diff --git a/kcheckpass/CMakeLists.txt b/kcheckpass/CMakeLists.txt --- a/kcheckpass/CMakeLists.txt +++ b/kcheckpass/CMakeLists.txt @@ -5,11 +5,8 @@ set(kcheckpass_SRCS kcheckpass.h kcheckpass.c - checkpass_etcpasswd.c checkpass_pam.c checkpass_shadow.c - checkpass_osfc2passwd.c - checkpass_aix.c ) add_executable(kcheckpass ${kcheckpass_SRCS}) diff --git a/kcheckpass/checkpass_aix.c b/kcheckpass/checkpass_aix.c deleted file mode 100644 --- a/kcheckpass/checkpass_aix.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2001 Reza Arbab - * Copyright (c) 2003 Oswald Buddenhagen - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the Free - * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - */ - -#include "kcheckpass.h" - -#ifdef HAVE_AIX_AUTH -#include -#include -#include -#include - -/* - * The AIX builtin authenticate() uses whichever method the system - * has been configured for. (/etc/passwd, DCE, etc.) - */ -int authenticate(const char *, const char *, int *, char **); - -AuthReturn Authenticate(const char *method, - const char *login, char *(*conv) (ConvRequest, const char *)) -{ - int result; - int reenter; /* Tells if authenticate is done processing or not. */ - char *passwd; - char *msg; /* Contains a prompt message or failure reason. */ - - if (!strcmp(method, "classic")) { - - if (!(passwd = conv(ConvGetHidden, 0))) - return AuthAbort; - - if ((result = authenticate(login, passwd, &reenter, &msg))) { - if (msg) { - conv(ConvPutError, msg); - free(msg); - } - dispose(passwd); - return AuthBad; - } - if (reenter) { - char buf[256]; - snprintf(buf, sizeof(buf), "More authentication data requested: %s\n", msg); - conv(ConvPutError, buf); - free(msg); - dispose(passwd); - return result == ENOENT || result == ESAD ? AuthBad : AuthError; - } - dispose(passwd); - return AuthOk; - - } else if (!strcmp(method, "generic")) { - - for (passwd = 0;;) { - if ((result = authenticate(login, passwd, &reenter, &msg))) { - if (msg) { - conv(ConvPutError, msg); - free(msg); - } - if (passwd) - dispose(passwd); - return result == ENOENT || result == ESAD ? AuthBad : AuthError; - } - if (passwd) - dispose(passwd); - if (!reenter) - break; - passwd = conv(ConvGetHidden, msg); - free(msg); - if (!passwd) - return AuthAbort; - } - return AuthOk; - - } else - return AuthError; - -} - -#endif diff --git a/kcheckpass/checkpass_etcpasswd.c b/kcheckpass/checkpass_etcpasswd.c deleted file mode 100644 --- a/kcheckpass/checkpass_etcpasswd.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 1998 Christian Esken - * Copyright (c) 2003 Oswald Buddenhagen - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the Free - * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - * Copyright (C) 1998, Christian Esken - */ - -#include "kcheckpass.h" - -#ifdef HAVE_ETCPASSWD - -/******************************************************************* - * This is the authentication code for /etc/passwd passwords - *******************************************************************/ - -#include -#include - -AuthReturn Authenticate(const char *method, - const char *login, char *(*conv) (ConvRequest, const char *)) -{ - struct passwd *pw; - char *passwd; - char *crpt_passwd; - - if (strcmp(method, "classic")) - return AuthError; - - /* Get the password entry for the user we want */ - if (!(pw = getpwnam(login))) - return AuthBad; - - if (!*pw->pw_passwd) - return AuthOk; - - if (!(passwd = conv(ConvGetHidden, 0))) - return AuthAbort; - - if ((crpt_passwd = crypt(passwd, pw->pw_passwd)) && !strcmp(pw->pw_passwd, crpt_passwd)) { - dispose(passwd); - return AuthOk; /* Success */ - } - dispose(passwd); - return AuthBad; /* Password wrong or account locked */ -} - -#endif diff --git a/kcheckpass/checkpass_osfc2passwd.c b/kcheckpass/checkpass_osfc2passwd.c deleted file mode 100644 --- a/kcheckpass/checkpass_osfc2passwd.c +++ /dev/null @@ -1,204 +0,0 @@ -/* - * - * Copyright (C) 1999 Mark Davies - * Copyright (C) 2003 Oswald Buddenhagen - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the Free - * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - */ - -#include "kcheckpass.h" - -#ifdef HAVE_OSF_C2_PASSWD - -static char *osf1c2crypt(const char *pw, char *salt); -static int osf1c2_getprpwent(char *p, char *n, int len); - -/******************************************************************* - * This is the authentication code for OSF C2 security passwords - *******************************************************************/ - -#include -#include -#include - -AuthReturn Authenticate(const char *method, - const char *login, char *(*conv) (ConvRequest, const char *)) -{ - char *passwd; - char *crpt_passwd; - char c2passwd[256]; - - if (strcmp(method, "classic")) - return AuthError; - - if (!osf1c2_getprpwent(c2passwd, login, sizeof(c2passwd))) - return AuthBad; - - if (!*c2passwd) - return AuthOk; - - if (!(passwd = conv(ConvGetHidden, 0))) - return AuthAbort; - - if ((crpt_passwd = osf1c2crypt(passwd, c2passwd)) && !strcmp(c2passwd, crpt_passwd)) { - dispose(passwd); - return AuthOk; /* Success */ - } - dispose(passwd); - return AuthBad; /* Password wrong or account locked */ -} - - -/* -The following code was lifted from the file osfc2.c from the ssh 1.2.26 -distribution. Parts of the code that were not needed by kcheckpass -(notably the osf1c2_check_account_and_terminal() function and the code -to set the external variable days_before_password_expires have been -removed). The original copyright from the osfc2.c file is included -below. -*/ - -/* - -osfc2.c - -Author: Christophe Wolfhugel - -Copyright (c) 1995 Christophe Wolfhugel - -Free use of this file is permitted for any purpose as long as -this copyright is preserved in the header. - -This program implements the use of the OSF/1 C2 security extensions -within ssh. See the file COPYING for full licensing information. - -*/ - -#include -#include -#include - -static int c2security = -1; -static int crypt_algo; - -static void -initialize_osf_security(int ac, char **av) -{ - FILE *f; - char buf[256]; - char siad[] = "siad_ses_init="; - - if (access(SIAIGOODFILE, F_OK) == -1) - { - /* Broken OSF/1 system, better don't run on it. */ - fprintf(stderr, SIAIGOODFILE); - fprintf(stderr, " does not exist. Your OSF/1 system is probably broken\n"); - exit(1); - } - if ((f = fopen(MATRIX_CONF, "r")) == NULL) - { - /* Another way OSF/1 is probably broken. */ - fprintf(stderr, "%s unreadable. Your OSF/1 system is probably broken.\n" - - MATRIX_CONF); - exit(1); - } - - /* Read matrix.conf to check if we run C2 or not */ - while (fgets(buf, sizeof(buf), f) != NULL) - { - if (strncmp(buf, siad, sizeof(siad) - 1) == 0) - { - if (strstr(buf, "OSFC2") != NULL) - c2security = 1; - else if (strstr(buf, "BSD") != NULL) - c2security = 0; - break; - } - } - fclose(f); - if (c2security == -1) - { - fprintf(stderr, "C2 security initialization failed : could not determine security level.\n"); - exit(1); - } - if (c2security == 1) - set_auth_parameters(ac, av); -} - - -static int -osf1c2_getprpwent(char *p, char *n, int len) -{ - time_t pschg, tnow; - - if (c2security == 1) - { - struct es_passwd *es; - struct pr_passwd *pr = getprpwnam(n); - if (pr) - { - strlcpy(p, pr->ufld.fd_encrypt, len); - crypt_algo = pr->ufld.fd_oldcrypt; - - tnow = time(NULL); - if (pr->uflg.fg_schange == 1) - pschg = pr->ufld.fd_schange; - else - pschg = 0; - if (pr->uflg.fg_template == 0) - { - /** default template, system values **/ - if (pr->sflg.fg_lifetime == 1) - if (pr->sfld.fd_lifetime > 0 && - pschg + pr->sfld.fd_lifetime < tnow) - return 1; - } - else /** user template, specific values **/ - { - es = getespwnam(pr->ufld.fd_template); - if (es) - { - if (es->uflg->fg_expire == 1) - if (es->ufld->fd_expire > 0 && - pschg + es->ufld->fd_expire < tnow) - return 1; - } - } - } - } - else - { - struct passwd *pw = getpwnam(n); - if (pw) - { - strlcpy(p, pw->pw_passwd, len); - return 1; - } - } - return 0; -} - -static char * -osf1c2crypt(const char *pw, char *salt) -{ - if (c2security == 1) { - return(dispcrypt(pw, salt, crypt_algo)); - } else - return(crypt(pw, salt)); -} - -#endif diff --git a/kcheckpass/kcheckpass.h b/kcheckpass/kcheckpass.h --- a/kcheckpass/kcheckpass.h +++ b/kcheckpass/kcheckpass.h @@ -63,21 +63,10 @@ #include -#ifdef OSF1_ENH_SEC -#include -#include -#endif - /* Make sure there is only one! */ #if defined(HAVE_PAM) -# undef HAVE_OSF_C2_PASSWD -#elif defined(HAVE_OSF_C2_PASSWD) -#elif defined(_AIX) -# define HAVE_AIX_AUTH -#elif defined(HAVE_GETSPNAM) -# define HAVE_SHADOW #else -# define HAVE_ETCPASSWD +#define HAVE_SHADOW #endif #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4) diff --git a/kcheckpass/kcheckpass.c b/kcheckpass/kcheckpass.c --- a/kcheckpass/kcheckpass.c +++ b/kcheckpass/kcheckpass.c @@ -266,10 +266,6 @@ procctl(P_PID, getpid(), PROC_TRACE_CTL, &mode); #endif -#ifdef HAVE_OSF_C2_PASSWD - initialize_osf_security(argc, argv); -#endif - /* Make sure stdout/stderr are open */ for (c = 1; c <= 2; c++) { if (fcntl(c, F_GETFL) == -1) {