From bf5238eccfe594f3adf00400881ff8250c315c6b Mon Sep 17 00:00:00 2001
From: Seraphim Mellos <mellos@ceid.upatras.gr>
Date: Wed, 11 Jun 2008 19:28:44 +0300
Subject: Moved from passwd to shadow

---
 src/pam_unix/pam_unix.c  |  60 ++++++++++++-------
 src/pam_unix/pam_unix.c~ | 153 -----------------------------------------------
 2 files changed, 37 insertions(+), 176 deletions(-)
 delete mode 100644 src/pam_unix/pam_unix.c~

(limited to 'src')

diff --git a/src/pam_unix/pam_unix.c b/src/pam_unix/pam_unix.c
index e3486dd..112d1d0 100644
--- a/src/pam_unix/pam_unix.c
+++ b/src/pam_unix/pam_unix.c
@@ -1,10 +1,23 @@
 
-#include <pwd.h>
-/* #include <shadow.h>  May not be necessary */ 
+/* #include <pwd.h> */ 
+#include <netdb.h>
+#include <shadow.h>  
 #include <sys/types.h>
 #include <unistd.h>
 
-#ifndef (__LINUX__)
+#define PAM_OPT_NULLOK          "nullok"
+#define PAM_OPT_AUTH_AS_SELF    "auth_as_self"
+#define PAM_OPT_ECHO_PASS       "echo_pass"
+#define PAM_OPT_DEBUG           "debug"
+
+
+
+#ifndef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN 256
+#endif
+
+
+#ifndef __linux__
 #include <login_cap.h>
 #endif
 
@@ -15,30 +28,30 @@
 
 PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *pamh, int flags,
-		int argc __unused, const char **argv __unused) {
+		int argc , const char **argv ) {
 
-#ifndef (__LINUX__)
+#ifndef __linux__
 	login_cap_t *lc;
 #endif
-	struct passwd *pwd;
+	struct spwd *pwd;
 	const char *pass, *crypt_pass, *user;
 	int pam_err;
 
 	/* identify user */
 	
 	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
-		pwd = getpwnam(getlogin());
+		pwd = getspnam(getlogin());
 	} else {
 		if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
 	                return (pam_err);
 
-	        pwd = getpwnam(user) = NULL;
+	        pwd = getspnam(user);
 	}
         
 	/* get password */
 
 	if (pwd != NULL) {
-	        pass = pwd->pw_passwd;
+	        pass = pwd->sp_pwdp;
 		if (pass[0] == '\0') {
 			if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
 					openpam_get_option(pamh, PAM_OPT_NULLOK))
@@ -46,17 +59,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 			
 			pass = "*";
 		}
-#ifndef (__LINUX__)
+#ifndef __linux__
 		lc = login_getpwclass(pwd);
 #endif
 	} else {
 		pass =  "*";
-#ifndef (__LINUX__)     
+#ifndef __linux__     
 		lc = login_getpwclass(NULL);
 #endif
 	}
 
-#ifndef (__LINUX__)
+#ifndef __linux__
         prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
         pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
         login_close(lc);
@@ -71,8 +84,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	
 	/* check shadow */
 	
-	crypt_pass = crypt(pass, pwd->pw_passwd); 
-	if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 ) 
+	crypt_pass = crypt(pass, pwd->sp_pwdp); 
+	if ( strcmp(crypt_pass, pwd->sp_pwdp) != 0 ) 
 		pam_err = PAM_AUTH_ERR;
 	else
 		pam_err = PAM_SUCCESS;
@@ -81,8 +94,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 }
 
 PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
-		    int argc __unused, const char *argv[] __unused) {
+pam_sm_setcred(pam_handle_t *pamh , int flags ,
+		    int argc , const char *argv[] ) {
 	
 	/* 
 	 * This functions takes care of renewing/initializing
@@ -95,18 +108,19 @@ pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
 
 
 PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
-		    int argc __unused, const char *argv[] __unused) {
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
+		    int argc , const char *argv[] ) {
 
 
 
-#ifndef (__LINUX__)
+#ifndef __linux__
 	login_cap_t *lc;
 #endif
 
-	struct passwd *pwd;
+	struct spwd *pwd;
 	int pam_err;
 	const char *user;
+	time_t tp;
 	const void *rhost, *tty;
 	char rhostip[MAXHOSTNAMELEN] = "";
 
@@ -130,11 +144,11 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
 	if (pam_err != PAM_SUCCESS)
 		return (pam_err);
 
-	if (*pwd->pw_passwd == '\0' &&
+	if (*pwd->sp_pwdp == '\0' &&
          	(flags & PAM_DISALLOW_NULL_AUTHTOK) != 0)
 		return (PAM_NEW_AUTHTOK_REQD);
 
-#ifndef (__LINUX__)
+#ifndef __linux__
 	lc = login_getpwclass(pwd);
 	
 	if (lc == NULL) {
@@ -144,7 +158,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
 #endif
 	/* Check if pw_change or pw_expire is set */
 
-	if (pwd->pw_change || pwd->pw_expire)
+	if (pwd->sp_lstchg || pwd->sp_expire)
                 gettimeofday(&tp, NULL);
 
 
diff --git a/src/pam_unix/pam_unix.c~ b/src/pam_unix/pam_unix.c~
deleted file mode 100644
index e3486dd..0000000
--- a/src/pam_unix/pam_unix.c~
+++ /dev/null
@@ -1,153 +0,0 @@
-
-#include <pwd.h>
-/* #include <shadow.h>  May not be necessary */ 
-#include <sys/types.h>
-#include <unistd.h>
-
-#ifndef (__LINUX__)
-#include <login_cap.h>
-#endif
-
-#include <security/pam_modules.h>
-#include <security/pam_appl.h>
-
-
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags,
-		int argc __unused, const char **argv __unused) {
-
-#ifndef (__LINUX__)
-	login_cap_t *lc;
-#endif
-	struct passwd *pwd;
-	const char *pass, *crypt_pass, *user;
-	int pam_err;
-
-	/* identify user */
-	
-	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
-		pwd = getpwnam(getlogin());
-	} else {
-		if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
-	                return (pam_err);
-
-	        pwd = getpwnam(user) = NULL;
-	}
-        
-	/* get password */
-
-	if (pwd != NULL) {
-	        pass = pwd->pw_passwd;
-		if (pass[0] == '\0') {
-			if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
-					openpam_get_option(pamh, PAM_OPT_NULLOK))
-				return (PAM_SUCCESS);
-			
-			pass = "*";
-		}
-#ifndef (__LINUX__)
-		lc = login_getpwclass(pwd);
-#endif
-	} else {
-		pass =  "*";
-#ifndef (__LINUX__)     
-		lc = login_getpwclass(NULL);
-#endif
-	}
-
-#ifndef (__LINUX__)
-        prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
-        pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
-        login_close(lc);
-#else
-	pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL);
-#endif
-
-        if (pam_err == PAM_CONV_ERR)
-                return (pam_err);
-	if (pam_err != PAM_SUCCESS)
-	        return (PAM_AUTH_ERR);
-	
-	/* check shadow */
-	
-	crypt_pass = crypt(pass, pwd->pw_passwd); 
-	if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 ) 
-		pam_err = PAM_AUTH_ERR;
-	else
-		pam_err = PAM_SUCCESS;
-	
-	return (pam_err);
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
-		    int argc __unused, const char *argv[] __unused) {
-	
-	/* 
-	 * This functions takes care of renewing/initializing
-	 * user credentials as well as gid/uids. Someday, it
-	 * will be completed. For now, it's not very urgent. 
-	 */
-
-	return (PAM_SUCCESS);
-}
-
-
-PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
-		    int argc __unused, const char *argv[] __unused) {
-
-
-
-#ifndef (__LINUX__)
-	login_cap_t *lc;
-#endif
-
-	struct passwd *pwd;
-	int pam_err;
-	const char *user;
-	const void *rhost, *tty;
-	char rhostip[MAXHOSTNAMELEN] = "";
-
-	/* Sanity checks for uname,pwd,tty,host etc */
-
-	pam_err = pam_get_user(pamh, &user, NULL);
-
-	if (pam_err != PAM_SUCCESS)
-		return (pam_err);
-
-	if (user == NULL || (pwd = getpwnam(user)) == NULL)
-		return (PAM_SERVICE_ERR);
-
-	pam_err = pam_get_item(pamh, PAM_RHOST, &rhost);
-
-	if (pam_err != PAM_SUCCESS)
-		return (pam_err);
-
-	pam_err = pam_get_item(pamh, PAM_TTY, &tty);
-
-	if (pam_err != PAM_SUCCESS)
-		return (pam_err);
-
-	if (*pwd->pw_passwd == '\0' &&
-         	(flags & PAM_DISALLOW_NULL_AUTHTOK) != 0)
-		return (PAM_NEW_AUTHTOK_REQD);
-
-#ifndef (__LINUX__)
-	lc = login_getpwclass(pwd);
-	
-	if (lc == NULL) {
-		return (PAM_SERVICE_ERR);
-		
-	}
-#endif
-	/* Check if pw_change or pw_expire is set */
-
-	if (pwd->pw_change || pwd->pw_expire)
-                gettimeofday(&tp, NULL);
-
-
-}
-
-
-- 
cgit v1.2.3-65-gdbad