diff options
Diffstat (limited to 'openbsd-compat')
-rw-r--r-- | openbsd-compat/port-uw.c | 35 | ||||
-rw-r--r-- | openbsd-compat/port-uw.h | 4 | ||||
-rw-r--r-- | openbsd-compat/xcrypt.c | 9 |
3 files changed, 34 insertions, 14 deletions
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index cbc3f686b..d881ff028 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c | |||
@@ -25,7 +25,7 @@ | |||
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | 27 | ||
28 | #ifdef UNIXWARE_LONG_PASSWORDS | 28 | #if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) |
29 | #ifdef HAVE_CRYPT_H | 29 | #ifdef HAVE_CRYPT_H |
30 | #include <crypt.h> | 30 | #include <crypt.h> |
31 | #endif | 31 | #endif |
@@ -44,6 +44,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) | |||
44 | struct passwd *pw = authctxt->pw; | 44 | struct passwd *pw = authctxt->pw; |
45 | char *encrypted_password; | 45 | char *encrypted_password; |
46 | char *salt; | 46 | char *salt; |
47 | int result; | ||
47 | 48 | ||
48 | /* Just use the supplied fake password if authctxt is invalid */ | 49 | /* Just use the supplied fake password if authctxt is invalid */ |
49 | char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; | 50 | char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; |
@@ -52,13 +53,27 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) | |||
52 | if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) | 53 | if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) |
53 | return (1); | 54 | return (1); |
54 | 55 | ||
56 | /* Encrypt the candidate password using the proper salt. */ | ||
55 | salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; | 57 | salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; |
56 | if (nischeck(pw->pw_name)) | 58 | #ifdef UNIXWARE_LONG_PASSWORDS |
57 | return(strcmp(crypt(password, salt), pw_password) == 0); | 59 | if (!nischeck(pw->pw_name)) |
60 | encrypted_password = bigcrypt(password, salt); | ||
58 | else | 61 | else |
59 | return(strcmp(bigcrypt(password, salt), pw_password) == 0); | 62 | #endif /* UNIXWARE_LONG_PASSWORDS */ |
63 | encrypted_password = xcrypt(password, salt); | ||
64 | |||
65 | /* | ||
66 | * Authentication is accepted if the encrypted passwords | ||
67 | * are identical. | ||
68 | */ | ||
69 | result = (strcmp(encrypted_password, pw_password) == 0); | ||
70 | |||
71 | if (authctxt->valid) | ||
72 | free(pw_password); | ||
73 | return(result); | ||
60 | } | 74 | } |
61 | 75 | ||
76 | #ifdef UNIXWARE_LONG_PASSWORDS | ||
62 | int | 77 | int |
63 | nischeck(char *namep) | 78 | nischeck(char *namep) |
64 | { | 79 | { |
@@ -94,7 +109,11 @@ nischeck(char *namep) | |||
94 | 109 | ||
95 | #endif /* UNIXWARE_LONG_PASSWORDS */ | 110 | #endif /* UNIXWARE_LONG_PASSWORDS */ |
96 | 111 | ||
97 | #ifdef HAVE_LIBIAF | 112 | /* |
113 | NOTE: ia_get_logpwd() allocates memory for arg 2 | ||
114 | functions that call shadow_pw() will need to free | ||
115 | */ | ||
116 | |||
98 | char * | 117 | char * |
99 | get_iaf_password(struct passwd *pw) | 118 | get_iaf_password(struct passwd *pw) |
100 | { | 119 | { |
@@ -104,12 +123,12 @@ get_iaf_password(struct passwd *pw) | |||
104 | if (!ia_openinfo(pw->pw_name,&uinfo)) { | 123 | if (!ia_openinfo(pw->pw_name,&uinfo)) { |
105 | ia_get_logpwd(uinfo, &pw_password); | 124 | ia_get_logpwd(uinfo, &pw_password); |
106 | if (pw_password == NULL) | 125 | if (pw_password == NULL) |
107 | fatal("Unable to get the shadow passwd"); | 126 | fatal("ia_get_logpwd: Unable to get the shadow passwd"); |
108 | ia_closeinfo(uinfo); | 127 | ia_closeinfo(uinfo); |
109 | return pw_password; | 128 | return pw_password; |
110 | } | 129 | } |
111 | else | 130 | else |
112 | fatal("Unable to open the shadow passwd file"); | 131 | fatal("ia_openinfo: Unable to open the shadow passwd file"); |
113 | } | 132 | } |
114 | #endif /* HAVE_LIBIAF */ | 133 | #endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ |
115 | 134 | ||
diff --git a/openbsd-compat/port-uw.h b/openbsd-compat/port-uw.h index f16bb5e5c..3589b2e44 100644 --- a/openbsd-compat/port-uw.h +++ b/openbsd-compat/port-uw.h | |||
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | 26 | ||
27 | #ifdef HAVE_LIBIAF | 27 | #if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) |
28 | char * get_iaf_password(struct passwd *pw); | 28 | char * get_iaf_password(struct passwd *pw); |
29 | #endif /* HAVE_LIBIAF */ | 29 | #endif |
30 | 30 | ||
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 453203270..9afa0b9f2 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c | |||
@@ -91,12 +91,13 @@ shadow_pw(struct passwd *pw) | |||
91 | struct spwd *spw = getspnam(pw->pw_name); | 91 | struct spwd *spw = getspnam(pw->pw_name); |
92 | 92 | ||
93 | if (spw != NULL) | 93 | if (spw != NULL) |
94 | #ifdef HAVE_LIBIAF | ||
95 | pw_password = get_iaf_password(pw); | ||
96 | #else | ||
97 | pw_password = spw->sp_pwdp; | 94 | pw_password = spw->sp_pwdp; |
98 | #endif /* HAVE_LIBIAF */ | ||
99 | # endif | 95 | # endif |
96 | |||
97 | #if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) | ||
98 | return(get_iaf_password(pw)); | ||
99 | #endif | ||
100 | |||
100 | # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) | 101 | # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) |
101 | struct passwd_adjunct *spw; | 102 | struct passwd_adjunct *spw; |
102 | if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) | 103 | if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) |