1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
/*
* Copyright (C) 1998 Christian Esken <[email protected]>
* Copyright (C) 2003 Oswald Buddenhagen <[email protected]>
*
* This is a modified version of checkpass_shadow.cpp
*
* Modifications made by Thorsten Kukuk <[email protected]>
* Mathias Kettner <[email protected]>
*
* ------------------------------------------------------------
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program; if not, write to the Free
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#include "kcheckpass.h"
/*******************************************************************
* This is the authentication code for Shadow-Passwords
*******************************************************************/
#ifdef HAVE_SHADOW
#include <string.h>
#include <stdlib.h>
#include <pwd.h>
#include <crypt.h>
#ifndef __hpux
#include <shadow.h>
#endif
AuthReturn Authenticate(const char *method,
const char *login, char *(*conv) (ConvRequest, const char *))
{
char *typed_in_password;
char *crpt_passwd;
char *password;
struct passwd *pw;
struct spwd *spw;
if (strcmp(method, "classic"))
return AuthError;
if (!(pw = getpwnam(login)))
return AuthAbort;
spw = getspnam(login);
password = spw ? spw->sp_pwdp : pw->pw_passwd;
if (!*password)
return AuthOk;
if (!(typed_in_password = conv(ConvGetHidden, 0)))
return AuthAbort;
#if defined( __linux__ ) && defined( HAVE_PW_ENCRYPT )
crpt_passwd = pw_encrypt(typed_in_password, password); /* (1) */
#else
crpt_passwd = crypt(typed_in_password, password);
#endif
if (!strcmp(password, crpt_passwd )) {
dispose(typed_in_password);
return AuthOk; /* Success */
}
dispose(typed_in_password);
return AuthBad; /* Password wrong or account locked */
}
/*
(1) Deprecated - long passwords have known weaknesses. Also,
pw_encrypt is non-standard (requires libshadow.a) while
everything else you need to support shadow passwords is in
the standard (ELF) libc.
*/
#endif
|