MODRET pw_auth(cmd_rec *cmd) {
time_t now;
char *cpw;
time_t lstchg = -1, max = -1, inact = -1, disable = -1;
const char *name;
name = cmd->argv[0];
time(&now);
cpw = _get_pw_info(cmd->tmp_pool, name, &lstchg, NULL, &max, NULL, &inact,
&disable);
if (!cpw)
return PR_DECLINED(cmd);
if (pr_auth_check(cmd->tmp_pool, cpw, cmd->argv[0], cmd->argv[1]))
return PR_ERROR_INT(cmd, PR_AUTH_BADPWD);
if (lstchg > (time_t) 0 &&
max > (time_t) 0 &&
inact > (time_t)0)
if (now > lstchg + max + inact)
return PR_ERROR_INT(cmd, PR_AUTH_AGEPWD);
if (disable > (time_t) 0 &&
now > disable)
return PR_ERROR_INT(cmd, PR_AUTH_DISABLEDPWD);
session.auth_mech = "mod_auth_unix.c";
return PR_HANDLED(cmd);
}
MODRET authfile_auth(cmd_rec *cmd) {
char *tmp = NULL, *cleartxt_pass = NULL;
const char *name = cmd->argv[0];
if (af_setpwent() < 0) {
return PR_DECLINED(cmd);
}
/* Lookup the cleartxt password for this user. */
tmp = af_getpwpass(name);
if (tmp == NULL) {
/* For now, return DECLINED. Ideally, we could stash an auth module
* identifier in the session structure, so that all auth modules could
* coordinate/use their methods as long as they matched the auth module
* used.
*/
return PR_DECLINED(cmd);
#if 0
/* When the above is implemented, and if the user being checked was
* provided by mod_auth_file, we'd return this.
*/
return PR_ERROR_INT(cmd, PR_AUTH_NOPWD);
#endif
}
cleartxt_pass = pstrdup(cmd->tmp_pool, tmp);
if (pr_auth_check(cmd->tmp_pool, cleartxt_pass, name, cmd->argv[1]))
return PR_ERROR_INT(cmd, PR_AUTH_BADPWD);
session.auth_mech = "mod_auth_file.c";
return PR_HANDLED(cmd);
}
