* details.
*
* You should have received a copy of the GNU Lesser General Public
- * License along with these librararies and programs; if not, write
+ * License along with these libraries and programs; if not, write
* to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
* Floor, Boston, MA 02110-1301 USA
*/
** Platform identification:
**
** __hpux HP-UX OS only
- ** __apollo Domain OS only
- ** __hp_osf HP OSF/1 OS only
** sun SUN OS only
- ** USL USL OS only
- ** SVR4 SUN OS and USL
+ ** SVR4 SUN OS et al.
** _AIX AIX only
** _POWER AIX version 4 only
- ** __uxp__ Fujitsu UXP/DS
**
****************************************************************************
************************************<+>*************************************/
/* necessary for bzero */
#ifdef SVR4
#include <X11/Xfuncs.h>
-#if defined(sun) || defined(__uxp__)
+#if defined(sun)
#include <shadow.h>
#endif
#endif
-#if defined(USL)
-#include <iaf.h>
-#endif
-
#include "dm.h"
#include "vg.h"
#include "vgmsg.h"
/*
* Define as generic those without platform specific code.
*/
-#if !(defined(__hpux) || \
- defined(__apollo) || \
- defined(_AIX) || \
- defined(sun) || \
- defined(__uxp__) || \
- defined(USL))
+#if !(defined(__hpux) || defined(_AIX) || defined(sun))
#define generic
#endif
-#ifdef __osf__
-#include <sys/sysinfo.h>
-#endif
-
-#if defined(linux)
+#if defined(__linux__)
# include <shadow.h>
#endif
static int CheckPassword( char *name, char *passwd, struct passwd **ppwd );
static int CountUsers( int added_users) ;
static int CountUsersStrict( char *new_user) ;
-static int PasswordAged( register struct passwd *pw) ;
+static int PasswordAged( struct passwd *pw) ;
static void WriteBtmp( char *name) ;
#ifdef AUDIT
struct s_passwd *s_pwd;
struct stat s_pfile;
- int secure; /* flag to denote existance of secure passwd file */
+ int secure; /* flag to denote existence of secure passwd file */
int selfAuditOn;
#endif
#define SECONDS_IN_WEEK 604800L
static int
-PasswordAged( register struct passwd *pw )
+PasswordAged( struct passwd *pw )
{
long change_week; /* week password was changed (1/1/70 = Week 0) */
long last_week; /* week after which password must change */
#ifdef __PASSWD_ETC
/*
- * If regular passwd check fails, try old-style Apollo SR
+ * If regular passwd check fails, try old-style SR
*/
if (rgy_$is_des(passwd, strlen(passwd), p->pw_passwd) == TRUE)
#endif /* __hpux */
-/***************************************************************************
- ***************************************************************************
- ***************************************************************************
- ***************************************************************************
- ***************************************************************************
- ***************************************************************************
- ***************************************************************************
- ***************************************************************************/
-
-
-#if defined(__uxp__)
-
-/***************************************************************************
- *
- * Start authentication routines (UXP)
- *
- ***************************************************************************/
-
-
-
-
-/***************************************************************************
- *
- * External declarations (UXP)
- *
- ***************************************************************************/
-
-
-
-
-/***************************************************************************
- *
- * Procedure declarations (UXP)
- *
- ***************************************************************************/
-
-static void Audit( struct passwd *p, char *msg, int errnum) ;
-static int PasswordAged( register struct passwd *pw) ;
-static void WriteBtmp( char *name) ;
-
-
-
-
-/***************************************************************************
- *
- * Global variables (UXP)
- *
- ***************************************************************************/
-
-
-
-
-/***************************************************************************
- *
- * Audit (UXP)
- *
- ***************************************************************************/
-
-static void
-Audit( struct passwd *p, char *msg, int errnum )
-{
-
- /*
- * make sure program is back to super-user...
- */
-
- seteuid(0);
-
- return;
-}
-
-
-
-
-/***************************************************************************
- *
- * WriteBtmp (UXP)
- *
- * log bad login attempts
- *
- ***************************************************************************/
-
-static void
-WriteBtmp( char *name )
-{
- return;
-}
-
-
-
-
-/***************************************************************************
- *
- * PasswordAged (UXP)
- *
- * see if password has aged
- ***************************************************************************/
-#define SECONDS_IN_WEEK 604800L
-
-static int
-PasswordAged( register struct passwd *pw )
-{
- long change_week; /* week password was changed (1/1/70 = Week 0) */
- long last_week; /* week after which password must change */
- long first_week; /* week before which password can't change */
- long this_week; /* this week derived from time() */
- char *file; /* help file name */
- char *command; /* the /bin/passwd command string */
-
- if (*pw->pw_age == NULL)
- return(0);
-
- first_week = last_week = change_week = (long) a64l(pw->pw_age);
- last_week &= 0x3f; /* first six bits */
- first_week = (first_week >> 6) & 0x3f; /* next six bits */
- change_week >>= 12; /* everything else */
-
- this_week = (long) time((long *) 0) / SECONDS_IN_WEEK;
-
-/*
-** Password aging conditions:
-** * if the last week is less than the first week (e.g., the aging
-** field looks like "./"), only the superuser can change the
-** password. We don't request a new password.
-** * if the week the password was last changed is after this week,
-** we have a problem, and request a new password.
-** * if this week is after the specified aging time, we request
-** a new password.
-*/
- if (last_week < first_week)
- return(0);
-
- if (change_week <= this_week && this_week <= (change_week + last_week))
- return(0);
-
- return(1);
-}
-
-
-
-
-/***************************************************************************
- *
- * Authenticate (UXP)
- *
- * verify the user
- *
- * return codes indicate authentication results.
- ***************************************************************************/
-
-#define MAXATTEMPTS 3
-
-struct passwd nouser = {"", "nope"}; /* invalid user password struct */
-
-int
-Authenticate( struct display *d, char *name, char *passwd, char **msg )
-{
-
- static int login_attempts = 0; /* # failed authentications */
-
- struct passwd *p; /* password structure */
- struct spwd *sp; /* shadow info */
- char *crypt();
-
- int n;
-
- char *origpw;
-
- /*
- * Nothing to do if no name provided.
- */
- if (!name)
- return(VF_INVALID);
-
- /*
- * Save provided password.
- */
- origpw = passwd;
- if (!passwd) passwd = "";
-
-
- p = getpwnam(name);
- sp = getspnam(name);
-
- if (!p || strlen(name) == 0 ||
- strcmp (crypt (passwd, sp->sp_pwdp), sp->sp_pwdp)) {
-
- WriteBtmp(name);
-
- if ((++login_attempts % MAXATTEMPTS) == 0 ) {
-
- if (p == NULL )
- p = &nouser;
-
- Audit(p, " Failed login (bailout)", 1);
-
- }
-
- return(origpw ? VF_INVALID : VF_CHALLENGE);
- }
-
-
- /*
- * check password aging...
- */
-
- if ( PasswordAged(p) ) return(VF_PASSWD_AGED);
-
- /*
- * verify home directory exists...
- */
-
- if(chdir(p->pw_dir) < 0) {
- Audit(p, " attempted to login - no home directory", 1);
- return(VF_HOME);
- }
-
-
- /*
- * validate uid and gid...
- */
-
-
- if ((p->pw_gid < 0) ||
- (setgid(p->pw_gid) == -1)) {
-
- Audit(p, " attempted to login - bad group id", 1);
- return(VF_BAD_GID);
- }
-
- if ((p->pw_uid < 0) ||
- (seteuid(p->pw_uid) == -1)) {
-
- Audit(p, " attempted to login - bad user id", 1);
- return(VF_BAD_UID);
- }
-
-
-
- /*
- * verify ok...
- */
-
- Audit(p, " Successful login", 0);
- return(VF_OK);
-}
-
-
-
-/***************************************************************************
- *
- * End authentication routines (UXP)
- *
- ***************************************************************************/
-#endif
-
/***************************************************************************
***************************************************************************
***************************************************************************
***************************************************************************/
static void Audit( struct passwd *p, char *msg, int errnum) ;
-static int PasswordAged(char *name, register struct passwd *pw) ;
+static int PasswordAged(char *name, struct passwd *pw) ;
static void WriteBtmp( char *name) ;
#define SECONDS_IN_WEEK 604800L
static int
-PasswordAged(char *name, register struct passwd *pw )
+PasswordAged(char *name, struct passwd *pw )
{
struct userpw *pupw; /* authentication information from getuserpw() */
struct userpw upw; /* working authentication information */
***************************************************************************/
-#if defined(USL)
-/***************************************************************************
- *
- * Start authentication routines (USL)
- *
- ***************************************************************************/
-
-
-#define LOGIN_SUCCESS 0
-#define LOGIN_FAIL 1
-#define INACTIVE 2
-#define EXPIRED 3
-#define IDLEWEEKS 4
-#define MANDATORY 5
-#define AGED 6
-#define BADSHELL 7
-#define NOHOME 8
-#define PFLAG 11
-
-/***************************************************************************
- *
- * External declarations (USL)
- *
- ***************************************************************************/
-
-
-
-/***************************************************************************
- *
- * Procedure declarations (USL)
- *
- ***************************************************************************/
-
-
-static void Audit( struct passwd *p, char *msg, int errnum) ;
-static int PasswordAged( register struct passwd *pw) ;
-static void WriteBtmp( char *name) ;
-
-
-
-/***************************************************************************
- *
- * Global variables (USL)
- *
- ***************************************************************************/
-
-extern int Slaveptty_fd;
-
-
-/***************************************************************************
- *
- * Audit (USL)
- *
- ***************************************************************************/
-
-static void
-Audit( struct passwd *p, char *msg, int errnum )
-{
-
- /*
- * make sure program is back to super-user...
- */
-
- seteuid(0);
-
- return;
-}
-
-
-
-
-/***************************************************************************
- *
- * WriteBtmp (USL)
- *
- * log bad login attempts
- *
- ***************************************************************************/
-
-static void
-WriteBtmp( char *name )
-{
- return;
-}
-
-
-
-
-/***************************************************************************
- *
- * Authenticate (USL)
- *
- * verify the user
- *
- * return codes indicate authentication results.
- ***************************************************************************/
-
-#define MAXATTEMPTS 3
-
-int
-Authenticate( struct display *d, char *name, char *passwd, char **msg )
-{
-
- int ret;
- char **ava, *tty;
- char *p;
- char xlogname[137];
- char xpasswd[137];
- char xtty[137];
-
- char *origpw;
-
- /*
- * Nothing to do if no name provided.
- */
- if (!name)
- return(VF_INVALID);
-
- /*
- * Save provided password.
- */
- origpw = passwd;
- if (!passwd) passwd = "";
-
- /*
- * Put the logname and the passwd on the ava stream
- */
- if ((ret = dup2 (Slaveptty_fd, 0)) == -1)
- Debug ("Problem with dup2\n");
-
- ava = retava(Slaveptty_fd);
-
- (void) bzero (xlogname, strlen (xlogname));
- (void) sprintf (xlogname, "XLOGNAME=%s", name);
- if ((ava = putava (xlogname, ava)) == NULL)
- {
- Debug ("Could not set logname ava\n");
- }
-
- (void) bzero (xpasswd, strlen (xpasswd));
- (void) sprintf (xpasswd, "XPASSWD=%s", passwd);
- if ((ava = putava (xpasswd, ava)) == NULL)
- {
- Debug ("Could not set passwd ava\n");
- }
-
- (void) bzero (xtty, strlen (xtty));
- (void) sprintf (xtty, "XTTY=%s", ttyname(Slaveptty_fd));
- if ((ava = putava (xtty, ava)) == NULL)
- {
- Debug ("Could not set tty ava\n");
- }
-
- if (setava (Slaveptty_fd, ava) != 0)
- {
- Debug ("Could not do setava\n");
- }
-
- /*
- * invoke identification and authorizarion scheme
- */
-
- switch (ret = invoke (Slaveptty_fd, "login"))
- {
-
- case LOGIN_SUCCESS:
- Audit(p, " Successful login", 0);
- return(VF_OK);
- case LOGIN_FAIL:
- return(origpw ? VF_INVALID : VF_CHALLENGE);
-
- /* The next three cases need to define special return values */
- /* for the aged passwords and accounts. */
-
- case INACTIVE:
- case IDLEWEEKS:
- /* PasswdAged (linfo); */
- return(VF_PASSWD_AGED);
- case EXPIRED: /* SS */
- /* AccountAged (linfo); */
- return(VF_PASSWD_AGED);
-
- /* These 3 cases should allow user to select a new password */
- /* after displaying a warrning, but current implementation */
- /* only displays the warning. */
-
- case MANDATORY:
- case PFLAG:
- case AGED:
- return(VF_PASSWD_AGED);
- default:
- return(VF_INVALID); /* SS */
- }
-}
-
-
-/***************************************************************************
- *
- * End authentication routines (USL)
- *
- ***************************************************************************/
-#endif /* USL */
-
#ifdef generic
/***************************************************************************
*
***************************************************************************/
static void Audit( struct passwd *p, char *msg, int errnum) ;
-static int PasswordAged( register struct passwd *pw) ;
+static int PasswordAged( struct passwd *pw) ;
static void WriteBtmp( char *name) ;
#define SECONDS_IN_WEEK 604800L
static int
-PasswordAged( register struct passwd *pw )
+PasswordAged( struct passwd *pw )
{
return(FALSE);
}
p = getpwnam(name);
-#if defined(linux)
+#if defined(__linux__)
/*
* Use the Linux Shadow Password system to get the crypt()ed password
*/
}
#endif
+#if defined(__OpenBSD__) && OSMAJORVERSION > 5
+ /*
+ * Use the OpenBSD getpwnam_shadow function to get the crypt()ed password
+ */
+ p = getpwnam_shadow(name);
+#endif
+
if (!p || strlen(name) == 0 ||
strcmp (crypt (passwd, p->pw_passwd), p->pw_passwd)) {
*/
- if ((p->pw_gid < 0) ||
- (setgid(p->pw_gid) == -1)) {
+ if (setgid(p->pw_gid) == -1) {
Audit(p, " attempted to login - bad group id", 1);
return(VF_BAD_GID);
}
- if ((p->pw_uid < 0) ||
- (seteuid(p->pw_uid) == -1)) {
+ if (seteuid(p->pw_uid) == -1) {
Audit(p, " attempted to login - bad user id", 1);
return(VF_BAD_UID);