- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
Kevin Steves <stevesk@sweden.hp.com>
This commit is contained in:
Damien Miller
parent
606f880e0f
commit
8a1e6a629e
|
|
@ -1,4 +1,6 @@
|
||||||
20000916
|
20000916
|
||||||
|
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
|
||||||
|
Kevin Steves <stevesk@sweden.hp.com>
|
||||||
- (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
|
- (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
|
||||||
- (djm) Re-enable int64_t types - we need them for sftp
|
- (djm) Re-enable int64_t types - we need them for sftp
|
||||||
- (djm) Use libexecdir from configure , rather than libexecdir/ssh
|
- (djm) Use libexecdir from configure , rather than libexecdir/ssh
|
||||||
|
|
|
||||||
|
|
@ -186,9 +186,6 @@
|
||||||
/* Define if you want to use shadow password expire field */
|
/* Define if you want to use shadow password expire field */
|
||||||
#undef HAS_SHADOW_EXPIRE
|
#undef HAS_SHADOW_EXPIRE
|
||||||
|
|
||||||
/* Define if you want have trusted HPUX */
|
|
||||||
#undef HAVE_HPUX_TRUSTED_SYSTEM_PW
|
|
||||||
|
|
||||||
/* Define if you have Digital Unix Security Integration Architecture */
|
/* Define if you have Digital Unix Security Integration Architecture */
|
||||||
#undef HAVE_OSF_SIA
|
#undef HAVE_OSF_SIA
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -71,14 +71,14 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.17 2000/09/07 20:27:49 deraadt Exp $");
|
||||||
#ifdef WITH_AIXAUTHENTICATE
|
#ifdef WITH_AIXAUTHENTICATE
|
||||||
# include <login.h>
|
# include <login.h>
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
|
#ifdef __hpux
|
||||||
# include <hpsecurity.h>
|
# include <hpsecurity.h>
|
||||||
# include <prot.h>
|
# include <prot.h>
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_SHADOW_H
|
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||||
# include <shadow.h>
|
# include <shadow.h>
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_GETPWANAM
|
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
|
||||||
# include <sys/label.h>
|
# include <sys/label.h>
|
||||||
# include <sys/audit.h>
|
# include <sys/audit.h>
|
||||||
# include <pwdadj.h>
|
# include <pwdadj.h>
|
||||||
|
|
@ -105,10 +105,13 @@ auth_password(struct passwd * pw, const char *password)
|
||||||
char *encrypted_password;
|
char *encrypted_password;
|
||||||
char *pw_password;
|
char *pw_password;
|
||||||
char *salt;
|
char *salt;
|
||||||
#ifdef HAVE_SHADOW_H
|
#ifdef __hpux
|
||||||
|
struct pr_passwd *spw;
|
||||||
|
#endif
|
||||||
|
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||||
struct spwd *spw;
|
struct spwd *spw;
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_GETPWANAM
|
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
|
||||||
struct passwd_adjunct *spw;
|
struct passwd_adjunct *spw;
|
||||||
#endif
|
#endif
|
||||||
# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
|
# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
|
||||||
|
|
@ -170,38 +173,29 @@ auth_password(struct passwd * pw, const char *password)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
|
|
||||||
prpw = getprpwnam(pw->pw_name);
|
|
||||||
pw_password = prpw->ufld.fd_encrypt;
|
|
||||||
#else
|
|
||||||
pw_password = pw->pw_passwd;
|
pw_password = pw->pw_passwd;
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Check for users with no password. */
|
|
||||||
if (strcmp(password, "") == 0 && strcmp(pw_password, "") == 0)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Various interfaces to shadow or protected password data
|
||||||
|
*/
|
||||||
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||||
spw = getspnam(pw->pw_name);
|
spw = getspnam(pw->pw_name);
|
||||||
if (spw != NULL)
|
if (spw != NULL)
|
||||||
{
|
|
||||||
/* Check for users with no password. */
|
|
||||||
if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
pw_password = spw->sp_pwdp;
|
pw_password = spw->sp_pwdp;
|
||||||
}
|
|
||||||
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
|
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
|
||||||
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
|
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
|
||||||
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
|
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
|
||||||
{
|
|
||||||
/* Check for users with no password. */
|
|
||||||
if (strcmp(password, "") == 0 && strcmp(spw->pwa_passwd, "") == 0)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
pw_password = spw->pwa_passwd;
|
pw_password = spw->pwa_passwd;
|
||||||
}
|
|
||||||
#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
|
#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
|
||||||
|
#if defined(__hpux)
|
||||||
|
if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
|
||||||
|
pw_password = spw->ufld.fd_encrypt;
|
||||||
|
#endif /* defined(__hpux) */
|
||||||
|
|
||||||
|
/* Check for users with no password. */
|
||||||
|
if ((password[0] == '\0') && (pw_password[0] == '\0'))
|
||||||
|
return 1;
|
||||||
|
|
||||||
if (pw_password[0] != '\0')
|
if (pw_password[0] != '\0')
|
||||||
salt = pw_password;
|
salt = pw_password;
|
||||||
|
|
@ -214,11 +208,14 @@ auth_password(struct passwd * pw, const char *password)
|
||||||
else
|
else
|
||||||
encrypted_password = crypt(password, salt);
|
encrypted_password = crypt(password, salt);
|
||||||
#else /* HAVE_MD5_PASSWORDS */
|
#else /* HAVE_MD5_PASSWORDS */
|
||||||
# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
|
# ifdef __hpux
|
||||||
|
if (iscomsec())
|
||||||
encrypted_password = bigcrypt(password, salt);
|
encrypted_password = bigcrypt(password, salt);
|
||||||
|
else
|
||||||
|
encrypted_password = crypt(password, salt);
|
||||||
# else
|
# else
|
||||||
encrypted_password = crypt(password, salt);
|
encrypted_password = crypt(password, salt);
|
||||||
# endif /* HAVE_HPUX_TRUSTED_SYSTEM_PW */
|
# endif /* __hpux */
|
||||||
#endif /* HAVE_MD5_PASSWORDS */
|
#endif /* HAVE_MD5_PASSWORDS */
|
||||||
|
|
||||||
/* Authentication is accepted if the encrypted passwords are identical. */
|
/* Authentication is accepted if the encrypted passwords are identical. */
|
||||||
|
|
|
||||||
20
configure.in
20
configure.in
|
|
@ -73,16 +73,8 @@ case "$host" in
|
||||||
CFLAGS="$CFLAGS -D_HPUX_SOURCE"
|
CFLAGS="$CFLAGS -D_HPUX_SOURCE"
|
||||||
IPADDR_IN_DISPLAY=yes
|
IPADDR_IN_DISPLAY=yes
|
||||||
AC_DEFINE(USE_PIPES)
|
AC_DEFINE(USE_PIPES)
|
||||||
AC_MSG_CHECKING(for HPUX trusted system password database)
|
|
||||||
if test -f /tcb/files/auth/system/default; then
|
|
||||||
AC_MSG_RESULT(yes)
|
|
||||||
AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW)
|
|
||||||
LIBS="$LIBS -lsec"
|
|
||||||
AC_MSG_WARN([This configuration is untested])
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT(no)
|
|
||||||
AC_DEFINE(DISABLE_SHADOW)
|
AC_DEFINE(DISABLE_SHADOW)
|
||||||
fi
|
LIBS="$LIBS -lsec"
|
||||||
MANTYPE='$(CATMAN)'
|
MANTYPE='$(CATMAN)'
|
||||||
mansubdir=cat
|
mansubdir=cat
|
||||||
;;
|
;;
|
||||||
|
|
@ -90,16 +82,8 @@ case "$host" in
|
||||||
CFLAGS="$CFLAGS -D_HPUX_SOURCE"
|
CFLAGS="$CFLAGS -D_HPUX_SOURCE"
|
||||||
IPADDR_IN_DISPLAY=yes
|
IPADDR_IN_DISPLAY=yes
|
||||||
AC_DEFINE(USE_PIPES)
|
AC_DEFINE(USE_PIPES)
|
||||||
AC_MSG_CHECKING(for HPUX trusted system password database)
|
|
||||||
if test -f /tcb/files/auth/system/default; then
|
|
||||||
AC_MSG_RESULT(yes)
|
|
||||||
AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW)
|
|
||||||
LIBS="$LIBS -lsec"
|
|
||||||
AC_MSG_WARN([This configuration is untested])
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT(no)
|
|
||||||
AC_DEFINE(DISABLE_SHADOW)
|
AC_DEFINE(DISABLE_SHADOW)
|
||||||
fi
|
LIBS="$LIBS -lsec"
|
||||||
MANTYPE='$(CATMAN)'
|
MANTYPE='$(CATMAN)'
|
||||||
mansubdir=cat
|
mansubdir=cat
|
||||||
;;
|
;;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue