1 /* $XConsortium: vgapollo.c /main/4 1995/10/27 16:17:06 rswiston $ */
3 * (c) Copyright 1993, 1994 Hewlett-Packard Company *
4 * (c) Copyright 1993, 1994 International Business Machines Corp. *
5 * (c) Copyright 1993, 1994 Sun Microsystems, Inc. *
6 * (c) Copyright 1993, 1994 Novell, Inc. *
8 /************************************<+>*************************************
9 ****************************************************************************
13 ** Project: HP Visual User Environment (DT)
15 ** Description: Dtgreet user authentication routines for Domain/OS 10.4
17 ** These routines validate the user; checking name, password,
18 ** home directory, password aging, etc.
21 ** (c) Copyright 1987, 1988, 1989 by Hewlett-Packard Company
24 ** Conditional compiles:
26 ** __apollo Domain OS only
28 ****************************************************************************
29 ************************************<+>*************************************/
32 #include <stdio.h> /* placed here so file isn't empty */
37 /***************************************************************************
41 ***************************************************************************/
45 #include <apollo/base.h>
46 #include <apollo/error.h>
48 #include "apollo/passwd.h" /* copy of <apollo/sys/passwd.h> */
49 #include "apollo/login.h" /* copy of <apollo/sys/login.h> */
50 #include "apollo/rgy_base.h"
55 #define SCMPN(a, b) strncmp(a, b, sizeof(a))
56 #define SCPYN(a, b) strncpy(a, b, sizeof(a))
57 #define eq(a,b) !strcmp(a,b)
59 #define NMAX strlen(name)
60 #define HMAX strlen(host)
62 #define STRING(str) (str), (short) strlen(str)
63 #define STRNULL(s, l) ((s)[(l)] = '\0')
64 #define ISTRING(str) (str), (int) strlen(str)
68 /***************************************************************************
70 * External declarations
72 ***************************************************************************/
75 /***************************************************************************
77 * Procedure declarations
79 ***************************************************************************/
82 static boolean CheckLogin( char *user, char *passwd, char *host,
84 static boolean CheckPassword( char *user, char *passwd) ;
85 static int PasswordAged( register struct passwd *pw) ;
90 /***************************************************************************
94 ***************************************************************************/
97 rgy_$acct_user_t user_part;
98 rgy_$acct_admin_t admin_part;
99 extern struct passwd * getpwnam_full();
103 /***************************************************************************
107 ***************************************************************************/
112 /***************************************************************************
116 * check validity of user name, password and other login parameters
118 ***************************************************************************/
121 CheckLogin( char *user, char *passwd, char *host, status_$t *status)
124 login_$opt_set_t opts;
126 login_$set_host(host, strlen(host));
128 opts = login_$no_setsid_sm |
130 login_$no_prompt_pass;
132 if ( !login_$chk_login(opts,
135 (login_$open_log_p) NULL,
149 /***************************************************************************
153 * check validity of just user name and password
154 ***************************************************************************/
157 CheckPassword( char *user, char *passwd )
162 login_$open((login_$mode_t) 0, &lptr, &status);
163 if (status.all == status_$ok)
164 login_$set_ppo(lptr, STRING(user), &status);
165 if (status.all == status_$ok)
166 login_$ckpass(lptr, STRING(passwd), &status);
168 return (status.all == status_$ok);
174 /***************************************************************************
178 * see if password has aged
179 ***************************************************************************/
182 PasswordAged( register struct passwd *pw )
187 /* Account validity checks: If we were able to connect to the network
188 * registry, then we've acquired account and policy data and can perform
189 * account/password checking
192 lrgy = rgy_$using_local_registry();
195 /* Check for password expiration or invalidity */
196 if (rgy_$is_passwd_expired(&user_part, &policy ) == true ||
197 rgy_$is_passwd_invalid(&user_part) == true) {
208 /***************************************************************************
214 * return codes indicate authentication results.
215 ***************************************************************************/
217 #define MAXATTEMPTS 5
219 extern Widget focusWidget; /* login or password text field */
220 struct passwd nouser = {"", "nope"}; /* invalid user password struct */
223 Verify( char *name, char *passwd )
226 static int login_attempts = 0; /* # failed authentications */
228 struct passwd *p; /* password structure */
229 char *host; /* host that login is coming in from */
230 status_$t status; /* status code returned by CheckLogin */
238 * look up entry from registry...
240 * need getpwnam_full to get policy data for passwd expiration
243 p = getpwnam_full(name, &user_part, &admin_part, &policy);
244 /* p = getpwnam(name);*/
246 if (!p || strlen(name) == 0 || p->pw_name == NULL )
251 * validate user/password...
254 if (!CheckLogin(name, passwd, host, &status)) {
257 * if verification failed, but was just a name check, prompt for
261 if ( focusWidget != passwd_text )
266 * if maximum number of attempts exceeded, log failure...
269 if ((++login_attempts % MAXATTEMPTS) == 0 ) {
273 "REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
274 "??", HMAX, host, NMAX, name);
280 * check status codes from verification...
283 switch (status.all) {
285 case login_$logins_disabled: /* logins are disabled */
289 if (!CheckPassword(name,passwd))
294 case login_$inv_acct: /* invalid account */
295 if ( PasswordAged(p) )
296 return(VF_PASSWD_AGED);
301 default: /* other failed verification */
311 * verify home directory exists...
314 if (chdir(p->pw_dir) < 0) {
318 LogError(ReadCatalog(
319 MC_LOG_SET,MC_LOG_NO_HMDIR,MC_DEF_LOG_NO_HMDIR),
325 * validate uid and gid...
328 if ((p->pw_gid < 0) ||
329 (setgid(p->pw_gid) == -1)) {
333 if ((p->pw_uid < 0) ||
334 (seteuid(p->pw_uid) == -1)) {