20070326

 - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@

8 files changed, 28 insertions, 17 deletions

diff --git a/ChangeLog b/ChangeLog
index 7b23fc332..af88bbe1a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20070326
+ - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
+   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
+   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
+
 20070325
  - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
    LIBWRAP and LIBPAM variables in Makefile with the general-purpose
@@ -2868,4 +2873,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4648 2007/03/25 08:26:01 dtucker Exp $
+$Id: ChangeLog,v 1.4649 2007/03/26 16:35:28 tim Exp $
diff --git a/auth.c b/auth.c
index 505102f8a..c1e0f4812 100644
--- a/auth.c
+++ b/auth.c
@@ -115,11 +115,11 @@ allowed_user(struct passwd * pw)
         /* grab passwd field for locked account check */
 #ifdef USE_SHADOW
         if (spw != NULL)
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
                 passwd = get_iaf_password(pw);
 #else
                 passwd = spw->sp_pwdp;
-#endif /* HAVE_LIBIAF  && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
 #else
         passwd = pw->pw_passwd;
 #endif
@@ -141,9 +141,9 @@ allowed_user(struct passwd * pw)
                 if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
                         locked = 1;
 #endif
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
                 free(passwd);
-#endif /* HAVE_LIBIAF  && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
                 if (locked) {
                         logit("User %.100s not allowed because account is locked",
                             pw->pw_name);
diff --git a/configure.ac b/configure.ac
index a2a988c7d..4413ae343 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.374 2007/03/25 08:26:01 dtucker Exp $
+# $Id: configure.ac,v 1.375 2007/03/26 16:35:28 tim Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.374 $)
+AC_REVISION($Revision: 1.375 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 AC_CONFIG_HEADER(config.h)
@@ -1977,7 +1977,12 @@ fi
 # Search for SHA256 support in libc and/or OpenSSL
 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
 
-AC_CHECK_LIB(iaf, ia_openinfo)
+saved_LIBS="$LIBS"
+AC_CHECK_LIB(iaf, ia_openinfo, [
+        LIBS="$LIBS -liaf"
+        AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
+])
+LIBS="$saved_LIBS"
 
 ### Configure cryptographic random number support
 
diff --git a/defines.h b/defines.h
index 8a4e2c73e..1e3d68d17 100644
--- a/defines.h
+++ b/defines.h
@@ -25,7 +25,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
 
-/* $Id: defines.h,v 1.138 2006/09/21 13:13:30 dtucker Exp $ */
+/* $Id: defines.h,v 1.139 2007/03/26 16:35:28 tim Exp $ */
 
 
 /* Constants */
@@ -696,7 +696,8 @@ struct winsize {
 # define CUSTOM_SYS_AUTH_PASSWD 1
 #endif
 
-#ifdef HAVE_LIBIAF
+#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(BROKEN_LIBIAF)
+# define USE_LIBIAF
 # define CUSTOM_SYS_AUTH_PASSWD 1
 #endif
 
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c
index 6f3523902..ebc229a6a 100644
--- a/openbsd-compat/port-uw.c
+++ b/openbsd-compat/port-uw.c
@@ -79,7 +79,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 #endif /* UNIXWARE_LONG_PASSWORDS */
                 result = (strcmp(xcrypt(password, salt), pw_password) == 0);
 
-#if !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
         if (authctxt->valid)
                 free(pw_password);
 #endif
@@ -127,7 +127,7 @@ nischeck(char *namep)
         functions that call shadow_pw() will need to free
  */
 
-#if !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
 char *
 get_iaf_password(struct passwd *pw)
 {
@@ -144,6 +144,6 @@ get_iaf_password(struct passwd *pw)
         else
                 fatal("ia_openinfo: Unable to open the shadow passwd file");
 }
-#endif /* !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
 #endif /* HAVE_LIBIAF */
 
diff --git a/openbsd-compat/port-uw.h b/openbsd-compat/port-uw.h
index 3589b2e44..263d8b5a7 100644
--- a/openbsd-compat/port-uw.h
+++ b/openbsd-compat/port-uw.h
@@ -24,7 +24,7 @@
 
 #include "includes.h"
 
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
 char * get_iaf_password(struct passwd *pw);
 #endif
 
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 14899321f..d8636bb39 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -98,7 +98,7 @@ shadow_pw(struct passwd *pw)
                 pw_password = spw->sp_pwdp;
 # endif
 
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
         return(get_iaf_password(pw));
 #endif
 
diff --git a/session.c b/session.c
index 4c97c4a7d..32e592adb 100644
--- a/session.c
+++ b/session.c
@@ -1361,11 +1361,11 @@ do_setusercontext(struct passwd *pw)
 # ifdef _AIX
                 aix_usrinfo(pw);
 # endif /* _AIX */
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
                 if (set_id(pw->pw_name) != 0) {
                         exit(1);
                 }
-#endif /* HAVE_LIBIAF  && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
                 /* Permanently switch to the desired uid. */
                 permanently_set_uid(pw);
 #endif