- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from

   Kevin Steves <stevesk@sweden.hp.com>

diff --git a/ChangeLog b/ChangeLog
index 55b62623557f8b0fe22dcb83f9e14c025d714e29..a8707f45cd100b6a5b251c17b92eff808c5eb08b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
 20000916
+ - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
+   Kevin Steves <stevesk@sweden.hp.com>
  - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
  - (djm) Re-enable int64_t types - we need them for sftp
  - (djm) Use libexecdir from configure , rather than libexecdir/ssh

diff --git a/acconfig.h b/acconfig.h
index d855d887a227c30b1ef91d758a618188764d97da..e129ef33c511c9f793c447139dda9da790858563 100644 (file)
--- a/acconfig.h
+++ b/acconfig.h
@@ -186,9 +186,6 @@
 /* Define if you want to use shadow password expire field */
 #undef HAS_SHADOW_EXPIRE
 
-/* Define if you want have trusted HPUX */
-#undef HAVE_HPUX_TRUSTED_SYSTEM_PW
-
 /* Define if you have Digital Unix Security Integration Architecture */
 #undef HAVE_OSF_SIA
 

diff --git a/auth-passwd.c b/auth-passwd.c
index 055a03629fd71580097fa17c7e01b3afed8b23c0..c6fdc82d1f0da06581fa23faaaa911f5a486df25 100644 (file)
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -71,14 +71,14 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.17 2000/09/07 20:27:49 deraadt Exp $");
 #ifdef WITH_AIXAUTHENTICATE
 # include <login.h>
 #endif
-#ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
+#ifdef __hpux
 # include <hpsecurity.h>
 # include <prot.h>
 #endif
-#ifdef HAVE_SHADOW_H
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
 # include <shadow.h>
 #endif
-#ifdef HAVE_GETPWANAM
+#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
 # include <sys/label.h>
 # include <sys/audit.h>
 # include <pwdadj.h>
@@ -105,10 +105,13 @@ auth_password(struct passwd * pw, const char *password)
        char *encrypted_password;
        char *pw_password;
        char *salt;
-#ifdef HAVE_SHADOW_H
+#ifdef __hpux
+       struct pr_passwd *spw;
+#endif
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
        struct spwd *spw;
 #endif
-#ifdef HAVE_GETPWANAM
+#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
        struct passwd_adjunct *spw;
 #endif
 # ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
@@ -170,38 +173,29 @@ auth_password(struct passwd * pw, const char *password)
        }
 #endif
 
-# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
-       prpw = getprpwnam(pw->pw_name);
-       pw_password = prpw->ufld.fd_encrypt;
-#else
-       pw_password = pw->pw_passwd;
-#endif
 
-       /* Check for users with no password. */
-       if (strcmp(password, "") == 0 && strcmp(pw_password, "") == 0)
-               return 1;
+       pw_password = pw->pw_passwd;
 
+       /*
+        * Various interfaces to shadow or protected password data
+        */
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
        spw = getspnam(pw->pw_name);
        if (spw != NULL) 
-       {
-               /* Check for users with no password. */
-               if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
-                       return 1;
-
                pw_password = spw->sp_pwdp;
-       }
 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
 #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
        if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
-       {
-               /* Check for users with no password. */
-               if (strcmp(password, "") == 0 && strcmp(spw->pwa_passwd, "") == 0)
-                       return 1;
-
                pw_password = spw->pwa_passwd;
-       }
 #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
+#if defined(__hpux)
+       if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
+               pw_password = spw->ufld.fd_encrypt;
+#endif /* defined(__hpux) */
+
+       /* Check for users with no password. */
+       if ((password[0] == '\0') && (pw_password[0] == '\0'))
+               return 1;
 
        if (pw_password[0] != '\0')
                salt = pw_password;
@@ -214,11 +208,14 @@ auth_password(struct passwd * pw, const char *password)
        else
                encrypted_password = crypt(password, salt);
 #else /* HAVE_MD5_PASSWORDS */    
-# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
-       encrypted_password = bigcrypt(password, salt);
+# ifdef __hpux
+       if (iscomsec())
+               encrypted_password = bigcrypt(password, salt);
+       else
+               encrypted_password = crypt(password, salt);
 # else
        encrypted_password = crypt(password, salt);
-# endif /* HAVE_HPUX_TRUSTED_SYSTEM_PW */
+# endif /* __hpux */
 #endif /* HAVE_MD5_PASSWORDS */    
 
        /* Authentication is accepted if the encrypted passwords are identical. */

diff --git a/configure.in b/configure.in
index d509619ffa52a481af40720c3f7dea60478a6d5b..3850d3a9c038d4502e2ccf58d037f7d7bf641c4e 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -73,16 +73,8 @@ case "$host" in
        CFLAGS="$CFLAGS -D_HPUX_SOURCE"
        IPADDR_IN_DISPLAY=yes
        AC_DEFINE(USE_PIPES)
-       AC_MSG_CHECKING(for HPUX trusted system password database)
-       if test -f /tcb/files/auth/system/default; then
-               AC_MSG_RESULT(yes)
-               AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW)
-               LIBS="$LIBS -lsec"
-               AC_MSG_WARN([This configuration is untested])
-       else
-               AC_MSG_RESULT(no)
-               AC_DEFINE(DISABLE_SHADOW)
-       fi
+       AC_DEFINE(DISABLE_SHADOW)
+       LIBS="$LIBS -lsec"
        MANTYPE='$(CATMAN)'
        mansubdir=cat
        ;;
@@ -90,16 +82,8 @@ case "$host" in
        CFLAGS="$CFLAGS -D_HPUX_SOURCE"
        IPADDR_IN_DISPLAY=yes
        AC_DEFINE(USE_PIPES)
-       AC_MSG_CHECKING(for HPUX trusted system password database)
-       if test -f /tcb/files/auth/system/default; then
-               AC_MSG_RESULT(yes)
-               AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW)
-               LIBS="$LIBS -lsec"
-               AC_MSG_WARN([This configuration is untested])
-       else
-               AC_MSG_RESULT(no)
-               AC_DEFINE(DISABLE_SHADOW)
-       fi
+       AC_DEFINE(DISABLE_SHADOW)
+       LIBS="$LIBS -lsec"
        MANTYPE='$(CATMAN)'
        mansubdir=cat
        ;;