2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
16 #if defined(AFS_AIX41_ENV)
17 #include <sys/types.h>
18 #include <sys/param.h>
24 #include <sys/socket.h>
29 #include <afs/kauth.h>
30 #include <afs/kautils.h>
32 struct passwd *afs_getpwnam_int(char *, int);
35 afs_authenticate(char *userName, char *response, int *reenter, char **message)
37 char *reason, *pword, prompt[256];
39 int code, unixauthneeded, password_expires = -1;
46 sprintf(prompt, "Enter AFS password for %s: ", userName);
47 pword = getpass(prompt);
48 if (strlen(pword) == 0) {
50 ("Unable to read password because zero length passord is illegal\n");
51 *message = (char *)malloc(256);
53 "Unable to read password because zero length passord is illegal\n");
58 if ((pwd = afs_getpwnam_int(userName, 1)) == NULL)
60 if ((pwd = getpwnam(userName)) == NULL)
63 *message = (char *)malloc(256);
64 sprintf(*message, "getpwnam for user failed\n");
68 ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG,
69 userName, (char *)0, (char *)0, pword, 0,
70 &password_expires, 0, &reason)) {
73 *message = (char *)malloc(1024);
74 sprintf(*message, "Unable to authenticate to AFS because %s.\n",
78 #if defined(AFS_KERBEROS_ENV)
79 setup_ticket_file(userName);
85 afs_chpass(char *userName, char *oldPasswd, char *newPasswd, char **message)
91 afs_passwdexpired(char *userName, char **message)
97 afs_passwdrestrictions(char *userName, char *newPasswd, char *oldPasswd,
104 afs_getgrset(char *userName)
113 static char name[64];
114 static char passwd[64];
115 static struct group grp;
119 while ((g = getgrent()) != NULL) {
120 if (g->gr_gid == id) {
121 strncpy(&name, g->gr_name, sizeof(name));
122 strncpy(&passwd, g->gr_passwd, sizeof(passwd));
124 grp.gr_passwd = &passwd;
125 grp.gr_gid = g->gr_gid;
138 afs_getgrnam(char *name)
145 afs_getpwnam(char *user)
147 return (struct passwd *) afs_getpwnam_int(user, 0);
151 afs_getpwnam_int(char *user, int ignore)
153 static char name[64];
154 static char passwd[64];
155 static char gecos[256];
156 static char dir[256];
157 static char shell[256];
158 static struct passwd pwd;
161 pwd.pw_uid = 4294967294;
162 pwd.pw_gid = 4294967294;
163 strcpy((char *)&shell, "/bin/false");
167 while ((p = getpwent()) != NULL) {
168 if (!strcmp(p->pw_name, user)) {
169 strncpy(&name, p->pw_name, sizeof(name));
170 strncpy(&passwd, p->pw_passwd, sizeof(passwd));
171 strncpy(&gecos, p->pw_gecos, sizeof(gecos));
172 strncpy(&dir, p->pw_dir, sizeof(dir));
173 strncpy(&shell, p->pw_shell, sizeof(shell));
175 pwd.pw_passwd = &passwd;
176 pwd.pw_uid = p->pw_uid;
177 pwd.pw_gid = p->pw_gid;
178 pwd.pw_gecos = &gecos;
180 pwd.pw_shell = &shell;
185 if (ignore && (p == NULL))
198 afs_getpwuid(char *name)
204 afs_initialize(struct secmethod_table *meths)
207 * Initialize kauth package here so we don't have to call it
208 * each time we call the authenticate routine.
211 memset(meths, 0, sizeof(struct secmethod_table));
213 * Initialize the exported interface routines. Except the authenticate one
214 * the others are currently mainly noops.
216 meths->method_chpass = afs_chpass;
217 meths->method_authenticate = afs_authenticate;
218 meths->method_passwdexpired = afs_passwdexpired;
219 meths->method_passwdrestrictions = afs_passwdrestrictions;
221 * These we need to bring in because, for afs users, /etc/security/user's
222 * "registry" must non-local (i.e. DCE) since otherwise it assumes it's a
223 * local domain and uses valid_crypt(passwd) to validate the afs passwd
224 * which, of course, will fail. NULL return from these routine simply
225 * means use the local version ones after all.
227 meths->method_getgrgid = afs_getgrgid;
228 meths->method_getgrset = afs_getgrset;
229 meths->method_getgrnam = afs_getgrnam;
230 meths->method_getpwnam = afs_getpwnam;
231 meths->method_getpwuid = afs_getpwuid;
235 #if defined(AFS_KERBEROS_ENV)
237 setup_ticket_file(userName)
240 extern char *ktc_tkt_string();
243 setpwent(); /* open the pwd database */
244 pwd = getpwnam(userName);
246 if (chown(ktc_tkt_string(), pwd->pw_uid, pwd->pw_gid) < 0)
249 perror("getpwnam : ");
250 endpwent(); /* close the pwd database */
252 #endif /* AFS_KERBEROS_ENV */