sra.c (63248) | sra.c (76339) |
---|---|
1/* $FreeBSD: head/contrib/telnet/libtelnet/sra.c 63248 2000-07-16 05:48:49Z peter $ */ | 1/* $FreeBSD: head/contrib/telnet/libtelnet/sra.c 76339 2001-05-07 20:42:02Z nsayer $ */ |
2 3#ifdef SRA 4#include <sys/types.h> 5#include <arpa/telnet.h> 6#include <stdio.h> 7#ifdef __STDC__ 8#include <stdlib.h> 9#endif 10#ifdef NO_STRING_H 11#include <strings.h> 12#else 13#include <string.h> 14#endif 15 | 2 3#ifdef SRA 4#include <sys/types.h> 5#include <arpa/telnet.h> 6#include <stdio.h> 7#ifdef __STDC__ 8#include <stdlib.h> 9#endif 10#ifdef NO_STRING_H 11#include <strings.h> 12#else 13#include <string.h> 14#endif 15 |
16#if !defined(NOPAM) 17#include <security/pam_appl.h> 18#endif 19 |
|
16#include "auth.h" 17#include "misc.h" 18#include "encrypt.h" 19#include "pk.h" 20 21char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1]; 22char *user,*pass,*xuser,*xpass; 23DesData ck; --- 418 unchanged lines hidden (view full) --- 442 sp = getspnam(name); 443 free(save.pw_passwd); 444 save.pw_passwd = sgetsave(sp->sp_pwdp); 445 } 446#endif 447 return (&save); 448} 449 | 20#include "auth.h" 21#include "misc.h" 22#include "encrypt.h" 23#include "pk.h" 24 25char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1]; 26char *user,*pass,*xuser,*xpass; 27DesData ck; --- 418 unchanged lines hidden (view full) --- 446 sp = getspnam(name); 447 free(save.pw_passwd); 448 save.pw_passwd = sgetsave(sp->sp_pwdp); 449 } 450#endif 451 return (&save); 452} 453 |
454#ifdef NOPAM |
|
450char *crypt(); 451 452int check_user(name, pass) 453char *name; 454char *pass; 455{ 456 register char *cp; 457 char *xpasswd, *salt; --- 11 unchanged lines hidden (view full) --- 469 strcmp(xpasswd, pw->pw_passwd)) { 470 pw = (struct passwd *) NULL; 471 return(0); 472 } 473 return(1); 474 } 475 return(0); 476} | 455char *crypt(); 456 457int check_user(name, pass) 458char *name; 459char *pass; 460{ 461 register char *cp; 462 char *xpasswd, *salt; --- 11 unchanged lines hidden (view full) --- 474 strcmp(xpasswd, pw->pw_passwd)) { 475 pw = (struct passwd *) NULL; 476 return(0); 477 } 478 return(1); 479 } 480 return(0); 481} |
482#else |
|
477 | 483 |
484/* 485 * The following is stolen from ftpd, which stole it from the imap-uw 486 * PAM module and login.c. It is needed because we can't really 487 * "converse" with the user, having already gone to the trouble of 488 * getting their username and password through an encrypted channel. 489 */ |
|
478 | 490 |
491#define COPY_STRING(s) (s ? strdup(s):NULL) 492 493struct cred_t { 494 const char *uname; 495 const char *pass; 496}; 497typedef struct cred_t cred_t; 498 499auth_conv(int num_msg, const struct pam_message **msg, 500 struct pam_response **resp, void *appdata) 501{ 502 int i; 503 cred_t *cred = (cred_t *) appdata; 504 struct pam_response *reply = 505 malloc(sizeof(struct pam_response) * num_msg); 506 507 for (i = 0; i < num_msg; i++) { 508 switch (msg[i]->msg_style) { 509 case PAM_PROMPT_ECHO_ON: /* assume want user name */ 510 reply[i].resp_retcode = PAM_SUCCESS; 511 reply[i].resp = COPY_STRING(cred->uname); 512 /* PAM frees resp. */ 513 break; 514 case PAM_PROMPT_ECHO_OFF: /* assume want password */ 515 reply[i].resp_retcode = PAM_SUCCESS; 516 reply[i].resp = COPY_STRING(cred->pass); 517 /* PAM frees resp. */ 518 break; 519 case PAM_TEXT_INFO: 520 case PAM_ERROR_MSG: 521 reply[i].resp_retcode = PAM_SUCCESS; 522 reply[i].resp = NULL; 523 break; 524 default: /* unknown message style */ 525 free(reply); 526 return PAM_CONV_ERR; 527 } 528 } 529 530 *resp = reply; 531 return PAM_SUCCESS; 532} 533 534/* 535 * The PAM version as a side effect may put a new username in *user. 536 */ 537int check_user(const char *name, const char *pass) 538{ 539 pam_handle_t *pamh = NULL; 540 const char *tmpl_user; 541 const void *item; 542 int rval; 543 int e; 544 cred_t auth_cred = { name, pass }; 545 struct pam_conv conv = { &auth_conv, &auth_cred }; 546 547 e = pam_start("telnetd", name, &conv, &pamh); 548 if (e != PAM_SUCCESS) { 549 syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, e)); 550 return 0; 551 } 552 553#if 0 /* Where can we find this value? */ 554 e = pam_set_item(pamh, PAM_RHOST, remotehost); 555 if (e != PAM_SUCCESS) { 556 syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s", 557 pam_strerror(pamh, e)); 558 return 0; 559 } |
|
479#endif 480 | 560#endif 561 |
562 e = pam_authenticate(pamh, 0); 563 switch (e) { 564 case PAM_SUCCESS: 565 /* 566 * With PAM we support the concept of a "template" 567 * user. The user enters a login name which is 568 * authenticated by PAM, usually via a remote service 569 * such as RADIUS or TACACS+. If authentication 570 * succeeds, a different but related "template" name 571 * is used for setting the credentials, shell, and 572 * home directory. The name the user enters need only 573 * exist on the remote authentication server, but the 574 * template name must be present in the local password 575 * database. 576 * 577 * This is supported by two various mechanisms in the 578 * individual modules. However, from the application's 579 * point of view, the template user is always passed 580 * back as a changed value of the PAM_USER item. 581 */ 582 if ((e = pam_get_item(pamh, PAM_USER, &item)) == 583 PAM_SUCCESS) { 584 strcpy(user, (const char *) item); 585 } else 586 syslog(LOG_ERR, "Couldn't get PAM_USER: %s", 587 pam_strerror(pamh, e)); 588 rval = 1; 589 break; 590 591 case PAM_AUTH_ERR: 592 case PAM_USER_UNKNOWN: 593 case PAM_MAXTRIES: 594 rval = 0; 595 break; 596 597 default: 598 syslog(LOG_ERR, "auth_pam: %s", pam_strerror(pamh, e)); 599 rval = 0; 600 break; 601 } 602 603 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { 604 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); 605 rval = 0; 606 } 607 return rval; 608} 609 610#endif 611 612#endif 613 |
|