PUBLIC bool websVerifyPamPassword(Webs *wp) { WebsBuf abilities; pam_handle_t *pamh; UserInfo info; struct pam_conv conv = { pamChat, &info }; struct group *gp; int res, i; assure(wp); assure(wp->username && wp->username); assure(wp->password); assure(!wp->encoded); info.name = (char*) wp->username; info.password = (char*) wp->password; pamh = NULL; if ((res = pam_start("login", info.name, &conv, &pamh)) != PAM_SUCCESS) { return 0; } if ((res = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) { pam_end(pamh, PAM_SUCCESS); trace(5, "httpPamVerifyUser failed to verify %s", wp->username); return 0; } pam_end(pamh, PAM_SUCCESS); trace(5, "httpPamVerifyUser verified %s", wp->username); if (!wp->user) { wp->user = websLookupUser(wp->username); } if (!wp->user) { Gid groups[32]; int ngroups; /* Create a temporary user with a abilities set to the groups */ ngroups = sizeof(groups) / sizeof(Gid); if ((i = getgrouplist(wp->username, 99999, groups, &ngroups)) >= 0) { bufCreate(&abilities, 128, -1); for (i = 0; i < ngroups; i++) { if ((gp = getgrgid(groups[i])) != 0) { bufPutStr(&abilities, gp->gr_name); bufPutc(&abilities, ' '); } } bufAddNull(&abilities); trace(5, "Create temp user \"%s\" with abilities: %s", wp->username, abilities.servp); if ((wp->user = websAddUser(wp->username, 0, abilities.servp)) == 0) { return 0; } computeUserAbilities(wp->user); } } return 1; }
int main(int argc, char *argv[]) { WebsBuf buf; char *password, *authFile, *username, *encodedPassword, *realm, *cp, *roles; int i, errflg, create, nextArg; username = 0; create = errflg = 0; password = 0; for (i = 1; i < argc && !errflg; i++) { if (argv[i][0] != '-') { break; } for (cp = &argv[i][1]; *cp && !errflg; cp++) { if (*cp == 'c') { create++; } else if (*cp == 'p') { if (++i == argc) { errflg++; } else { password = argv[i]; break; } } else { errflg++; } } } nextArg = i; if ((nextArg + 3) > argc) { errflg++; } if (errflg) { printUsage(); exit(2); } authFile = argv[nextArg++]; realm = argv[nextArg++]; username = argv[nextArg++]; bufCreate(&buf, 0, 0); for (i = nextArg; i < argc; ) { bufPutStr(&buf, argv[i]); if (++i < argc) { bufPutc(&buf, ','); } } roles = sclone(buf.servp); websOpenAuth(1); if (!create) { if (websLoad(authFile) < 0) { exit(2); } if (access(authFile, W_OK) < 0) { error("Can't write to %s", authFile); exit(4); } } else if (access(authFile, R_OK) < 0) { error("Can't create %s, already exists", authFile); exit(5); } if (!password && (password = getPassword()) == 0) { exit(1); } encodedPassword = websMD5(sfmt("%s:%s:%s", username, realm, password)); websRemoveUser(username); if (websAddUser(username, encodedPassword, roles) < 0) { exit(7); } if (writeAuthFile(authFile) < 0) { exit(6); } websCloseAuth(); return 0; }