shadow/libmisc/pwdcheck.c
nekral-guest 9adfc136b6 * lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
  libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
  Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
  xgetgrgid(), and xgetspnam(). They allocate memory for the
  returned structure and are more robust to successive calls. They
  are implemented with the libc's getxxyyy_r() functions if
  available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
  libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
  libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
  src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
  src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
  src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
  src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
  src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
  src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
  usage of one of the getpwnam(), getpwuid(), getgrnam(),
  getgrgid(), and getspnam() functions. It was noticed on
  http://bugs.debian.org/341230 that chfn and chsh use a passwd
  structure after calling a pam function, which result in using
  information from the passwd structure requested by pam, not the
  original one. It is much easier to use the new xget... functions
  to avoid these issues. I've checked which call to the original
  get... functions could be left (reducing the scope of the
  structure if possible), and I've left comments to ease future
  reviews (e.g. /* local, no need for xgetpwnam */).
  Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
  lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
  functions (used by the xget... functions) from the <xx>io.c files
  to the new <xx>mem.c files. This avoid linking some utils against
  the SELinux library.
2007-11-18 23:15:26 +00:00

60 lines
1.3 KiB
C

#include <config.h>
#ident "$Id$"
#include <pwd.h>
#include <stdio.h>
#include "prototypes.h"
#include "defines.h"
#include "pwauth.h"
#ifdef HAVE_SHADOW_H
#include <shadow.h>
#endif
#ifdef USE_PAM
#include "pam_defs.h"
#endif
#define WRONGPWD2 "incorrect password for `%s'"
void passwd_check (const char *user, const char *passwd, const char *progname)
{
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
int retcode;
if (pam_start (progname, user, &conv, &pamh)) {
bailout:
SYSLOG ((LOG_WARN, WRONGPWD2, user));
sleep (1);
fprintf (stderr, _("Incorrect password for %s.\n"), user);
exit (1);
}
if (pam_authenticate (pamh, 0))
goto bailout;
retcode = pam_acct_mgmt (pamh, 0);
if (retcode == PAM_NEW_AUTHTOK_REQD)
retcode = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (retcode)
goto bailout;
if (pam_setcred (pamh, 0))
goto bailout;
/* no need to establish a session; this isn't a session-oriented
* activity... */
#else /* !USE_PAM */
struct spwd *sp;
if ((sp = getspnam (user))) /* !USE_PAM, no need for xgetspnam */
passwd = sp->sp_pwdp;
endspent ();
if (pw_auth (passwd, user, PW_LOGIN, (char *) 0) != 0) {
SYSLOG ((LOG_WARN, WRONGPWD2, user));
sleep (1);
fprintf (stderr, _("Incorrect password for %s.\n"), user);
exit (1);
}
#endif /* !USE_PAM */
}