struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[]) { pam_handle_t *hdl; struct pam_conv conv; struct checkpw_cred cred; conv.conv = &checkpw_conv; conv.appdata_ptr = &cred; cred.uname = pw->pw_name; cred.pass = pass; if ((pam_start ((char *) mail_parameters (NIL,GET_SERVICENAME,NIL), pw->pw_name,&conv,&hdl) != PAM_SUCCESS) || (pam_set_item (hdl,PAM_RHOST,tcp_clientaddr ()) != PAM_SUCCESS) || (pam_authenticate (hdl,NIL) != PAM_SUCCESS) || (pam_acct_mgmt (hdl,NIL) != PAM_SUCCESS) || (pam_setcred (hdl,PAM_ESTABLISH_CRED) != PAM_SUCCESS)) { /* clean up */ pam_setcred (hdl,PAM_DELETE_CRED); pam_end (hdl,PAM_AUTH_ERR); /* failed */ return NIL; } #if 0 /* * Some people have reported that this causes a SEGV in strncpy() from * pam_unix.so.1 */ /* * This pam_open_session() call is inconsistant with how we handle other * platforms, where we don't write [uw]tmp records. However, unlike our * code on other platforms, pam_acct_mgmt() will check those records for * inactivity and deny the authentication. */ pam_open_session (hdl,NIL); /* make sure account doesn't go inactive */ #endif /* arm hook to delete credentials */ mail_parameters (NIL,SET_LOGOUTHOOK,(void *) checkpw_cleanup); mail_parameters (NIL,SET_LOGOUTDATA,(void *) hdl); return pw; }
long tcp_clientport () { if (!myClientHost && !myClientAddr) tcp_clientaddr (); return myClientPort; }