Home | History | Annotate | Download | only in openbsd-compat 
      1 /*
      2  * Copyright (c) 2005 The SCO Group. All rights reserved.
      3  * Copyright (c) 2005 Tim Rice. All rights reserved.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions
      7  * are met:
      8  * 1. Redistributions of source code must retain the above copyright
      9  *    notice, this list of conditions and the following disclaimer.
     10  * 2. Redistributions in binary form must reproduce the above copyright
     11  *    notice, this list of conditions and the following disclaimer in the
     12  *    documentation and/or other materials provided with the distribution.
     13  *
     14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     24  */
     25 
     26 #include "includes.h"
     27 
     28 #if defined(HAVE_LIBIAF)  &&  !defined(HAVE_SECUREWARE)
     29 #include <sys/types.h>
     30 #ifdef HAVE_CRYPT_H
     31 # include <crypt.h>
     32 #endif
     33 #include <pwd.h>
     34 #include <stdarg.h>
     35 #include <stdlib.h>
     36 #include <stdio.h>
     37 #include <string.h>
     38 
     39 #include "xmalloc.h"
     40 #include "packet.h"
     41 #include "buffer.h"
     42 #include "key.h"
     43 #include "auth-options.h"
     44 #include "log.h"
     45 #include "misc.h"	/* servconf.h needs misc.h for struct ForwardOptions */
     46 #include "servconf.h"
     47 #include "hostfile.h"
     48 #include "auth.h"
     49 #include "ssh.h"
     50 
     51 int nischeck(char *);
     52 
     53 int
     54 sys_auth_passwd(Authctxt *authctxt, const char *password)
     55 {
     56 	struct passwd *pw = authctxt->pw;
     57 	char *salt;
     58 	int result;
     59 
     60 	/* Just use the supplied fake password if authctxt is invalid */
     61 	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
     62 
     63 	/* Check for users with no password. */
     64 	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
     65 		return (1);
     66 
     67 	/* Encrypt the candidate password using the proper salt. */
     68 	salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
     69 
     70 	/*
     71 	 * Authentication is accepted if the encrypted passwords
     72 	 * are identical.
     73 	 */
     74 #ifdef UNIXWARE_LONG_PASSWORDS
     75 	if (!nischeck(pw->pw_name)) {
     76 		result = ((strcmp(bigcrypt(password, salt), pw_password) == 0)
     77 		||  (strcmp(osr5bigcrypt(password, salt), pw_password) == 0));
     78 	}
     79 	else
     80 #endif /* UNIXWARE_LONG_PASSWORDS */
     81 		result = (strcmp(xcrypt(password, salt), pw_password) == 0);
     82 
     83 #ifdef USE_LIBIAF
     84 	if (authctxt->valid)
     85 		free(pw_password);
     86 #endif
     87 	return(result);
     88 }
     89 
     90 #ifdef UNIXWARE_LONG_PASSWORDS
     91 int
     92 nischeck(char *namep)
     93 {
     94 	char password_file[] = "/etc/passwd";
     95 	FILE *fd;
     96 	struct passwd *ent = NULL;
     97 
     98 	if ((fd = fopen (password_file, "r")) == NULL) {
     99 		/*
    100 		 * If the passwd file has dissapeared we are in a bad state.
    101 		 * However, returning 0 will send us back through the
    102 		 * authentication scheme that has checked the ia database for
    103 		 * passwords earlier.
    104 		 */
    105 		return(0);
    106 	}
    107 
    108 	/*
    109 	 * fgetpwent() only reads from password file, so we know for certain
    110 	 * that the user is local.
    111 	 */
    112 	while (ent = fgetpwent(fd)) {
    113 		if (strcmp (ent->pw_name, namep) == 0) {
    114 			/* Local user */
    115 			fclose (fd);
    116 			return(0);
    117 		}
    118 	}
    119 
    120 	fclose (fd);
    121 	return (1);
    122 }
    123 
    124 #endif /* UNIXWARE_LONG_PASSWORDS */
    125 
    126 /*
    127 	NOTE: ia_get_logpwd() allocates memory for arg 2
    128 	functions that call shadow_pw() will need to free
    129  */
    130 
    131 #ifdef USE_LIBIAF
    132 char *
    133 get_iaf_password(struct passwd *pw)
    134 {
    135 	char *pw_password = NULL;
    136 
    137 	uinfo_t uinfo;
    138 	if (!ia_openinfo(pw->pw_name,&uinfo)) {
    139 		ia_get_logpwd(uinfo, &pw_password);
    140 		if (pw_password == NULL)
    141 			fatal("ia_get_logpwd: Unable to get the shadow passwd");
    142 		ia_closeinfo(uinfo);
    143 	 	return pw_password;
    144 	}
    145 	else
    146 		fatal("ia_openinfo: Unable to open the shadow passwd file");
    147 }
    148 #endif /* USE_LIBIAF */
    149 #endif /* HAVE_LIBIAF and not HAVE_SECUREWARE */
    150 
    151