--- /dev/null
+/* passwd.c --- verifying typed passwords with the OS.
+ * xscreensaver, Copyright (c) 1993-1998 Jamie Zawinski <jwz@jwz.org>
+ *
+ * Permission to use, copy, modify, distribute, and sell this software and its
+ * documentation for any purpose is hereby granted without fee, provided that
+ * the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation. No representations are made about the suitability of this
+ * software for any purpose. It is provided "as is" without express or
+ * implied warranty.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#ifndef NO_LOCKING /* whole file */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+extern char *blurb(void);
+
+
+/* blargh */
+#undef Bool
+#undef True
+#undef False
+#define Bool int
+#define True 1
+#define False 0
+
+#undef countof
+#define countof(x) (sizeof((x))/sizeof(*(x)))
+
+struct auth_methods {
+ const char *name;
+ Bool (*init) (int argc, char **argv, Bool verbose_p);
+ Bool (*priv_init) (int argc, char **argv, Bool verbose_p);
+ Bool (*valid_p) (const char *typed_passwd, Bool verbose_p);
+ Bool initted_p;
+ Bool priv_initted_p;
+};
+
+
+#ifdef HAVE_KERBEROS
+extern Bool kerberos_lock_init (int argc, char **argv, Bool verbose_p);
+extern Bool kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
+#endif
+#ifdef HAVE_PAM
+extern Bool pam_priv_init (int argc, char **argv, Bool verbose_p);
+extern Bool pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
+#endif
+extern Bool pwent_lock_init (int argc, char **argv, Bool verbose_p);
+extern Bool pwent_priv_init (int argc, char **argv, Bool verbose_p);
+extern Bool pwent_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
+
+
+/* The authorization methods to try, in order.
+ Note that the last one (the pwent version) is actually two auth methods,
+ since that code tries shadow passwords, and then non-shadow passwords.
+ (It's all in the same file since the APIs are randomly nearly-identical.)
+ */
+struct auth_methods methods[] = {
+# ifdef HAVE_KERBEROS
+ { "Kerberos", kerberos_lock_init, 0, kerberos_passwd_valid_p,
+ False, False },
+# endif
+# ifdef HAVE_PAM
+ { "PAM", 0, pam_priv_init, pam_passwd_valid_p,
+ False, False },
+# endif
+ { "normal", pwent_lock_init, pwent_priv_init, pwent_passwd_valid_p,
+ False, False }
+};
+
+
+Bool
+lock_priv_init (int argc, char **argv, Bool verbose_p)
+{
+ int i;
+ Bool any_ok = False;
+ for (i = 0; i < countof(methods); i++)
+ {
+ if (!methods[i].priv_init)
+ methods[i].priv_initted_p = True;
+ else
+ methods[i].priv_initted_p = methods[i].priv_init (argc, argv,
+ verbose_p);
+
+ if (methods[i].priv_initted_p)
+ any_ok = True;
+ else if (verbose_p)
+ fprintf (stderr, "%s: initialization of %s passwords failed.\n",
+ blurb(), methods[i].name);
+ }
+ return any_ok;
+}
+
+
+Bool
+lock_init (int argc, char **argv, Bool verbose_p)
+{
+ int i;
+ Bool any_ok = False;
+ for (i = 0; i < countof(methods); i++)
+ {
+ if (!methods[i].priv_initted_p) /* Bail if lock_priv_init failed. */
+ continue;
+
+ if (!methods[i].init)
+ methods[i].initted_p = True;
+ else
+ methods[i].initted_p = methods[i].init (argc, argv, verbose_p);
+
+ if (methods[i].initted_p)
+ any_ok = True;
+ else if (verbose_p)
+ fprintf (stderr, "%s: initialization of %s passwords failed.\n",
+ blurb(), methods[i].name);
+ }
+ return any_ok;
+}
+
+
+Bool
+passwd_valid_p (const char *typed_passwd, Bool verbose_p)
+{
+ int i, j;
+ for (i = 0; i < countof(methods); i++)
+ {
+ if (methods[i].initted_p &&
+ methods[i].valid_p (typed_passwd, verbose_p))
+ {
+ /* If we successfully authenticated by method N, but attempting
+ to authenticate by method N-1 failed, mention that (since if
+ an earlier authentication method fails and a later one succeeds,
+ something screwy is probably going on.)
+ */
+ if (verbose_p && i > 0)
+ {
+ for (j = 0; j < i; j++)
+ if (methods[j].initted_p)
+ fprintf (stderr,
+ "%s: authentication via %s passwords failed.\n",
+ blurb(), methods[j].name);
+ fprintf (stderr,
+ "%s: but authentication via %s passwords succeeded.\n",
+ blurb(), methods[i].name);
+ }
+
+ return True; /* Successfully authenticated! */
+ }
+ }
+
+ return False; /* Authentication failure. */
+}
+
+#endif /* NO_LOCKING -- whole file */