1 /*- 2 * Copyright 1998 Juniper Networks, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #include <sys/types.h> 30 #include <pwd.h> 31 #include <stdlib.h> 32 #include <string.h> 33 #include <unistd.h> 34 35 #define PAM_SM_AUTH 36 #include <security/pam_modules.h> 37 38 #include "pam_mod_misc.h" 39 40 #define PASSWORD_PROMPT "Password:" 41 42 PAM_EXTERN int 43 pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, 44 const char **argv) 45 { 46 int retval; 47 const char *user; 48 const char *password; 49 struct passwd *pwd; 50 char *encrypted; 51 int options; 52 int i; 53 54 options = 0; 55 for (i = 0; i < argc; i++) 56 pam_std_option(&options, argv[i]); 57 if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) 58 return retval; 59 if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT, 60 options)) != PAM_SUCCESS) 61 return retval; 62 if ((pwd = getpwnam(user)) != NULL) { 63 encrypted = crypt(password, pwd->pw_passwd); 64 if (password[0] == '\0' && pwd->pw_passwd[0] != '\0') 65 encrypted = ":"; 66 67 retval = strcmp(encrypted, pwd->pw_passwd) == 0 ? 68 PAM_SUCCESS : PAM_AUTH_ERR; 69 } else { 70 /* 71 * User unknown. Encrypt anyway so that it takes the 72 * same amount of time. 73 */ 74 crypt(password, "xx"); 75 retval = PAM_AUTH_ERR; 76 } 77 /* 78 * The PAM infrastructure will obliterate the cleartext 79 * password before returning to the application. 80 */ 81 return retval; 82 } 83 84 PAM_EXTERN int 85 pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) 86 { 87 return PAM_SUCCESS; 88 } 89 90 PAM_MODULE_ENTRY("pam_unix"); 91