kcheckpass: fix shadow support when not building tdm

1. If not building with PAM, kcheckpass relies on HAVE_SHADOW to decide whether to support shadow passwords. However, this was only set if also building tdm. Consolidate all PAM/shadow configure checks at the top level so these are always set correctly. 2. Consolidate /etc/passwd and shadow password handling The shadow password handler already completely handles /etc/passwd passwords as well, so having a separate handler for just /etc/passwd is pure code duplication. Signed-off-by: Bobby Bingham <koorogi@koorogi.info> (cherry picked from commit 8c543e26ec35237d00ec44fadda80318c386fdde)
author: Bobby Bingham <koorogi@koorogi.info> 2023-03-30 21:54:25 -0500
committer: Michele Calgaro <michele.calgaro@yahoo.it> 2023-06-05 12:01:42 +0900
commit: 61357f5f74e91ac7bc1ed8c6a5b9a0da373e22c2 (patch)
tree: 1b62f8f925069fb0ed2c1dd056e362f9f7d6faad
parent: 5b795608e0ea643205bbd16f1ef4ab9c6187c9fe (diff)
download: tdebase-61357f5f.tar.gz
tdebase-61357f5f.zip
6 files changed, 28 insertions, 99 deletions
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index fff59ab29..5f455765b 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -103,16 +103,22 @@ if( BUILD_TDEIOSLAVES )
 endif( )
 
 
-# pam
-if( WITH_PAM AND (BUILD_KCHECKPASS OR BUILD_TDM) )
-  check_library_exists( pam pam_start "" HAVE_PAM )
-  if( HAVE_PAM )
-    check_include_file( "security/pam_appl.h" SECURITY_PAM_APPL_H )
-  endif( )
-  if( HAVE_PAM AND SECURITY_PAM_APPL_H )
-    set( PAM_LIBRARY pam ${DL_LIBRARIES} )
-  else( )
-    tde_message_fatal( "pam are requested, but not found on your system" )
+# pam and shadow
+if( BUILD_KCHECKPASS OR BUILD_TDM )
+  if ( WITH_PAM )
+    check_library_exists( pam pam_start "" HAVE_PAM )
+    if( HAVE_PAM )
+      set( USEPAM 1 CACHE INTERNAL "" FORCE )
+      check_include_file( "security/pam_appl.h" SECURITY_PAM_APPL_H )
+    endif( )
+    if( HAVE_PAM AND SECURITY_PAM_APPL_H )
+      set( PAM_LIBRARY pam ${DL_LIBRARIES} )
+    else( )
+      tde_message_fatal( "pam are requested, but not found on your system" )
+    endif( )
+  elseif( WITH_SHADOW )
+    set( HAVE_SHADOW 1 CACHE INTERNAL "" FORCE )
+    set( USESHADOW 1 CACHE INTERNAL "" FORCE )
   endif( )
 endif( )
 
diff --git a/kcheckpass/CMakeLists.txt b/kcheckpass/CMakeLists.txt
index 5e83ee41e..b2091e0ce 100644
--- a/kcheckpass/CMakeLists.txt
+++ b/kcheckpass/CMakeLists.txt
@@ -24,7 +24,7 @@ include_directories(
 
 tde_add_executable( kcheckpass AUTOMOC
   SOURCES
-    kcheckpass.c checkpass_etcpasswd.c checkpass_pam.c
+    kcheckpass.c checkpass_pam.c
     checkpass_shadow.c checkpass_osfc2passwd.c checkpass_aix.c
   LINK tdefakes-shared ${CRYPT_LIBRARY} ${PAM_LIBRARY}
   DESTINATION ${BIN_INSTALL_DIR}
diff --git a/kcheckpass/checkpass_etcpasswd.c b/kcheckpass/checkpass_etcpasswd.c
deleted file mode 100644
index 1dbe06f70..000000000
--- a/kcheckpass/checkpass_etcpasswd.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1998 Christian Esken <esken@kde.org> 
- * Copyright (c) 2003 Oswald Buddenhagen <ossi@kde.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public
- * License along with this program; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- *      Copyright (C) 1998, Christian Esken <esken@kde.org>
- */
-
-#include "kcheckpass.h"
-
-#ifdef HAVE_ETCPASSWD
-
-/*******************************************************************
- * This is the authentication code for /etc/passwd passwords
- *******************************************************************/
-
-#include <string.h>
-#include <stdlib.h>
-
-AuthReturn Authenticate(const char *method,
-        const char *login, char *(*conv) (ConvRequest, const char *))
-{
-  struct passwd *pw;
-  char *passwd;
-
-  if (strcmp(method, "classic"))
-    return AuthError;
-
-  /* Get the password entry for the user we want */
-  if (!(pw = getpwnam(login)))
-    return AuthBad;
-
-  if (!*pw->pw_passwd)
-    return AuthOk;
-
-  if (!(passwd = conv(ConvGetHidden, 0)))
-    return AuthAbort;
-
-  if (!strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd))) {
-    dispose(passwd);
-    return AuthOk; /* Success */
-  }
-  dispose(passwd);
-  return AuthBad; /* Password wrong or account locked */
-}
-
-#endif
diff --git a/kcheckpass/checkpass_shadow.c b/kcheckpass/checkpass_shadow.c
index 850bf06d4..e721582d5 100644
--- a/kcheckpass/checkpass_shadow.c
+++ b/kcheckpass/checkpass_shadow.c
@@ -27,10 +27,10 @@
 #include "kcheckpass.h"
 
 /*******************************************************************
- * This is the authentication code for Shadow-Passwords
+ * This is the authentication code for /etc/passwd and Shadow-Passwords
  *******************************************************************/
 
-#ifdef HAVE_SHADOW
+#if defined(HAVE_SHADOW) || defined(HAVE_ETCPASSWD)
 #include <string.h>
 #include <stdlib.h>
 #include <pwd.h>
@@ -47,7 +47,6 @@ AuthReturn Authenticate(const char *method,
   char          *crpt_passwd;
   char          *password;
   struct passwd *pw;
-  struct spwd   *spw;
 
   if (strcmp(method, "classic"))
     return AuthError;
@@ -55,8 +54,12 @@ AuthReturn Authenticate(const char *method,
   if (!(pw = getpwnam(login)))
     return AuthAbort;
 
-  spw = getspnam(login);
+#ifdef HAVE_SHADOW
+  struct spwd *spw = getspnam(login);
   password = spw ? spw->sp_pwdp : pw->pw_passwd;
+#else
+  password = pw->pw_passwd;
+#endif
 
   if (!*password)
     return AuthOk;
@@ -70,11 +73,11 @@ AuthReturn Authenticate(const char *method,
   crpt_passwd = crypt(typed_in_password, password);
 #endif
 
-  if (!strcmp(password, crpt_passwd )) {
-    dispose(typed_in_password);
-    return AuthOk; /* Success */
-  }
   dispose(typed_in_password);
+
+  if (crpt_passwd && !strcmp(password, crpt_passwd))
+    return AuthOk; /* Success */
+
   return AuthBad; /* Password wrong or account locked */
 }
 
diff --git a/kcheckpass/kcheckpass.h b/kcheckpass/kcheckpass.h
index e1351375a..66a242856 100644
--- a/kcheckpass/kcheckpass.h
+++ b/kcheckpass/kcheckpass.h
@@ -43,17 +43,9 @@
 #include <crypt.h>
 #endif
 
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
 #include <pwd.h>
 #include <sys/types.h>
 
-#ifndef _PATH_TMP
-#define _PATH_TMP "/tmp/"
-#endif
-
 
 #ifdef ultrix
 #include <auth.h>
diff --git a/tdm/ConfigureChecks.cmake b/tdm/ConfigureChecks.cmake
index 563ac6c0a..8ebba8e6d 100644
--- a/tdm/ConfigureChecks.cmake
+++ b/tdm/ConfigureChecks.cmake
@@ -122,18 +122,6 @@ if( WITH_XDMCP )
 endif()
 
 
-if( WITH_PAM )
-
-  set( USE_PAM 1 CACHE INTERNAL "" FORCE )
-
-elseif( WITH_SHADOW )
-
-  set( HAVE_SHADOW 1 CACHE INTERNAL "" FORCE )
-  set( USESHADOW 1 CACHE INTERNAL "" FORCE )
-
-endif( )
-
-
 # If a tdm.service file is wanted, find systemd, then work out which
 # distribution is running, select an appropriate template and create the file.
 # When it is not possible to identify the distribution or there is no specific
author	Bobby Bingham <koorogi@koorogi.info>	2023-03-30 21:54:25 -0500
committer	Michele Calgaro <michele.calgaro@yahoo.it>	2023-06-05 12:01:42 +0900
commit	61357f5f74e91ac7bc1ed8c6a5b9a0da373e22c2 (patch)
tree	1b62f8f925069fb0ed2c1dd056e362f9f7d6faad
parent	5b795608e0ea643205bbd16f1ef4ab9c6187c9fe (diff)
download	tdebase-61357f5f.tar.gz tdebase-61357f5f.zip