- (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c

openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@
author: Tim Rice <tim@multitalents.net> 2005-08-31 09:59:49 -0700
committer: Tim Rice <tim@multitalents.net> 2005-08-31 09:59:49 -0700
commit: 66fd217e8e57f0c86179d77dc14e42efd3098320 (patch)
tree: 647dc150f96b27987211df1c77879111e0f0eac9 /openbsd-compat/port-uw.c
parent: d0a47cd2435abdbb4aaabbdd408e855431ce9ccd (diff)
1 files changed, 27 insertions, 8 deletions
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c
index cbc3f686b..d881ff028 100644
--- a/openbsd-compat/port-uw.c
+++ b/openbsd-compat/port-uw.c
@@ -25,7 +25,7 @@
 #include "includes.h"
-#ifdef UNIXWARE_LONG_PASSWORDS
+#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
 #ifdef HAVE_CRYPT_H
 #include <crypt.h>
 #endif
@@ -44,6 +44,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
        struct passwd *pw = authctxt->pw;
        char *encrypted_password;
        char *salt;
+        int result;
        /* Just use the supplied fake password if authctxt is invalid */
        char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
@@ -52,13 +53,27 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
        if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
                return (1);
+        /* Encrypt the candidate password using the proper salt. */
        salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
-        if (nischeck(pw->pw_name))
+#ifdef UNIXWARE_LONG_PASSWORDS
-                return(strcmp(crypt(password, salt), pw_password) == 0);
+        if (!nischeck(pw->pw_name))
+                encrypted_password = bigcrypt(password, salt);
        else
-                return(strcmp(bigcrypt(password, salt), pw_password) == 0);
+#endif /* UNIXWARE_LONG_PASSWORDS */
+                encrypted_password = xcrypt(password, salt);
+        /*
+         * Authentication is accepted if the encrypted passwords
+         * are identical.
+         */
+        result = (strcmp(encrypted_password, pw_password) == 0);
+        if (authctxt->valid)
+                free(pw_password);
+        return(result);
 }
+#ifdef UNIXWARE_LONG_PASSWORDS
 int
 nischeck(char *namep)
 {
@@ -94,7 +109,11 @@ nischeck(char *namep)
 #endif /* UNIXWARE_LONG_PASSWORDS */
-#ifdef HAVE_LIBIAF
+/*
+        NOTE: ia_get_logpwd() allocates memory for arg 2
+        functions that call shadow_pw() will need to free
+ */
 char *
 get_iaf_password(struct passwd *pw)
 {
@@ -104,12 +123,12 @@ get_iaf_password(struct passwd *pw)
        if (!ia_openinfo(pw->pw_name,&uinfo)) {
                ia_get_logpwd(uinfo, &pw_password);
                if (pw_password == NULL)
-                        fatal("Unable to get the shadow passwd");
+                        fatal("ia_get_logpwd: Unable to get the shadow passwd");
                ia_closeinfo(uinfo);
                return pw_password;
        }
        else
-                fatal("Unable to open the shadow passwd file");
+                fatal("ia_openinfo: Unable to open the shadow passwd file");
 }
-#endif /* HAVE_LIBIAF */
+#endif /* HAVE_LIBIAF  && !BROKEN_LIBIAF */
author	Tim Rice <tim@multitalents.net>	2005-08-31 09:59:49 -0700
committer	Tim Rice <tim@multitalents.net>	2005-08-31 09:59:49 -0700
commit	66fd217e8e57f0c86179d77dc14e42efd3098320 (patch)
tree	647dc150f96b27987211df1c77879111e0f0eac9 /openbsd-compat/port-uw.c
parent	d0a47cd2435abdbb4aaabbdd408e855431ce9ccd (diff)