Mercurial > dovecot > core-2.2
view src/auth/passdb-shadow.c @ 5429:088b4934a8f0 HEAD
Verify the password with auth_request_password_verify() so passwd and shadow
can be used as master and deny passdbs.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 26 Mar 2007 19:15:05 +0300 |
parents | ba8da13e71da |
children | 6a64e64fa3a3 |
line wrap: on
line source
/* Copyright (C) 2002-2003 Timo Sirainen */ #include "common.h" #ifdef PASSDB_SHADOW #include "safe-memset.h" #include "passdb.h" #include <shadow.h> #define SHADOW_CACHE_KEY "%u" #define SHADOW_PASS_SCHEME "CRYPT" static void shadow_verify_plain(struct auth_request *request, const char *password, verify_plain_callback_t *callback) { struct spwd *spw; int ret; auth_request_log_debug(request, "shadow", "lookup"); spw = getspnam(request->user); if (spw == NULL) { auth_request_log_info(request, "shadow", "unknown user"); callback(PASSDB_RESULT_USER_UNKNOWN, request); return; } if (!IS_VALID_PASSWD(spw->sp_pwdp)) { auth_request_log_info(request, "shadow", "invalid password field"); callback(PASSDB_RESULT_USER_DISABLED, request); return; } /* save the password so cache can use it */ auth_request_set_field(request, "password", spw->sp_pwdp, SHADOW_PASS_SCHEME); /* check if the password is valid */ ret = auth_request_password_verify(request, password, spw->sp_pwdp, SHADOW_PASS_SCHEME, "shadow"); /* clear the passwords from memory */ safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp)); if (ret <= 0) { callback(PASSDB_RESULT_PASSWORD_MISMATCH, request); return; } /* make sure we're using the username exactly as it's in the database */ auth_request_set_field(request, "user", spw->sp_namp, NULL); callback(PASSDB_RESULT_OK, request); } static void shadow_init(struct passdb_module *module, const char *args) { if (strcmp(args, "blocking=yes") == 0) module->blocking = TRUE; module->cache_key = SHADOW_CACHE_KEY; module->default_pass_scheme = SHADOW_PASS_SCHEME; } static void shadow_deinit(struct passdb_module *module __attr_unused__) { endspent(); } struct passdb_module_interface passdb_shadow = { "shadow", NULL, shadow_init, shadow_deinit, shadow_verify_plain, NULL, NULL }; #endif