diff options
| author | Laxmikant Rashinkar <LK.Rashinkar@gmail.com> | 2012-09-19 20:51:34 -0700 |
|---|---|---|
| committer | Laxmikant Rashinkar <LK.Rashinkar@gmail.com> | 2012-09-19 20:51:34 -0700 |
| commit | 1123323fda6d128fb98b0427e0ea5f6a2dc9e632 (patch) | |
| tree | 3407a3771a069f812554312ce7c36db625139cc2 /sesman/verify_user.c | |
| parent | 3cedfae76a2351bc8b1e5bd2ee33bbf8630dbacf (diff) | |
| download | xrdp-proprietary-1123323fda6d128fb98b0427e0ea5f6a2dc9e632.tar.gz xrdp-proprietary-1123323fda6d128fb98b0427e0ea5f6a2dc9e632.zip | |
o moved from GNU General Public License to Apache License, Version 2.0
o applied new coding standards to all .c files
o moved some files around
Diffstat (limited to 'sesman/verify_user.c')
| -rw-r--r-- | sesman/verify_user.c | 459 |
1 files changed, 239 insertions, 220 deletions
diff --git a/sesman/verify_user.c b/sesman/verify_user.c index aaa1515c..8765d7c2 100644 --- a/sesman/verify_user.c +++ b/sesman/verify_user.c @@ -1,21 +1,20 @@ -/* - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - xrdp: A Remote Desktop Protocol server. - Copyright (C) Jay Sorg 2005-2008 -*/ +/** + * xrdp: A Remote Desktop Protocol server. + * + * Copyright (C) Jay Sorg 2004-2012 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ /** * @@ -38,77 +37,89 @@ #define SECS_PER_DAY (24L*3600L) #endif -extern struct config_sesman* g_cfg; /* in sesman.c */ +extern struct config_sesman *g_cfg; /* in sesman.c */ static int DEFAULT_CC -auth_crypt_pwd(char* pwd, char* pln, char* crp); +auth_crypt_pwd(char *pwd, char *pln, char *crp); static int DEFAULT_CC -auth_account_disabled(struct spwd* stp); +auth_account_disabled(struct spwd *stp); /******************************************************************************/ /* returns boolean */ long DEFAULT_CC -auth_userpass(char* user, char* pass) +auth_userpass(char *user, char *pass) { - char salt[13] = "$1$"; - char hash[35] = ""; - char* encr = 0; - struct passwd* spw; - struct spwd* stp; - int saltcnt = 0; - - spw = getpwnam(user); - if (spw == 0) - { - return 0; - } - if (g_strncmp(spw->pw_passwd, "x", 3) == 0) - { - /* the system is using shadow */ - stp = getspnam(user); - if (stp == 0) + char salt[13] = "$1$"; + char hash[35] = ""; + char *encr = 0; + struct passwd *spw; + struct spwd *stp; + int saltcnt = 0; + + spw = getpwnam(user); + + if (spw == 0) { - return 0; + return 0; } - if (1==auth_account_disabled(stp)) + + if (g_strncmp(spw->pw_passwd, "x", 3) == 0) { - log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user); - return 0; + /* the system is using shadow */ + stp = getspnam(user); + + if (stp == 0) + { + return 0; + } + + if (1 == auth_account_disabled(stp)) + { + log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user); + return 0; + } + + g_strncpy(hash, stp->sp_pwdp, 34); } - g_strncpy(hash, stp->sp_pwdp, 34); - } - else - { - /* old system with only passwd */ - g_strncpy(hash, spw->pw_passwd, 34); - } - hash[34] = '\0'; - if (g_strncmp(hash, "$1$", 3) == 0) - { - /* gnu style crypt(); */ - saltcnt = 3; - while ((hash[saltcnt] != '$') && (saltcnt < 11)) + else { - salt[saltcnt] = hash[saltcnt]; - saltcnt++; + /* old system with only passwd */ + g_strncpy(hash, spw->pw_passwd, 34); } - salt[saltcnt] = '$'; - salt[saltcnt + 1] = '\0'; - } - else - { - /* classic two char salt */ - salt[0] = hash[0]; - salt[1] = hash[1]; - salt[2] = '\0'; - } - encr = crypt(pass,salt); - if (g_strncmp(encr, hash, 34) != 0) - { - return 0; - } - return 1; + + hash[34] = '\0'; + + if (g_strncmp(hash, "$1$", 3) == 0) + { + /* gnu style crypt(); */ + saltcnt = 3; + + while ((hash[saltcnt] != '$') && (saltcnt < 11)) + { + salt[saltcnt] = hash[saltcnt]; + saltcnt++; + } + + salt[saltcnt] = '$'; + salt[saltcnt + 1] = '\0'; + } + else + { + /* classic two char salt */ + salt[0] = hash[0]; + salt[1] = hash[1]; + salt[2] = '\0'; + } + + encr = crypt(pass, salt); + + if (g_strncmp(encr, hash, 34) != 0) + { + return 0; + } + + return 1; } /******************************************************************************/ @@ -116,138 +127,144 @@ auth_userpass(char* user, char* pass) int DEFAULT_CC auth_start_session(long in_val, int in_display) { - return 0; + return 0; } /******************************************************************************/ int DEFAULT_CC auth_end(long in_val) { - return 0; + return 0; } /******************************************************************************/ int DEFAULT_CC auth_set_env(long in_val) { - return 0; + return 0; } /******************************************************************************/ int DEFAULT_CC -auth_check_pwd_chg(char* user) +auth_check_pwd_chg(char *user) { - struct passwd* spw; - struct spwd* stp; - int now; - long today; - - spw = getpwnam(user); - if (spw == 0) - { - return AUTH_PWD_CHG_ERROR; - } - if (g_strncmp(spw->pw_passwd, "x", 3) != 0) - { - /* old system with only passwd */ - return AUTH_PWD_CHG_OK; - } + struct passwd *spw; + struct spwd *stp; + int now; + long today; + + spw = getpwnam(user); + + if (spw == 0) + { + return AUTH_PWD_CHG_ERROR; + } + + if (g_strncmp(spw->pw_passwd, "x", 3) != 0) + { + /* old system with only passwd */ + return AUTH_PWD_CHG_OK; + } + + /* the system is using shadow */ + stp = getspnam(user); + + if (stp == 0) + { + return AUTH_PWD_CHG_ERROR; + } - /* the system is using shadow */ - stp = getspnam(user); - if (stp == 0) - { - return AUTH_PWD_CHG_ERROR; - } + /* check if we need a pwd change */ + now = g_time1(); + today = now / SECS_PER_DAY; - /* check if we need a pwd change */ - now=g_time1(); - today=now/SECS_PER_DAY; + if (stp->sp_expire == -1) + { + return AUTH_PWD_CHG_OK; + } + + if (today >= (stp->sp_lstchg + stp->sp_max - stp->sp_warn)) + { + return AUTH_PWD_CHG_CHANGE; + } + + if (today >= (stp->sp_lstchg + stp->sp_max)) + { + return AUTH_PWD_CHG_CHANGE_MANDATORY; + } + + if (today < ((stp->sp_lstchg) + (stp->sp_min))) + { + /* cannot change pwd for now */ + return AUTH_PWD_CHG_NOT_NOW; + } - if (stp->sp_expire == -1) - { return AUTH_PWD_CHG_OK; - } - if (today >= (stp->sp_lstchg + stp->sp_max - stp->sp_warn)) - { - return AUTH_PWD_CHG_CHANGE; - } - - if (today >= (stp->sp_lstchg + stp->sp_max)) - { - return AUTH_PWD_CHG_CHANGE_MANDATORY; - } - - if (today < ((stp->sp_lstchg)+(stp->sp_min))) - { - /* cannot change pwd for now */ - return AUTH_PWD_CHG_NOT_NOW; - } - - return AUTH_PWD_CHG_OK; } int DEFAULT_CC -auth_change_pwd(char* user, char* newpwd) +auth_change_pwd(char *user, char *newpwd) { - struct passwd* spw; - struct spwd* stp; - char hash[35] = ""; - long today; + struct passwd *spw; + struct spwd *stp; + char hash[35] = ""; + long today; - FILE* fd; + FILE *fd; - if (0 != lckpwdf()) - { - return 1; - } + if (0 != lckpwdf()) + { + return 1; + } - /* open passwd */ - spw = getpwnam(user); - if (spw == 0) - { - return 1; - } + /* open passwd */ + spw = getpwnam(user); - if (g_strncmp(spw->pw_passwd, "x", 3) != 0) - { - /* old system with only passwd */ - if (auth_crypt_pwd(spw->pw_passwd, newpwd, hash) != 0) + if (spw == 0) { - ulckpwdf(); - return 1; + return 1; } - spw->pw_passwd=g_strdup(hash); - fd = fopen("/etc/passwd", "rw"); - putpwent(spw, fd); - } - else - { - /* the system is using shadow */ - stp = getspnam(user); - if (stp == 0) + if (g_strncmp(spw->pw_passwd, "x", 3) != 0) { - return 1; + /* old system with only passwd */ + if (auth_crypt_pwd(spw->pw_passwd, newpwd, hash) != 0) + { + ulckpwdf(); + return 1; + } + + spw->pw_passwd = g_strdup(hash); + fd = fopen("/etc/passwd", "rw"); + putpwent(spw, fd); } - - /* old system with only passwd */ - if (auth_crypt_pwd(stp->sp_pwdp, newpwd, hash) != 0) + else { - ulckpwdf(); - return 1; + /* the system is using shadow */ + stp = getspnam(user); + + if (stp == 0) + { + return 1; + } + + /* old system with only passwd */ + if (auth_crypt_pwd(stp->sp_pwdp, newpwd, hash) != 0) + { + ulckpwdf(); + return 1; + } + + stp->sp_pwdp = g_strdup(hash); + today = g_time1() / SECS_PER_DAY; + stp->sp_lstchg = today; + stp->sp_expire = today + stp->sp_max + stp->sp_inact; + fd = fopen("/etc/shadow", "rw"); + putspent(stp, fd); } - stp->sp_pwdp = g_strdup(hash); - today = g_time1() / SECS_PER_DAY; - stp->sp_lstchg = today; - stp->sp_expire = today + stp->sp_max + stp->sp_inact; - fd = fopen("/etc/shadow", "rw"); - putspent(stp, fd); - } - - ulckpwdf(); - return 0; + ulckpwdf(); + return 0; } /** @@ -260,36 +277,38 @@ auth_change_pwd(char* user, char* newpwd) */ static int DEFAULT_CC -auth_crypt_pwd(char* pwd, char* pln, char* crp) +auth_crypt_pwd(char *pwd, char *pln, char *crp) { - char salt[13] = "$1$"; - int saltcnt = 0; - char* encr; - - if (g_strncmp(pwd, "$1$", 3) == 0) - { - /* gnu style crypt(); */ - saltcnt = 3; - while ((pwd[saltcnt] != '$') && (saltcnt < 11)) + char salt[13] = "$1$"; + int saltcnt = 0; + char *encr; + + if (g_strncmp(pwd, "$1$", 3) == 0) + { + /* gnu style crypt(); */ + saltcnt = 3; + + while ((pwd[saltcnt] != '$') && (saltcnt < 11)) + { + salt[saltcnt] = pwd[saltcnt]; + saltcnt++; + } + + salt[saltcnt] = '$'; + salt[saltcnt + 1] = '\0'; + } + else { - salt[saltcnt] = pwd[saltcnt]; - saltcnt++; + /* classic two char salt */ + salt[0] = pwd[0]; + salt[1] = pwd[1]; + salt[2] = '\0'; } - salt[saltcnt] = '$'; - salt[saltcnt + 1] = '\0'; - } - else - { - /* classic two char salt */ - salt[0] = pwd[0]; - salt[1] = pwd[1]; - salt[2] = '\0'; - } - - encr = crypt(pln, salt); - g_strncpy(crp, encr, 34); - - return 0; + + encr = crypt(pln, salt); + g_strncpy(crp, encr, 34); + + return 0; } /** @@ -298,35 +317,35 @@ auth_crypt_pwd(char* pwd, char* pln, char* crp) * */ static int DEFAULT_CC -auth_account_disabled(struct spwd* stp) +auth_account_disabled(struct spwd *stp) { - int today; + int today; - if (0 == stp) - { - /* if an invalid struct was passed we assume a disabled account */ - return 1; - } + if (0 == stp) + { + /* if an invalid struct was passed we assume a disabled account */ + return 1; + } - today = g_time1() / SECS_PER_DAY; + today = g_time1() / SECS_PER_DAY; - LOG_DBG("last %d",stp->sp_lstchg); - LOG_DBG("min %d",stp->sp_min); - LOG_DBG("max %d",stp->sp_max); - LOG_DBG("inact %d",stp->sp_inact); - LOG_DBG("warn %d",stp->sp_warn); - LOG_DBG("expire %d",stp->sp_expire); - LOG_DBG("today %d",today); + LOG_DBG("last %d", stp->sp_lstchg); + LOG_DBG("min %d", stp->sp_min); + LOG_DBG("max %d", stp->sp_max); + LOG_DBG("inact %d", stp->sp_inact); + LOG_DBG("warn %d", stp->sp_warn); + LOG_DBG("expire %d", stp->sp_expire); + LOG_DBG("today %d", today); - if ((stp->sp_expire != -1) && (today >= stp->sp_expire)) - { - return 1; - } + if ((stp->sp_expire != -1) && (today >= stp->sp_expire)) + { + return 1; + } - if (today >= (stp->sp_lstchg+stp->sp_max+stp->sp_inact)) - { - return 1; - } + if (today >= (stp->sp_lstchg + stp->sp_max + stp->sp_inact)) + { + return 1; + } - return 0; + return 0; } |