diff options
| author | Damien Miller <djm@mindrot.org> | 2000-09-16 15:55:52 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-09-16 15:55:52 +1100 |
| commit | 8a1e6a629e6c712a0f24451b93c293536ad864e6 (patch) | |
| tree | 8ebdc7b283b38fcb6c906387dc5c424862953559 | |
| parent | 606f880e0fd1a31f5beb3b37ece0c12317a9ed61 (diff) | |
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
Kevin Steves <stevesk@sweden.hp.com>
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | acconfig.h | 3 | ||||
| -rw-r--r-- | auth-passwd.c | 55 | ||||
| -rw-r--r-- | configure.in | 24 |
4 files changed, 32 insertions, 52 deletions
@@ -1,4 +1,6 @@ 20000916 + - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from + Kevin Steves <stevesk@sweden.hp.com> - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz> - (djm) Re-enable int64_t types - we need them for sftp - (djm) Use libexecdir from configure , rather than libexecdir/ssh @@ -186,9 +186,6 @@ /* Define if you want to use shadow password expire field */ #undef HAS_SHADOW_EXPIRE -/* Define if you want have trusted HPUX */ -#undef HAVE_HPUX_TRUSTED_SYSTEM_PW - /* Define if you have Digital Unix Security Integration Architecture */ #undef HAVE_OSF_SIA diff --git a/auth-passwd.c b/auth-passwd.c index 055a0362..c6fdc82d 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -71,14 +71,14 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.17 2000/09/07 20:27:49 deraadt Exp $"); #ifdef WITH_AIXAUTHENTICATE # include <login.h> #endif -#ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW +#ifdef __hpux # include <hpsecurity.h> # include <prot.h> #endif -#ifdef HAVE_SHADOW_H +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) # include <shadow.h> #endif -#ifdef HAVE_GETPWANAM +#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) # include <sys/label.h> # include <sys/audit.h> # include <pwdadj.h> @@ -105,10 +105,13 @@ auth_password(struct passwd * pw, const char *password) char *encrypted_password; char *pw_password; char *salt; -#ifdef HAVE_SHADOW_H +#ifdef __hpux + struct pr_passwd *spw; +#endif +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) struct spwd *spw; #endif -#ifdef HAVE_GETPWANAM +#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) struct passwd_adjunct *spw; #endif # ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW @@ -170,38 +173,29 @@ auth_password(struct passwd * pw, const char *password) } #endif -# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW - prpw = getprpwnam(pw->pw_name); - pw_password = prpw->ufld.fd_encrypt; -#else - pw_password = pw->pw_passwd; -#endif - /* Check for users with no password. */ - if (strcmp(password, "") == 0 && strcmp(pw_password, "") == 0) - return 1; + pw_password = pw->pw_passwd; + /* + * Various interfaces to shadow or protected password data + */ #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); if (spw != NULL) - { - /* Check for users with no password. */ - if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0) - return 1; - pw_password = spw->sp_pwdp; - } #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) - { - /* Check for users with no password. */ - if (strcmp(password, "") == 0 && strcmp(spw->pwa_passwd, "") == 0) - return 1; - pw_password = spw->pwa_passwd; - } #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ +#if defined(__hpux) + if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) + pw_password = spw->ufld.fd_encrypt; +#endif /* defined(__hpux) */ + + /* Check for users with no password. */ + if ((password[0] == '\0') && (pw_password[0] == '\0')) + return 1; if (pw_password[0] != '\0') salt = pw_password; @@ -214,11 +208,14 @@ auth_password(struct passwd * pw, const char *password) else encrypted_password = crypt(password, salt); #else /* HAVE_MD5_PASSWORDS */ -# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW - encrypted_password = bigcrypt(password, salt); +# ifdef __hpux + if (iscomsec()) + encrypted_password = bigcrypt(password, salt); + else + encrypted_password = crypt(password, salt); # else encrypted_password = crypt(password, salt); -# endif /* HAVE_HPUX_TRUSTED_SYSTEM_PW */ +# endif /* __hpux */ #endif /* HAVE_MD5_PASSWORDS */ /* Authentication is accepted if the encrypted passwords are identical. */ diff --git a/configure.in b/configure.in index d509619f..3850d3a9 100644 --- a/configure.in +++ b/configure.in @@ -73,16 +73,8 @@ case "$host" in CFLAGS="$CFLAGS -D_HPUX_SOURCE" IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) - AC_MSG_CHECKING(for HPUX trusted system password database) - if test -f /tcb/files/auth/system/default; then - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW) - LIBS="$LIBS -lsec" - AC_MSG_WARN([This configuration is untested]) - else - AC_MSG_RESULT(no) - AC_DEFINE(DISABLE_SHADOW) - fi + AC_DEFINE(DISABLE_SHADOW) + LIBS="$LIBS -lsec" MANTYPE='$(CATMAN)' mansubdir=cat ;; @@ -90,16 +82,8 @@ case "$host" in CFLAGS="$CFLAGS -D_HPUX_SOURCE" IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) - AC_MSG_CHECKING(for HPUX trusted system password database) - if test -f /tcb/files/auth/system/default; then - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW) - LIBS="$LIBS -lsec" - AC_MSG_WARN([This configuration is untested]) - else - AC_MSG_RESULT(no) - AC_DEFINE(DISABLE_SHADOW) - fi + AC_DEFINE(DISABLE_SHADOW) + LIBS="$LIBS -lsec" MANTYPE='$(CATMAN)' mansubdir=cat ;; |