- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from

Kevin Steves <stevesk@sweden.hp.com>
This commit is contained in:
Damien Miller 2000-09-16 15:55:52 +11:00
parent 606f880e0f
commit 8a1e6a629e
4 changed files with 32 additions and 52 deletions

View File

@ -1,4 +1,6 @@
20000916 20000916
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
Kevin Steves <stevesk@sweden.hp.com>
- (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz> - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
- (djm) Re-enable int64_t types - we need them for sftp - (djm) Re-enable int64_t types - we need them for sftp
- (djm) Use libexecdir from configure , rather than libexecdir/ssh - (djm) Use libexecdir from configure , rather than libexecdir/ssh

View File

@ -186,9 +186,6 @@
/* Define if you want to use shadow password expire field */ /* Define if you want to use shadow password expire field */
#undef HAS_SHADOW_EXPIRE #undef HAS_SHADOW_EXPIRE
/* Define if you want have trusted HPUX */
#undef HAVE_HPUX_TRUSTED_SYSTEM_PW
/* Define if you have Digital Unix Security Integration Architecture */ /* Define if you have Digital Unix Security Integration Architecture */
#undef HAVE_OSF_SIA #undef HAVE_OSF_SIA

View File

@ -71,14 +71,14 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.17 2000/09/07 20:27:49 deraadt Exp $");
#ifdef WITH_AIXAUTHENTICATE #ifdef WITH_AIXAUTHENTICATE
# include <login.h> # include <login.h>
#endif #endif
#ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW #ifdef __hpux
# include <hpsecurity.h> # include <hpsecurity.h>
# include <prot.h> # include <prot.h>
#endif #endif
#ifdef HAVE_SHADOW_H #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
# include <shadow.h> # include <shadow.h>
#endif #endif
#ifdef HAVE_GETPWANAM #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
# include <sys/label.h> # include <sys/label.h>
# include <sys/audit.h> # include <sys/audit.h>
# include <pwdadj.h> # include <pwdadj.h>
@ -105,10 +105,13 @@ auth_password(struct passwd * pw, const char *password)
char *encrypted_password; char *encrypted_password;
char *pw_password; char *pw_password;
char *salt; char *salt;
#ifdef HAVE_SHADOW_H #ifdef __hpux
struct pr_passwd *spw;
#endif
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
struct spwd *spw; struct spwd *spw;
#endif #endif
#ifdef HAVE_GETPWANAM #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
struct passwd_adjunct *spw; struct passwd_adjunct *spw;
#endif #endif
# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW # ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
@ -170,38 +173,29 @@ auth_password(struct passwd * pw, const char *password)
} }
#endif #endif
# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
prpw = getprpwnam(pw->pw_name);
pw_password = prpw->ufld.fd_encrypt;
#else
pw_password = pw->pw_passwd; pw_password = pw->pw_passwd;
#endif
/* Check for users with no password. */
if (strcmp(password, "") == 0 && strcmp(pw_password, "") == 0)
return 1;
/*
* Various interfaces to shadow or protected password data
*/
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name); spw = getspnam(pw->pw_name);
if (spw != NULL) if (spw != NULL)
{
/* Check for users with no password. */
if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
return 1;
pw_password = spw->sp_pwdp; pw_password = spw->sp_pwdp;
}
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
{
/* Check for users with no password. */
if (strcmp(password, "") == 0 && strcmp(spw->pwa_passwd, "") == 0)
return 1;
pw_password = spw->pwa_passwd; pw_password = spw->pwa_passwd;
}
#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
#if defined(__hpux)
if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
pw_password = spw->ufld.fd_encrypt;
#endif /* defined(__hpux) */
/* Check for users with no password. */
if ((password[0] == '\0') && (pw_password[0] == '\0'))
return 1;
if (pw_password[0] != '\0') if (pw_password[0] != '\0')
salt = pw_password; salt = pw_password;
@ -214,11 +208,14 @@ auth_password(struct passwd * pw, const char *password)
else else
encrypted_password = crypt(password, salt); encrypted_password = crypt(password, salt);
#else /* HAVE_MD5_PASSWORDS */ #else /* HAVE_MD5_PASSWORDS */
# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW # ifdef __hpux
encrypted_password = bigcrypt(password, salt); if (iscomsec())
encrypted_password = bigcrypt(password, salt);
else
encrypted_password = crypt(password, salt);
# else # else
encrypted_password = crypt(password, salt); encrypted_password = crypt(password, salt);
# endif /* HAVE_HPUX_TRUSTED_SYSTEM_PW */ # endif /* __hpux */
#endif /* HAVE_MD5_PASSWORDS */ #endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */ /* Authentication is accepted if the encrypted passwords are identical. */

View File

@ -73,16 +73,8 @@ case "$host" in
CFLAGS="$CFLAGS -D_HPUX_SOURCE" CFLAGS="$CFLAGS -D_HPUX_SOURCE"
IPADDR_IN_DISPLAY=yes IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES) AC_DEFINE(USE_PIPES)
AC_MSG_CHECKING(for HPUX trusted system password database) AC_DEFINE(DISABLE_SHADOW)
if test -f /tcb/files/auth/system/default; then LIBS="$LIBS -lsec"
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW)
LIBS="$LIBS -lsec"
AC_MSG_WARN([This configuration is untested])
else
AC_MSG_RESULT(no)
AC_DEFINE(DISABLE_SHADOW)
fi
MANTYPE='$(CATMAN)' MANTYPE='$(CATMAN)'
mansubdir=cat mansubdir=cat
;; ;;
@ -90,16 +82,8 @@ case "$host" in
CFLAGS="$CFLAGS -D_HPUX_SOURCE" CFLAGS="$CFLAGS -D_HPUX_SOURCE"
IPADDR_IN_DISPLAY=yes IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES) AC_DEFINE(USE_PIPES)
AC_MSG_CHECKING(for HPUX trusted system password database) AC_DEFINE(DISABLE_SHADOW)
if test -f /tcb/files/auth/system/default; then LIBS="$LIBS -lsec"
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW)
LIBS="$LIBS -lsec"
AC_MSG_WARN([This configuration is untested])
else
AC_MSG_RESULT(no)
AC_DEFINE(DISABLE_SHADOW)
fi
MANTYPE='$(CATMAN)' MANTYPE='$(CATMAN)'
mansubdir=cat mansubdir=cat
;; ;;