)
117
methods[i].initialized = TRUE;
119
methods[i].initialized = methods [i].initialize (argc, argv, verbose);
121
if (methods[i].initialized)
124
g_warning ("initialization of %s passwords failed.", methods [i].name);
132
validate_password (const char *typed_passwd,
136
for (i = 0; i < G_N_ELEMENTS (methods); i++) {
137
int ok_p = (methods [i].initialized &&
138
methods [i].validate (typed_passwd, verbose));
141
/* If we successfully authenticated by method N, but attempting
142
to authenticate by method N-1 failed, mention that (since if
143
an earlier authentication method fails and a later one succeeds,
144
something screwy is probably going on.)
146
if (verbose && i > 0) {
147
for (j = 0; j < i; j++)
148
if (methods [j].initialized)
149
g_warning ("authentication via %s passwords failed.",
151
g_message ("authentication via %s passwords succeeded.",
155
return TRUE; /* Successfully authenticated! */
159
return FALSE; /* Authentication failure. */
162
#endif /* NO_LOCKING -- whole file */