static int QueryServerForUser(int x, char *username, char *password) { int result = 1; result = Valid_User(username, password, ServerArray[x].pdc, ServerArray[x].bdc, ServerArray[x].domain); switch (result) { /* Write any helpful syslog messages */ case 0: break; case 1: syslog(LOG_AUTHPRIV | LOG_INFO, "Server error when checking %s.", username); break; case 2: syslog(LOG_AUTHPRIV | LOG_INFO, "Protocol error when checking %s.", username); break; case 3: syslog(LOG_AUTHPRIV | LOG_INFO, "Authentication failed for %s.", username); break; } return result; }
int main(int argc, char ** argv) { char * user, * pass, * server, * backup, * domain, * match; if(argc < 6) return 1; user = argv[1]; pass = argv[2]; server = argv[3]; backup = argv[4]; /* Handle alternate domains, if we have a '/' in the username, use the group specified before the '/', instead of argument 5 */ match = strchr(user, '/'); if (match) { *match = '\0'; domain = user; user = match+1; } else { domain = argv[5]; } if(Valid_User(user, pass, server, backup, domain) == NTV_NO_ERROR) return 0; return 1; }
int main(int argc, char ** argv) { char * user, * pass, * server, * backup, * domain; if(argc < 6) return 1; user = argv[1]; pass = argv[2]; server = argv[3]; backup = argv[4]; domain = argv[5]; if(Valid_User(user, pass, server, backup, domain) == NTV_NO_ERROR) return 0; return 1; }
static int _pam_auth_smb( pam_handle_t *pamh, int flags, int argc, const char **argv ) { int retval; struct passwd *pw; const char *name; char *p, *pp; int w,loop; const char *salt; char server[80],server2[80],domain[80]; char ntname[32]; int debug=0, use_first_pass=0; int nolocal=0; #ifdef HAVE_SHADOW_H struct spwd *sp; #endif /* Parse Command line options */ for (loop=0; loop<argc; loop++) { if (!strcmp(argv[loop], "debug")) debug=1; else if (!strcmp(argv[loop], "use_first_pass")) use_first_pass=1; else if (!strcmp(argv[loop], "nolocal")) nolocal=1; else syslog(LOG_AUTHPRIV | LOG_ERR, "pam_smb: Unknown Command Line Option in pam.d : %s", argv[loop]); } /* get the user'name' */ if ( (retval = pam_get_user( pamh, &name, "login: "******"x"))) { /* TODO: check if password has expired etc. */ salt = sp->sp_pwdp; } else #endif salt = pw->pw_passwd; } else return PAM_USER_UNKNOWN; /* The 'always-encrypt' method does not make sense in PAM because the framework requires return of a different error code for non-existant users -- alex */ if ( ( !pw->pw_passwd ) && ( !p ) ) if ( flags && PAM_DISALLOW_NULL_AUTHTOK ) return PAM_SUCCESS; pp = crypt(p, salt); if ( strcmp( pp, salt ) == 0 ) { if (debug) syslog(LOG_AUTHPRIV | LOG_DEBUG, "pam_smb: Local UNIX username/password pair correct."); return PAM_SUCCESS; } if (debug) { syslog (LOG_AUTHPRIV | LOG_DEBUG, "pam_smb: Local UNIX username/password check incorrect."); } } /* End of Local Section */ else { /* If Local System Authentication is switched off */ if (debug) syslog(LOG_AUTHPRIV | LOG_DEBUG,"No Local authentication done, relying on other modules for password file entry."); } w=smb_readpamconf(server,server2,domain); if (w!=0) { syslog(LOG_AUTHPRIV | LOG_ALERT, "pam_smb: Missing Configuration file : /etc/pam_smb.conf"); return PAM_AUTHINFO_UNAVAIL; } if (debug) { syslog(LOG_AUTHPRIV | LOG_DEBUG, "pam_smb: Configuration Data, Primary %s, Backup %s, Domain %s.", server, server2, domain); } w=Valid_User(ntname, p, server, server2, domain); /* Users valid user for return value 0 is success 1 and 2 indicate Network and protocol failures and 3 is not logged on */ switch (w) { case 0 : if (debug) syslog(LOG_AUTHPRIV | LOG_DEBUG, "pam_smb: Correct NT username/password pair"); return PAM_SUCCESS; break; case 1 : case 2 : return PAM_AUTHINFO_UNAVAIL; break; case 3 : default: syslog(LOG_AUTHPRIV | LOG_NOTICE, "pam_smb: Incorrect NT password for username : %s", ntname); return PAM_AUTH_ERR; break; } return PAM_AUTH_ERR; }
int main() { char username[256]; char password[256]; char wstr[256]; struct itimerval TimeOut; /* Read denied user file. If it fails there is a serious problem. Check syslog messages. Deny all users while in this state. The process should then be killed. */ if (Read_denyusers() == 1) { while (1) { fgets(wstr, 255, stdin); puts("ERR"); fflush(stdout); } } /* An alarm timer is used to check the denied user file for changes every minute. Reload the file if it has changed. */ TimeOut.it_interval.tv_sec = 60; TimeOut.it_interval.tv_usec = 0; TimeOut.it_value.tv_sec = 60; TimeOut.it_value.tv_usec = 0; setitimer(ITIMER_REAL, &TimeOut, 0); signal(SIGALRM, Checkforchange); signal(SIGHUP, Checkforchange); while (1) { /* Read whole line from standard input. Terminate on break. */ if (fgets(wstr, 255, stdin) == NULL) break; /* Clear any current settings */ username[0] = '\0'; password[0] = '\0'; sscanf(wstr, "%s %s", username, password); /* Extract parameters */ /* Check for invalid or blank entries */ if ((username[0] == '\0') || (password[0] == '\0')) { puts("ERR"); fflush(stdout); continue; } if (Check_user(username) == 1) /* Check if user is denied */ puts("ERR"); else { if (Valid_User(username, password, PRIMARY_DC, BACKUP_DC, NTDOMAIN) == 0) puts("OK"); else puts("ERR"); } fflush(stdout); } return 0; }