+20070326
+ - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
+ openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
+ to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
+
20070325
- (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
/* grab passwd field for locked account check */
#ifdef USE_SHADOW
if (spw != NULL)
-#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
passwd = get_iaf_password(pw);
#else
passwd = spw->sp_pwdp;
-#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
#else
passwd = pw->pw_passwd;
#endif
if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
locked = 1;
#endif
-#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
free(passwd);
-#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
if (locked) {
logit("User %.100s not allowed because account is locked",
pw->pw_name);
# Search for SHA256 support in libc and/or OpenSSL
AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
-AC_CHECK_LIB(iaf, ia_openinfo)
+saved_LIBS="$LIBS"
+AC_CHECK_LIB(iaf, ia_openinfo, [
+ LIBS="$LIBS -liaf"
+ AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
+])
+LIBS="$saved_LIBS"
### Configure cryptographic random number support
# define CUSTOM_SYS_AUTH_PASSWD 1
#endif
-#ifdef HAVE_LIBIAF
+#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(BROKEN_LIBIAF)
+# define USE_LIBIAF
# define CUSTOM_SYS_AUTH_PASSWD 1
#endif
#endif /* UNIXWARE_LONG_PASSWORDS */
result = (strcmp(xcrypt(password, salt), pw_password) == 0);
-#if !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
if (authctxt->valid)
free(pw_password);
#endif
functions that call shadow_pw() will need to free
*/
-#if !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
char *
get_iaf_password(struct passwd *pw)
{
else
fatal("ia_openinfo: Unable to open the shadow passwd file");
}
-#endif /* !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
#endif /* HAVE_LIBIAF */
#include "includes.h"
-#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
char * get_iaf_password(struct passwd *pw);
#endif
pw_password = spw->sp_pwdp;
# endif
-#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
return(get_iaf_password(pw));
#endif
# ifdef _AIX
aix_usrinfo(pw);
# endif /* _AIX */
-#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
if (set_id(pw->pw_name) != 0) {
exit(1);
}
-#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif