static int krb4_auth(pam_handle_t *pamh, int flags, const char *name, const char *inst, struct pam_conv *conv) { struct pam_response *resp; char prompt[128]; struct pam_message msg, *pmsg = &msg; int ret; if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS)) { char *pass = 0; ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass); if (ret != PAM_SUCCESS) { psyslog(LOG_ERR , "pam_get_item returned error to get-password"); return ret; } else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS) return PAM_SUCCESS; else if (ctrl_on(KRB4_USE_FIRST_PASS)) return PAM_AUTHTOK_RECOVERY_ERR; /* Wrong password! */ else /* We tried the first password but it didn't work, cont. */; } msg.msg_style = PAM_PROMPT_ECHO_OFF; if (*inst == 0) snprintf(prompt, sizeof(prompt), "%s's Password: "******"%s.%s's Password: ", name, inst); msg.msg = prompt; ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr); if (ret != PAM_SUCCESS) return ret; ret = verify_pass(pamh, name, inst, resp->resp); if (ret == PAM_SUCCESS) { memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */ free(resp->resp); free(resp); } else { pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */ /* free(resp->resp); XXX */ /* free(resp); XXX */ } return ret; }
Datum chkpass_in(PG_FUNCTION_ARGS) { char *str = PG_GETARG_CSTRING(0); chkpass *result; char mysalt[4]; static char salt_chars[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; /* special case to let us enter encrypted passwords */ if (*str == ':') { result = (chkpass *) palloc(sizeof(chkpass)); strlcpy(result->password, str + 1, 13 + 1); PG_RETURN_POINTER(result); } if (verify_pass(str) != 0) ereport(ERROR, (errcode(ERRCODE_DATA_EXCEPTION), errmsg("password \"%s\" is weak", str))); result = (chkpass *) palloc(sizeof(chkpass)); mysalt[0] = salt_chars[random() & 0x3f]; mysalt[1] = salt_chars[random() & 0x3f]; mysalt[2] = 0; /* technically the terminator is not necessary * but I like to play safe */ strcpy(result->password, crypt(str, mysalt)); PG_RETURN_POINTER(result); }
Datum chkpass_in(PG_FUNCTION_ARGS) { char *str = PG_GETARG_CSTRING(0); chkpass *result; char mysalt[4]; char *crypt_output; static char salt_chars[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; /* special case to let us enter encrypted passwords */ if (*str == ':') { result = (chkpass *) palloc0(sizeof(chkpass)); strlcpy(result->password, str + 1, 13 + 1); PG_RETURN_POINTER(result); } if (verify_pass(str) != 0) ereport(ERROR, (errcode(ERRCODE_DATA_EXCEPTION), errmsg("password \"%s\" is weak", str))); result = (chkpass *) palloc0(sizeof(chkpass)); if (!pg_backend_random(mysalt, 2)) ereport(ERROR, (errmsg("could not generate random salt"))); mysalt[0] = salt_chars[mysalt[0] & 0x3f]; mysalt[1] = salt_chars[mysalt[1] & 0x3f]; mysalt[2] = 0; /* technically the terminator is not necessary * but I like to play safe */ crypt_output = crypt(str, mysalt); if (crypt_output == NULL) ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE), errmsg("crypt() failed"))); strlcpy(result->password, crypt_output, sizeof(result->password)); PG_RETURN_POINTER(result); }
void do_login (char *nick, char *pass) { long i = 0, x = 0, D = 0; char Data[STRING_SHORT] = { 0 }, b[STRING_SHORT] = { 0}; struct userlist *c; c = userhead; while (c) { if (stricmp (nick, c->nick) == 0) { x = verify_pass (c->nick, c->chan, c->uh, pass); if (x > 0) { i++; if (c->level == 0 && x >= 2) { #if OP_USERS_ON_LOGIN == 1 /* only if not already authed */ S ("MODE %s +ov %s %s\n", c->chan, c->nick, c->nick); #endif D = 1; } c->level = x; snprintf (b, sizeof (b), "%s[%d] %s", c->chan, (int) c->level, Data); strncpy (Data, b, sizeof (Data)); } } c = c->next; } if (i != 0) { if (!D) { S ("NOTICE %s :Already authed on %s\n", nick, Data); } else S ("NOTICE %s :Verified: %s\n", nick, Data); } }