diff options
author | Bobby Bingham <[email protected]> | 2023-03-30 21:54:25 -0500 |
---|---|---|
committer | Michele Calgaro <[email protected]> | 2023-06-05 11:59:33 +0900 |
commit | 8c543e26ec35237d00ec44fadda80318c386fdde (patch) | |
tree | d1841ffeaeae655a3a19878ef597fe4a99517f6b | |
parent | 950f0ce73685e0dbadba7351738d78a9fbdb71f4 (diff) | |
download | tdebase-8c543e26ec35237d00ec44fadda80318c386fdde.tar.gz tdebase-8c543e26ec35237d00ec44fadda80318c386fdde.zip |
kcheckpass: fix shadow support when not building tdm
1. If not building with PAM, kcheckpass relies on HAVE_SHADOW to decide
whether to support shadow passwords. However, this was only set if also
building tdm.
Consolidate all PAM/shadow configure checks at the top level so these are
always set correctly.
2. Consolidate /etc/passwd and shadow password handling
The shadow password handler already completely handles /etc/passwd
passwords as well, so having a separate handler for just /etc/passwd is
pure code duplication.
Signed-off-by: Bobby Bingham <[email protected]>
-rw-r--r-- | ConfigureChecks.cmake | 26 | ||||
-rw-r--r-- | kcheckpass/CMakeLists.txt | 2 | ||||
-rw-r--r-- | kcheckpass/checkpass_etcpasswd.c | 60 | ||||
-rw-r--r-- | kcheckpass/checkpass_shadow.c | 19 | ||||
-rw-r--r-- | kcheckpass/kcheckpass.h | 8 | ||||
-rw-r--r-- | tdm/ConfigureChecks.cmake | 12 |
6 files changed, 28 insertions, 99 deletions
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake index fff59ab29..5f455765b 100644 --- a/ConfigureChecks.cmake +++ b/ConfigureChecks.cmake @@ -103,16 +103,22 @@ if( BUILD_TDEIOSLAVES ) endif( ) -# pam -if( WITH_PAM AND (BUILD_KCHECKPASS OR BUILD_TDM) ) - check_library_exists( pam pam_start "" HAVE_PAM ) - if( HAVE_PAM ) - check_include_file( "security/pam_appl.h" SECURITY_PAM_APPL_H ) - endif( ) - if( HAVE_PAM AND SECURITY_PAM_APPL_H ) - set( PAM_LIBRARY pam ${DL_LIBRARIES} ) - else( ) - tde_message_fatal( "pam are requested, but not found on your system" ) +# pam and shadow +if( BUILD_KCHECKPASS OR BUILD_TDM ) + if ( WITH_PAM ) + check_library_exists( pam pam_start "" HAVE_PAM ) + if( HAVE_PAM ) + set( USEPAM 1 CACHE INTERNAL "" FORCE ) + check_include_file( "security/pam_appl.h" SECURITY_PAM_APPL_H ) + endif( ) + if( HAVE_PAM AND SECURITY_PAM_APPL_H ) + set( PAM_LIBRARY pam ${DL_LIBRARIES} ) + else( ) + tde_message_fatal( "pam are requested, but not found on your system" ) + endif( ) + elseif( WITH_SHADOW ) + set( HAVE_SHADOW 1 CACHE INTERNAL "" FORCE ) + set( USESHADOW 1 CACHE INTERNAL "" FORCE ) endif( ) endif( ) diff --git a/kcheckpass/CMakeLists.txt b/kcheckpass/CMakeLists.txt index 5e83ee41e..b2091e0ce 100644 --- a/kcheckpass/CMakeLists.txt +++ b/kcheckpass/CMakeLists.txt @@ -24,7 +24,7 @@ include_directories( tde_add_executable( kcheckpass AUTOMOC SOURCES - kcheckpass.c checkpass_etcpasswd.c checkpass_pam.c + kcheckpass.c checkpass_pam.c checkpass_shadow.c checkpass_osfc2passwd.c checkpass_aix.c LINK tdefakes-shared ${CRYPT_LIBRARY} ${PAM_LIBRARY} DESTINATION ${BIN_INSTALL_DIR} diff --git a/kcheckpass/checkpass_etcpasswd.c b/kcheckpass/checkpass_etcpasswd.c deleted file mode 100644 index 1dbe06f70..000000000 --- a/kcheckpass/checkpass_etcpasswd.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 1998 Christian Esken <[email protected]> - * Copyright (c) 2003 Oswald Buddenhagen <[email protected]> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the Free - * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - * Copyright (C) 1998, Christian Esken <[email protected]> - */ - -#include "kcheckpass.h" - -#ifdef HAVE_ETCPASSWD - -/******************************************************************* - * This is the authentication code for /etc/passwd passwords - *******************************************************************/ - -#include <string.h> -#include <stdlib.h> - -AuthReturn Authenticate(const char *method, - const char *login, char *(*conv) (ConvRequest, const char *)) -{ - struct passwd *pw; - char *passwd; - - if (strcmp(method, "classic")) - return AuthError; - - /* Get the password entry for the user we want */ - if (!(pw = getpwnam(login))) - return AuthBad; - - if (!*pw->pw_passwd) - return AuthOk; - - if (!(passwd = conv(ConvGetHidden, 0))) - return AuthAbort; - - if (!strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd))) { - dispose(passwd); - return AuthOk; /* Success */ - } - dispose(passwd); - return AuthBad; /* Password wrong or account locked */ -} - -#endif diff --git a/kcheckpass/checkpass_shadow.c b/kcheckpass/checkpass_shadow.c index 850bf06d4..e721582d5 100644 --- a/kcheckpass/checkpass_shadow.c +++ b/kcheckpass/checkpass_shadow.c @@ -27,10 +27,10 @@ #include "kcheckpass.h" /******************************************************************* - * This is the authentication code for Shadow-Passwords + * This is the authentication code for /etc/passwd and Shadow-Passwords *******************************************************************/ -#ifdef HAVE_SHADOW +#if defined(HAVE_SHADOW) || defined(HAVE_ETCPASSWD) #include <string.h> #include <stdlib.h> #include <pwd.h> @@ -47,7 +47,6 @@ AuthReturn Authenticate(const char *method, char *crpt_passwd; char *password; struct passwd *pw; - struct spwd *spw; if (strcmp(method, "classic")) return AuthError; @@ -55,8 +54,12 @@ AuthReturn Authenticate(const char *method, if (!(pw = getpwnam(login))) return AuthAbort; - spw = getspnam(login); +#ifdef HAVE_SHADOW + struct spwd *spw = getspnam(login); password = spw ? spw->sp_pwdp : pw->pw_passwd; +#else + password = pw->pw_passwd; +#endif if (!*password) return AuthOk; @@ -70,11 +73,11 @@ AuthReturn Authenticate(const char *method, crpt_passwd = crypt(typed_in_password, password); #endif - if (!strcmp(password, crpt_passwd )) { - dispose(typed_in_password); - return AuthOk; /* Success */ - } dispose(typed_in_password); + + if (crpt_passwd && !strcmp(password, crpt_passwd)) + return AuthOk; /* Success */ + return AuthBad; /* Password wrong or account locked */ } diff --git a/kcheckpass/kcheckpass.h b/kcheckpass/kcheckpass.h index e1351375a..66a242856 100644 --- a/kcheckpass/kcheckpass.h +++ b/kcheckpass/kcheckpass.h @@ -43,17 +43,9 @@ #include <crypt.h> #endif -#ifdef HAVE_PATHS_H -#include <paths.h> -#endif - #include <pwd.h> #include <sys/types.h> -#ifndef _PATH_TMP -#define _PATH_TMP "/tmp/" -#endif - #ifdef ultrix #include <auth.h> diff --git a/tdm/ConfigureChecks.cmake b/tdm/ConfigureChecks.cmake index 563ac6c0a..8ebba8e6d 100644 --- a/tdm/ConfigureChecks.cmake +++ b/tdm/ConfigureChecks.cmake @@ -122,18 +122,6 @@ if( WITH_XDMCP ) endif() -if( WITH_PAM ) - - set( USE_PAM 1 CACHE INTERNAL "" FORCE ) - -elseif( WITH_SHADOW ) - - set( HAVE_SHADOW 1 CACHE INTERNAL "" FORCE ) - set( USESHADOW 1 CACHE INTERNAL "" FORCE ) - -endif( ) - - # If a tdm.service file is wanted, find systemd, then work out which # distribution is running, select an appropriate template and create the file. # When it is not possible to identify the distribution or there is no specific |