13 files changed, 189 insertions, 7 deletions
diff --git a/CREDITS b/CREDITS
index 2a77b8729..82b9f2210 100644
--- a/CREDITS
+++ b/CREDITS
@@ -3,6 +3,7 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
 Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
 Theo de Raadt, and Dug Song - Creators of OpenSSH
+Ahsan Rashid <arms@sco.com> - UnixWare long passwords
 Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
 Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
 Andre Lucas <andre@ae-35.com> - new login code, many fixes
@@ -32,6 +33,7 @@ David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
 David Hesprich <darkgrue@gue-tech.org> - Configure fixes
 David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
 Dag-Erling Sm�rgrav <des at freebsd.org> - Challenge-Response PAM code.
+Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
 Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
 Garrick James <garrick@james.net> - configure fixes
 Gary E. Miller <gem@rellim.com> - SCO support
@@ -98,5 +100,5 @@ Apologies to anyone I have missed.
 Damien Miller <djm@mindrot.org>
-$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $
+$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $
diff --git a/ChangeLog b/ChangeLog
index 5c9182c23..d0ef8312e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+20050826
+ - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
+   openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
+   openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
+   openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
+   on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
+   by tim@. Feedback and OK dtucker@
 20050823
 - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
   qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
@@ -2953,4 +2961,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3878 2005/08/24 00:18:21 tim Exp $
+$Id: ChangeLog,v 1.3879 2005/08/26 20:15:19 tim Exp $
diff --git a/LICENCE b/LICENCE
index 5def839e5..ac3634f22 100644
--- a/LICENCE
+++ b/LICENCE
@@ -204,6 +204,7 @@ OpenSSH contains no GPL code.
        William Jones
        Darren Tucker
        Sun Microsystems
+        The SCO Group
     * Redistribution and use in source and binary forms, with or without
     * modification, are permitted provided that the following conditions
diff --git a/auth.c b/auth.c
index 82fe8f06b..d62d8ff22 100644
--- a/auth.c
+++ b/auth.c
@@ -97,7 +97,11 @@ allowed_user(struct passwd * pw)
        /* grab passwd field for locked account check */
 #ifdef USE_SHADOW
        if (spw != NULL)
+#ifdef HAVE_LIBIAF
+                passwd = get_iaf_password(pw);
+#else
                passwd = spw->sp_pwdp;
+#endif /* HAVE_LIBIAF */
 #else
        passwd = pw->pw_passwd;
 #endif
diff --git a/configure.ac b/configure.ac
index f1588c693..c9c8218d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.288 2005/08/24 00:11:26 tim Exp $
+# $Id: configure.ac,v 1.289 2005/08/26 20:15:20 tim Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -446,6 +446,8 @@ mips-sony-bsd|mips-sony-newsos4)
        ;;
 # UnixWare 7.x, OpenUNIX 8
 *-*-sysv5*)
+        check_for_libcrypt_later=1
+        AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
        AC_DEFINE(USE_PIPES)
        AC_DEFINE(SETEUID_BREAKS_SETUID)
        AC_DEFINE(BROKEN_SETREUID)
@@ -643,6 +645,7 @@ AC_CHECK_HEADERS( \
        getopt.h \
        glob.h \
        ia.h \
+        iaf.h \
        lastlog.h \
        limits.h \
        login.h \
@@ -1721,6 +1724,7 @@ if test "x$check_for_libcrypt_later" = "x1"; then
        AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
 fi
+AC_CHECK_LIB(iaf, ia_openinfo)
 ### Configure cryptographic random number support
diff --git a/defines.h b/defines.h
index 670fc3fe5..8d3617d06 100644
--- a/defines.h
+++ b/defines.h
@@ -25,7 +25,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
-/* $Id: defines.h,v 1.125 2005/08/24 00:18:21 tim Exp $ */
+/* $Id: defines.h,v 1.126 2005/08/26 20:15:20 tim Exp $ */
 /* Constants */
@@ -688,6 +688,10 @@ struct winsize {
 # define CUSTOM_SYS_AUTH_PASSWD 1
 #endif
+#ifdef UNIXWARE_LONG_PASSWORDS
+# define CUSTOM_SYS_AUTH_PASSWD 1
+#endif
 /* HP-UX 11.11 */
 #ifdef BTMP_FILE
 # define _PATH_BTMP BTMP_FILE
diff --git a/includes.h b/includes.h
index 9408fec9a..fa65aa38d 100644
--- a/includes.h
+++ b/includes.h
@@ -169,6 +169,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
 # include <ia.h>
 #endif
+#ifdef HAVE_IAF_H
+# include <iaf.h>
+#endif
 #ifdef HAVE_TMPDIR_H
 # include <tmpdir.h>
 #endif
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index c6e08867c..6f5ee2845 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $
+# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl
 COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
-PORTS=port-irix.o port-aix.o
+PORTS=port-irix.o port-aix.o port-uw.o
 .c.o:
        $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index e66f5ec55..ba68bc27e 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.29 2005/06/17 11:15:21 dtucker Exp $ */
+/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */
 /*
 * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -173,5 +173,6 @@ char *shadow_pw(struct passwd *pw);
 #include "bsd-cygwin_util.h"
 #include "port-irix.h"
 #include "port-aix.h"
+#include "port-uw.h"
 #endif /* _OPENBSD_COMPAT_H */
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c
new file mode 100644
index 000000000..cbc3f686b
--- /dev/null
+++ b/openbsd-compat/port-uw.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2005 The SCO Group. All rights reserved.
+ * Copyright (c) 2005 Tim Rice. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+#ifdef UNIXWARE_LONG_PASSWORDS
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#include "packet.h"
+#include "buffer.h"
+#include "log.h"
+#include "servconf.h"
+#include "auth.h"
+#include "auth-options.h"
+int nischeck(char *);
+int
+sys_auth_passwd(Authctxt *authctxt, const char *password)
+{
+        struct passwd *pw = authctxt->pw;
+        char *encrypted_password;
+        char *salt;
+        /* Just use the supplied fake password if authctxt is invalid */
+        char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
+        /* Check for users with no password. */
+        if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
+                return (1);
+        salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
+        if (nischeck(pw->pw_name))
+                return(strcmp(crypt(password, salt), pw_password) == 0);
+        else
+                return(strcmp(bigcrypt(password, salt), pw_password) == 0);
+}
+int
+nischeck(char *namep)
+{
+        char password_file[] = "/etc/passwd";
+        FILE *fd;
+        struct passwd *ent = NULL;
+        if ((fd = fopen (password_file, "r")) == NULL) {
+                /*
+                 * If the passwd file has dissapeared we are in a bad state.
+                 * However, returning 0 will send us back through the
+                 * authentication scheme that has checked the ia database for
+                 * passwords earlier.
+                 */
+                return(0);
+        }
+        /*
+         * fgetpwent() only reads from password file, so we know for certain
+         * that the user is local.
+         */
+        while (ent = fgetpwent(fd)) {
+                if (strcmp (ent->pw_name, namep) == 0) {
+                        /* Local user */
+                        fclose (fd);
+                        return(0);
+                }
+        }
+        fclose (fd);
+        return (1);
+}
+#endif /* UNIXWARE_LONG_PASSWORDS */
+#ifdef HAVE_LIBIAF
+char *
+get_iaf_password(struct passwd *pw)
+{
+        char *pw_password = NULL;
+        uinfo_t uinfo;
+        if (!ia_openinfo(pw->pw_name,&uinfo)) {
+                ia_get_logpwd(uinfo, &pw_password);
+                if (pw_password == NULL)
+                        fatal("Unable to get the shadow passwd");
+                ia_closeinfo(uinfo);
+                return pw_password;
+        }
+        else
+                fatal("Unable to open the shadow passwd file");
+}
+#endif /* HAVE_LIBIAF */
diff --git a/openbsd-compat/port-uw.h b/openbsd-compat/port-uw.h
new file mode 100644
index 000000000..f16bb5e5c
--- /dev/null
+++ b/openbsd-compat/port-uw.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2005 Tim Rice.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+#ifdef HAVE_LIBIAF
+char * get_iaf_password(struct passwd *pw);
+#endif /* HAVE_LIBIAF */
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index c3cea3c86..453203270 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -91,7 +91,11 @@ shadow_pw(struct passwd *pw)
        struct spwd *spw = getspnam(pw->pw_name);
        if (spw != NULL)
+#ifdef HAVE_LIBIAF
+                pw_password = get_iaf_password(pw);
+#else
                pw_password = spw->sp_pwdp;
+#endif /* HAVE_LIBIAF */
 # endif
 # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
        struct passwd_adjunct *spw;
diff --git a/session.c b/session.c
index 95084aec6..98bd3121c 100644
--- a/session.c
+++ b/session.c
@@ -1334,6 +1334,11 @@ do_setusercontext(struct passwd *pw)
 # ifdef _AIX
                aix_usrinfo(pw);
 # endif /* _AIX */
+# ifdef HAVE_LIBIAF
+                if (set_id(pw->pw_name) != 0) {
+                        exit(1);
+                }
+# endif
                /* Permanently switch to the desired uid. */
                permanently_set_uid(pw);
 #endif

diff --git a/CREDITS b/CREDITS index 2a77b8729..82b9f2210 100644 --- a/CREDITS +++ b/CREDITS
@@ -3,6 +3,7 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
3	Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,	3	Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
4	Theo de Raadt, and Dug Song - Creators of OpenSSH	4	Theo de Raadt, and Dug Song - Creators of OpenSSH
5		5
		6	Ahsan Rashid <arms@sco.com> - UnixWare long passwords
6	Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix	7	Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
7	Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes	8	Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
8	Andre Lucas <andre@ae-35.com> - new login code, many fixes	9	Andre Lucas <andre@ae-35.com> - new login code, many fixes
@@ -32,6 +33,7 @@ David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
32	David Hesprich <darkgrue@gue-tech.org> - Configure fixes	33	David Hesprich <darkgrue@gue-tech.org> - Configure fixes
33	David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes	34	David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
34	Dag-Erling Sm�rgrav <des at freebsd.org> - Challenge-Response PAM code.	35	Dag-Erling Sm�rgrav <des at freebsd.org> - Challenge-Response PAM code.
		36	Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
35	Ed Eden <ede370@stl.rural.usda.gov> - configure fixes	37	Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
36	Garrick James <garrick@james.net> - configure fixes	38	Garrick James <garrick@james.net> - configure fixes
37	Gary E. Miller <gem@rellim.com> - SCO support	39	Gary E. Miller <gem@rellim.com> - SCO support
@@ -98,5 +100,5 @@ Apologies to anyone I have missed.
98		100
99	Damien Miller <djm@mindrot.org>	101	Damien Miller <djm@mindrot.org>
100		102
101	$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $	103	$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $
102		104


diff --git a/ChangeLog b/ChangeLog index 5c9182c23..d0ef8312e 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,11 @@
		1	20050826
		2	- (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
		3	openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
		4	openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
		5	openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
		6	on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
		7	by tim@. Feedback and OK dtucker@
		8
1	20050823	9	20050823
2	- (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-	10	- (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
3	qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"	11	qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
@@ -2953,4 +2961,4 @@
2953	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	2961	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
2954	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	2962	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2955		2963
2956	$Id: ChangeLog,v 1.3878 2005/08/24 00:18:21 tim Exp $	2964	$Id: ChangeLog,v 1.3879 2005/08/26 20:15:19 tim Exp $


diff --git a/LICENCE b/LICENCE index 5def839e5..ac3634f22 100644 --- a/LICENCE +++ b/LICENCE
@@ -204,6 +204,7 @@ OpenSSH contains no GPL code.
204	William Jones	204	William Jones
205	Darren Tucker	205	Darren Tucker
206	Sun Microsystems	206	Sun Microsystems
		207	The SCO Group
207		208
208	* Redistribution and use in source and binary forms, with or without	209	* Redistribution and use in source and binary forms, with or without
209	* modification, are permitted provided that the following conditions	210	* modification, are permitted provided that the following conditions


diff --git a/auth.c b/auth.c index 82fe8f06b..d62d8ff22 100644 --- a/auth.c +++ b/auth.c
@@ -97,7 +97,11 @@ allowed_user(struct passwd * pw)
97	/* grab passwd field for locked account check */	97	/* grab passwd field for locked account check */
98	#ifdef USE_SHADOW	98	#ifdef USE_SHADOW
99	if (spw != NULL)	99	if (spw != NULL)
		100	#ifdef HAVE_LIBIAF
		101	passwd = get_iaf_password(pw);
		102	#else
100	passwd = spw->sp_pwdp;	103	passwd = spw->sp_pwdp;
		104	#endif /* HAVE_LIBIAF */
101	#else	105	#else
102	passwd = pw->pw_passwd;	106	passwd = pw->pw_passwd;
103	#endif	107	#endif


diff --git a/configure.ac b/configure.ac index f1588c693..c9c8218d3 100644 --- a/configure.ac +++ b/configure.ac
@@ -1,4 +1,4 @@
1	# $Id: configure.ac,v 1.288 2005/08/24 00:11:26 tim Exp $	1	# $Id: configure.ac,v 1.289 2005/08/26 20:15:20 tim Exp $
2	#	2	#
3	# Copyright (c) 1999-2004 Damien Miller	3	# Copyright (c) 1999-2004 Damien Miller
4	#	4	#
@@ -446,6 +446,8 @@ mips-sony-bsd\|mips-sony-newsos4)
446	;;	446	;;
447	# UnixWare 7.x, OpenUNIX 8	447	# UnixWare 7.x, OpenUNIX 8
448	--sysv5*)	448	--sysv5*)
		449	check_for_libcrypt_later=1
		450	AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
449	AC_DEFINE(USE_PIPES)	451	AC_DEFINE(USE_PIPES)
450	AC_DEFINE(SETEUID_BREAKS_SETUID)	452	AC_DEFINE(SETEUID_BREAKS_SETUID)
451	AC_DEFINE(BROKEN_SETREUID)	453	AC_DEFINE(BROKEN_SETREUID)
@@ -643,6 +645,7 @@ AC_CHECK_HEADERS( \
643	getopt.h \	645	getopt.h \
644	glob.h \	646	glob.h \
645	ia.h \	647	ia.h \
		648	iaf.h \
646	lastlog.h \	649	lastlog.h \
647	limits.h \	650	limits.h \
648	login.h \	651	login.h \
@@ -1721,6 +1724,7 @@ if test "x$check_for_libcrypt_later" = "x1"; then
1721	AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")	1724	AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1722	fi	1725	fi
1723		1726
		1727	AC_CHECK_LIB(iaf, ia_openinfo)
1724		1728
1725	### Configure cryptographic random number support	1729	### Configure cryptographic random number support
1726		1730


diff --git a/defines.h b/defines.h index 670fc3fe5..8d3617d06 100644 --- a/defines.h +++ b/defines.h
@@ -25,7 +25,7 @@
25	#ifndef _DEFINES_H	25	#ifndef _DEFINES_H
26	#define _DEFINES_H	26	#define _DEFINES_H
27		27
28	/* $Id: defines.h,v 1.125 2005/08/24 00:18:21 tim Exp $ */	28	/* $Id: defines.h,v 1.126 2005/08/26 20:15:20 tim Exp $ */
29		29
30		30
31	/* Constants */	31	/* Constants */
@@ -688,6 +688,10 @@ struct winsize {
688	# define CUSTOM_SYS_AUTH_PASSWD 1	688	# define CUSTOM_SYS_AUTH_PASSWD 1
689	#endif	689	#endif
690		690
		691	#ifdef UNIXWARE_LONG_PASSWORDS
		692	# define CUSTOM_SYS_AUTH_PASSWD 1
		693	#endif
		694
691	/* HP-UX 11.11 */	695	/* HP-UX 11.11 */
692	#ifdef BTMP_FILE	696	#ifdef BTMP_FILE
693	# define _PATH_BTMP BTMP_FILE	697	# define _PATH_BTMP BTMP_FILE


diff --git a/includes.h b/includes.h index 9408fec9a..fa65aa38d 100644 --- a/includes.h +++ b/includes.h
@@ -169,6 +169,10 @@ static /*/const char const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
169	# include <ia.h>	169	# include <ia.h>
170	#endif	170	#endif
171		171
		172	#ifdef HAVE_IAF_H
		173	# include <iaf.h>
		174	#endif
		175
172	#ifdef HAVE_TMPDIR_H	176	#ifdef HAVE_TMPDIR_H
173	# include <tmpdir.h>	177	# include <tmpdir.h>
174	#endif	178	#endif


diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index c6e08867c..6f5ee2845 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1	# $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $	1	# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $
2		2
3	sysconfdir=@sysconfdir@	3	sysconfdir=@sysconfdir@
4	piddir=@piddir@	4	piddir=@piddir@
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl
20		20
21	COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22
23	PORTS=port-irix.o port-aix.o	23	PORTS=port-irix.o port-aix.o port-uw.o
24		24
25	.c.o:	25	.c.o:
26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<	26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<


diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index e66f5ec55..ba68bc27e 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
1	/* $Id: openbsd-compat.h,v 1.29 2005/06/17 11:15:21 dtucker Exp $ */	1	/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 1999-2003 Damien Miller. All rights reserved.	4	* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -173,5 +173,6 @@ char shadow_pw(struct passwd pw);
173	#include "bsd-cygwin_util.h"	173	#include "bsd-cygwin_util.h"
174	#include "port-irix.h"	174	#include "port-irix.h"
175	#include "port-aix.h"	175	#include "port-aix.h"
		176	#include "port-uw.h"
176		177
177	#endif /* _OPENBSD_COMPAT_H */	178	#endif /* _OPENBSD_COMPAT_H */


diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c new file mode 100644 index 000000000..cbc3f686b --- /dev/null +++ b/openbsd-compat/port-uw.c
@@ -0,0 +1,115 @@
		1	/*
		2	* Copyright (c) 2005 The SCO Group. All rights reserved.
		3	* Copyright (c) 2005 Tim Rice. All rights reserved.
		4	*
		5	* Redistribution and use in source and binary forms, with or without
		6	* modification, are permitted provided that the following conditions
		7	* are met:
		8	* 1. Redistributions of source code must retain the above copyright
		9	* notice, this list of conditions and the following disclaimer.
		10	* 2. Redistributions in binary form must reproduce the above copyright
		11	* notice, this list of conditions and the following disclaimer in the
		12	* documentation and/or other materials provided with the distribution.
		13	*
		14	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
		15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
		16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
		17	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
		18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
		20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
		21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
		22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
		23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
		24	*/
		25
		26	#include "includes.h"
		27
		28	#ifdef UNIXWARE_LONG_PASSWORDS
		29	#ifdef HAVE_CRYPT_H
		30	#include <crypt.h>
		31	#endif
		32	#include "packet.h"
		33	#include "buffer.h"
		34	#include "log.h"
		35	#include "servconf.h"
		36	#include "auth.h"
		37	#include "auth-options.h"
		38
		39	int nischeck(char *);
		40
		41	int
		42	sys_auth_passwd(Authctxt authctxt, const char password)
		43	{
		44	struct passwd *pw = authctxt->pw;
		45	char *encrypted_password;
		46	char *salt;
		47
		48	/* Just use the supplied fake password if authctxt is invalid */
		49	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
		50
		51	/* Check for users with no password. */
		52	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
		53	return (1);
		54
		55	salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
		56	if (nischeck(pw->pw_name))
		57	return(strcmp(crypt(password, salt), pw_password) == 0);
		58	else
		59	return(strcmp(bigcrypt(password, salt), pw_password) == 0);
		60	}
		61
		62	int
		63	nischeck(char *namep)
		64	{
		65	char password_file[] = "/etc/passwd";
		66	FILE *fd;
		67	struct passwd *ent = NULL;
		68
		69	if ((fd = fopen (password_file, "r")) == NULL) {
		70	/*
		71	* If the passwd file has dissapeared we are in a bad state.
		72	* However, returning 0 will send us back through the
		73	* authentication scheme that has checked the ia database for
		74	* passwords earlier.
		75	*/
		76	return(0);
		77	}
		78
		79	/*
		80	* fgetpwent() only reads from password file, so we know for certain
		81	* that the user is local.
		82	*/
		83	while (ent = fgetpwent(fd)) {
		84	if (strcmp (ent->pw_name, namep) == 0) {
		85	/* Local user */
		86	fclose (fd);
		87	return(0);
		88	}
		89	}
		90
		91	fclose (fd);
		92	return (1);
		93	}
		94
		95	#endif /* UNIXWARE_LONG_PASSWORDS */
		96
		97	#ifdef HAVE_LIBIAF
		98	char *
		99	get_iaf_password(struct passwd *pw)
		100	{
		101	char *pw_password = NULL;
		102
		103	uinfo_t uinfo;
		104	if (!ia_openinfo(pw->pw_name,&uinfo)) {
		105	ia_get_logpwd(uinfo, &pw_password);
		106	if (pw_password == NULL)
		107	fatal("Unable to get the shadow passwd");
		108	ia_closeinfo(uinfo);
		109	return pw_password;
		110	}
		111	else
		112	fatal("Unable to open the shadow passwd file");
		113	}
		114	#endif /* HAVE_LIBIAF */
		115


diff --git a/openbsd-compat/port-uw.h b/openbsd-compat/port-uw.h new file mode 100644 index 000000000..f16bb5e5c --- /dev/null +++ b/openbsd-compat/port-uw.h
@@ -0,0 +1,30 @@
		1	/*
		2	* Copyright (c) 2005 Tim Rice. All rights reserved.
		3	*
		4	* Redistribution and use in source and binary forms, with or without
		5	* modification, are permitted provided that the following conditions
		6	* are met:
		7	* 1. Redistributions of source code must retain the above copyright
		8	* notice, this list of conditions and the following disclaimer.
		9	* 2. Redistributions in binary form must reproduce the above copyright
		10	* notice, this list of conditions and the following disclaimer in the
		11	* documentation and/or other materials provided with the distribution.
		12	*
		13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
		14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
		15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
		16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
		17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
		19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
		20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
		21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
		22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
		23	*/
		24
		25	#include "includes.h"
		26
		27	#ifdef HAVE_LIBIAF
		28	char * get_iaf_password(struct passwd *pw);
		29	#endif /* HAVE_LIBIAF */
		30


diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index c3cea3c86..453203270 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c
@@ -91,7 +91,11 @@ shadow_pw(struct passwd *pw)
91	struct spwd *spw = getspnam(pw->pw_name);	91	struct spwd *spw = getspnam(pw->pw_name);
92		92
93	if (spw != NULL)	93	if (spw != NULL)
		94	#ifdef HAVE_LIBIAF
		95	pw_password = get_iaf_password(pw);
		96	#else
94	pw_password = spw->sp_pwdp;	97	pw_password = spw->sp_pwdp;
		98	#endif /* HAVE_LIBIAF */
95	# endif	99	# endif
96	# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)	100	# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
97	struct passwd_adjunct *spw;	101	struct passwd_adjunct *spw;


diff --git a/session.c b/session.c index 95084aec6..98bd3121c 100644 --- a/session.c +++ b/session.c
@@ -1334,6 +1334,11 @@ do_setusercontext(struct passwd *pw)
1334	# ifdef _AIX	1334	# ifdef _AIX
1335	aix_usrinfo(pw);	1335	aix_usrinfo(pw);
1336	# endif /* _AIX */	1336	# endif /* _AIX */
		1337	# ifdef HAVE_LIBIAF
		1338	if (set_id(pw->pw_name) != 0) {
		1339	exit(1);
		1340	}
		1341	# endif
1337	/* Permanently switch to the desired uid. */	1342	/* Permanently switch to the desired uid. */
1338	permanently_set_uid(pw);	1343	permanently_set_uid(pw);
1339	#endif	1344	#endif