Lines 95-100
Link Here
|
95 |
loginRefused("user denied"); |
95 |
loginRefused("user denied"); |
96 |
} |
96 |
} |
97 |
|
97 |
|
|
|
98 |
#ifdef HAVE_PAM |
99 |
int |
100 |
pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata) |
101 |
{ |
102 |
int i; |
103 |
char *password =(char*) appdata; |
104 |
struct pam_response* replies; |
105 |
int retval = PAM_CONV_ERR; |
106 |
|
107 |
replies=(struct pam_response*)calloc(num_msg, sizeof(struct pam_response)); |
108 |
|
109 |
for (i=0; i<num_msg; i++) { |
110 |
switch(msg[i]->msg_style) { |
111 |
case PAM_PROMPT_ECHO_OFF: |
112 |
replies[i].resp = x_strdup(password); |
113 |
replies[i].resp_retcode = 0; |
114 |
retval = PAM_SUCCESS; |
115 |
break; |
116 |
} |
117 |
} |
118 |
*resp = replies; |
119 |
return(retval); |
120 |
} |
121 |
#endif //HAVE_PAM |
122 |
|
123 |
bool |
124 |
HylaFAXServer::pamIsAdmin(const char* user) |
125 |
{ |
126 |
bool retval = false; |
127 |
#ifdef HAVE_PAM |
128 |
int i; |
129 |
static struct group* grinfo = getgrnam(admingroup); |
130 |
const char *curruser = (user == NULL ? the_user.c_str() : user); |
131 |
if (grinfo != NULL) { |
132 |
for (i=0; grinfo->gr_mem[i] != NULL; i++) { |
133 |
if (strcmp(curruser, grinfo->gr_mem[i]) == 0) retval = true; |
134 |
} |
135 |
} |
136 |
#endif //HAVE_PAM |
137 |
return(retval); |
138 |
} |
139 |
|
140 |
bool |
141 |
HylaFAXServer::pamCheck(const char* user, const char* pass) |
142 |
{ |
143 |
bool retval = false; |
144 |
#ifdef HAVE_PAM |
145 |
if (user == NULL) user = the_user; |
146 |
if (pass == NULL) pass = passwd.c_str(); |
147 |
struct pam_conv conv = { |
148 |
pamconv, |
149 |
(void*)pass |
150 |
}; |
151 |
|
152 |
pam_handle_t *pamh = NULL; |
153 |
|
154 |
int pamret; |
155 |
|
156 |
pamret = pam_start(FAX_SERVICE, user, &conv, &pamh); |
157 |
if (pamret == PAM_SUCCESS) { |
158 |
pamret = pam_authenticate(pamh, 0); |
159 |
} |
160 |
|
161 |
if (pamret == PAM_SUCCESS) { |
162 |
pamret = pam_acct_mgmt(pamh, 0); |
163 |
retval = true; |
164 |
} |
165 |
|
166 |
if (pamret == PAM_SUCCESS) { |
167 |
retval = true; |
168 |
} |
169 |
|
170 |
pam_end(pamh, pamret); |
171 |
if (pamIsAdmin()) state |= S_PRIVILEGED; |
172 |
#endif //HAVE_PAM |
173 |
return(retval); |
174 |
} |
175 |
|
98 |
void |
176 |
void |
99 |
HylaFAXServer::passCmd(const char* pass) |
177 |
HylaFAXServer::passCmd(const char* pass) |
100 |
{ |
178 |
{ |
Lines 118-124
Link Here
|
118 |
pass++; |
196 |
pass++; |
119 |
} else |
197 |
} else |
120 |
state |= S_LREPLIES; |
198 |
state |= S_LREPLIES; |
121 |
if (pass[0] == '\0' || strcmp(crypt(pass, passwd), passwd) != 0) { |
199 |
if (pass[0] == '\0' || !(strcmp(crypt(pass, passwd), passwd) == 0 || pamCheck(the_user, pass))) { |
122 |
if (++loginAttempts >= maxLoginAttempts) { |
200 |
if (++loginAttempts >= maxLoginAttempts) { |
123 |
reply(530, "Login incorrect (closing connection)."); |
201 |
reply(530, "Login incorrect (closing connection)."); |
124 |
logNotice("Repeated login failures for user %s from %s [%s]" |
202 |
logNotice("Repeated login failures for user %s from %s [%s]" |
Lines 176-181
Link Here
|
176 |
|
254 |
|
177 |
initDefaultJob(); // setup connection-related state |
255 |
initDefaultJob(); // setup connection-related state |
178 |
dirSetup(); // initialize directory handling |
256 |
dirSetup(); // initialize directory handling |
|
|
257 |
if (pamIsAdmin()) state |= S_PRIVILEGED; |
179 |
} |
258 |
} |
180 |
|
259 |
|
181 |
void |
260 |
void |
Lines 183-189
Link Here
|
183 |
{ |
262 |
{ |
184 |
fxAssert(IS(LOGGEDIN), "ADMIN command permitted when not logged in"); |
263 |
fxAssert(IS(LOGGEDIN), "ADMIN command permitted when not logged in"); |
185 |
// NB: null adminwd is permitted |
264 |
// NB: null adminwd is permitted |
186 |
if (strcmp(crypt(pass, adminwd), adminwd) != 0) { |
265 |
if ((strcmp(crypt(pass, adminwd), adminwd) != 0) && !pamIsAdmin()) { |
187 |
if (++adminAttempts >= maxAdminAttempts) { |
266 |
if (++adminAttempts >= maxAdminAttempts) { |
188 |
reply(530, "Password incorrect (closing connection)."); |
267 |
reply(530, "Password incorrect (closing connection)."); |
189 |
logNotice("Repeated admin failures from %s [%s]" |
268 |
logNotice("Repeated admin failures from %s [%s]" |