diff options
Diffstat (limited to 'openbsd-compat/port-uw.c')
-rw-r--r-- | openbsd-compat/port-uw.c | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index cbc3f686b..d881ff028 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c | |||
@@ -25,7 +25,7 @@ | |||
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | 27 | ||
28 | #ifdef UNIXWARE_LONG_PASSWORDS | 28 | #if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) |
29 | #ifdef HAVE_CRYPT_H | 29 | #ifdef HAVE_CRYPT_H |
30 | #include <crypt.h> | 30 | #include <crypt.h> |
31 | #endif | 31 | #endif |
@@ -44,6 +44,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) | |||
44 | struct passwd *pw = authctxt->pw; | 44 | struct passwd *pw = authctxt->pw; |
45 | char *encrypted_password; | 45 | char *encrypted_password; |
46 | char *salt; | 46 | char *salt; |
47 | int result; | ||
47 | 48 | ||
48 | /* Just use the supplied fake password if authctxt is invalid */ | 49 | /* Just use the supplied fake password if authctxt is invalid */ |
49 | char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; | 50 | char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; |
@@ -52,13 +53,27 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) | |||
52 | if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) | 53 | if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) |
53 | return (1); | 54 | return (1); |
54 | 55 | ||
56 | /* Encrypt the candidate password using the proper salt. */ | ||
55 | salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; | 57 | salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; |
56 | if (nischeck(pw->pw_name)) | 58 | #ifdef UNIXWARE_LONG_PASSWORDS |
57 | return(strcmp(crypt(password, salt), pw_password) == 0); | 59 | if (!nischeck(pw->pw_name)) |
60 | encrypted_password = bigcrypt(password, salt); | ||
58 | else | 61 | else |
59 | return(strcmp(bigcrypt(password, salt), pw_password) == 0); | 62 | #endif /* UNIXWARE_LONG_PASSWORDS */ |
63 | encrypted_password = xcrypt(password, salt); | ||
64 | |||
65 | /* | ||
66 | * Authentication is accepted if the encrypted passwords | ||
67 | * are identical. | ||
68 | */ | ||
69 | result = (strcmp(encrypted_password, pw_password) == 0); | ||
70 | |||
71 | if (authctxt->valid) | ||
72 | free(pw_password); | ||
73 | return(result); | ||
60 | } | 74 | } |
61 | 75 | ||
76 | #ifdef UNIXWARE_LONG_PASSWORDS | ||
62 | int | 77 | int |
63 | nischeck(char *namep) | 78 | nischeck(char *namep) |
64 | { | 79 | { |
@@ -94,7 +109,11 @@ nischeck(char *namep) | |||
94 | 109 | ||
95 | #endif /* UNIXWARE_LONG_PASSWORDS */ | 110 | #endif /* UNIXWARE_LONG_PASSWORDS */ |
96 | 111 | ||
97 | #ifdef HAVE_LIBIAF | 112 | /* |
113 | NOTE: ia_get_logpwd() allocates memory for arg 2 | ||
114 | functions that call shadow_pw() will need to free | ||
115 | */ | ||
116 | |||
98 | char * | 117 | char * |
99 | get_iaf_password(struct passwd *pw) | 118 | get_iaf_password(struct passwd *pw) |
100 | { | 119 | { |
@@ -104,12 +123,12 @@ get_iaf_password(struct passwd *pw) | |||
104 | if (!ia_openinfo(pw->pw_name,&uinfo)) { | 123 | if (!ia_openinfo(pw->pw_name,&uinfo)) { |
105 | ia_get_logpwd(uinfo, &pw_password); | 124 | ia_get_logpwd(uinfo, &pw_password); |
106 | if (pw_password == NULL) | 125 | if (pw_password == NULL) |
107 | fatal("Unable to get the shadow passwd"); | 126 | fatal("ia_get_logpwd: Unable to get the shadow passwd"); |
108 | ia_closeinfo(uinfo); | 127 | ia_closeinfo(uinfo); |
109 | return pw_password; | 128 | return pw_password; |
110 | } | 129 | } |
111 | else | 130 | else |
112 | fatal("Unable to open the shadow passwd file"); | 131 | fatal("ia_openinfo: Unable to open the shadow passwd file"); |
113 | } | 132 | } |
114 | #endif /* HAVE_LIBIAF */ | 133 | #endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ |
115 | 134 | ||