MODRET authfile_auth(cmd_rec *cmd) {
char *tmp = NULL, *cleartxt_pass = NULL;
const char *name = cmd->argv[0];
if (af_setpwent() < 0) {
return PR_DECLINED(cmd);
}
/* Lookup the cleartxt password for this user. */
tmp = af_getpwpass(name);
if (tmp == NULL) {
/* For now, return DECLINED. Ideally, we could stash an auth module
* identifier in the session structure, so that all auth modules could
* coordinate/use their methods as long as they matched the auth module
* used.
*/
return PR_DECLINED(cmd);
#if 0
/* When the above is implemented, and if the user being checked was
* provided by mod_auth_file, we'd return this.
*/
return PR_ERROR_INT(cmd, PR_AUTH_NOPWD);
#endif
}
cleartxt_pass = pstrdup(cmd->tmp_pool, tmp);
if (pr_auth_check(cmd->tmp_pool, cleartxt_pass, name, cmd->argv[1]))
return PR_ERROR_INT(cmd, PR_AUTH_BADPWD);
session.auth_mech = "mod_auth_file.c";
return PR_HANDLED(cmd);
}
MODRET pw_auth(cmd_rec *cmd) {
time_t now;
char *cpw;
time_t lstchg = -1, max = -1, inact = -1, disable = -1;
const char *name;
name = cmd->argv[0];
time(&now);
cpw = _get_pw_info(cmd->tmp_pool, name, &lstchg, NULL, &max, NULL, &inact,
&disable);
if (!cpw)
return PR_DECLINED(cmd);
if (pr_auth_check(cmd->tmp_pool, cpw, cmd->argv[0], cmd->argv[1]))
return PR_ERROR_INT(cmd, PR_AUTH_BADPWD);
if (lstchg > (time_t) 0 &&
max > (time_t) 0 &&
inact > (time_t)0)
if (now > lstchg + max + inact)
return PR_ERROR_INT(cmd, PR_AUTH_AGEPWD);
if (disable > (time_t) 0 &&
now > disable)
return PR_ERROR_INT(cmd, PR_AUTH_DISABLEDPWD);
session.auth_mech = "mod_auth_unix.c";
return PR_HANDLED(cmd);
}
MODRET pw_authz(cmd_rec *cmd) {
#ifdef HAVE_LOGINRESTRICTIONS
int code = 0, mode = S_RLOGIN;
char *reason = NULL;
#endif
/* XXX Any other implementations here? */
#ifdef HAVE_LOGINRESTRICTIONS
if (auth_unix_opts & AUTH_UNIX_OPT_AIX_NO_RLOGIN) {
mode = 0;
}
/* Check for account login restrictions and such using AIX-specific
* functions.
*/
PRIVS_ROOT
if (loginrestrictions(cmd->argv[0], mode, NULL, &reason) != 0) {
PRIVS_RELINQUISH
if (reason &&
*reason) {
pr_log_auth(LOG_WARNING, "login restricted for user '%s': %.100s",
cmd->argv[0], reason);
}
pr_log_debug(DEBUG2, "AIX loginrestrictions() failed for user '%s': %s",
cmd->argv[0], strerror(errno));
return PR_ERROR_INT(cmd, PR_AUTH_DISABLEDPWD);
}
MODRET sftppam_auth(cmd_rec *cmd) {
if (!sftppam_handle_auth) {
return PR_DECLINED(cmd);
}
if (sftppam_auth_code != PR_AUTH_OK) {
if (sftppam_authoritative) {
return PR_ERROR_INT(cmd, sftppam_auth_code);
}
return PR_DECLINED(cmd);
}
session.auth_mech = "mod_sftp_pam.c";
pr_event_register(&sftp_pam_module, "core.exit", sftppam_exit_ev, NULL);
return PR_HANDLED(cmd);
}
