0
|
1 /* ========================================================================
|
|
2 * Copyright 1988-2006 University of Washington
|
|
3 *
|
|
4 * Licensed under the Apache License, Version 2.0 (the "License");
|
|
5 * you may not use this file except in compliance with the License.
|
|
6 * You may obtain a copy of the License at
|
|
7 *
|
|
8 * http://www.apache.org/licenses/LICENSE-2.0
|
|
9 *
|
|
10 *
|
|
11 * ========================================================================
|
|
12 */
|
|
13
|
|
14 /*
|
|
15 * Program: DCE check password
|
|
16 *
|
|
17 * Author: Mark Crispin
|
|
18 * Networks and Distributed Computing
|
|
19 * Computing & Communications
|
|
20 * University of Washington
|
|
21 * Administration Building, AG-44
|
|
22 * Seattle, WA 98195
|
|
23 * Internet: MRC@CAC.Washington.EDU
|
|
24 *
|
|
25 * Date: 1 August 1988
|
|
26 * Last Edited: 30 August 2006
|
|
27 */
|
|
28
|
|
29 /* Check password
|
|
30 * Accepts: login passwd struct
|
|
31 * password string
|
|
32 * argument count
|
|
33 * argument vector
|
|
34 * Returns: passwd struct if password validated, NIL otherwise
|
|
35 */
|
|
36
|
|
37 #include <dce/rpc.h>
|
|
38 #include <dce/sec_login.h>
|
|
39
|
|
40 struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[])
|
|
41 {
|
|
42 sec_passwd_rec_t pwr;
|
|
43 sec_login_handle_t lhdl;
|
|
44 boolean32 rstpwd;
|
|
45 sec_login_auth_src_t asrc;
|
|
46 error_status_t status;
|
|
47 FILE *fd;
|
|
48 /* easy case */
|
|
49 if (pw->pw_passwd && pw->pw_passwd[0] && pw->pw_passwd[1] &&
|
|
50 !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) return pw;
|
|
51 /* try DCE password cache file */
|
|
52 if (fd = fopen (PASSWD_OVERRIDE,"r")) {
|
|
53 char *usr = cpystr (pw->pw_name);
|
|
54 while ((pw = fgetpwent (fd)) && strcmp (usr,pw->pw_name));
|
|
55 fclose (fd); /* finished with cache file */
|
|
56 /* validate cached password */
|
|
57 if (pw && pw->pw_passwd && pw->pw_passwd[0] && pw->pw_passwd[1] &&
|
|
58 !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) {
|
|
59 fs_give ((void **) &usr);
|
|
60 return pw;
|
|
61 }
|
|
62 if (!pw) pw = getpwnam (usr);
|
|
63 fs_give ((void **) &usr);
|
|
64 }
|
|
65 if (pw) { /* try S-L-O-W DCE... */
|
|
66 sec_login_setup_identity ((unsigned_char_p_t) pw->pw_name,
|
|
67 sec_login_no_flags,&lhdl,&status);
|
|
68 if (status == error_status_ok) {
|
|
69 pwr.key.tagged_union.plain = (idl_char *) pass;
|
|
70 pwr.key.key_type = sec_passwd_plain;
|
|
71 pwr.pepper = NIL;
|
|
72 pwr.version_number = sec_passwd_c_version_none;
|
|
73 /* validate password with login context */
|
|
74 sec_login_validate_identity (lhdl,&pwr,&rstpwd,&asrc,&status);
|
|
75 if (!rstpwd && (asrc == sec_login_auth_src_network) &&
|
|
76 (status == error_status_ok)) {
|
|
77 sec_login_purge_context (&lhdl,&status);
|
|
78 if (status == error_status_ok) return pw;
|
|
79 }
|
|
80 }
|
|
81 }
|
|
82 return NIL; /* password validation failed */
|
|
83 }
|