Home | History | Annotate | Download | only in openbsd-compat 
      1 /*
      2  * Copyright (c) 2005 The SCO Group. All rights reserved.
      3  * Copyright (c) 2005 Tim Rice. All rights reserved.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions
      7  * are met:
      8  * 1. Redistributions of source code must retain the above copyright
      9  *    notice, this list of conditions and the following disclaimer.
     10  * 2. Redistributions in binary form must reproduce the above copyright
     11  *    notice, this list of conditions and the following disclaimer in the
     12  *    documentation and/or other materials provided with the distribution.
     13  *
     14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     24  */
     25 
     26 #include "includes.h"
     27 
     28 #if defined(HAVE_LIBIAF)  &&  !defined(HAVE_SECUREWARE)
     29 #include <sys/types.h>
     30 #ifdef HAVE_CRYPT_H
     31 # include <crypt.h>
     32 #endif
     33 #include <pwd.h>
     34 #include <stdarg.h>
     35 #include <stdlib.h>
     36 #include <stdio.h>
     37 #include <string.h>
     38 
     39 #include "xmalloc.h"
     40 #include "packet.h"
     41 #include "buffer.h"
     42 #include "key.h"
     43 #include "auth-options.h"
     44 #include "log.h"
     45 #include "servconf.h"
     46 #include "hostfile.h"
     47 #include "auth.h"
     48 #include "ssh.h"
     49 
     50 int nischeck(char *);
     51 
     52 int
     53 sys_auth_passwd(Authctxt *authctxt, const char *password)
     54 {
     55 	struct passwd *pw = authctxt->pw;
     56 	char *salt;
     57 	int result;
     58 
     59 	/* Just use the supplied fake password if authctxt is invalid */
     60 	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
     61 
     62 	/* Check for users with no password. */
     63 	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
     64 		return (1);
     65 
     66 	/* Encrypt the candidate password using the proper salt. */
     67 	salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
     68 
     69 	/*
     70 	 * Authentication is accepted if the encrypted passwords
     71 	 * are identical.
     72 	 */
     73 #ifdef UNIXWARE_LONG_PASSWORDS
     74 	if (!nischeck(pw->pw_name)) {
     75 		result = ((strcmp(bigcrypt(password, salt), pw_password) == 0)
     76 		||  (strcmp(osr5bigcrypt(password, salt), pw_password) == 0));
     77 	}
     78 	else
     79 #endif /* UNIXWARE_LONG_PASSWORDS */
     80 		result = (strcmp(xcrypt(password, salt), pw_password) == 0);
     81 
     82 #ifdef USE_LIBIAF
     83 	if (authctxt->valid)
     84 		free(pw_password);
     85 #endif
     86 	return(result);
     87 }
     88 
     89 #ifdef UNIXWARE_LONG_PASSWORDS
     90 int
     91 nischeck(char *namep)
     92 {
     93 	char password_file[] = "/etc/passwd";
     94 	FILE *fd;
     95 	struct passwd *ent = NULL;
     96 
     97 	if ((fd = fopen (password_file, "r")) == NULL) {
     98 		/*
     99 		 * If the passwd file has dissapeared we are in a bad state.
    100 		 * However, returning 0 will send us back through the
    101 		 * authentication scheme that has checked the ia database for
    102 		 * passwords earlier.
    103 		 */
    104 		return(0);
    105 	}
    106 
    107 	/*
    108 	 * fgetpwent() only reads from password file, so we know for certain
    109 	 * that the user is local.
    110 	 */
    111 	while (ent = fgetpwent(fd)) {
    112 		if (strcmp (ent->pw_name, namep) == 0) {
    113 			/* Local user */
    114 			fclose (fd);
    115 			return(0);
    116 		}
    117 	}
    118 
    119 	fclose (fd);
    120 	return (1);
    121 }
    122 
    123 #endif /* UNIXWARE_LONG_PASSWORDS */
    124 
    125 /*
    126 	NOTE: ia_get_logpwd() allocates memory for arg 2
    127 	functions that call shadow_pw() will need to free
    128  */
    129 
    130 #ifdef USE_LIBIAF
    131 char *
    132 get_iaf_password(struct passwd *pw)
    133 {
    134 	char *pw_password = NULL;
    135 
    136 	uinfo_t uinfo;
    137 	if (!ia_openinfo(pw->pw_name,&uinfo)) {
    138 		ia_get_logpwd(uinfo, &pw_password);
    139 		if (pw_password == NULL)
    140 			fatal("ia_get_logpwd: Unable to get the shadow passwd");
    141 		ia_closeinfo(uinfo);
    142 	 	return pw_password;
    143 	}
    144 	else
    145 		fatal("ia_openinfo: Unable to open the shadow passwd file");
    146 }
    147 #endif /* USE_LIBIAF */
    148 #endif /* HAVE_LIBIAF and not HAVE_SECUREWARE */
    149 
    150