From 61357f5f74e91ac7bc1ed8c6a5b9a0da373e22c2 Mon Sep 17 00:00:00 2001
From: Bobby Bingham <koorogi@koorogi.info>
Date: Thu, 30 Mar 2023 21:54:25 -0500
Subject: kcheckpass: fix shadow support when not building tdm

1. If not building with PAM, kcheckpass relies on HAVE_SHADOW to decide
whether to support shadow passwords. However, this was only set if also
building tdm.

Consolidate all PAM/shadow configure checks at the top level so these are
always set correctly.

2. Consolidate /etc/passwd and shadow password handling

The shadow password handler already completely handles /etc/passwd
passwords as well, so having a separate handler for just /etc/passwd is
pure code duplication.

Signed-off-by: Bobby Bingham <koorogi@koorogi.info>
(cherry picked from commit 8c543e26ec35237d00ec44fadda80318c386fdde)
---
 kcheckpass/checkpass_shadow.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

(limited to 'kcheckpass/checkpass_shadow.c')

diff --git a/kcheckpass/checkpass_shadow.c b/kcheckpass/checkpass_shadow.c
index 850bf06d4..e721582d5 100644
--- a/kcheckpass/checkpass_shadow.c
+++ b/kcheckpass/checkpass_shadow.c
@@ -27,10 +27,10 @@
 #include "kcheckpass.h"
 
 /*******************************************************************
- * This is the authentication code for Shadow-Passwords
+ * This is the authentication code for /etc/passwd and Shadow-Passwords
  *******************************************************************/
 
-#ifdef HAVE_SHADOW
+#if defined(HAVE_SHADOW) || defined(HAVE_ETCPASSWD)
 #include <string.h>
 #include <stdlib.h>
 #include <pwd.h>
@@ -47,7 +47,6 @@ AuthReturn Authenticate(const char *method,
   char          *crpt_passwd;
   char          *password;
   struct passwd *pw;
-  struct spwd   *spw;
 
   if (strcmp(method, "classic"))
     return AuthError;
@@ -55,8 +54,12 @@ AuthReturn Authenticate(const char *method,
   if (!(pw = getpwnam(login)))
     return AuthAbort;
 
-  spw = getspnam(login);
+#ifdef HAVE_SHADOW
+  struct spwd *spw = getspnam(login);
   password = spw ? spw->sp_pwdp : pw->pw_passwd;
+#else
+  password = pw->pw_passwd;
+#endif
 
   if (!*password)
     return AuthOk;
@@ -70,11 +73,11 @@ AuthReturn Authenticate(const char *method,
   crpt_passwd = crypt(typed_in_password, password);
 #endif
 
-  if (!strcmp(password, crpt_passwd )) {
-    dispose(typed_in_password);
-    return AuthOk; /* Success */
-  }
   dispose(typed_in_password);
+
+  if (crpt_passwd && !strcmp(password, crpt_passwd))
+    return AuthOk; /* Success */
+
   return AuthBad; /* Password wrong or account locked */
 }
 
-- 
cgit v1.2.1