diff options
Diffstat (limited to 'modules/pam_userdb')
| -rw-r--r-- | modules/pam_userdb/.cvsignore | 8 | ||||
| -rw-r--r-- | modules/pam_userdb/Makefile.am | 34 | ||||
| -rw-r--r-- | modules/pam_userdb/README.xml | 41 | ||||
| -rw-r--r-- | modules/pam_userdb/create.pl | 23 | ||||
| -rw-r--r-- | modules/pam_userdb/pam_userdb.8.xml | 292 | ||||
| -rw-r--r-- | modules/pam_userdb/pam_userdb.c | 517 | ||||
| -rw-r--r-- | modules/pam_userdb/pam_userdb.h | 62 | ||||
| -rwxr-xr-x | modules/pam_userdb/tst-pam_userdb | 2 |
8 files changed, 0 insertions, 979 deletions
diff --git a/modules/pam_userdb/.cvsignore b/modules/pam_userdb/.cvsignore deleted file mode 100644 index ca9670ba..00000000 --- a/modules/pam_userdb/.cvsignore +++ /dev/null @@ -1,8 +0,0 @@ -*.la -*.lo -.deps -.libs -Makefile -Makefile.in -README -pam_userdb.8 diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am deleted file mode 100644 index a442ef83..00000000 --- a/modules/pam_userdb/Makefile.am +++ /dev/null @@ -1,34 +0,0 @@ -# -# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de> -# - -CLEANFILES = *~ - -EXTRA_DIST = README $(MANS) $(XMLS) create.pl tst-pam_userdb - -man_MANS = pam_userdb.8 -XMLS = README.xml pam_userdb.8.xml - -securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) - -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include -AM_LDFLAGS = -no-undefined -avoid-version -module \ - -L$(top_builddir)/libpam -lpam @LIBDB@ @LIBCRYPT@ -if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -endif - -if HAVE_LIBDB - securelib_LTLIBRARIES = pam_userdb.la - TESTS = tst-pam_userdb -endif - -noinst_HEADERS = pam_userdb.h - -if ENABLE_REGENERATE_MAN -noinst_DATA = README -README: pam_userdb.8.xml --include $(top_srcdir)/Make.xml.rules -endif - diff --git a/modules/pam_userdb/README.xml b/modules/pam_userdb/README.xml deleted file mode 100644 index b22c09e7..00000000 --- a/modules/pam_userdb/README.xml +++ /dev/null @@ -1,41 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -"http://www.docbook.org/xml/4.3/docbookx.dtd" -[ -<!-- -<!ENTITY pamaccess SYSTEM "pam_userdb.8.xml"> ---> -]> - -<article> - - <articleinfo> - - <title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_userdb.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_userdb-name"]/*)'/> - </title> - - </articleinfo> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_userdb.8.xml" xpointer='xpointer(//refsect1[@id = "pam_userdb-description"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_userdb.8.xml" xpointer='xpointer(//refsect1[@id = "pam_userdb-options"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_userdb.8.xml" xpointer='xpointer(//refsect1[@id = "pam_userdb-examples"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_userdb.8.xml" xpointer='xpointer(//refsect1[@id = "pam_userdb-author"]/*)'/> - </section> - -</article> diff --git a/modules/pam_userdb/create.pl b/modules/pam_userdb/create.pl deleted file mode 100644 index 224204b7..00000000 --- a/modules/pam_userdb/create.pl +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/perl -# this program creates a database in ARGV[1] from pairs given on -# stdandard input -# -# $Id$ - -use DB_File; - -my $database = $ARGV[0]; -die "Use: create.pl <database>\n" unless ($database); -print "Using database: $database\n"; - -my %lusers = (); - -tie %lusers, 'DB_File', $database, O_RDWR|O_CREAT, 0644, $DB_HASH ; -while (<STDIN>) { - my ($user, $pass) = split; - - $lusers{$user} = $pass; -} -untie %lusers; - - diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml deleted file mode 100644 index 70b416b3..00000000 --- a/modules/pam_userdb/pam_userdb.8.xml +++ /dev/null @@ -1,292 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_userdb"> - - <refmeta> - <refentrytitle>pam_userdb</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_userdb-name"> - <refname>pam_userdb</refname> - <refpurpose>PAM module to authenticate against a db database</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis id="pam_userdb-cmdsynopsis"> - <command>pam_userdb.so</command> - <arg choice="plain"> - db=<replaceable>/path/database</replaceable> - </arg> - <arg choice="opt"> - debug - </arg> - <arg choice="opt"> - crypt=[crypt|none] - </arg> - <arg choice="opt"> - icase - </arg> - <arg choice="opt"> - dump - </arg> - <arg choice="opt"> - try_first_pass - </arg> - <arg choice="opt"> - use_first_pass - </arg> - <arg choice="opt"> - unknown_ok - </arg> - <arg choice="opt"> - key_only - </arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id="pam_userdb-description"> - - <title>DESCRIPTION</title> - - <para> - The pam_userdb module is used to verify a username/password pair - against values stored in a Berkeley DB database. The database is - indexed by the username, and the data fields corresponding to the - username keys are the passwords. - </para> - </refsect1> - - <refsect1 id="pam_userdb-options"> - - <title>OPTIONS</title> - <variablelist> - <varlistentry> - <term> - <option>crypt=[crypt|none]</option> - </term> - <listitem> - <para> - Indicates whether encrypted or plaintext passwords are stored - in the database. If it is <option>crypt</option>, passwords - should be stored in the database in - <citerefentry> - <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> form. If <option>none</option> is selected, - passwords should be stored in the database as plaintext. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>db=<replaceable>/path/database</replaceable></option> - </term> - <listitem> - <para> - Use the <filename>/path/database</filename> database for - performing lookup. There is no default; the module will - return <emphasis remap='B'>PAM_IGNORE</emphasis> if no - database is provided. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>debug</option> - </term> - <listitem> - <para> - Print debug information. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>dump</option> - </term> - <listitem> - <para> - Dump all the entries in the database to the log. - Don't do this by default! - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>icase</option> - </term> - <listitem> - <para> - Make the password verification to be case insensitive - (ie when working with registration numbers and such). - Only works with plaintext password storage. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <option>try_first_pass</option> - </term> - <listitem> - <para> - Use the authentication token previously obtained by - another module that did the conversation with the - application. If this token can not be obtained then - the module will try to converse. This option can - be used for stacking different modules that need to - deal with the authentication tokens. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>use_first_pass</option> - </term> - <listitem> - <para> - Use the authentication token previously obtained by - another module that did the conversation with the - application. If this token can not be obtained then - the module will fail. This option can be used for - stacking different modules that need to deal with - the authentication tokens. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>unknown_ok</option> - </term> - <listitem> - <para> - Do not return error when checking for a user that is - not in the database. This can be used to stack more - than one pam_userdb module that will check a - username/password pair in more than a database. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>key_only</option> - </term> - <listitem> - <para> - The username and password are concatenated together - in the database hash as 'username-password' with a - random value. if the concatenation of the username and - password with a dash in the middle returns any result, - the user is valid. this is useful in cases where - the username may not be unique but the username and - password pair are. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_userdb-services"> - <title>MODULE SERVICES PROVIDED</title> - <para> - The services <option>auth</option> and <option>account</option> - are supported. - </para> - </refsect1> - - <refsect1 id='pam_userdb-return_values'> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para>Authentication failure.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_RECOVERY_ERR</term> - <listitem> - <para> - Authentication information cannot be recovered. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CONV_ERR</term> - <listitem> - <para> - Conversation failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SERVICE_ERR</term> - <listitem> - <para> - Error in service module. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Success. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User not known to the underlying authentication module. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_userdb-examples'> - <title>EXAMPLES</title> - <programlisting> -auth sufficient pam_userdb.so icase db=/etc/dbtest.db - </programlisting> - </refsect1> - - <refsect1 id='pam_userdb-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_userdb-author'> - <title>AUTHOR</title> - <para> - pam_userdb was written by Cristian Gafton >gafton@redhat.com<. - </para> - </refsect1> - -</refentry> diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c deleted file mode 100644 index a796b15e..00000000 --- a/modules/pam_userdb/pam_userdb.c +++ /dev/null @@ -1,517 +0,0 @@ -/* pam_userdb module */ - -/* - * Written by Cristian Gafton <gafton@redhat.com> 1996/09/10 - * See the end of the file for Copyright Information - */ - -#include "config.h" - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <syslog.h> -#include <stdarg.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <errno.h> -#ifdef HAVE_CRYPT_H -#include <crypt.h> -#endif - -#include "pam_userdb.h" - -#ifdef HAVE_NDBM_H -# include <ndbm.h> -#else -# ifdef HAVE_DB_H -# define DB_DBM_HSEARCH 1 /* use the dbm interface */ -# include <db.h> -# else -# error "failed to find a libdb or equivalent" -# endif -#endif - -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - -#include <security/pam_modules.h> -#include <security/pam_ext.h> -#include <security/_pam_macros.h> - -/* - * Conversation function to obtain the user's password - */ -static int -obtain_authtok(pam_handle_t *pamh) -{ - char *resp; - const void *item; - int retval; - - retval = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp, _("Password: ")); - - if (retval != PAM_SUCCESS) - return retval; - - if (resp == NULL) - return PAM_CONV_ERR; - - /* set the auth token */ - retval = pam_set_item(pamh, PAM_AUTHTOK, resp); - - /* clean it up */ - _pam_overwrite(resp); - _pam_drop(resp); - - if ( (retval != PAM_SUCCESS) || - (retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) - != PAM_SUCCESS ) { - return retval; - } - - return retval; -} - -static int -_pam_parse (pam_handle_t *pamh, int argc, const char **argv, - const char **database, const char **cryptmode) -{ - int ctrl; - - *database = NULL; - *cryptmode = NULL; - - /* step through arguments */ - for (ctrl = 0; argc-- > 0; ++argv) - { - /* generic options */ - - if (!strcmp(*argv,"debug")) - ctrl |= PAM_DEBUG_ARG; - else if (!strcasecmp(*argv, "icase")) - ctrl |= PAM_ICASE_ARG; - else if (!strcasecmp(*argv, "dump")) - ctrl |= PAM_DUMP_ARG; - else if (!strcasecmp(*argv, "unknown_ok")) - ctrl |= PAM_UNKNOWN_OK_ARG; - else if (!strcasecmp(*argv, "key_only")) - ctrl |= PAM_KEY_ONLY_ARG; - else if (!strcasecmp(*argv, "use_first_pass")) - ctrl |= PAM_USE_FPASS_ARG; - else if (!strcasecmp(*argv, "try_first_pass")) - ctrl |= PAM_TRY_FPASS_ARG; - else if (!strncasecmp(*argv,"db=", 3)) - { - *database = (*argv) + 3; - if (**database == '\0') { - *database = NULL; - pam_syslog(pamh, LOG_ERR, - "db= specification missing argument - ignored"); - } - } - else if (!strncasecmp(*argv,"crypt=", 6)) - { - *cryptmode = (*argv) + 6; - if (**cryptmode == '\0') - pam_syslog(pamh, LOG_ERR, - "crypt= specification missing argument - ignored"); - } - else - { - pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); - } - } - - return ctrl; -} - - -/* - * Looks up an user name in a database and checks the password - * - * return values: - * 1 = User not found - * 0 = OK - * -1 = Password incorrect - * -2 = System error - */ -static int -user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - const char *user, const char *pass, int ctrl) -{ - DBM *dbm; - datum key, data; - - /* Open the DB file. */ - dbm = dbm_open(database, O_RDONLY, 0644); - if (dbm == NULL) { - pam_syslog(pamh, LOG_ERR, - "user_lookup: could not open database `%s': %m", database); - return -2; - } - - /* dump out the database contents for debugging */ - if (ctrl & PAM_DUMP_ARG) { - pam_syslog(pamh, LOG_INFO, "Database dump:"); - for (key = dbm_firstkey(dbm); key.dptr != NULL; - key = dbm_nextkey(dbm)) { - data = dbm_fetch(dbm, key); - pam_syslog(pamh, LOG_INFO, - "key[len=%d] = `%s', data[len=%d] = `%s'", - key.dsize, key.dptr, data.dsize, data.dptr); - } - } - - /* do some more init work */ - memset(&key, 0, sizeof(key)); - memset(&data, 0, sizeof(data)); - if (ctrl & PAM_KEY_ONLY_ARG) { - if (asprintf(&key.dptr, "%s-%s", user, pass) < 0) - key.dptr = NULL; - else - key.dsize = strlen(key.dptr); - } else { - key.dptr = x_strdup(user); - key.dsize = strlen(user); - } - - if (key.dptr) { - data = dbm_fetch(dbm, key); - memset(key.dptr, 0, key.dsize); - free(key.dptr); - } - - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_INFO, - "password in database is [%p]`%.*s', len is %d", - data.dptr, data.dsize, (char *) data.dptr, data.dsize); - } - - if (data.dptr != NULL) { - int compare = 0; - - if (ctrl & PAM_KEY_ONLY_ARG) - { - dbm_close (dbm); - return 0; /* found it, data contents don't matter */ - } - - if (cryptmode && strncasecmp(cryptmode, "crypt", 5) == 0) { - - /* crypt(3) password storage */ - - char *cryptpw; - char salt[2]; - - if (data.dsize != 13) { - compare = -2; - } else if (ctrl & PAM_ICASE_ARG) { - compare = -2; - } else { - salt[0] = *data.dptr; - salt[1] = *(data.dptr + 1); - - cryptpw = crypt (pass, salt); - - if (cryptpw) { - compare = strncasecmp (data.dptr, cryptpw, data.dsize); - } else { - compare = -2; - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); - } - }; - - }; - - } else { - - /* Unknown password encryption method - - * default to plaintext password storage - */ - - if (strlen(pass) != (size_t)data.dsize) { - compare = 1; /* wrong password len -> wrong password */ - } else if (ctrl & PAM_ICASE_ARG) { - compare = strncasecmp(data.dptr, pass, data.dsize); - } else { - compare = strncmp(data.dptr, pass, data.dsize); - } - - if (cryptmode && strncasecmp(cryptmode, "none", 4) - && (ctrl & PAM_DEBUG_ARG)) { - pam_syslog(pamh, LOG_INFO, "invalid value for crypt parameter: %s", - cryptmode); - pam_syslog(pamh, LOG_INFO, "defaulting to plaintext password mode"); - } - - } - - dbm_close(dbm); - if (compare == 0) - return 0; /* match */ - else - return -1; /* wrong */ - } else { - int saw_user = 0; - - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_INFO, "error returned by dbm_fetch: %m"); - } - - /* probably we should check dbm_error() here */ - - if ((ctrl & PAM_KEY_ONLY_ARG) == 0) { - dbm_close(dbm); - return 1; /* not key_only, so no entry => no entry for the user */ - } - - /* now handle the key_only case */ - for (key = dbm_firstkey(dbm); - key.dptr != NULL; - key = dbm_nextkey(dbm)) { - int compare; - /* first compare the user portion (case sensitive) */ - compare = strncmp(key.dptr, user, strlen(user)); - if (compare == 0) { - /* assume failure */ - compare = -1; - /* if we have the divider where we expect it to be... */ - if (key.dptr[strlen(user)] == '-') { - saw_user = 1; - if ((size_t)key.dsize == strlen(user) + 1 + strlen(pass)) { - if (ctrl & PAM_ICASE_ARG) { - /* compare the password portion (case insensitive)*/ - compare = strncasecmp(key.dptr + strlen(user) + 1, - pass, - strlen(pass)); - } else { - /* compare the password portion (case sensitive) */ - compare = strncmp(key.dptr + strlen(user) + 1, - pass, - strlen(pass)); - } - } - } - if (compare == 0) { - dbm_close(dbm); - return 0; /* match */ - } - } - } - dbm_close(dbm); - if (saw_user) - return -1; /* saw the user, but password mismatch */ - else - return 1; /* not found */ - } - - /* NOT REACHED */ - return -2; -} - -/* --- authentication management functions (only) --- */ - -PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) -{ - const char *username; - const void *password; - const char *database = NULL; - const char *cryptmode = NULL; - int retval = PAM_AUTH_ERR, ctrl; - - /* parse arguments */ - ctrl = _pam_parse(pamh, argc, argv, &database, &cryptmode); - if (database == NULL) { - pam_syslog(pamh, LOG_ERR, "can not get the database name"); - return PAM_SERVICE_ERR; - } - - /* Get the username */ - retval = pam_get_user(pamh, &username, NULL); - if ((retval != PAM_SUCCESS) || (!username)) { - pam_syslog(pamh, LOG_ERR, "can not get the username"); - return PAM_SERVICE_ERR; - } - - if ((ctrl & PAM_USE_FPASS_ARG) == 0 && (ctrl & PAM_TRY_FPASS_ARG) == 0) { - /* Converse to obtain a password */ - retval = obtain_authtok(pamh); - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "can not obtain password from user"); - return retval; - } - } - - /* Check if we got a password */ - retval = pam_get_item(pamh, PAM_AUTHTOK, &password); - if (retval != PAM_SUCCESS || password == NULL) { - if ((ctrl & PAM_TRY_FPASS_ARG) != 0) { - /* Converse to obtain a password */ - retval = obtain_authtok(pamh); - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "can not obtain password from user"); - return retval; - } - retval = pam_get_item(pamh, PAM_AUTHTOK, &password); - } - if (retval != PAM_SUCCESS || password == NULL) { - pam_syslog(pamh, LOG_ERR, "can not recover user password"); - return PAM_AUTHTOK_RECOVERY_ERR; - } - } - - if (ctrl & PAM_DEBUG_ARG) - pam_syslog(pamh, LOG_INFO, "Verify user `%s' with a password", - username); - - /* Now use the username to look up password in the database file */ - retval = user_lookup(pamh, database, cryptmode, username, password, ctrl); - switch (retval) { - case -2: - /* some sort of system error. The log was already printed */ - return PAM_SERVICE_ERR; - case -1: - /* incorrect password */ - pam_syslog(pamh, LOG_WARNING, - "user `%s' denied access (incorrect password)", - username); - return PAM_AUTH_ERR; - case 1: - /* the user does not exist in the database */ - if (ctrl & PAM_DEBUG_ARG) - pam_syslog(pamh, LOG_NOTICE, - "user `%s' not found in the database", username); - return PAM_USER_UNKNOWN; - case 0: - /* Otherwise, the authentication looked good */ - pam_syslog(pamh, LOG_NOTICE, "user '%s' granted access", username); - return PAM_SUCCESS; - default: - /* we don't know anything about this return value */ - pam_syslog(pamh, LOG_ERR, - "internal module error (retval = %d, user = `%s'", - retval, username); - return PAM_SERVICE_ERR; - } - - /* should not be reached */ - return PAM_IGNORE; -} - -PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) -{ - return PAM_SUCCESS; -} - -PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) -{ - const char *username; - const char *database = NULL; - const char *cryptmode = NULL; - int retval = PAM_AUTH_ERR, ctrl; - - /* parse arguments */ - ctrl = _pam_parse(pamh, argc, argv, &database, &cryptmode); - - /* Get the username */ - retval = pam_get_user(pamh, &username, NULL); - if ((retval != PAM_SUCCESS) || (!username)) { - pam_syslog(pamh, LOG_ERR,"can not get the username"); - return PAM_SERVICE_ERR; - } - - /* Now use the username to look up password in the database file */ - retval = user_lookup(pamh, database, cryptmode, username, "", ctrl); - switch (retval) { - case -2: - /* some sort of system error. The log was already printed */ - return PAM_SERVICE_ERR; - case -1: - /* incorrect password, but we don't care */ - /* FALL THROUGH */ - case 0: - /* authentication succeeded. dumbest password ever. */ - return PAM_SUCCESS; - case 1: - /* the user does not exist in the database */ - return PAM_USER_UNKNOWN; - default: - /* we don't know anything about this return value */ - pam_syslog(pamh, LOG_ERR, - "internal module error (retval = %d, user = `%s'", - retval, username); - return PAM_SERVICE_ERR; - } - - return PAM_SUCCESS; -} - - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_userdb_modstruct = { - "pam_userdb", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL, -}; - -#endif - -/* - * Copyright (c) Cristian Gafton <gafton@redhat.com>, 1999 - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ diff --git a/modules/pam_userdb/pam_userdb.h b/modules/pam_userdb/pam_userdb.h deleted file mode 100644 index 4cd81baf..00000000 --- a/modules/pam_userdb/pam_userdb.h +++ /dev/null @@ -1,62 +0,0 @@ - -#ifndef _PAM_USERSDB_H -#define _PAM_USERSDB_H -/* $Id$ */ - -/* Header files */ -#include <security/pam_appl.h> - -/* argument parsing */ -#define PAM_DEBUG_ARG 0x0001 -#define PAM_ICASE_ARG 0x0002 -#define PAM_DUMP_ARG 0x0004 -#define PAM_UNKNOWN_OK_ARG 0x0010 -#define PAM_KEY_ONLY_ARG 0x0020 -#define PAM_USE_FPASS_ARG 0x0040 -#define PAM_TRY_FPASS_ARG 0x0080 - -/* Useful macros */ -#define x_strdup(s) ( (s) ? strdup(s):NULL ) - -/* The name of the module we are compiling */ -#ifndef MODULE_NAME -#define MODULE_NAME "pam_userdb" -#endif /* MODULE_NAME */ - -#endif /* _PAM_USERSDB_H */ - -/* - * Copyright (c) Cristian Gafton <gafton@redhat.com>, 1999 - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ diff --git a/modules/pam_userdb/tst-pam_userdb b/modules/pam_userdb/tst-pam_userdb deleted file mode 100755 index 5d5eb195..00000000 --- a/modules/pam_userdb/tst-pam_userdb +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -../../tests/tst-dlopen .libs/pam_userdb.so |