From: hno <> Date: Mon, 31 Jul 2006 06:14:48 +0000 (+0000) Subject: extend getpwnam helper to also support shadow password systems X-Git-Tag: SQUID_3_0_PRE5~204 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5e4d7d4c97a330048f6c3da74e2cebbd2a98a46;p=thirdparty%2Fsquid.git extend getpwnam helper to also support shadow password systems by Giancarlo Razzolini --- diff --git a/configure.in b/configure.in index 947b3ac233..7603b6a098 100644 --- a/configure.in +++ b/configure.in @@ -1,7 +1,7 @@ dnl Configuration input file for Squid dnl -dnl $Id: configure.in,v 1.427 2006/07/29 16:17:29 serassio Exp $ +dnl $Id: configure.in,v 1.428 2006/07/31 00:14:48 hno Exp $ dnl dnl dnl @@ -11,7 +11,7 @@ AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) AC_CONFIG_SRCDIR([src/main.cc]) AM_INIT_AUTOMAKE([tar-ustar]) -AC_REVISION($Revision: 1.427 $)dnl +AC_REVISION($Revision: 1.428 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -1893,6 +1893,7 @@ AC_CHECK_HEADERS( \ openssl/engine.h \ poll.h \ pwd.h \ + shadow.h \ regex.h \ sched.h \ signal.h \ diff --git a/helpers/basic_auth/getpwnam/getpwnam_auth.c b/helpers/basic_auth/getpwnam/getpwnam_auth.c index 72c5f7a430..9e5d03aac4 100644 --- a/helpers/basic_auth/getpwnam/getpwnam_auth.c +++ b/helpers/basic_auth/getpwnam/getpwnam_auth.c @@ -17,6 +17,11 @@ * + can handle LDAP request * + can handle PAM request * + * 2006-07: Giancarlo Razzolini + * + * Added functionality for doing shadow authentication too, + * using the getspnam() function on systems that support it. + * */ #include "config.h" @@ -39,17 +44,54 @@ #if HAVE_PWD_H #include #endif +#if HAVE_SHADOW_H +#include +#endif #include "util.h" #define ERR "ERR\n" #define OK "OK\n" +int +passwd_auth(char *user, char *passwd) +{ + struct passwd *pwd; + pwd = getpwnam(user); + if (pwd == NULL) { + return 0; /* User does not exist */ + } else { + if (strcmp(pwd->pw_passwd, (char *) crypt(passwd, pwd->pw_passwd))) { + return 2; /* Wrong password */ + } else { + return 1; /* Authentication Sucessful */ + } + } +} + +#if HAVE_SHADOW_H +int +shadow_auth(char *user, char *passwd) +{ + struct spwd *pwd; + pwd = getspnam(user); + if (pwd == NULL) { + return passwd_auth(user, passwd); /* Fall back to passwd_auth */ + } else { + if (strcmp(pwd->sp_pwdp, crypt(passwd, pwd->sp_pwdp))) { + return 2; /* Wrong password */ + } else { + return 1; /* Authentication Sucessful */ + } + } +} +#endif + int main() { + int auth = 0; char buf[256]; - struct passwd *pwd; char *user, *passwd, *p; setbuf(stdout, NULL); @@ -68,11 +110,15 @@ main() } rfc1738_unescape(user); rfc1738_unescape(passwd); - pwd = getpwnam(user); - if (pwd == NULL) { +#if HAVE_SHADOW_H + auth = shadow_auth(user, passwd); +#else + auth = passwd_auth(user, passwd); +#endif + if (auth == 0) { printf("ERR No such user\n"); } else { - if (strcmp(pwd->pw_passwd, (char *) crypt(passwd, pwd->pw_passwd))) { + if (auth == 2) { printf("ERR Wrong password\n"); } else { printf(OK);