1bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/*
2bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Copyright (c) 2003 Ben Lindstrom.  All rights reserved.
3bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *
4bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Redistribution and use in source and binary forms, with or without
5bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * modification, are permitted provided that the following conditions
6bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * are met:
7bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 1. Redistributions of source code must retain the above copyright
8bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *    notice, this list of conditions and the following disclaimer.
9bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 2. Redistributions in binary form must reproduce the above copyright
10bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *    notice, this list of conditions and the following disclaimer in the
11bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *    documentation and/or other materials provided with the distribution.
12bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *
13bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */
24bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
25bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "includes.h"
26bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
27bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/types.h>
28bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <unistd.h>
29bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <pwd.h>
30bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
31bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# if defined(HAVE_CRYPT_H) && !defined(HAVE_SECUREWARE)
32bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <crypt.h>
33bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# endif
34bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
35bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# ifdef __hpux
36bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <hpsecurity.h>
37bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <prot.h>
38bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# endif
39bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
40bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# ifdef HAVE_SECUREWARE
41bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <sys/security.h>
42bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <sys/audit.h>
43bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <prot.h>
44bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# endif
45bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
46bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
47bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <shadow.h>
48bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# endif
49bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
50bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
51bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <sys/label.h>
52bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <sys/audit.h>
53bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include <pwdadj.h>
54bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# endif
55bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
56bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
57bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#  include "md5crypt.h"
58d059297112922cabb0c674840589be8db821fd9aAdam Langley# endif
59d059297112922cabb0c674840589be8db821fd9aAdam Langley
60d059297112922cabb0c674840589be8db821fd9aAdam Langley# if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
61d059297112922cabb0c674840589be8db821fd9aAdam Langley#  include <openssl/des.h>
62d059297112922cabb0c674840589be8db821fd9aAdam Langley#  define crypt DES_crypt
63d059297112922cabb0c674840589be8db821fd9aAdam Langley# endif
64bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
65bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanchar *
66bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanxcrypt(const char *password, const char *salt)
67bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{
68bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	char *crypted;
69bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
70bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# ifdef HAVE_MD5_PASSWORDS
71bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman        if (is_md5_salt(salt))
72bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman                crypted = md5_crypt(password, salt);
73bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman        else
74bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman                crypted = crypt(password, salt);
75bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# elif defined(__hpux) && !defined(HAVE_SECUREWARE)
76bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	if (iscomsec())
77bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman                crypted = bigcrypt(password, salt);
78bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman        else
79bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman                crypted = crypt(password, salt);
80bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# elif defined(HAVE_SECUREWARE)
81bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman        crypted = bigcrypt(password, salt);
82bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# else
83bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman        crypted = crypt(password, salt);
84bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# endif
85bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
86bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	return crypted;
87bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}
88bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
89bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/*
90bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Handle shadowed password systems in a cleaner way for portable
91bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * version.
92bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */
93bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
94bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanchar *
95bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanshadow_pw(struct passwd *pw)
96bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{
97bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	char *pw_password = pw->pw_passwd;
98bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
99bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
100bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	struct spwd *spw = getspnam(pw->pw_name);
101bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
102bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	if (spw != NULL)
103bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman		pw_password = spw->sp_pwdp;
104bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# endif
105bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
106bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef USE_LIBIAF
107bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	return(get_iaf_password(pw));
108bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif
109bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
110bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
111bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	struct passwd_adjunct *spw;
112bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
113bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman		pw_password = spw->pwa_passwd;
114bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# elif defined(HAVE_SECUREWARE)
115bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	struct pr_passwd *spw = getprpwnam(pw->pw_name);
116bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
117bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	if (spw != NULL)
118bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman		pw_password = spw->ufld.fd_encrypt;
119bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# endif
120bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
121bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	return pw_password;
122bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}
123