1124208Sdes/*
2124208Sdes * Copyright (c) 2003 Ben Lindstrom.  All rights reserved.
3124208Sdes *
4124208Sdes * Redistribution and use in source and binary forms, with or without
5124208Sdes * modification, are permitted provided that the following conditions
6124208Sdes * are met:
7124208Sdes * 1. Redistributions of source code must retain the above copyright
8124208Sdes *    notice, this list of conditions and the following disclaimer.
9124208Sdes * 2. Redistributions in binary form must reproduce the above copyright
10124208Sdes *    notice, this list of conditions and the following disclaimer in the
11124208Sdes *    documentation and/or other materials provided with the distribution.
12124208Sdes *
13124208Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14124208Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15124208Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16124208Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17124208Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18124208Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19124208Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20124208Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21124208Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22124208Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23124208Sdes */
24124208Sdes
25124208Sdes#include "includes.h"
26124208Sdes
27162852Sdes#include <sys/types.h>
28162852Sdes#include <unistd.h>
29162852Sdes#include <pwd.h>
30162852Sdes
31192595Sdes# if defined(HAVE_CRYPT_H) && !defined(HAVE_SECUREWARE)
32124208Sdes#  include <crypt.h>
33124208Sdes# endif
34124208Sdes
35124208Sdes# ifdef __hpux
36124208Sdes#  include <hpsecurity.h>
37124208Sdes#  include <prot.h>
38124208Sdes# endif
39124208Sdes
40124208Sdes# ifdef HAVE_SECUREWARE
41124208Sdes#  include <sys/security.h>
42124208Sdes#  include <sys/audit.h>
43124208Sdes#  include <prot.h>
44124208Sdes# endif
45124208Sdes
46124208Sdes# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
47124208Sdes#  include <shadow.h>
48124208Sdes# endif
49124208Sdes
50124208Sdes# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
51124208Sdes#  include <sys/label.h>
52124208Sdes#  include <sys/audit.h>
53124208Sdes#  include <pwdadj.h>
54124208Sdes# endif
55124208Sdes
56124208Sdes# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
57124208Sdes#  include "md5crypt.h"
58263970Sdes# endif
59124208Sdes
60263970Sdes# if !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
61263970Sdes#  include <openssl/des.h>
62263970Sdes#  define crypt DES_crypt
63263970Sdes# endif
64263970Sdes
65124208Sdeschar *
66124208Sdesxcrypt(const char *password, const char *salt)
67124208Sdes{
68124208Sdes	char *crypted;
69124208Sdes
70124208Sdes# ifdef HAVE_MD5_PASSWORDS
71124208Sdes        if (is_md5_salt(salt))
72124208Sdes                crypted = md5_crypt(password, salt);
73124208Sdes        else
74124208Sdes                crypted = crypt(password, salt);
75124208Sdes# elif defined(__hpux) && !defined(HAVE_SECUREWARE)
76124208Sdes	if (iscomsec())
77124208Sdes                crypted = bigcrypt(password, salt);
78124208Sdes        else
79124208Sdes                crypted = crypt(password, salt);
80124208Sdes# elif defined(HAVE_SECUREWARE)
81124208Sdes        crypted = bigcrypt(password, salt);
82124208Sdes# else
83124208Sdes        crypted = crypt(password, salt);
84124208Sdes# endif
85124208Sdes
86124208Sdes	return crypted;
87124208Sdes}
88124208Sdes
89124208Sdes/*
90124208Sdes * Handle shadowed password systems in a cleaner way for portable
91124208Sdes * version.
92124208Sdes */
93124208Sdes
94124208Sdeschar *
95124208Sdesshadow_pw(struct passwd *pw)
96124208Sdes{
97124208Sdes	char *pw_password = pw->pw_passwd;
98124208Sdes
99124208Sdes# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
100124208Sdes	struct spwd *spw = getspnam(pw->pw_name);
101124208Sdes
102124208Sdes	if (spw != NULL)
103124208Sdes		pw_password = spw->sp_pwdp;
104124208Sdes# endif
105149749Sdes
106181111Sdes#ifdef USE_LIBIAF
107149749Sdes	return(get_iaf_password(pw));
108149749Sdes#endif
109149749Sdes
110124208Sdes# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
111124208Sdes	struct passwd_adjunct *spw;
112124208Sdes	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
113124208Sdes		pw_password = spw->pwa_passwd;
114124208Sdes# elif defined(HAVE_SECUREWARE)
115124208Sdes	struct pr_passwd *spw = getprpwnam(pw->pw_name);
116124208Sdes
117124208Sdes	if (spw != NULL)
118124208Sdes		pw_password = spw->ufld.fd_encrypt;
119124208Sdes# endif
120124208Sdes
121124208Sdes	return pw_password;
122124208Sdes}
123