xref: /freebsd/crypto/openssh/openbsd-compat/xcrypt.c (revision 1f4bcc459a76b7aa664f3fd557684cd0ba6da352)
1 /*
2  * Copyright (c) 2003 Ben Lindstrom.  All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23  */
24 
25 #include "includes.h"
26 
27 #include <sys/types.h>
28 #include <unistd.h>
29 #include <pwd.h>
30 
31 # if defined(HAVE_CRYPT_H) && !defined(HAVE_SECUREWARE)
32 #  include <crypt.h>
33 # endif
34 
35 # ifdef __hpux
36 #  include <hpsecurity.h>
37 #  include <prot.h>
38 # endif
39 
40 # ifdef HAVE_SECUREWARE
41 #  include <sys/security.h>
42 #  include <sys/audit.h>
43 #  include <prot.h>
44 # endif
45 
46 # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
47 #  include <shadow.h>
48 # endif
49 
50 # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
51 #  include <sys/label.h>
52 #  include <sys/audit.h>
53 #  include <pwdadj.h>
54 # endif
55 
56 # if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
57 #  include "md5crypt.h"
58 # endif
59 
60 # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
61 #  include <openssl/des.h>
62 #  define crypt DES_crypt
63 # endif
64 
65 char *
66 xcrypt(const char *password, const char *salt)
67 {
68 	char *crypted;
69 
70 # ifdef HAVE_MD5_PASSWORDS
71         if (is_md5_salt(salt))
72                 crypted = md5_crypt(password, salt);
73         else
74                 crypted = crypt(password, salt);
75 # elif defined(__hpux) && !defined(HAVE_SECUREWARE)
76 	if (iscomsec())
77                 crypted = bigcrypt(password, salt);
78         else
79                 crypted = crypt(password, salt);
80 # elif defined(HAVE_SECUREWARE)
81         crypted = bigcrypt(password, salt);
82 # else
83         crypted = crypt(password, salt);
84 # endif
85 
86 	return crypted;
87 }
88 
89 /*
90  * Handle shadowed password systems in a cleaner way for portable
91  * version.
92  */
93 
94 char *
95 shadow_pw(struct passwd *pw)
96 {
97 	char *pw_password = pw->pw_passwd;
98 
99 # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
100 	struct spwd *spw = getspnam(pw->pw_name);
101 
102 	if (spw != NULL)
103 		pw_password = spw->sp_pwdp;
104 # endif
105 
106 #ifdef USE_LIBIAF
107 	return(get_iaf_password(pw));
108 #endif
109 
110 # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
111 	struct passwd_adjunct *spw;
112 	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
113 		pw_password = spw->pwa_passwd;
114 # elif defined(HAVE_SECUREWARE)
115 	struct pr_passwd *spw = getprpwnam(pw->pw_name);
116 
117 	if (spw != NULL)
118 		pw_password = spw->ufld.fd_encrypt;
119 # endif
120 
121 	return pw_password;
122 }
123