diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2008-03-15 07:39:01 +0000 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2008-03-15 07:39:01 +0000 |
commit | 9e2dcb7eca736042c6887134a687da0c54f8e8fc (patch) | |
tree | 12278ea6e3ea81fd88052127cbf6d7fca92517b9 /pam_sql | |
parent | c75757a05a8b7c1a3e12d95fd0ba1076846a3b7f (diff) | |
download | pam-modules-9e2dcb7eca736042c6887134a687da0c54f8e8fc.tar.gz pam-modules-9e2dcb7eca736042c6887134a687da0c54f8e8fc.tar.bz2 |
Initial framework for LDAP-style password hashes.
* pam_sql/pam_mysql.c, pam_sql/pam_pgsql.c: Call
gray_check_ldap_pass if configuration variable allow-ldap-pass is
set.
* lib/graypam.h (gray_base64_decode, gray_check_ldap_pass): New
prototypes.
* lib/Makefile.am (libgraypam_la_SOURCES): Add new files.
* lib/sha1.h, lib/base64.c, lib/md5.c, lib/ldappass.c, lib/md5.h,
lib/sha1.c: New files.
git-svn-id: file:///svnroot/pam-modules/trunk@77 56984be4-0537-0410-a56c-fcb268c96130
Diffstat (limited to 'pam_sql')
-rw-r--r-- | pam_sql/pam_mysql.c | 3 | ||||
-rw-r--r-- | pam_sql/pam_pgsql.c | 7 |
2 files changed, 8 insertions, 2 deletions
diff --git a/pam_sql/pam_mysql.c b/pam_sql/pam_mysql.c index 5d5c16a..5bf7306 100644 --- a/pam_sql/pam_mysql.c +++ b/pam_sql/pam_mysql.c @@ -323,6 +323,9 @@ check_query_result(MYSQL *mysql, const char *pass) && check_boolean_config ("allow-md5-pass", 1)) rc = check_md5_pass (row[0], pass); if (rc != PAM_SUCCESS + && check_boolean_config ("allow-ldap-pass", 1)) + rc = gray_check_ldap_pass (row[0], pass); + if (rc != PAM_SUCCESS && check_boolean_config ("allow-plaintext-pass", 0)) { if (strcmp (row[0], pass) == 0) rc = PAM_SUCCESS; diff --git a/pam_sql/pam_pgsql.c b/pam_sql/pam_pgsql.c index 5f1b83b..a6adb8b 100644 --- a/pam_sql/pam_pgsql.c +++ b/pam_sql/pam_pgsql.c @@ -200,8 +200,11 @@ verify_user_pass(const char *username, const char *password) if (strcmp(p, crypt(password, p)) == 0) rc = PAM_SUCCESS; - else if (rc != PAM_SUCCESS - && check_boolean_config ("allow-plaintext-pass", 0)) { + if (rc != PAM_SUCCESS + && check_boolean_config ("allow-ldap-pass", 1)) + rc = gray_check_ldap_pass (p, password); + if (rc != PAM_SUCCESS + && check_boolean_config ("allow-plaintext-pass", 0)) { if (strcmp (p, pass) == 0) rc = PAM_SUCCESS; } else |