X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/libsecurity_checkpw/lib/checkpw.c diff --git a/libsecurity_checkpw/lib/checkpw.c b/libsecurity_checkpw/lib/checkpw.c deleted file mode 100644 index 1d1b2071..00000000 --- a/libsecurity_checkpw/lib/checkpw.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright (c) 2000-2010 Apple Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -#include -#include - -#include "checkpw.h" -#include -#include - -#define PAM_STACK_NAME "checkpw" - -static -int checkpw_internal_pam( const char* uname, const char* password ) -{ - int checkpwret = CHECKPW_FAILURE; - - int pamret = PAM_SUCCESS; - pam_handle_t *pamh; - struct pam_conv pamc; - pamc.conv = &openpam_nullconv; - - pamret = pam_start(PAM_STACK_NAME, uname, &pamc, &pamh); - if (PAM_SUCCESS != pamret) - { - syslog(LOG_WARNING,"PAM: Unable to start pam."); - goto pamerr_no_end; - } - - pamret = pam_set_item(pamh, PAM_AUTHTOK, password); - if (PAM_SUCCESS != pamret) - { - syslog(LOG_WARNING,"PAM: Unable to set password."); - goto pamerr; - } - - pamret = pam_authenticate(pamh, 0); - if (PAM_SUCCESS != pamret) - { - syslog(LOG_WARNING,"PAM: Unable to authenticate."); - checkpwret = CHECKPW_BADPASSWORD; - goto pamerr; - } - - pamret = pam_acct_mgmt(pamh, 0); - if (PAM_SUCCESS != pamret) - { - if (PAM_NEW_AUTHTOK_REQD == pamret) - { - syslog(LOG_WARNING,"PAM: Unable to authorize, password needs to be changed."); - } else { - syslog(LOG_WARNING,"PAM: Unable to authorize."); - } - - goto pamerr; - } - - checkpwret = CHECKPW_SUCCESS; - -pamerr: - pam_end(pamh, pamret); -pamerr_no_end: - return checkpwret; - -} - -#warning TODO: this should be declared in some header. -int checkpw_internal( const struct passwd* pw, const char* password ); -int checkpw_internal( const struct passwd* pw, const char* password ) -{ - return checkpw(pw->pw_name, password); -} - -int checkpw( const char* userName, const char* password ) -{ - int siResult = CHECKPW_FAILURE; - // workaround for 3965234; I assume the empty string is OK... - const char *thePassword = password ? password : ""; - - if (userName == NULL) - return CHECKPW_UNKNOWNUSER; - - siResult = checkpw_internal_pam(userName, thePassword); - switch (siResult) { - case CHECKPW_SUCCESS: - case CHECKPW_UNKNOWNUSER: - case CHECKPW_BADPASSWORD: - break; - default: - usleep(500000); - siResult = checkpw_internal_pam(userName, thePassword); - break; - } - - return siResult; -} -