int pop_pass (POP *p) { struct passwd *pw; int i; int status; /* Make one string of all these parameters */ for (i = 1; i < p->parm_count; ++i) p->pop_parm[i][strlen(p->pop_parm[i])] = ' '; /* Look for the user in the password file */ if ((pw = k_getpwnam(p->user)) == NULL) return (pop_msg(p,POP_FAILURE, "Password supplied for \"%s\" is incorrect.", p->user)); if (p->kerberosp) { #ifdef KRB5 if (p->version == 5) { char *name; if (!krb5_kuserok (p->context, p->principal, p->user)) { pop_log (p, POP_PRIORITY, "krb5 permission denied"); return pop_msg(p, POP_FAILURE, "Popping not authorized"); } if(krb5_unparse_name (p->context, p->principal, &name) == 0) { pop_log(p, POP_INFO, "%s: %s -> %s", p->ipaddr, name, p->user); free (name); } } else { pop_log (p, POP_PRIORITY, "kerberos authentication failed"); return pop_msg (p, POP_FAILURE, "kerberos authentication failed"); } #endif { } } else { /* We don't accept connections from users with null passwords */ if (pw->pw_passwd == NULL) return (pop_msg(p, POP_FAILURE, "Password supplied for \"%s\" is incorrect.", p->user)); #ifdef OTP if (otp_verify_user (&p->otp_ctx, p->pop_parm[1]) == 0) /* pass OK */; else #endif /* Compare the supplied password with the password file entry */ if (p->auth_level != AUTH_NONE) return pop_msg(p, POP_FAILURE, "Password supplied for \"%s\" is incorrect.", p->user); else if (!strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd)) /* pass OK */; else { int ret = -1; #ifdef KRB5 if(ret) ret = krb5_verify_password (p); #endif if(ret) return pop_msg(p, POP_FAILURE, "Password incorrect"); } } status = login_user(p); if(status != POP_SUCCESS) return status; /* Authorization completed successfully */ return (pop_msg (p, POP_SUCCESS, "%s has %d message(s) (%ld octets).", p->user, p->msg_count, p->drop_size)); }
static int otp_verify(struct passwd *pwd, const char *password) { return (otp_verify_user (&otp_ctx, password)); }