summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBobby Bingham <[email protected]>2023-03-30 21:54:25 -0500
committerMichele Calgaro <[email protected]>2023-06-05 11:59:33 +0900
commit8c543e26ec35237d00ec44fadda80318c386fdde (patch)
treed1841ffeaeae655a3a19878ef597fe4a99517f6b
parent950f0ce73685e0dbadba7351738d78a9fbdb71f4 (diff)
downloadtdebase-8c543e26ec35237d00ec44fadda80318c386fdde.tar.gz
tdebase-8c543e26ec35237d00ec44fadda80318c386fdde.zip
kcheckpass: fix shadow support when not building tdm
1. If not building with PAM, kcheckpass relies on HAVE_SHADOW to decide whether to support shadow passwords. However, this was only set if also building tdm. Consolidate all PAM/shadow configure checks at the top level so these are always set correctly. 2. Consolidate /etc/passwd and shadow password handling The shadow password handler already completely handles /etc/passwd passwords as well, so having a separate handler for just /etc/passwd is pure code duplication. Signed-off-by: Bobby Bingham <[email protected]>
-rw-r--r--ConfigureChecks.cmake26
-rw-r--r--kcheckpass/CMakeLists.txt2
-rw-r--r--kcheckpass/checkpass_etcpasswd.c60
-rw-r--r--kcheckpass/checkpass_shadow.c19
-rw-r--r--kcheckpass/kcheckpass.h8
-rw-r--r--tdm/ConfigureChecks.cmake12
6 files changed, 28 insertions, 99 deletions
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index fff59ab29..5f455765b 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -103,16 +103,22 @@ if( BUILD_TDEIOSLAVES )
endif( )
-# pam
-if( WITH_PAM AND (BUILD_KCHECKPASS OR BUILD_TDM) )
- check_library_exists( pam pam_start "" HAVE_PAM )
- if( HAVE_PAM )
- check_include_file( "security/pam_appl.h" SECURITY_PAM_APPL_H )
- endif( )
- if( HAVE_PAM AND SECURITY_PAM_APPL_H )
- set( PAM_LIBRARY pam ${DL_LIBRARIES} )
- else( )
- tde_message_fatal( "pam are requested, but not found on your system" )
+# pam and shadow
+if( BUILD_KCHECKPASS OR BUILD_TDM )
+ if ( WITH_PAM )
+ check_library_exists( pam pam_start "" HAVE_PAM )
+ if( HAVE_PAM )
+ set( USEPAM 1 CACHE INTERNAL "" FORCE )
+ check_include_file( "security/pam_appl.h" SECURITY_PAM_APPL_H )
+ endif( )
+ if( HAVE_PAM AND SECURITY_PAM_APPL_H )
+ set( PAM_LIBRARY pam ${DL_LIBRARIES} )
+ else( )
+ tde_message_fatal( "pam are requested, but not found on your system" )
+ endif( )
+ elseif( WITH_SHADOW )
+ set( HAVE_SHADOW 1 CACHE INTERNAL "" FORCE )
+ set( USESHADOW 1 CACHE INTERNAL "" FORCE )
endif( )
endif( )
diff --git a/kcheckpass/CMakeLists.txt b/kcheckpass/CMakeLists.txt
index 5e83ee41e..b2091e0ce 100644
--- a/kcheckpass/CMakeLists.txt
+++ b/kcheckpass/CMakeLists.txt
@@ -24,7 +24,7 @@ include_directories(
tde_add_executable( kcheckpass AUTOMOC
SOURCES
- kcheckpass.c checkpass_etcpasswd.c checkpass_pam.c
+ kcheckpass.c checkpass_pam.c
checkpass_shadow.c checkpass_osfc2passwd.c checkpass_aix.c
LINK tdefakes-shared ${CRYPT_LIBRARY} ${PAM_LIBRARY}
DESTINATION ${BIN_INSTALL_DIR}
diff --git a/kcheckpass/checkpass_etcpasswd.c b/kcheckpass/checkpass_etcpasswd.c
deleted file mode 100644
index 1dbe06f70..000000000
--- a/kcheckpass/checkpass_etcpasswd.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1998 Christian Esken <[email protected]>
- * Copyright (c) 2003 Oswald Buddenhagen <[email protected]>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public
- * License along with this program; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- * Copyright (C) 1998, Christian Esken <[email protected]>
- */
-
-#include "kcheckpass.h"
-
-#ifdef HAVE_ETCPASSWD
-
-/*******************************************************************
- * This is the authentication code for /etc/passwd passwords
- *******************************************************************/
-
-#include <string.h>
-#include <stdlib.h>
-
-AuthReturn Authenticate(const char *method,
- const char *login, char *(*conv) (ConvRequest, const char *))
-{
- struct passwd *pw;
- char *passwd;
-
- if (strcmp(method, "classic"))
- return AuthError;
-
- /* Get the password entry for the user we want */
- if (!(pw = getpwnam(login)))
- return AuthBad;
-
- if (!*pw->pw_passwd)
- return AuthOk;
-
- if (!(passwd = conv(ConvGetHidden, 0)))
- return AuthAbort;
-
- if (!strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd))) {
- dispose(passwd);
- return AuthOk; /* Success */
- }
- dispose(passwd);
- return AuthBad; /* Password wrong or account locked */
-}
-
-#endif
diff --git a/kcheckpass/checkpass_shadow.c b/kcheckpass/checkpass_shadow.c
index 850bf06d4..e721582d5 100644
--- a/kcheckpass/checkpass_shadow.c
+++ b/kcheckpass/checkpass_shadow.c
@@ -27,10 +27,10 @@
#include "kcheckpass.h"
/*******************************************************************
- * This is the authentication code for Shadow-Passwords
+ * This is the authentication code for /etc/passwd and Shadow-Passwords
*******************************************************************/
-#ifdef HAVE_SHADOW
+#if defined(HAVE_SHADOW) || defined(HAVE_ETCPASSWD)
#include <string.h>
#include <stdlib.h>
#include <pwd.h>
@@ -47,7 +47,6 @@ AuthReturn Authenticate(const char *method,
char *crpt_passwd;
char *password;
struct passwd *pw;
- struct spwd *spw;
if (strcmp(method, "classic"))
return AuthError;
@@ -55,8 +54,12 @@ AuthReturn Authenticate(const char *method,
if (!(pw = getpwnam(login)))
return AuthAbort;
- spw = getspnam(login);
+#ifdef HAVE_SHADOW
+ struct spwd *spw = getspnam(login);
password = spw ? spw->sp_pwdp : pw->pw_passwd;
+#else
+ password = pw->pw_passwd;
+#endif
if (!*password)
return AuthOk;
@@ -70,11 +73,11 @@ AuthReturn Authenticate(const char *method,
crpt_passwd = crypt(typed_in_password, password);
#endif
- if (!strcmp(password, crpt_passwd )) {
- dispose(typed_in_password);
- return AuthOk; /* Success */
- }
dispose(typed_in_password);
+
+ if (crpt_passwd && !strcmp(password, crpt_passwd))
+ return AuthOk; /* Success */
+
return AuthBad; /* Password wrong or account locked */
}
diff --git a/kcheckpass/kcheckpass.h b/kcheckpass/kcheckpass.h
index e1351375a..66a242856 100644
--- a/kcheckpass/kcheckpass.h
+++ b/kcheckpass/kcheckpass.h
@@ -43,17 +43,9 @@
#include <crypt.h>
#endif
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
#include <pwd.h>
#include <sys/types.h>
-#ifndef _PATH_TMP
-#define _PATH_TMP "/tmp/"
-#endif
-
#ifdef ultrix
#include <auth.h>
diff --git a/tdm/ConfigureChecks.cmake b/tdm/ConfigureChecks.cmake
index 563ac6c0a..8ebba8e6d 100644
--- a/tdm/ConfigureChecks.cmake
+++ b/tdm/ConfigureChecks.cmake
@@ -122,18 +122,6 @@ if( WITH_XDMCP )
endif()
-if( WITH_PAM )
-
- set( USE_PAM 1 CACHE INTERNAL "" FORCE )
-
-elseif( WITH_SHADOW )
-
- set( HAVE_SHADOW 1 CACHE INTERNAL "" FORCE )
- set( USESHADOW 1 CACHE INTERNAL "" FORCE )
-
-endif( )
-
-
# If a tdm.service file is wanted, find systemd, then work out which
# distribution is running, select an appropriate template and create the file.
# When it is not possible to identify the distribution or there is no specific