src/auth/passdb-shadow.c

	passdb-shadow.c revision 999f3cc424321d33eaf45f8839cebec5db1687d8
3199N/A/* Copyright (C) 2002-2003 Timo Sirainen */
3199N/A
3199N/A#include "common.h"
3199N/A
3199N/A#ifdef PASSDB_SHADOW
3199N/A
3199N/A#include "safe-memset.h"
3199N/A#include "passdb.h"
3199N/A#include "mycrypt.h"
3199N/A
3199N/A#include <shadow.h>
3199N/A
3199N/A#define SHADOW_CACHE_KEY "%u"
3199N/A#define SHADOW_PASS_SCHEME "CRYPT"
3199N/A
3199N/Astatic void
3199N/Ashadow_verify_plain(struct auth_request *request, const char *password,
3199N/A            verify_plain_callback_t *callback)
3199N/A{
3199N/A    struct spwd *spw;
3199N/A    bool result;
3199N/A
3996N/A    auth_request_log_debug(request, "shadow", "lookup");
3199N/A
4070N/A    spw = getspnam(request->user);
3199N/A    if (spw == NULL) {
3199N/A        auth_request_log_info(request, "shadow", "unknown user");
3199N/A        callback(PASSDB_RESULT_USER_UNKNOWN, request);
4070N/A        return;
4070N/A    }
4070N/A
3199N/A    if (!IS_VALID_PASSWD(spw->sp_pwdp)) {
3199N/A        auth_request_log_info(request, "shadow",
3199N/A                      "invalid password field");
4070N/A        callback(PASSDB_RESULT_USER_DISABLED, request);
3199N/A        return;
3199N/A    }
3199N/A
4070N/A    /* save the password so cache can use it */
3199N/A    auth_request_set_field(request, "password", spw->sp_pwdp,
4070N/A                   SHADOW_PASS_SCHEME);
3199N/A
3996N/A    /* check if the password is valid */
3996N/A    result = strcmp(mycrypt(password, spw->sp_pwdp), spw->sp_pwdp) == 0;
3996N/A
3199N/A    /* clear the passwords from memory */
3199N/A    safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
3199N/A
3199N/A    if (!result) {
3199N/A        auth_request_log_info(request, "shadow", "password mismatch");
3199N/A        callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
3199N/A        return;
4070N/A    }
3199N/A
3199N/A    /* make sure we're using the username exactly as it's in the database */
3199N/A        auth_request_set_field(request, "user", spw->sp_namp, NULL);
4070N/A
4070N/A    callback(PASSDB_RESULT_OK, request);
4070N/A}
4070N/A
4070N/Astatic void shadow_init(struct passdb_module *module, const char *args)
4070N/A{
4070N/A    if (strcmp(args, "blocking=yes") == 0)
4070N/A        module->blocking = TRUE;
4070N/A
4070N/A    module->cache_key = SHADOW_CACHE_KEY;
4070N/A    module->default_pass_scheme = SHADOW_PASS_SCHEME;
4070N/A}
4070N/A
4070N/Astatic void shadow_deinit(struct passdb_module *module __attr_unused__)
4070N/A{
4070N/A        endspent();
3199N/A}
3199N/A
3199N/Astruct passdb_module_interface passdb_shadow = {
3199N/A    "shadow",
3199N/A
3199N/A    NULL,
3199N/A    shadow_init,
3199N/A    shadow_deinit,
3199N/A
3199N/A    shadow_verify_plain,
3199N/A    NULL,
3996N/A    NULL
4070N/A};
3996N/A
4070N/A#endif
3996N/A