diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | acconfig.h | 3 | ||||
-rw-r--r-- | auth-passwd.c | 55 | ||||
-rw-r--r-- | configure.in | 24 |
4 files changed, 32 insertions, 52 deletions
@@ -1,4 +1,6 @@ | |||
1 | 20000916 | 1 | 20000916 |
2 | - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from | ||
3 | Kevin Steves <stevesk@sweden.hp.com> | ||
2 | - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz> | 4 | - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz> |
3 | - (djm) Re-enable int64_t types - we need them for sftp | 5 | - (djm) Re-enable int64_t types - we need them for sftp |
4 | - (djm) Use libexecdir from configure , rather than libexecdir/ssh | 6 | - (djm) Use libexecdir from configure , rather than libexecdir/ssh |
diff --git a/acconfig.h b/acconfig.h index d855d887a..e129ef33c 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -186,9 +186,6 @@ | |||
186 | /* Define if you want to use shadow password expire field */ | 186 | /* Define if you want to use shadow password expire field */ |
187 | #undef HAS_SHADOW_EXPIRE | 187 | #undef HAS_SHADOW_EXPIRE |
188 | 188 | ||
189 | /* Define if you want have trusted HPUX */ | ||
190 | #undef HAVE_HPUX_TRUSTED_SYSTEM_PW | ||
191 | |||
192 | /* Define if you have Digital Unix Security Integration Architecture */ | 189 | /* Define if you have Digital Unix Security Integration Architecture */ |
193 | #undef HAVE_OSF_SIA | 190 | #undef HAVE_OSF_SIA |
194 | 191 | ||
diff --git a/auth-passwd.c b/auth-passwd.c index 055a03629..c6fdc82d1 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -71,14 +71,14 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.17 2000/09/07 20:27:49 deraadt Exp $"); | |||
71 | #ifdef WITH_AIXAUTHENTICATE | 71 | #ifdef WITH_AIXAUTHENTICATE |
72 | # include <login.h> | 72 | # include <login.h> |
73 | #endif | 73 | #endif |
74 | #ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW | 74 | #ifdef __hpux |
75 | # include <hpsecurity.h> | 75 | # include <hpsecurity.h> |
76 | # include <prot.h> | 76 | # include <prot.h> |
77 | #endif | 77 | #endif |
78 | #ifdef HAVE_SHADOW_H | 78 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
79 | # include <shadow.h> | 79 | # include <shadow.h> |
80 | #endif | 80 | #endif |
81 | #ifdef HAVE_GETPWANAM | 81 | #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) |
82 | # include <sys/label.h> | 82 | # include <sys/label.h> |
83 | # include <sys/audit.h> | 83 | # include <sys/audit.h> |
84 | # include <pwdadj.h> | 84 | # include <pwdadj.h> |
@@ -105,10 +105,13 @@ auth_password(struct passwd * pw, const char *password) | |||
105 | char *encrypted_password; | 105 | char *encrypted_password; |
106 | char *pw_password; | 106 | char *pw_password; |
107 | char *salt; | 107 | char *salt; |
108 | #ifdef HAVE_SHADOW_H | 108 | #ifdef __hpux |
109 | struct pr_passwd *spw; | ||
110 | #endif | ||
111 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | ||
109 | struct spwd *spw; | 112 | struct spwd *spw; |
110 | #endif | 113 | #endif |
111 | #ifdef HAVE_GETPWANAM | 114 | #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) |
112 | struct passwd_adjunct *spw; | 115 | struct passwd_adjunct *spw; |
113 | #endif | 116 | #endif |
114 | # ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW | 117 | # ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW |
@@ -170,38 +173,29 @@ auth_password(struct passwd * pw, const char *password) | |||
170 | } | 173 | } |
171 | #endif | 174 | #endif |
172 | 175 | ||
173 | # ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW | ||
174 | prpw = getprpwnam(pw->pw_name); | ||
175 | pw_password = prpw->ufld.fd_encrypt; | ||
176 | #else | ||
177 | pw_password = pw->pw_passwd; | ||
178 | #endif | ||
179 | 176 | ||
180 | /* Check for users with no password. */ | 177 | pw_password = pw->pw_passwd; |
181 | if (strcmp(password, "") == 0 && strcmp(pw_password, "") == 0) | ||
182 | return 1; | ||
183 | 178 | ||
179 | /* | ||
180 | * Various interfaces to shadow or protected password data | ||
181 | */ | ||
184 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | 182 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
185 | spw = getspnam(pw->pw_name); | 183 | spw = getspnam(pw->pw_name); |
186 | if (spw != NULL) | 184 | if (spw != NULL) |
187 | { | ||
188 | /* Check for users with no password. */ | ||
189 | if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0) | ||
190 | return 1; | ||
191 | |||
192 | pw_password = spw->sp_pwdp; | 185 | pw_password = spw->sp_pwdp; |
193 | } | ||
194 | #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ | 186 | #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ |
195 | #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) | 187 | #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) |
196 | if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) | 188 | if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) |
197 | { | ||
198 | /* Check for users with no password. */ | ||
199 | if (strcmp(password, "") == 0 && strcmp(spw->pwa_passwd, "") == 0) | ||
200 | return 1; | ||
201 | |||
202 | pw_password = spw->pwa_passwd; | 189 | pw_password = spw->pwa_passwd; |
203 | } | ||
204 | #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ | 190 | #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ |
191 | #if defined(__hpux) | ||
192 | if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) | ||
193 | pw_password = spw->ufld.fd_encrypt; | ||
194 | #endif /* defined(__hpux) */ | ||
195 | |||
196 | /* Check for users with no password. */ | ||
197 | if ((password[0] == '\0') && (pw_password[0] == '\0')) | ||
198 | return 1; | ||
205 | 199 | ||
206 | if (pw_password[0] != '\0') | 200 | if (pw_password[0] != '\0') |
207 | salt = pw_password; | 201 | salt = pw_password; |
@@ -214,11 +208,14 @@ auth_password(struct passwd * pw, const char *password) | |||
214 | else | 208 | else |
215 | encrypted_password = crypt(password, salt); | 209 | encrypted_password = crypt(password, salt); |
216 | #else /* HAVE_MD5_PASSWORDS */ | 210 | #else /* HAVE_MD5_PASSWORDS */ |
217 | # ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW | 211 | # ifdef __hpux |
218 | encrypted_password = bigcrypt(password, salt); | 212 | if (iscomsec()) |
213 | encrypted_password = bigcrypt(password, salt); | ||
214 | else | ||
215 | encrypted_password = crypt(password, salt); | ||
219 | # else | 216 | # else |
220 | encrypted_password = crypt(password, salt); | 217 | encrypted_password = crypt(password, salt); |
221 | # endif /* HAVE_HPUX_TRUSTED_SYSTEM_PW */ | 218 | # endif /* __hpux */ |
222 | #endif /* HAVE_MD5_PASSWORDS */ | 219 | #endif /* HAVE_MD5_PASSWORDS */ |
223 | 220 | ||
224 | /* Authentication is accepted if the encrypted passwords are identical. */ | 221 | /* Authentication is accepted if the encrypted passwords are identical. */ |
diff --git a/configure.in b/configure.in index d509619ff..3850d3a9c 100644 --- a/configure.in +++ b/configure.in | |||
@@ -73,16 +73,8 @@ case "$host" in | |||
73 | CFLAGS="$CFLAGS -D_HPUX_SOURCE" | 73 | CFLAGS="$CFLAGS -D_HPUX_SOURCE" |
74 | IPADDR_IN_DISPLAY=yes | 74 | IPADDR_IN_DISPLAY=yes |
75 | AC_DEFINE(USE_PIPES) | 75 | AC_DEFINE(USE_PIPES) |
76 | AC_MSG_CHECKING(for HPUX trusted system password database) | 76 | AC_DEFINE(DISABLE_SHADOW) |
77 | if test -f /tcb/files/auth/system/default; then | 77 | LIBS="$LIBS -lsec" |
78 | AC_MSG_RESULT(yes) | ||
79 | AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW) | ||
80 | LIBS="$LIBS -lsec" | ||
81 | AC_MSG_WARN([This configuration is untested]) | ||
82 | else | ||
83 | AC_MSG_RESULT(no) | ||
84 | AC_DEFINE(DISABLE_SHADOW) | ||
85 | fi | ||
86 | MANTYPE='$(CATMAN)' | 78 | MANTYPE='$(CATMAN)' |
87 | mansubdir=cat | 79 | mansubdir=cat |
88 | ;; | 80 | ;; |
@@ -90,16 +82,8 @@ case "$host" in | |||
90 | CFLAGS="$CFLAGS -D_HPUX_SOURCE" | 82 | CFLAGS="$CFLAGS -D_HPUX_SOURCE" |
91 | IPADDR_IN_DISPLAY=yes | 83 | IPADDR_IN_DISPLAY=yes |
92 | AC_DEFINE(USE_PIPES) | 84 | AC_DEFINE(USE_PIPES) |
93 | AC_MSG_CHECKING(for HPUX trusted system password database) | 85 | AC_DEFINE(DISABLE_SHADOW) |
94 | if test -f /tcb/files/auth/system/default; then | 86 | LIBS="$LIBS -lsec" |
95 | AC_MSG_RESULT(yes) | ||
96 | AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW) | ||
97 | LIBS="$LIBS -lsec" | ||
98 | AC_MSG_WARN([This configuration is untested]) | ||
99 | else | ||
100 | AC_MSG_RESULT(no) | ||
101 | AC_DEFINE(DISABLE_SHADOW) | ||
102 | fi | ||
103 | MANTYPE='$(CATMAN)' | 87 | MANTYPE='$(CATMAN)' |
104 | mansubdir=cat | 88 | mansubdir=cat |
105 | ;; | 89 | ;; |