#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <syslog.h>
/* indicate the following groups are defined */
#define _PAM_EXTERN_FUNCTIONS
#include <security/_pam_macros.h>
#include <security/pam_modules.h>
-
-#ifndef LINUX_PAM
-#include <security/pam_appl.h>
-#endif /* LINUX_PAM */
+#include <security/pam_ext.h>
#include "support.h"
D(("called."));
- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
+ ctrl = _set_ctrl(pamh, flags, NULL, NULL, argc, argv);
/* Get a few bytes so we can pass our return value to
pam_sm_setcred(). */
if (retval == PAM_SUCCESS) {
/*
* Various libraries at various times have had bugs related to
- * '+' or '-' as the first character of a user name. Don't take
- * any chances here. Require that the username starts with an
- * alphanumeric character.
+ * '+' or '-' as the first character of a user name. Don't
+ * allow this characters here.
*/
- if (name == NULL || !isalnum(*name)) {
- _log_err(LOG_ERR, pamh, "bad username [%s]", name);
+ if (name == NULL || name[0] == '-' || name[0] == '+') {
+ pam_syslog(pamh, LOG_ERR, "bad username [%s]", name);
retval = PAM_USER_UNKNOWN;
AUTH_RETURN;
}
}
/* get this user's authentication token */
- retval = _unix_read_password(pamh, ctrl, NULL, "Password: ", NULL
+ retval = _unix_read_password(pamh, ctrl, NULL, _("Password: "), NULL
,_UNIX_AUTHTOK, &p);
if (retval != PAM_SUCCESS) {
if (retval != PAM_CONV_AGAIN) {
- _log_err(LOG_CRIT, pamh, "auth could not identify password for [%s]"
- ,name);
+ pam_syslog(pamh, LOG_CRIT,
+ "auth could not identify password for [%s]", name);
} else {
D(("conversation function is not ready yet"));
/*