static int
krb4_auth(pam_handle_t *pamh,
int flags,
const char *name,
const char *inst,
struct pam_conv *conv)
{
struct pam_response *resp;
char prompt[128];
struct pam_message msg, *pmsg = &msg;
int ret;
if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS))
{
char *pass = 0;
ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
if (ret != PAM_SUCCESS)
{
psyslog(LOG_ERR , "pam_get_item returned error to get-password");
return ret;
}
else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
return PAM_SUCCESS;
else if (ctrl_on(KRB4_USE_FIRST_PASS))
return PAM_AUTHTOK_RECOVERY_ERR; /* Wrong password! */
else
/* We tried the first password but it didn't work, cont. */;
}
msg.msg_style = PAM_PROMPT_ECHO_OFF;
if (*inst == 0)
snprintf(prompt, sizeof(prompt), "%s's Password: "******"%s.%s's Password: ", name, inst);
msg.msg = prompt;
ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr);
if (ret != PAM_SUCCESS)
return ret;
ret = verify_pass(pamh, name, inst, resp->resp);
if (ret == PAM_SUCCESS)
{
memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */
free(resp->resp);
free(resp);
}
else
{
pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */
/* free(resp->resp); XXX */
/* free(resp); XXX */
}
return ret;
}
Datum
chkpass_in(PG_FUNCTION_ARGS)
{
char *str = PG_GETARG_CSTRING(0);
chkpass *result;
char mysalt[4];
static char salt_chars[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
/* special case to let us enter encrypted passwords */
if (*str == ':')
{
result = (chkpass *) palloc(sizeof(chkpass));
strlcpy(result->password, str + 1, 13 + 1);
PG_RETURN_POINTER(result);
}
if (verify_pass(str) != 0)
ereport(ERROR,
(errcode(ERRCODE_DATA_EXCEPTION),
errmsg("password \"%s\" is weak", str)));
result = (chkpass *) palloc(sizeof(chkpass));
mysalt[0] = salt_chars[random() & 0x3f];
mysalt[1] = salt_chars[random() & 0x3f];
mysalt[2] = 0; /* technically the terminator is not necessary
* but I like to play safe */
strcpy(result->password, crypt(str, mysalt));
PG_RETURN_POINTER(result);
}
Datum
chkpass_in(PG_FUNCTION_ARGS)
{
char *str = PG_GETARG_CSTRING(0);
chkpass *result;
char mysalt[4];
char *crypt_output;
static char salt_chars[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
/* special case to let us enter encrypted passwords */
if (*str == ':')
{
result = (chkpass *) palloc0(sizeof(chkpass));
strlcpy(result->password, str + 1, 13 + 1);
PG_RETURN_POINTER(result);
}
if (verify_pass(str) != 0)
ereport(ERROR,
(errcode(ERRCODE_DATA_EXCEPTION),
errmsg("password \"%s\" is weak", str)));
result = (chkpass *) palloc0(sizeof(chkpass));
if (!pg_backend_random(mysalt, 2))
ereport(ERROR,
(errmsg("could not generate random salt")));
mysalt[0] = salt_chars[mysalt[0] & 0x3f];
mysalt[1] = salt_chars[mysalt[1] & 0x3f];
mysalt[2] = 0; /* technically the terminator is not necessary
* but I like to play safe */
crypt_output = crypt(str, mysalt);
if (crypt_output == NULL)
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("crypt() failed")));
strlcpy(result->password, crypt_output, sizeof(result->password));
PG_RETURN_POINTER(result);
}
void
do_login (char *nick, char *pass)
{
long i = 0, x = 0, D = 0;
char Data[STRING_SHORT] = { 0 }, b[STRING_SHORT] =
{
0};
struct userlist *c;
c = userhead;
while (c)
{
if (stricmp (nick, c->nick) == 0)
{
x = verify_pass (c->nick, c->chan, c->uh, pass);
if (x > 0)
{
i++;
if (c->level == 0 && x >= 2)
{
#if OP_USERS_ON_LOGIN == 1
/* only if not already authed */
S ("MODE %s +ov %s %s\n", c->chan, c->nick, c->nick);
#endif
D = 1;
}
c->level = x;
snprintf (b, sizeof (b), "%s[%d] %s", c->chan, (int) c->level, Data);
strncpy (Data, b, sizeof (Data));
}
}
c = c->next;
}
if (i != 0)
{
if (!D)
{
S ("NOTICE %s :Already authed on %s\n", nick, Data);
}
else
S ("NOTICE %s :Verified: %s\n", nick, Data);
}
}
