smp_check_pw(S-osr5)

smp_check_pw -- check user-supplied password

Syntax

cc . . . -lprot

#include <sys/types.h>
#include prot.h

int smp_check_pw(password, usrp, reasonp)
char *password;
struct smp_user_info *usrp;
char **reasonp;

Description

smp_check_pw checks the password, supplied as the password argument, against the encrypted password for the previously specified account.

usrp points to an smp_user_info structure which has been created by a previous call to smp_check_user. If an encrypted password exists, password is compared using bigcrypt(S-osr5). It is possible that the previously saved account information may be null (resulting from SMP_BADUSER returned from a previous call to smp_check_user(S-osr5)). In both the case of a mismatched password or in the above case, smp_check_pw will return SMP_NOPWMATCH. This enables smp_check_pw to be called even if the user name is invalid.

In the case where the password is valid, smp_check_pw copies password into storage for later use and performs the following additional checks:

the account is checked to ensure that it is not locked
the previously set account retired and terminal locked flags are checked to ensure that they are not set
the password is checked for expiry
the password is checked to ensure that the minimum period between password changes has elapsed

If all checks pass, smp_check_pw returns SMP_CANCHANGE indicating that the password can be changed.

reasonp is used with certain return values to store a descriptive message.

Return values

Note that this routine also stores its return value for later use in auditing of failures.

SMP_NOPWMATCH

password did not match with the encrypted password or the encrypted password for the account is missing from smp_user_info. The operation should not continue.

SMP_ACCTLOCK

The account is locked. The operation should not continue.

SMP_MUSTCHANGE

The password matched, and has expired so must be changed before login completes.

SMP_CANCHANGE

The password matched, and could be changed by the user if desired.

SMP_CANTCHANGE

The password matched, and cannot be changed by the user because the minimum period between password changes has not elapsed.

SMP_OVERRIDE

is returned in three cases:

the account is locked
the account has been retired
the terminal is locked

However, in all of the above cases the ``root on console'' flag has been previously set by smp_check_user and login should be permitted to correct the problem. reasonp points to a character string explaining the type of failure.

SMP_RETIRED

The account has been retired. The operation should not continue.

Diagnostics

All diagnostics are returned as strings pointed to by the argument reasonp. It is up to the calling program to display these for the user. In each case the return value is also noted.

Account locked: The account has been locked. However, the ``root on console'' flag is set so login should be permitted to allow the problem to be fixed. SMP_OVERRIDE is returned.
Terminal locked: The terminal is locked. However, the ``root on console'' flag is set so login should be permitted to allow the problem to be fixed. SMP_OVERRIDE is returned.
Account retired: The account has been retired. However, the ``root on console'' flag is set so login should be permitted to allow the problem to be fixed. SMP_OVERRIDE is returned.

Examples

The following example illustrates the usage of smp_check_pw:

...
switch (smp_check_user(SMP_LOGIN, gets(line), ttyname(0), 0, &usrp,
                               &pwtry, &reason)) {
...
    case SMP_BADUSER:
    case SMP_HASPW:
        noecho();
        put("password: ");
        switch (smp_check_pw(gets(line), userp, &reason)) {
        case SMP_EXTFAIL:
            echo();
            put("\n");
            put(reason);
            put("\n");
            exit(1);
        case SMP_NOPWMATCH:
            echo();
            put("\nlogin incorrect\n");
            smp_audit_fail(userp);
            exit(1);
        case SMP_ACCTLOCK:
            echo();
            put("\naccount locked\n");
            smp_audit_fail(userp);
            exit(1);
        case SMP_RETIRED:
            echo();
            put("\naccount retired\n");
            smp_audit_fail(userp);
            exit(1);
        case SMP_OVERRIDE:
            put(reason);
            put("\nroot login on console is allowed\n");
        case SMP_CANCHANGE:
        case SMP_CANTCHANGE:
            goto loginok;
        case SMP_MUSTCHANGE:
            put("\npassword has expired");  /* fall through to set new pw */
        }
        echo();
   case SMP_PWREQ:
        put("\nmust set password now\n");
        if ((pwtype=smp_pw_choice(userp, &reason)) == SMP_CHOOSE) {
        ...
        }
   ...
   }
...
}
...
loginok:

Files

/lib/libprot.a: security subsystem library routines
/usr/lib/libp/libprot.a: as above but used for profiling
/usr/include/prot.h: defines the smp_user_info structure

Standards conformance

smp_check_pw is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.