unix_auth.c revision 66e150d7d3c0cb2de3c45c74612784ffd3e73de6
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 2N/A * Use is subject to license terms. 2N/A "successful login.");
2N/A error(
pamh,
"Warning: at least %d failed login attempts since " 2N/A * int pam_sm_authenticate(pamh, flags, arc, argv) 2N/A * This routine verifies that the password as stored in the 2N/A * PAM_AUTHTOK item is indeed the password that belongs to the user 2N/A * as stored in PAM_USER. 2N/A * This routine will not establish Secure RPC Credentials. If these 2N/A * credentials are needed to obtain the password from the NIS+ service, 2N/A * the pam_dhkeys module should be stacked before us! 2N/A "pam_unix_auth: entering pam_sm_authenticate()");
2N/A * Get password and the name of the repository where the 2N/A * Also get the current number of failed logins; we use 2N/A * this later to determine whether we need to reset the count 2N/A * on a succesful authentication. We use the home-directory 2N/A * to look for .hushlogin in order to optionaly surpress the 2N/A * "failed attempts" message. 2N/A * Chop off old SunOS-style password aging information. 2N/A * Note: old style password aging is only defined for UNIX-style 2N/A * crypt strings, hence the comma will always be at position 14. 2N/A * Note: This code is here because some other vendors might still 2N/A * support this style of password aging. If we don't remove 2N/A * the age field, no one will be able to login. 2N/A * XXX yank this code when we're certain this "compatibility" 2N/A * isn't needed anymore. 2N/A /* Is a password check required? */ 2N/A * Password check *is* required. Make sure we have a valid 2N/A * pointer in PAM_AUTHTOK 2N/A * "rep_passwd" holds the encrypted password. 2N/A * If, however, we detect that the password equals NOPWDRTR, 2N/A * while we've obtained it from NIS+, it 2N/A * means that the permissions on the NIS+ table are too tight 2N/A * for us to get the password without having Secure RPC 2N/A * Credentials. In that case, we syslog an error stating that 2N/A * the Secure RPC credential Module should be on the PAM stack 2N/A * before the unix_auth module. We also tell the user to go 2N/A * and inform the administrator of this error. 2N/A "the pam_dhkeys module is on the PAM stack before " 2N/A "NIS+ permissions are too tight. " 2N/A "Please inform your administrator."));
2N/A /* Now check the entered password */ 2N/A /* Clear or increment failed failed count */