2 * CDE - Common Desktop Environment
4 * Copyright (c) 1993-2012, The Open Group. All rights reserved.
6 * These libraries and programs are free software; you can
7 * redistribute them and/or modify them under the terms of the GNU
8 * Lesser General Public License as published by the Free Software
9 * Foundation; either version 2 of the License, or (at your option)
12 * These libraries and programs are distributed in the hope that
13 * they will be useful, but WITHOUT ANY WARRANTY; without even the
14 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
15 * PURPOSE. See the GNU Lesser General Public License for more
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with these librararies and programs; if not, write
20 * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
21 * Floor, Boston, MA 02110-1301 USA
23 /* $XConsortium: vgapollo.c /main/4 1995/10/27 16:17:06 rswiston $ */
25 * (c) Copyright 1993, 1994 Hewlett-Packard Company *
26 * (c) Copyright 1993, 1994 International Business Machines Corp. *
27 * (c) Copyright 1993, 1994 Sun Microsystems, Inc. *
28 * (c) Copyright 1993, 1994 Novell, Inc. *
30 /************************************<+>*************************************
31 ****************************************************************************
35 ** Project: HP Visual User Environment (DT)
37 ** Description: Dtgreet user authentication routines for Domain/OS 10.4
39 ** These routines validate the user; checking name, password,
40 ** home directory, password aging, etc.
43 ** (c) Copyright 1987, 1988, 1989 by Hewlett-Packard Company
46 ** Conditional compiles:
48 ** __apollo Domain OS only
50 ****************************************************************************
51 ************************************<+>*************************************/
54 #include <stdio.h> /* placed here so file isn't empty */
59 /***************************************************************************
63 ***************************************************************************/
67 #include <apollo/base.h>
68 #include <apollo/error.h>
70 #include "apollo/passwd.h" /* copy of <apollo/sys/passwd.h> */
71 #include "apollo/login.h" /* copy of <apollo/sys/login.h> */
72 #include "apollo/rgy_base.h"
77 #define SCMPN(a, b) strncmp(a, b, sizeof(a))
78 #define SCPYN(a, b) strncpy(a, b, sizeof(a))
79 #define eq(a,b) !strcmp(a,b)
81 #define NMAX strlen(name)
82 #define HMAX strlen(host)
84 #define STRING(str) (str), (short) strlen(str)
85 #define STRNULL(s, l) ((s)[(l)] = '\0')
86 #define ISTRING(str) (str), (int) strlen(str)
90 /***************************************************************************
92 * External declarations
94 ***************************************************************************/
97 /***************************************************************************
99 * Procedure declarations
101 ***************************************************************************/
104 static boolean CheckLogin( char *user, char *passwd, char *host,
106 static boolean CheckPassword( char *user, char *passwd) ;
107 static int PasswordAged( register struct passwd *pw) ;
112 /***************************************************************************
116 ***************************************************************************/
118 rgy_$policy_t policy;
119 rgy_$acct_user_t user_part;
120 rgy_$acct_admin_t admin_part;
121 extern struct passwd * getpwnam_full();
125 /***************************************************************************
129 ***************************************************************************/
134 /***************************************************************************
138 * check validity of user name, password and other login parameters
140 ***************************************************************************/
143 CheckLogin( char *user, char *passwd, char *host, status_$t *status)
146 login_$opt_set_t opts;
148 login_$set_host(host, strlen(host));
150 opts = login_$no_setsid_sm |
152 login_$no_prompt_pass;
154 if ( !login_$chk_login(opts,
157 (login_$open_log_p) NULL,
171 /***************************************************************************
175 * check validity of just user name and password
176 ***************************************************************************/
179 CheckPassword( char *user, char *passwd )
184 login_$open((login_$mode_t) 0, &lptr, &status);
185 if (status.all == status_$ok)
186 login_$set_ppo(lptr, STRING(user), &status);
187 if (status.all == status_$ok)
188 login_$ckpass(lptr, STRING(passwd), &status);
190 return (status.all == status_$ok);
196 /***************************************************************************
200 * see if password has aged
201 ***************************************************************************/
204 PasswordAged( register struct passwd *pw )
209 /* Account validity checks: If we were able to connect to the network
210 * registry, then we've acquired account and policy data and can perform
211 * account/password checking
214 lrgy = rgy_$using_local_registry();
217 /* Check for password expiration or invalidity */
218 if (rgy_$is_passwd_expired(&user_part, &policy ) == true ||
219 rgy_$is_passwd_invalid(&user_part) == true) {
230 /***************************************************************************
236 * return codes indicate authentication results.
237 ***************************************************************************/
239 #define MAXATTEMPTS 5
241 extern Widget focusWidget; /* login or password text field */
242 struct passwd nouser = {"", "nope"}; /* invalid user password struct */
245 Verify( char *name, char *passwd )
248 static int login_attempts = 0; /* # failed authentications */
250 struct passwd *p; /* password structure */
251 char *host; /* host that login is coming in from */
252 status_$t status; /* status code returned by CheckLogin */
260 * look up entry from registry...
262 * need getpwnam_full to get policy data for passwd expiration
265 p = getpwnam_full(name, &user_part, &admin_part, &policy);
266 /* p = getpwnam(name);*/
268 if (!p || strlen(name) == 0 || p->pw_name == NULL )
273 * validate user/password...
276 if (!CheckLogin(name, passwd, host, &status)) {
279 * if verification failed, but was just a name check, prompt for
283 if ( focusWidget != passwd_text )
288 * if maximum number of attempts exceeded, log failure...
291 if ((++login_attempts % MAXATTEMPTS) == 0 ) {
295 "REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
296 "??", HMAX, host, NMAX, name);
302 * check status codes from verification...
305 switch (status.all) {
307 case login_$logins_disabled: /* logins are disabled */
311 if (!CheckPassword(name,passwd))
316 case login_$inv_acct: /* invalid account */
317 if ( PasswordAged(p) )
318 return(VF_PASSWD_AGED);
323 default: /* other failed verification */
333 * verify home directory exists...
336 if (chdir(p->pw_dir) < 0) {
340 LogError(ReadCatalog(
341 MC_LOG_SET,MC_LOG_NO_HMDIR,MC_DEF_LOG_NO_HMDIR),
347 * validate uid and gid...
350 if ((p->pw_gid < 0) ||
351 (setgid(p->pw_gid) == -1)) {
355 if ((p->pw_uid < 0) ||
356 (seteuid(p->pw_uid) == -1)) {