2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
15 #if defined(AFS_AIX41_ENV)
16 #include <sys/types.h>
17 #include <sys/param.h>
23 #include <sys/socket.h>
28 #include <afs/kauth.h>
29 #include <afs/kautils.h>
31 int afs_authenticate (char *userName, char *response, int *reenter, char **message) {
32 char *reason, *pword, prompt[256];
34 int code, unixauthneeded, password_expires = -1;
41 sprintf(prompt,"Enter AFS password for %s: ",userName);
42 pword=getpass(prompt);
43 if(strlen(pword)==0) {
44 printf("Unable to read password because zero length passord is illegal\n");
45 *message = (char *)malloc(256);
46 sprintf(*message, "Unable to read password because zero length passord is illegal\n");
50 if ((pwd = getpwnam(userName)) == NULL){
51 *message = (char *)malloc(256);
52 sprintf(*message, "getpwnam for user failed\n");
55 if (code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, userName,
56 NULL, NULL, pword, 0, &password_expires, 0, &reason)) {
59 *message = (char *)malloc(1024);
60 sprintf(*message, "Unable to authenticate to AFS because %s.\n", reason);
63 #if defined(AFS_KERBEROS_ENV)
64 setup_ticket_file(userName);
69 int afs_chpass (char *userName, char *oldPasswd, char *newPasswd, char **message) {
73 int afs_passwdexpired (char *userName, char **message) {
77 int afs_passwdrestrictions (char *userName, char *newPasswd, char *oldPasswd, char **message) {
81 int afs_getgrset (char *userName) {
85 struct group *afs_getgrgid (int id) {
89 struct group *afs_getgrnam (char *name) {
95 * This is a nasty hack. It seems getpwnam calls this routine and is not
96 * happy with NULL as result. Trying to call here getpwnam in order to get
97 * a reasonable result kills the whole program. So I tried to return
98 * a dummy pwd and it seems to work!
100 struct passwd *afs_getpwnam (char *user) {
105 char *shell = "/bin/sh";
106 char *nobody = "nobody";
109 strncpy((char *)&name, user, sizeof(name));
113 p.pw_passwd = passwd;
114 p.pw_uid = 4294967294;
115 p.pw_gid = 4294967294;
123 int afs_getpwnam(int id)
130 struct passwd *afs_getpwuid (uid_t uid) {
134 int afs_getpwuid(char *name)
140 int afs_initialize(struct secmethod_table *meths) {
142 * Initialize kauth package here so we don't have to call it
143 * each time we call the authenticate routine.
146 memset(meths, 0, sizeof(struct secmethod_table));
148 * Initialize the exported interface routines. Except the authenticate one
149 * the others are currently mainly noops.
151 meths->method_chpass = afs_chpass;
152 meths->method_authenticate = afs_authenticate;
153 meths->method_passwdexpired = afs_passwdexpired;
154 meths->method_passwdrestrictions = afs_passwdrestrictions;
156 * These we need to bring in because, for afs users, /etc/security/user's
157 * "registry" must non-local (i.e. DCE) since otherwise it assumes it's a
158 * local domain and uses valid_crypt(passwd) to validate the afs passwd
159 * which, of course, will fail. NULL return from these routine simply
160 * means use the local version ones after all.
162 meths->method_getgrgid = afs_getgrgid;
163 meths->method_getgrset = afs_getgrset;
164 meths->method_getgrnam = afs_getgrnam;
165 meths->method_getpwnam = afs_getpwnam;
166 meths->method_getpwuid = afs_getpwuid;
170 #if defined(AFS_KERBEROS_ENV)
172 setup_ticket_file(userName)
175 extern char* ktc_tkt_string();
178 setpwent(); /* open the pwd database */
179 pwd = getpwnam(userName);
182 if ( chown(ktc_tkt_string(), pwd->pw_uid, pwd->pw_gid) < 0 )
185 else perror("getpwnam : ");
186 endpwent(); /* close the pwd database */
188 #endif /* AFS_KERBEROS_ENV */