MODRET pw_auth(cmd_rec *cmd) { time_t now; char *cpw; time_t lstchg = -1, max = -1, inact = -1, disable = -1; const char *name; name = cmd->argv[0]; time(&now); cpw = _get_pw_info(cmd->tmp_pool, name, &lstchg, NULL, &max, NULL, &inact, &disable); if (!cpw) return PR_DECLINED(cmd); if (pr_auth_check(cmd->tmp_pool, cpw, cmd->argv[0], cmd->argv[1])) return PR_ERROR_INT(cmd, PR_AUTH_BADPWD); if (lstchg > (time_t) 0 && max > (time_t) 0 && inact > (time_t)0) if (now > lstchg + max + inact) return PR_ERROR_INT(cmd, PR_AUTH_AGEPWD); if (disable > (time_t) 0 && now > disable) return PR_ERROR_INT(cmd, PR_AUTH_DISABLEDPWD); session.auth_mech = "mod_auth_unix.c"; return PR_HANDLED(cmd); }
MODRET authfile_auth(cmd_rec *cmd) { char *tmp = NULL, *cleartxt_pass = NULL; const char *name = cmd->argv[0]; if (af_setpwent() < 0) { return PR_DECLINED(cmd); } /* Lookup the cleartxt password for this user. */ tmp = af_getpwpass(name); if (tmp == NULL) { /* For now, return DECLINED. Ideally, we could stash an auth module * identifier in the session structure, so that all auth modules could * coordinate/use their methods as long as they matched the auth module * used. */ return PR_DECLINED(cmd); #if 0 /* When the above is implemented, and if the user being checked was * provided by mod_auth_file, we'd return this. */ return PR_ERROR_INT(cmd, PR_AUTH_NOPWD); #endif } cleartxt_pass = pstrdup(cmd->tmp_pool, tmp); if (pr_auth_check(cmd->tmp_pool, cleartxt_pass, name, cmd->argv[1])) return PR_ERROR_INT(cmd, PR_AUTH_BADPWD); session.auth_mech = "mod_auth_file.c"; return PR_HANDLED(cmd); }