- (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@
This commit is contained in:
parent
d0a47cd243
commit
66fd217e8e
|
@ -1,4 +1,4 @@
|
|||
20050830
|
||||
20050831
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/08/30 22:08:05
|
||||
[gss-serv.c sshconnect2.c]
|
||||
|
@ -11,6 +11,10 @@
|
|||
[version.h]
|
||||
4.2
|
||||
- (dtucker) [README] Update release note URL to 4.2
|
||||
- (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
|
||||
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
|
||||
libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
|
||||
Feedback and OK dtucker@
|
||||
|
||||
20050830
|
||||
- (tim) [configure.ac] Back out last change. It needs to be done differently.
|
||||
|
@ -2982,4 +2986,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3885 2005/08/31 14:05:56 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3886 2005/08/31 16:59:49 tim Exp $
|
||||
|
|
7
auth.c
7
auth.c
|
@ -97,11 +97,11 @@ allowed_user(struct passwd * pw)
|
|||
/* grab passwd field for locked account check */
|
||||
#ifdef USE_SHADOW
|
||||
if (spw != NULL)
|
||||
#ifdef HAVE_LIBIAF
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
passwd = get_iaf_password(pw);
|
||||
#else
|
||||
passwd = spw->sp_pwdp;
|
||||
#endif /* HAVE_LIBIAF */
|
||||
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
|
||||
#else
|
||||
passwd = pw->pw_passwd;
|
||||
#endif
|
||||
|
@ -123,6 +123,9 @@ allowed_user(struct passwd * pw)
|
|||
if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
|
||||
locked = 1;
|
||||
#endif
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
free(passwd);
|
||||
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
|
||||
if (locked) {
|
||||
logit("User %.100s not allowed because account is locked",
|
||||
pw->pw_name);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $Id: configure.ac,v 1.291 2005/08/30 14:12:02 tim Exp $
|
||||
# $Id: configure.ac,v 1.292 2005/08/31 16:59:49 tim Exp $
|
||||
#
|
||||
# Copyright (c) 1999-2004 Damien Miller
|
||||
#
|
||||
|
@ -456,6 +456,7 @@ mips-sony-bsd|mips-sony-newsos4)
|
|||
case "$host" in
|
||||
*-*-sysv5SCO_SV*) # SCO OpenServer 6.x
|
||||
TEST_SHELL=/u95/bin/sh
|
||||
AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet])
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
#ifndef _DEFINES_H
|
||||
#define _DEFINES_H
|
||||
|
||||
/* $Id: defines.h,v 1.126 2005/08/26 20:15:20 tim Exp $ */
|
||||
/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */
|
||||
|
||||
|
||||
/* Constants */
|
||||
|
@ -688,7 +688,7 @@ struct winsize {
|
|||
# define CUSTOM_SYS_AUTH_PASSWD 1
|
||||
#endif
|
||||
|
||||
#ifdef UNIXWARE_LONG_PASSWORDS
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
# define CUSTOM_SYS_AUTH_PASSWD 1
|
||||
#endif
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef UNIXWARE_LONG_PASSWORDS
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
#ifdef HAVE_CRYPT_H
|
||||
#include <crypt.h>
|
||||
#endif
|
||||
|
@ -44,6 +44,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
|
|||
struct passwd *pw = authctxt->pw;
|
||||
char *encrypted_password;
|
||||
char *salt;
|
||||
int result;
|
||||
|
||||
/* Just use the supplied fake password if authctxt is invalid */
|
||||
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
|
||||
|
@ -52,13 +53,27 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
|
|||
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
|
||||
return (1);
|
||||
|
||||
/* Encrypt the candidate password using the proper salt. */
|
||||
salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
|
||||
if (nischeck(pw->pw_name))
|
||||
return(strcmp(crypt(password, salt), pw_password) == 0);
|
||||
#ifdef UNIXWARE_LONG_PASSWORDS
|
||||
if (!nischeck(pw->pw_name))
|
||||
encrypted_password = bigcrypt(password, salt);
|
||||
else
|
||||
return(strcmp(bigcrypt(password, salt), pw_password) == 0);
|
||||
#endif /* UNIXWARE_LONG_PASSWORDS */
|
||||
encrypted_password = xcrypt(password, salt);
|
||||
|
||||
/*
|
||||
* Authentication is accepted if the encrypted passwords
|
||||
* are identical.
|
||||
*/
|
||||
result = (strcmp(encrypted_password, pw_password) == 0);
|
||||
|
||||
if (authctxt->valid)
|
||||
free(pw_password);
|
||||
return(result);
|
||||
}
|
||||
|
||||
#ifdef UNIXWARE_LONG_PASSWORDS
|
||||
int
|
||||
nischeck(char *namep)
|
||||
{
|
||||
|
@ -94,7 +109,11 @@ nischeck(char *namep)
|
|||
|
||||
#endif /* UNIXWARE_LONG_PASSWORDS */
|
||||
|
||||
#ifdef HAVE_LIBIAF
|
||||
/*
|
||||
NOTE: ia_get_logpwd() allocates memory for arg 2
|
||||
functions that call shadow_pw() will need to free
|
||||
*/
|
||||
|
||||
char *
|
||||
get_iaf_password(struct passwd *pw)
|
||||
{
|
||||
|
@ -104,12 +123,12 @@ get_iaf_password(struct passwd *pw)
|
|||
if (!ia_openinfo(pw->pw_name,&uinfo)) {
|
||||
ia_get_logpwd(uinfo, &pw_password);
|
||||
if (pw_password == NULL)
|
||||
fatal("Unable to get the shadow passwd");
|
||||
fatal("ia_get_logpwd: Unable to get the shadow passwd");
|
||||
ia_closeinfo(uinfo);
|
||||
return pw_password;
|
||||
}
|
||||
else
|
||||
fatal("Unable to open the shadow passwd file");
|
||||
fatal("ia_openinfo: Unable to open the shadow passwd file");
|
||||
}
|
||||
#endif /* HAVE_LIBIAF */
|
||||
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_LIBIAF
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
char * get_iaf_password(struct passwd *pw);
|
||||
#endif /* HAVE_LIBIAF */
|
||||
#endif
|
||||
|
||||
|
|
|
@ -91,12 +91,13 @@ shadow_pw(struct passwd *pw)
|
|||
struct spwd *spw = getspnam(pw->pw_name);
|
||||
|
||||
if (spw != NULL)
|
||||
#ifdef HAVE_LIBIAF
|
||||
pw_password = get_iaf_password(pw);
|
||||
#else
|
||||
pw_password = spw->sp_pwdp;
|
||||
#endif /* HAVE_LIBIAF */
|
||||
# endif
|
||||
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
return(get_iaf_password(pw));
|
||||
#endif
|
||||
|
||||
# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
|
||||
struct passwd_adjunct *spw;
|
||||
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
|
||||
|
|
|
@ -1334,11 +1334,11 @@ do_setusercontext(struct passwd *pw)
|
|||
# ifdef _AIX
|
||||
aix_usrinfo(pw);
|
||||
# endif /* _AIX */
|
||||
# ifdef HAVE_LIBIAF
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
if (set_id(pw->pw_name) != 0) {
|
||||
exit(1);
|
||||
}
|
||||
# endif
|
||||
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
|
||||
/* Permanently switch to the desired uid. */
|
||||
permanently_set_uid(pw);
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue