Index: Makefile.in =================================================================== RCS file: /cvsroot/gnats/gnats/gnats/Makefile.in,v retrieving revision 1.60 diff -u -p -r1.60 Makefile.in --- Makefile.in 4 Aug 2002 17:15:39 -0000 1.60 +++ Makefile.in 23 Sep 2002 18:11:29 -0000 @@ -123,7 +123,7 @@ SHELL = /bin/sh #### Host-, target-, and site-specific makefiles are inserted here. -SOURCES = btime.c cmds.c file-pr.c gen-closed-date.c gen-index.c getclose.c gnatsd.c pr-age.c pr-edit.c pr-stat.c query-pr.c queue-pr.c +SOURCES = btime.c cmds.c file-pr.c gen-closed-date.c gen-index.c getclose.c gnatsd.c pr-age.c pr-edit.c pr-stat.c query-pr.c queue-pr.c gnats-pam.c EXTRA_OBJS = @EXTRA_OBJS@ @@ -182,7 +182,7 @@ query-pr: query-pr.o regex.o libgnats.a $(CC) $(LDFLAGS) -o $@ query-pr.o regex.o \ libgnats.a $(LIBIBERTY) $(LIBS) -gnatsd: gnatsd.o cmds.o regex.o file-pr.o btime.o libgnats.a +gnatsd: gnatsd.o cmds.o regex.o file-pr.o btime.o gnats-pam.o libgnats.a $(CC) $(LDFLAGS) -o $@ gnatsd.o cmds.o regex.o file-pr.o btime.o \ libgnats.a $(LIBRX) $(LIBIBERTY) $(LIBS) Index: autoconf.h.in =================================================================== RCS file: /cvsroot/gnats/gnats/gnats/autoconf.h.in,v retrieving revision 1.11 diff -u -p -r1.11 autoconf.h.in --- autoconf.h.in 6 Jan 2002 16:16:45 -0000 1.11 +++ autoconf.h.in 23 Sep 2002 18:11:29 -0000 @@ -1,4 +1,4 @@ -/* autoconf.h.in. Generated automatically from configure.in by autoheader 2.13. */ +/* autoconf.h.in. Generated automatically from configure.in by autoheader. */ /* Define if on AIX 3. System headers sometimes define this. @@ -116,6 +116,9 @@ /* Define if you have the crypt library (-lcrypt). */ #undef HAVE_LIBCRYPT + +/* Define if you have the PAM library (-lpam). */ +#define HAVE_LIBPAM /* Define if you have the gen library (-lgen). */ #undef HAVE_LIBGEN Index: configure.in =================================================================== RCS file: /cvsroot/gnats/gnats/gnats/configure.in,v retrieving revision 1.30 diff -u -p -r1.30 configure.in --- configure.in 14 Jul 2002 17:29:02 -0000 1.30 +++ configure.in 23 Sep 2002 18:11:29 -0000 @@ -199,6 +199,11 @@ AC_SUBST(KRBINCLUDE) AC_SUBST(EXTRA_OBJS) fi +dnl +dnl Check for pam support. +dnl +AC_SEARCH_LIBS(pam_open_session, pam) + if test "x$GCC" = "xyes" ; then GCC_CFLAGS="-W -Wall -ansi -pedantic -Werror -Wstrict-prototypes -Wmissing-prototypes -Wwrite-strings -Wno-format" fi Index: gnatsd.c =================================================================== RCS file: /cvsroot/gnats/gnats/gnats/gnatsd.c,v retrieving revision 1.47 diff -u -p -r1.47 gnatsd.c --- gnatsd.c 4 Aug 2002 10:58:29 -0000 1.47 +++ gnatsd.c 23 Sep 2002 18:11:30 -0000 @@ -248,21 +248,35 @@ match (const char *line, const char *pat } } +#ifdef HAVE_LIBPAM +extern int check_pam_password (const char *, const char *); +#endif + /* Return true iff `password' matches `hash'. `hash' is a possibly encrypted password, according to the $?$ convention. */ static int -password_match (const char *password, const char *hash) +password_match (const char *user, const char *password, const char *hash) { if (! strncmp (hash, "$0$", 3)) { + printf ("201 Checking plain password: %s for user %s\r\n", password, user); /* explicit plain-text password */ return ! match (password, hash, TRUE); } +#ifdef HAVE_LIBPAM + else if (! strncmp (hash, "$2$", 3)) + { + // printf ("201 Checking PAM password: %s for user %s\r\n", password, user); + /* use PAM authentication for user */ + return ! check_pam_password(user, password); + } +#endif else { /* DES crypt or MD5 hash of the password */ #ifdef HAVE_LIBCRYPT char *encrypted = crypt (password, hash); + // printf ("201 Checking crypt or MD5 password: %s for user %s\r\n", password, user); return encrypted && ! strcmp (encrypted, hash); #else /* TODO: log some warning */ @@ -422,6 +436,7 @@ findUserAccessLevel (const char *file, c acc = fopen (file, "r"); if (acc == NULL) { + printf ("200- No access control file found.\r\n"); return 0; } @@ -447,7 +462,7 @@ findUserAccessLevel (const char *file, c if ((ent->fieldcount == 3 || ent->fieldcount == 4) && match (user, ent->admFields[0], TRUE)) { - if (! password_match (passwd, ent->admFields[1])) + if (! password_match (user, passwd, ent->admFields[1])) { /* Username matched but password didn't. */ *access = ACCESS_NONE;