]>
Commit | Line | Data |
---|---|---|
505397d5 | 1 | --- XFree86-3.3.2/xc/programs/xdm/greeter/verify.c.nopam Tue May 27 02:22:28 1997 |
2 | +++ XFree86-3.3.2/xc/programs/xdm/greeter/verify.c Tue Mar 3 17:15:17 1998 | |
3 | @@ -41,6 +41,9 @@ | |
4 | ||
5 | # include "dm.h" | |
6 | # include <pwd.h> | |
7 | +#ifdef USE_PAM | |
8 | +# include <security/pam_appl.h> | |
9 | +#else /* ! USE_PAM */ | |
10 | #ifdef USESHADOW | |
11 | # include <shadow.h> | |
12 | #if defined(SHADOWSUITE) && defined(linux) | |
13 | @@ -51,6 +54,7 @@ | |
14 | extern int errno; | |
15 | #endif | |
16 | #endif | |
17 | +#endif /* USE_PAM */ | |
18 | ||
19 | # include "greet.h" | |
20 | ||
21 | @@ -104,6 +108,49 @@ | |
22 | return env; | |
23 | } | |
24 | ||
25 | +#ifdef USE_PAM | |
26 | +static char *PAM_password; | |
27 | + | |
28 | +static int PAM_conv (int num_msg, | |
29 | + const struct pam_message **msg, | |
30 | + struct pam_response **resp, | |
31 | + void *appdata_ptr) { | |
32 | + int replies = 0; | |
33 | + struct pam_response *reply = NULL; | |
34 | + | |
35 | + reply = malloc(sizeof(struct pam_response)); | |
36 | + if (!reply) return PAM_CONV_ERR; | |
37 | + #define COPY_STRING(s) (s) ? strdup(s) : NULL | |
38 | + | |
39 | + for (replies = 0; replies < num_msg; replies++) { | |
40 | + switch (msg[replies]->msg_style) { | |
41 | + case PAM_PROMPT_ECHO_OFF: | |
42 | + /* wants password */ | |
43 | + reply[replies].resp_retcode = PAM_SUCCESS; | |
44 | + reply[replies].resp = COPY_STRING(PAM_password); | |
45 | + break; | |
46 | + case PAM_TEXT_INFO: | |
47 | + /* ignore the informational mesage */ | |
48 | + break; | |
49 | + case PAM_PROMPT_ECHO_ON: | |
50 | + /* user name given to PAM already */ | |
51 | + /* fall through */ | |
52 | + default: | |
53 | + /* unknown or PAM_ERROR_MSG */ | |
54 | + free (reply); | |
55 | + return PAM_CONV_ERR; | |
56 | + } | |
57 | + } | |
58 | + *resp = reply; | |
59 | + return PAM_SUCCESS; | |
60 | +} | |
61 | + | |
62 | +static struct pam_conv PAM_conversation = { | |
63 | + &PAM_conv, | |
64 | + NULL | |
65 | +}; | |
66 | +#endif | |
67 | + | |
68 | int | |
69 | Verify (d, greet, verify) | |
70 | struct display *d; | |
71 | @@ -121,6 +168,10 @@ | |
72 | #endif | |
73 | char *shell, *home; | |
74 | char **argv; | |
75 | +#ifdef USE_PAM | |
76 | + pam_handle_t *pamh; | |
77 | + int pam_error; | |
78 | +#endif | |
79 | ||
80 | Debug ("Verify %s ...\n", greet->name); | |
81 | p = getpwnam (greet->name); | |
82 | @@ -131,6 +182,7 @@ | |
83 | } else { | |
84 | user_pass = p->pw_passwd; | |
85 | } | |
86 | +#ifndef USE_PAM | |
87 | #ifdef USESHADOW | |
88 | errno = 0; | |
89 | sp = getspnam(greet->name); | |
90 | @@ -153,6 +205,28 @@ | |
91 | return 0; | |
92 | } /* else: null passwd okay */ | |
93 | } | |
94 | +#else /* USE_PAM */ | |
95 | + #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \ | |
96 | + pam_end(pamh, 0); return 0; \ | |
97 | + } | |
98 | + PAM_password = greet->password; | |
99 | + pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh); | |
100 | + PAM_BAIL; | |
101 | + pam_error = pam_set_item(pamh, PAM_TTY, d->name); | |
102 | + PAM_BAIL; | |
103 | + pam_error = pam_authenticate(pamh, 0); | |
104 | + PAM_BAIL; | |
105 | + pam_error = pam_acct_mgmt(pamh, 0); | |
106 | + /* really should do password changing, but it doesn't fit well */ | |
107 | + PAM_BAIL; | |
108 | + pam_error = pam_setcred(pamh, 0); | |
109 | + PAM_BAIL; | |
110 | + /* unfortunately, it's not clear at the moment how to do session | |
111 | + * management; it's possible, since xdm hangs around, but I don't | |
112 | + * see yet how to tear the sessions down. | |
113 | + */ | |
114 | + pam_end(pamh, PAM_SUCCESS); | |
115 | +#endif /* USE_PAM */ | |
116 | Debug ("verify succeeded\n"); | |
117 | bzero(user_pass, strlen(user_pass)); /* in case shadow password */ | |
118 | /* The password is passed to StartClient() for use by user-based | |
119 | --- XFree86-3.3.2/xc/programs/xdm/Imakefile.nopam Tue Mar 3 17:15:13 1998 | |
120 | +++ XFree86-3.3.2/xc/programs/xdm/Imakefile Wed Mar 4 10:14:36 1998 | |
121 | @@ -18,6 +18,8 @@ | |
122 | * but not all NetBSD/Alpha systems have shared libraries, and | |
123 | * it can't be shared on those which do not. | |
124 | */ | |
125 | + | |
126 | +/* Don't use this with PAM | |
127 | #ifndef SharedLibXdmGreet | |
128 | #define SharedLibXdmGreet \ | |
129 | ((defined(AlphaArchitecture) && \ | |
130 | @@ -29,11 +31,23 @@ | |
131 | #ifndef BuildBoth | |
132 | #define BuildBoth (defined(LinuxArchitecture) && !SharedLibXdmGreet && !UseElfFormat) | |
133 | #endif | |
134 | +*/ | |
135 | + | |
136 | +/* this is a hack */ | |
137 | ||
138 | #ifndef LinuxShadowSuite | |
139 | #define LinuxShadowSuite NO | |
140 | #endif | |
141 | ||
142 | +#ifdef BuildBoth | |
143 | +#undef BuildBoth | |
144 | +#define BuildBoth 0 | |
145 | +#endif | |
146 | + | |
147 | +#ifdef SharedLibXdmGreet | |
148 | +#undef SharedLibXdmGreet | |
149 | +#endif | |
150 | + | |
151 | #if HasXdmAuth | |
152 | XDMAUTH_DEFINES = -DHASXDMAUTH | |
153 | XDMAUTHOBJS = xdmauth.o | |
154 | @@ -133,7 +147,7 @@ | |
155 | ||
156 | INCLUDES = $(KRB5_INCLUDE) | |
157 | DEPLIBS = $(DEPXMULIB) $(DEPXTOOLLIB) $(DEPXLIB) $(DEPXAUTHLIB) $(DEPXDMCPLIB) | |
158 | -LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) $(DLLIBRARY) $(CRYPT_LIBRARIES) | |
159 | +LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) -lpam -ldl $(CRYPT_LIBRARIES) | |
160 | ||
161 | SRCS1 = auth.c daemon.c server.c dpylist.c dm.c error.c file.c \ | |
162 | netaddr.c reset.c resource.c protodpy.c policy.c \ | |
163 | @@ -182,6 +196,7 @@ | |
164 | OSMAJORVERSION = OSMajorVersion | |
165 | OSMINORVERSION = OSMinorVersion | |
166 | CONN_DEFINES = $(CONNECTION_FLAGS) | |
167 | + EXTRA_DEFINES = -DUSE_PAM | |
168 | DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \ | |
169 | $(SIGNAL_DEFINES) \ | |
170 | $(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \ |