PR-3285536+5920710.pamify.patch   [plain text]

--- src/ftpd.c.orig	2008-06-18 15:36:52.000000000 -0700
+++ src/ftpd.c	2008-06-18 15:38:39.000000000 -0700
@@ -95,6 +95,10 @@
 #if defined(HAVE_GETSPNAM)
 #include <shadow.h>
 #endif
+#ifdef __APPLE__
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+#endif /* __APPLE__ */
 
 #else /* !defined(HAVE_TNFTPD_H) */
 
@@ -3737,6 +3741,31 @@
 	    rusage_after->ru_nswap - rusage_before->ru_nswap);
 }
 
+#ifdef __APPLE__
+const char *mystuff = NULL;
+/* This is an extremely limited pam conversation module.
+ * It is the bare minimum to get the password.
+ */
+int aapl_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
+{
+    struct pam_response *reply;
+
+    if( msg[0]->msg_style != PAM_PROMPT_ECHO_OFF )
+	return PAM_CONV_ERR;
+
+    reply = calloc(num_msg, sizeof(struct pam_response));
+    if( reply == NULL )
+	return PAM_BUF_ERR;
+
+    if( mystuff == NULL )
+	return PAM_CONV_ERR;
+
+    reply[0].resp = ftpd_strdup(mystuff);
+    *resp = reply;
+    return PAM_SUCCESS;
+}
+#endif /* __APPLE__ */
+
 /*
  * Determine if `password' is valid for user given in `pw'.
  * Returns 2 if password expired, 1 if otherwise failed, 0 if ok
@@ -3744,12 +3773,22 @@
 int
 checkpassword(const struct passwd *pwent, const char *password)
 {
+#ifndef __APPLE__
 	char	*orig, *new;
+#else
+	char	*orig;
+#endif
 	time_t	 change, expire, now;
 #if defined(HAVE_GETSPNAM)
 	struct spwd *spw;
 #endif
 
+#ifdef __APPLE__
+	pam_handle_t *pamh = NULL;
+	struct pam_conv conv = {aapl_conv, NULL};
+	int rval;
+#endif /* __APPLE__ */
+	
 	change = expire = 0;
 	if (pwent == NULL)
 		return 1;
@@ -3780,6 +3819,16 @@
 #endif
 #endif
 
+#ifdef __APPLE__
+	mystuff = password;
+	rval = pam_start("ftpd", pw->pw_name, &conv, &pamh);
+	if( rval != PAM_SUCCESS )
+	    return 1;
+	rval = pam_authenticate(pamh, 0);
+	if( rval != PAM_SUCCESS )
+	    return 1;
+#else
+
 	if (orig[0] == '\0')		/* don't allow empty passwords */
 		return 1;
 
@@ -3790,6 +3839,7 @@
 	if ((expire && now >= expire) || (change && now >= change))
 		return 2;		/* check if expired */
 
+#endif /* __APPLE__ */
 	return 0;			/* OK! */
 }