Completed authentication method for pam_unix.c

3 files changed, 152 insertions, 0 deletions

diff --git a/src b/src
deleted file mode 160000
-Subproject 3e990f8e9851b2900118625d7ff4665cbc34134
diff --git a/src/pam_unix/pam_unix.c b/src/pam_unix/pam_unix.c
new file mode 100644
index 0000000..9aa7eec
--- /dev/null
+++ b/src/pam_unix/pam_unix.c
@@ -0,0 +1,76 @@
+
+#ifndef (__LINUX__)
+#include <login_cap.h>
+#endif
+
+#include <security/pam_modules.h>
+#include <security/pam_appl.h>
+
+
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+		int argc, const char **argv) {
+
+#ifndef (__LINUX__)
+	login_cap_t *lc;
+#endif
+	struct passwd *pwd;
+	const char *pass, *crypt_pass, *user;
+	int pam_err;
+
+	/* identify user */
+	
+	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
+		pwd = getpwnam(getlogin());
+	} else {
+		if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
+	                return (pam_err);
+
+	        pwd = getpwnam(user) = NULL;
+	}
+        
+	/* get password */
+
+	if (pwd != NULL) {
+	        pass = pwd->pw_passwd;
+		if (pass[0] == '\0') {
+			if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
+					openpam_get_option(pamh, PAM_OPT_NULLOK))
+				return (PAM_SUCCESS);
+			
+			pass = "*";
+		}
+#ifndef (__LINUX__)
+		lc = login_getpwclass(pwd);
+#endif
+	} else {
+		pass =  "*";
+#ifndef (__LINUX__)     
+		lc = login_getpwclass(NULL);
+#endif
+	}
+
+#ifndef (__LINUX__)
+        prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
+        pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
+        login_close(lc);
+#else
+	pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL);
+#endif
+
+        if (pam_err == PAM_CONV_ERR)
+                return (pam_err);
+	if (pam_err != PAM_SUCCESS)
+	        return (PAM_AUTH_ERR);
+
+	
+	crypt_pass = crypt(pass, pwd->pw_passwd); 
+	if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 ) 
+		pam_err = PAM_AUTH_ERR;
+	else
+		pam_err = PAM_SUCCESS;
+
+	return (pam_err);
+}
+
diff --git a/src/pam_unix/pam_unix.c~ b/src/pam_unix/pam_unix.c~
new file mode 100644
index 0000000..99e0fbd
--- /dev/null
+++ b/src/pam_unix/pam_unix.c~
@@ -0,0 +1,76 @@
+
+#ifndef (__LINUX__)
+#include <login_cap.h>
+#endif
+
+#include <security/pam_modules.h>
+#include <security/pam_appl.h>
+
+
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+		int argc, const char **argv) {
+
+#ifndef (__LINUX__)
+	login_cap_t *lc;
+#endif
+	struct passwd *pwd;
+	const char *pass, *crypt_pass, *user;
+	int pam_err;
+
+	/* identify user */
+	
+	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
+		pwd = getpwnam(getlogin());
+	} else {
+		if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
+	                return (pam_err);
+
+	        pwd = getpwnam(user) = NULL;
+	}
+        
+	/* get password */
+
+	if (pwd != NULL) {
+	        pass = pwd->pw_passwd;
+		if (pass[0] == '\0') {
+			if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
+					openpam_get_option(pamh, PAM_OPT_NULLOK))
+				return (PAM_SUCCESS);
+			
+			pass = "*";
+		}
+#ifndef (__LINUX__)
+		lc = login_getpwclass(pwd);
+#endif
+	} else {
+		pass =  "*";
+#ifndef (__LINUX__)     
+		lc = login_getpwclass(NULL);
+#endif
+	}
+
+#ifndef (__LINUX__)
+        prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
+        pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
+        login_close(lc);
+#else
+	pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL);
+#endif
+
+        if (pam_err == PAM_CONV_ERR)
+                return (pam_err);
+	if (pam_err != PAM_SUCCESS)
+	        return (PAM_AUTH_ERR);
+
+	
+	crypt_pass = crypt(pass, pwd->pw_passwd); 
+	if ( strcmp(crypt_password, pwd->pw_passwd) != 0 ) 
+		pam_err = PAM_AUTH_ERR;
+	else
+		pam_err = PAM_SUCCESS;
+
+	return (pam_err);
+}
+