/*
* Check the users password against the standard UNIX
* password table.
*/
static int od_authenticate(UNUSED void *instance, REQUEST *request)
{
char *name, *passwd;
int ret;
long odResult = eDSAuthFailed;
/*
* We can only authenticate user requests which HAVE
* a User-Name attribute.
*/
if (!request->username) {
RDEBUG("ERROR: You set 'Auth-Type = OpenDirectory' for a request that does not contain a User-Name attribute!");
return RLM_MODULE_INVALID;
}
/*
* Can't do OpenDirectory if there's no password.
*/
if (!request->password ||
(request->password->attribute != PW_PASSWORD)) {
RDEBUG("ERROR: You set 'Auth-Type = OpenDirectory' for a request that does not contain a User-Password attribute!");
return RLM_MODULE_INVALID;
}
name = (char *)request->username->vp_strvalue;
passwd = (char *)request->password->vp_strvalue;
odResult = od_check_passwd(name, passwd);
switch(odResult)
{
case eDSNoErr:
ret = RLM_MODULE_OK;
break;
case eDSAuthUnknownUser:
case eDSAuthInvalidUserName:
case eDSAuthNewPasswordRequired:
case eDSAuthPasswordExpired:
case eDSAuthAccountDisabled:
case eDSAuthAccountExpired:
case eDSAuthAccountInactive:
case eDSAuthInvalidLogonHours:
case eDSAuthInvalidComputer:
ret = RLM_MODULE_USERLOCK;
break;
default:
ret = RLM_MODULE_REJECT;
break;
}
if (ret != RLM_MODULE_OK) {
RDEBUG("[%s]: Invalid password", name);
return ret;
}
return RLM_MODULE_OK;
}
int
main(int argc, char *argv[])
{
char* user = NULL;
char* locn = NULL;
int infosystem, ch;
infosystem = INFO_PAM;
while ((ch = getopt(argc, argv, "ci:l:")) != -1) {
switch(ch) {
case 'i':
if (!strcasecmp(optarg, "file")) {
infosystem = INFO_FILE;
} else if (!strcasecmp(optarg, "NIS")) {
infosystem = INFO_NIS;
} else if (!strcasecmp(optarg, "YP")) {
infosystem = INFO_NIS;
} else if (!strcasecmp(optarg, "opendirectory")) {
infosystem = INFO_OPEN_DIRECTORY;
} else if (!strcasecmp(optarg, "PAM")) {
infosystem = INFO_PAM;
} else {
fprintf(stderr, "%s: Unknown info system \'%s\'.\n",
progname, optarg);
usage();
}
break;
case 'l':
locn = optarg;
break;
case 'c':
literal++;
break;
case '?':
default:
usage();
break;
}
}
argc -= optind;
argv += optind;
if (argc > 1) {
usage();
} else if (argc == 1) {
user = argv[0];
}
if (user == NULL) {
struct passwd* pw = getpwuid(getuid());
if (pw != NULL && pw->pw_name != NULL) {
user = strdup(pw->pw_name);
}
if (user == NULL) {
fprintf(stderr, "you don't have a login name\n");
exit(1);
}
}
switch (infosystem)
{
case INFO_FILE:
file_check_passwd(user, locn);
break;
case INFO_NIS:
nis_check_passwd(user, locn);
break;
case INFO_OPEN_DIRECTORY:
od_check_passwd(user, locn);
break;
case INFO_PAM:
pam_check_passwd(user);
break;
}
exit(0);
}
