extend getpwnam helper to also support shadow password systems

by Giancarlo Razzolini

diff --git a/configure.in b/configure.in
index 947b3ac23309ce14dfdb86dc2eb50927442950a5..7603b6a0984695ae781f7c916bb0378c346900bb 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -1,7 +1,7 @@
 
 dnl  Configuration input file for Squid
 dnl
-dnl  $Id: configure.in,v 1.427 2006/07/29 16:17:29 serassio Exp $
+dnl  $Id: configure.in,v 1.428 2006/07/31 00:14:48 hno Exp $
 dnl
 dnl
 dnl
@@ -11,7 +11,7 @@ AM_CONFIG_HEADER(include/autoconf.h)
 AC_CONFIG_AUX_DIR(cfgaux)
 AC_CONFIG_SRCDIR([src/main.cc])
 AM_INIT_AUTOMAKE([tar-ustar])
-AC_REVISION($Revision: 1.427 $)dnl
+AC_REVISION($Revision: 1.428 $)dnl
 AC_PREFIX_DEFAULT(/usr/local/squid)
 AM_MAINTAINER_MODE
 
@@ -1893,6 +1893,7 @@ AC_CHECK_HEADERS( \
        openssl/engine.h \
        poll.h \
        pwd.h \
+       shadow.h \
        regex.h \
        sched.h \
        signal.h \

diff --git a/helpers/basic_auth/getpwnam/getpwnam_auth.c b/helpers/basic_auth/getpwnam/getpwnam_auth.c
index 72c5f7a430c79fd5623c132f6a678faf9cb77ffc..9e5d03aac468311597c8b524904a465e6080684e 100644 (file)
--- a/helpers/basic_auth/getpwnam/getpwnam_auth.c
+++ b/helpers/basic_auth/getpwnam/getpwnam_auth.c
@@ -17,6 +17,11 @@
  *   + can handle LDAP request
  *   + can handle PAM request
  *
+ * 2006-07: Giancarlo Razzolini <linux-fan@onda.com.br>
+ * 
+ * Added functionality for doing shadow authentication too,
+ * using the getspnam() function on systems that support it.
+ *
  */
 
 #include "config.h"
@@ -39,17 +44,54 @@
 #if HAVE_PWD_H
 #include <pwd.h>
 #endif
+#if HAVE_SHADOW_H
+#include <shadow.h>
+#endif
 
 #include "util.h"
 
 #define ERR    "ERR\n"
 #define OK     "OK\n"
 
+int 
+passwd_auth(char *user, char *passwd)
+{
+    struct passwd *pwd;
+    pwd = getpwnam(user);
+    if (pwd == NULL) {
+       return 0;               /* User does not exist */
+    } else {
+       if (strcmp(pwd->pw_passwd, (char *) crypt(passwd, pwd->pw_passwd))) {
+           return 2;           /* Wrong password */
+       } else {
+           return 1;           /* Authentication Sucessful */
+       }
+    }
+}
+
+#if HAVE_SHADOW_H
+int 
+shadow_auth(char *user, char *passwd)
+{
+    struct spwd *pwd;
+    pwd = getspnam(user);
+    if (pwd == NULL) {
+       return passwd_auth(user, passwd);       /* Fall back to passwd_auth */
+    } else {
+       if (strcmp(pwd->sp_pwdp, crypt(passwd, pwd->sp_pwdp))) {
+           return 2;           /* Wrong password */
+       } else {
+           return 1;           /* Authentication Sucessful */
+       }
+    }
+}
+#endif
+
 int
 main()
 {
+    int auth = 0;
     char buf[256];
-    struct passwd *pwd;
     char *user, *passwd, *p;
 
     setbuf(stdout, NULL);
@@ -68,11 +110,15 @@ main()
        }
        rfc1738_unescape(user);
        rfc1738_unescape(passwd);
-       pwd = getpwnam(user);
-       if (pwd == NULL) {
+#if HAVE_SHADOW_H
+       auth = shadow_auth(user, passwd);
+#else
+       auth = passwd_auth(user, passwd);
+#endif
+       if (auth == 0) {
            printf("ERR No such user\n");
        } else {
-           if (strcmp(pwd->pw_passwd, (char *) crypt(passwd, pwd->pw_passwd))) {
+           if (auth == 2) {
                printf("ERR Wrong password\n");
            } else {
                printf(OK);