X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?p=xscreensaver;a=blobdiff_plain;f=driver%2Fpasswd-pwent.c;h=bb0edfc23d26076e0fb38ade9e1aa19294dfb10b;hp=ba8366169ec0ca3bb762019c0817ecb56b010ff4;hb=c494fd2e6b3b25582375d62e40f4f5cc984ca424;hpb=3210e7e80ee2b5a7d2049a5aaff9f17b9c93dcc9 diff --git a/driver/passwd-pwent.c b/driver/passwd-pwent.c index ba836616..bb0edfc2 100644 --- a/driver/passwd-pwent.c +++ b/driver/passwd-pwent.c @@ -78,7 +78,8 @@ # define PWTYPE struct s_passwd * # define PWPSLOT pw_passwd # define GETPW getspwnam -# define crypt bigcrypt + +# define HAVE_BIGCRYPT #endif @@ -103,6 +104,11 @@ static char *encrypted_user_passwd = 0; # define ROOT "root" #endif +#ifndef VMS +Bool pwent_priv_init (int argc, char **argv, Bool verbose_p); +Bool pwent_lock_init (int argc, char **argv, Bool verbose_p); +Bool pwent_passwd_valid_p (const char *typed_passwd, Bool verbose_p); +#endif #ifndef VMS @@ -176,7 +182,7 @@ get_encrypted_passwd(const char *user) result = strdup(p->pw_passwd); } - /* The manual for passwd(4) says: + /* The manual for passwd(4) on HPUX 10.10 says: Password aging is put in effect for a particular user if his encrypted password in the password file is followed by a comma and @@ -194,9 +200,15 @@ get_encrypted_passwd(const char *user) *s = 0; } +#ifndef HAVE_PAM + /* We only issue this warning if not compiled with support for PAM. + If we're using PAM, it's not unheard of that normal pwent passwords + would be unavailable. */ + if (!result) fprintf (stderr, "%s: couldn't get password of \"%s\"\n", blurb(), (user ? user : "(null)")); +#endif /* !HAVE_PAM */ return result; } @@ -212,7 +224,7 @@ get_encrypted_passwd(const char *user) #ifndef VMS Bool -pwent_lock_init (int argc, char **argv, Bool verbose_p) +pwent_priv_init (int argc, char **argv, Bool verbose_p) { char *u; @@ -233,6 +245,43 @@ pwent_lock_init (int argc, char **argv, Bool verbose_p) } +Bool +pwent_lock_init (int argc, char **argv, Bool verbose_p) +{ + if (encrypted_user_passwd) + return True; + else + return False; +} + + + +static Bool +passwds_match_p (const char *cleartext, const char *ciphertext) +{ + char *s = 0; /* note that on some systems, crypt() may return null */ + + s = (char *) crypt (cleartext, ciphertext); + if (s && !strcmp (s, ciphertext)) + return True; + +#ifdef HAVE_BIGCRYPT + /* There seems to be no way to tell at runtime if an HP machine is in + "trusted" mode, and thereby, which of crypt() or bigcrypt() we should + be calling to compare passwords. So call them both, and see which + one works. */ + + s = (char *) bigcrypt (cleartext, ciphertext); + if (s && !strcmp (s, ciphertext)) + return True; + +#endif /* HAVE_BIGCRYPT */ + + return False; +} + + + /* This can be called at any time, and says whether the typed password belongs to either the logged in user (real uid, not effective); or to root. @@ -240,19 +289,17 @@ pwent_lock_init (int argc, char **argv, Bool verbose_p) Bool pwent_passwd_valid_p (const char *typed_passwd, Bool verbose_p) { - char *s = 0; /* note that on some systems, crypt() may return null */ - if (encrypted_user_passwd && - (s = (char *) crypt (typed_passwd, encrypted_user_passwd)) && - !strcmp (s, encrypted_user_passwd)) + passwds_match_p (typed_passwd, encrypted_user_passwd)) return True; +#ifdef ALLOW_ROOT_PASSWD /* do not allow root to have a null password. */ else if (typed_passwd[0] && encrypted_root_passwd && - (s = (char *) crypt (typed_passwd, encrypted_root_passwd)) && - !strcmp (s, encrypted_root_passwd)) + passwds_match_p (typed_passwd, encrypted_root_passwd)) return True; +#endif /* ALLOW_ROOT_PASSWD */ else return False;