I need to write a condition for an authenticator, that I know is going
to be a nightmare, and I'm hoping someone that is a lot more expert
than I at crufting these things can help. I know the general concept I
need, I'm just not familiar with the exact syntax.
(I know I will get some RTFM responses. I am R'ing the FM and am just
hoping perhaps someone can help me do it a little faster)
The authenticators are currently as follows, which is fairly
straightforward.
fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "\
${if pam {$1:$2}{yes}{no}}"
server_set_id = $1
fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = "\
${if pam {$2:$3}{yes}{no}}"
server_set_id = $2
I need to modify these to succeed if either the pam check succeeds -OR-
1. The username-part of the auth data contains an "@"
(if $1 contains "@" then () else pam () ) ?
2. A directory exists, /path/to/<DOMAINPART>, where <DOMAINPART> is the
portion of the username-part after the "@"
3. There exists in that directory a file /path/to/<DOMAINPART>/passwd,
which contains a standard username/password pair, and the username
in the file matches the portion of the username-part of auth data
which is before the "@"
(exists : /path/to/(substr(everything_after(@)($1)))/passwd ) ?
4. The password for that username in the file matches (with crypt) the
password-part of the auth data.
(lsearch in file /path/to/(substr(everything_after(@)($1)))/passwd with a key of
(substr(everything_before(@)($1))) = crypt($2) ) ?
An example:
There is a file /path/to/some-domain.com/passwd, which contains (among
other entries):
|
|webmaster:T0dKpGFFwan8o
|
If the client provides
"webmaster@???" as a username, and "12345" (which matches
the crypt above) as a password, it should satisfy the auth criteria
