summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-09-16 15:55:52 +1100
committerDamien Miller <djm@mindrot.org>2000-09-16 15:55:52 +1100
commit8a1e6a629e6c712a0f24451b93c293536ad864e6 (patch)
tree8ebdc7b283b38fcb6c906387dc5c424862953559
parent606f880e0fd1a31f5beb3b37ece0c12317a9ed61 (diff)
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
Kevin Steves <stevesk@sweden.hp.com>
-rw-r--r--ChangeLog2
-rw-r--r--acconfig.h3
-rw-r--r--auth-passwd.c55
-rw-r--r--configure.in24
4 files changed, 32 insertions, 52 deletions
diff --git a/ChangeLog b/ChangeLog
index 55b62623..a8707f45 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
20000916
+ - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
+ Kevin Steves <stevesk@sweden.hp.com>
- (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
- (djm) Re-enable int64_t types - we need them for sftp
- (djm) Use libexecdir from configure , rather than libexecdir/ssh
diff --git a/acconfig.h b/acconfig.h
index d855d887..e129ef33 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -186,9 +186,6 @@
/* Define if you want to use shadow password expire field */
#undef HAS_SHADOW_EXPIRE
-/* Define if you want have trusted HPUX */
-#undef HAVE_HPUX_TRUSTED_SYSTEM_PW
-
/* Define if you have Digital Unix Security Integration Architecture */
#undef HAVE_OSF_SIA
diff --git a/auth-passwd.c b/auth-passwd.c
index 055a0362..c6fdc82d 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -71,14 +71,14 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.17 2000/09/07 20:27:49 deraadt Exp $");
#ifdef WITH_AIXAUTHENTICATE
# include <login.h>
#endif
-#ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
+#ifdef __hpux
# include <hpsecurity.h>
# include <prot.h>
#endif
-#ifdef HAVE_SHADOW_H
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
# include <shadow.h>
#endif
-#ifdef HAVE_GETPWANAM
+#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
# include <sys/label.h>
# include <sys/audit.h>
# include <pwdadj.h>
@@ -105,10 +105,13 @@ auth_password(struct passwd * pw, const char *password)
char *encrypted_password;
char *pw_password;
char *salt;
-#ifdef HAVE_SHADOW_H
+#ifdef __hpux
+ struct pr_passwd *spw;
+#endif
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
struct spwd *spw;
#endif
-#ifdef HAVE_GETPWANAM
+#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
struct passwd_adjunct *spw;
#endif
# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
@@ -170,38 +173,29 @@ auth_password(struct passwd * pw, const char *password)
}
#endif
-# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
- prpw = getprpwnam(pw->pw_name);
- pw_password = prpw->ufld.fd_encrypt;
-#else
- pw_password = pw->pw_passwd;
-#endif
- /* Check for users with no password. */
- if (strcmp(password, "") == 0 && strcmp(pw_password, "") == 0)
- return 1;
+ pw_password = pw->pw_passwd;
+ /*
+ * Various interfaces to shadow or protected password data
+ */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
if (spw != NULL)
- {
- /* Check for users with no password. */
- if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
- return 1;
-
pw_password = spw->sp_pwdp;
- }
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
- {
- /* Check for users with no password. */
- if (strcmp(password, "") == 0 && strcmp(spw->pwa_passwd, "") == 0)
- return 1;
-
pw_password = spw->pwa_passwd;
- }
#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
+#if defined(__hpux)
+ if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
+ pw_password = spw->ufld.fd_encrypt;
+#endif /* defined(__hpux) */
+
+ /* Check for users with no password. */
+ if ((password[0] == '\0') && (pw_password[0] == '\0'))
+ return 1;
if (pw_password[0] != '\0')
salt = pw_password;
@@ -214,11 +208,14 @@ auth_password(struct passwd * pw, const char *password)
else
encrypted_password = crypt(password, salt);
#else /* HAVE_MD5_PASSWORDS */
-# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
- encrypted_password = bigcrypt(password, salt);
+# ifdef __hpux
+ if (iscomsec())
+ encrypted_password = bigcrypt(password, salt);
+ else
+ encrypted_password = crypt(password, salt);
# else
encrypted_password = crypt(password, salt);
-# endif /* HAVE_HPUX_TRUSTED_SYSTEM_PW */
+# endif /* __hpux */
#endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */
diff --git a/configure.in b/configure.in
index d509619f..3850d3a9 100644
--- a/configure.in
+++ b/configure.in
@@ -73,16 +73,8 @@ case "$host" in
CFLAGS="$CFLAGS -D_HPUX_SOURCE"
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
- AC_MSG_CHECKING(for HPUX trusted system password database)
- if test -f /tcb/files/auth/system/default; then
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW)
- LIBS="$LIBS -lsec"
- AC_MSG_WARN([This configuration is untested])
- else
- AC_MSG_RESULT(no)
- AC_DEFINE(DISABLE_SHADOW)
- fi
+ AC_DEFINE(DISABLE_SHADOW)
+ LIBS="$LIBS -lsec"
MANTYPE='$(CATMAN)'
mansubdir=cat
;;
@@ -90,16 +82,8 @@ case "$host" in
CFLAGS="$CFLAGS -D_HPUX_SOURCE"
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
- AC_MSG_CHECKING(for HPUX trusted system password database)
- if test -f /tcb/files/auth/system/default; then
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW)
- LIBS="$LIBS -lsec"
- AC_MSG_WARN([This configuration is untested])
- else
- AC_MSG_RESULT(no)
- AC_DEFINE(DISABLE_SHADOW)
- fi
+ AC_DEFINE(DISABLE_SHADOW)
+ LIBS="$LIBS -lsec"
MANTYPE='$(CATMAN)'
mansubdir=cat
;;