MODRET authfile_auth(cmd_rec *cmd) { char *tmp = NULL, *cleartxt_pass = NULL; const char *name = cmd->argv[0]; if (af_setpwent() < 0) { return PR_DECLINED(cmd); } /* Lookup the cleartxt password for this user. */ tmp = af_getpwpass(name); if (tmp == NULL) { /* For now, return DECLINED. Ideally, we could stash an auth module * identifier in the session structure, so that all auth modules could * coordinate/use their methods as long as they matched the auth module * used. */ return PR_DECLINED(cmd); #if 0 /* When the above is implemented, and if the user being checked was * provided by mod_auth_file, we'd return this. */ return PR_ERROR_INT(cmd, PR_AUTH_NOPWD); #endif } cleartxt_pass = pstrdup(cmd->tmp_pool, tmp); if (pr_auth_check(cmd->tmp_pool, cleartxt_pass, name, cmd->argv[1])) return PR_ERROR_INT(cmd, PR_AUTH_BADPWD); session.auth_mech = "mod_auth_file.c"; return PR_HANDLED(cmd); }
MODRET pw_auth(cmd_rec *cmd) { time_t now; char *cpw; time_t lstchg = -1, max = -1, inact = -1, disable = -1; const char *name; name = cmd->argv[0]; time(&now); cpw = _get_pw_info(cmd->tmp_pool, name, &lstchg, NULL, &max, NULL, &inact, &disable); if (!cpw) return PR_DECLINED(cmd); if (pr_auth_check(cmd->tmp_pool, cpw, cmd->argv[0], cmd->argv[1])) return PR_ERROR_INT(cmd, PR_AUTH_BADPWD); if (lstchg > (time_t) 0 && max > (time_t) 0 && inact > (time_t)0) if (now > lstchg + max + inact) return PR_ERROR_INT(cmd, PR_AUTH_AGEPWD); if (disable > (time_t) 0 && now > disable) return PR_ERROR_INT(cmd, PR_AUTH_DISABLEDPWD); session.auth_mech = "mod_auth_unix.c"; return PR_HANDLED(cmd); }
MODRET pw_authz(cmd_rec *cmd) { #ifdef HAVE_LOGINRESTRICTIONS int code = 0, mode = S_RLOGIN; char *reason = NULL; #endif /* XXX Any other implementations here? */ #ifdef HAVE_LOGINRESTRICTIONS if (auth_unix_opts & AUTH_UNIX_OPT_AIX_NO_RLOGIN) { mode = 0; } /* Check for account login restrictions and such using AIX-specific * functions. */ PRIVS_ROOT if (loginrestrictions(cmd->argv[0], mode, NULL, &reason) != 0) { PRIVS_RELINQUISH if (reason && *reason) { pr_log_auth(LOG_WARNING, "login restricted for user '%s': %.100s", cmd->argv[0], reason); } pr_log_debug(DEBUG2, "AIX loginrestrictions() failed for user '%s': %s", cmd->argv[0], strerror(errno)); return PR_ERROR_INT(cmd, PR_AUTH_DISABLEDPWD); }
MODRET sftppam_auth(cmd_rec *cmd) { if (!sftppam_handle_auth) { return PR_DECLINED(cmd); } if (sftppam_auth_code != PR_AUTH_OK) { if (sftppam_authoritative) { return PR_ERROR_INT(cmd, sftppam_auth_code); } return PR_DECLINED(cmd); } session.auth_mech = "mod_sftp_pam.c"; pr_event_register(&sftp_pam_module, "core.exit", sftppam_exit_ev, NULL); return PR_HANDLED(cmd); }