/* * Check the users password against the standard UNIX * password table. */ static int od_authenticate(UNUSED void *instance, REQUEST *request) { char *name, *passwd; int ret; long odResult = eDSAuthFailed; /* * We can only authenticate user requests which HAVE * a User-Name attribute. */ if (!request->username) { RDEBUG("ERROR: You set 'Auth-Type = OpenDirectory' for a request that does not contain a User-Name attribute!"); return RLM_MODULE_INVALID; } /* * Can't do OpenDirectory if there's no password. */ if (!request->password || (request->password->attribute != PW_PASSWORD)) { RDEBUG("ERROR: You set 'Auth-Type = OpenDirectory' for a request that does not contain a User-Password attribute!"); return RLM_MODULE_INVALID; } name = (char *)request->username->vp_strvalue; passwd = (char *)request->password->vp_strvalue; odResult = od_check_passwd(name, passwd); switch(odResult) { case eDSNoErr: ret = RLM_MODULE_OK; break; case eDSAuthUnknownUser: case eDSAuthInvalidUserName: case eDSAuthNewPasswordRequired: case eDSAuthPasswordExpired: case eDSAuthAccountDisabled: case eDSAuthAccountExpired: case eDSAuthAccountInactive: case eDSAuthInvalidLogonHours: case eDSAuthInvalidComputer: ret = RLM_MODULE_USERLOCK; break; default: ret = RLM_MODULE_REJECT; break; } if (ret != RLM_MODULE_OK) { RDEBUG("[%s]: Invalid password", name); return ret; } return RLM_MODULE_OK; }
int main(int argc, char *argv[]) { char* user = NULL; char* locn = NULL; int infosystem, ch; infosystem = INFO_PAM; while ((ch = getopt(argc, argv, "ci:l:")) != -1) { switch(ch) { case 'i': if (!strcasecmp(optarg, "file")) { infosystem = INFO_FILE; } else if (!strcasecmp(optarg, "NIS")) { infosystem = INFO_NIS; } else if (!strcasecmp(optarg, "YP")) { infosystem = INFO_NIS; } else if (!strcasecmp(optarg, "opendirectory")) { infosystem = INFO_OPEN_DIRECTORY; } else if (!strcasecmp(optarg, "PAM")) { infosystem = INFO_PAM; } else { fprintf(stderr, "%s: Unknown info system \'%s\'.\n", progname, optarg); usage(); } break; case 'l': locn = optarg; break; case 'c': literal++; break; case '?': default: usage(); break; } } argc -= optind; argv += optind; if (argc > 1) { usage(); } else if (argc == 1) { user = argv[0]; } if (user == NULL) { struct passwd* pw = getpwuid(getuid()); if (pw != NULL && pw->pw_name != NULL) { user = strdup(pw->pw_name); } if (user == NULL) { fprintf(stderr, "you don't have a login name\n"); exit(1); } } switch (infosystem) { case INFO_FILE: file_check_passwd(user, locn); break; case INFO_NIS: nis_check_passwd(user, locn); break; case INFO_OPEN_DIRECTORY: od_check_passwd(user, locn); break; case INFO_PAM: pam_check_passwd(user); break; } exit(0); }