X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=cde%2Fprograms%2Fdtsession%2FSmLock.c;h=e20207131d67719d2ce0bb82a653c02758118e19;hb=e5b3c011c64ab00cc00b771d203f8d1809ca846d;hp=0e7307c737152f3b117efcbccfa585cc820fe040;hpb=d8db13985c66de2c765124a647ee492c52d715bc;p=oweals%2Fcde.git

diff --git a/cde/programs/dtsession/SmLock.c b/cde/programs/dtsession/SmLock.c
index 0e7307c7..e2020713 100644
--- a/cde/programs/dtsession/SmLock.c
+++ b/cde/programs/dtsession/SmLock.c
@@ -16,7 +16,7 @@
  * details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with these librararies and programs; if not, write
+ * License along with these libraries and programs; if not, write
  * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
  * Floor, Boston, MA 02110-1301 USA
  */
@@ -74,16 +74,10 @@
 #include <Dt/Indicator.h>
 #include <Tt/tttk.h>
 #ifdef SVR4
-# ifdef USL
-#  include <iaf.h>
-#  include <sys/types.h>
-#  include <ia.h>
-# else
 #  include <shadow.h>
 #endif
-#endif
 
-#if defined(linux)
+#if defined(__linux__)
 # include <shadow.h>
 #endif
 #if defined(CSRG_BASED)
@@ -150,7 +144,7 @@ static void RequirePassword( XtPointer, XtIntervalId *) ;
 static void CycleSaver( XtPointer, XtIntervalId *) ;
 static void BlinkCaret( XtPointer, XtIntervalId *) ;
 
-#if defined(linux)
+#if defined(__linux__)
 /* #define JET_AUTHDEBUG */
 
 /* Test for re-auth ability - see if we can re-authenticate via pwd,
@@ -159,13 +153,20 @@ static void BlinkCaret( XtPointer, XtIntervalId *) ;
 static Boolean CanReAuthenticate(char *name, uid_t uid, char *passwd,
 				 struct passwd **pwent, struct spwd **spent)
 {
-  Boolean fail = False;
+  if (!pwent)
+      return False;
 
   *pwent = (name == NULL) ? getpwuid(uid) : getpwnam(name);
+  if (!*pwent)
+      return False;
+
   *spent = getspnam((*pwent)->pw_name);
 
 #ifdef JET_AUTHDEBUG
-  fprintf(stderr, "CanReAuthenticate(): %s %s %s\n",
+  fprintf(stderr, "CanReAuthenticate(): uid: %d name: '%s' errno %d %s %s %s\n",
+          uid,
+          (name) ? name : "NULL",
+          errno,
 	  (*pwent) ? "PWENT" : "NULL",
 	  (*spent) ? "SPENT" : "NULL",
 	  (name) ? name : "NULL");
@@ -870,7 +871,7 @@ RecolorCursor( void )
  *
  *  Inputs:
  *  ------
- *  w = widget where event occured
+ *  w = widget where event occurred
  *  client_data = client specific data sent to callback
  *  event = event that triggered callback
  *
@@ -969,19 +970,27 @@ CheckString(
         register char *s,
         register int i )
 {
+  /* maximum supported length of password */
+#if defined(SIA)
+#define MAX_PASSWORD_LENGTH SIAMXPASSWORD
+#else
+  /* seems to be reasonable maximal length */
+#define MAX_PASSWORD_LENGTH 65535
+#endif
+
+  /* step when allocating/extending buffer */
+#define BUF_ALLOC_LEN 64
+
     /*
      * password rules:
-     *	- Only the first eight characters are used.
-     *	- If pw_length > 8, we've gone over eight characters and won't
+     *	- If pw_length >  MAX_PASSWORD_LENGTH, we've gone over the limit and won't
      *	  accept any more.
      *	- An ESC kills the line.
      */
-#ifdef SIA
-    static char passwd[82];           /* password space */
-#else
-    static char passwd[10];		/* password space */
-#endif
-    static int pw_length = 0;		/* password length */
+    static char *passwd = NULL;                            /* password space */
+    static int pw_buf_length = 0;                          /* length of allocated password buffer */
+    static int pw_length = 0;		                   /* password length */
+    char * tmpptr;
 
     if (s == NULL)
     {
@@ -991,9 +1000,23 @@ CheckString(
       pw_length = 0;
       return;
     }
-    
     for (; i>0; s++,i--)
     {
+	/* extend buffer by BUF_ALLOC_LEN bytes if needed*/
+#ifdef  JET_AUTHDEBUG
+	fprintf(stderr, "CheckString: pw_length=%d\n",pw_length);
+#endif
+
+	if (pw_length == pw_buf_length)
+	{
+	    tmpptr = SM_REALLOC(passwd,  pw_buf_length + BUF_ALLOC_LEN);
+	    if (!tmpptr) {
+		PrintErrnoError(DtError, smNLS.cantMallocErrorString);
+		return;
+	    }
+	    pw_buf_length += BUF_ALLOC_LEN;
+	    passwd = tmpptr;
+	}
 	switch(*s)
 	{
 	    case '\010':
@@ -1007,17 +1030,10 @@ CheckString(
 
 	    case '\n':
 	    case '\r':
-#ifdef SIA
-		if (pw_length > 80)
+		if (pw_length > MAX_PASSWORD_LENGTH)
                 {
-                    pw_length = 80;
+                    pw_length = MAX_PASSWORD_LENGTH;
                 }
-#else
-		if (pw_length > 8)
-		{
-		    pw_length = 8;
-		}
-#endif
 		passwd[pw_length] = '\0';	/* terminate string */
 		pw_length = 0;			/* reset length */
 		if (CheckPassword(passwd))
@@ -1030,34 +1046,14 @@ CheckString(
 		break;
 
 	    default:
-#ifdef SIA
-                if (pw_length < 80)
-#else
-		if (pw_length < 8)
-#endif
-		    passwd[pw_length] = *s;	/* store character */
-                /*
-		 * The length is incremented no matter what, so the user can
-		 * think the program handles multi-thousand-character
-		 * passwords.  If the user types twenty characters and eighteen
-		 * erases (#), the result will be the first two characters
-		 * entered, as expected.  Up to a point -- 65536 is long
-		 * enough!
-		 */
-		if (pw_length < 65535)
-		    pw_length++;
+		if (pw_length < MAX_PASSWORD_LENGTH)
+		{
+		    passwd[pw_length++] = *s;	/* store character */
+		}
 		break;
 	}
     }
-
-    if(pw_length > 8)
-    {
-	UpdatePasswdField(8);
-    }
-    else
-    {
-	UpdatePasswdField(pw_length);
-    }
+    UpdatePasswdField(pw_length > MAX_PASSWORD_LENGTH ? MAX_PASSWORD_LENGTH : pw_length);
 }
 
 
@@ -1364,7 +1360,7 @@ TakeDownLogin(
  *
  *  Description:
  *  -----------
- *  Redisplays the cover and the login when neccessary.
+ *  Redisplays the cover and the login when necessary.
  *
  *
  *  Inputs:
@@ -1671,7 +1667,7 @@ localAuthenticate(
       return FALSE;
 }
     
-#elif defined(linux)
+#elif defined(__linux__)
 
 {
     struct passwd *pwent = NULL;
@@ -1774,12 +1770,7 @@ localAuthenticate(
 
 
 #ifdef SVR4
-# ifdef USL
-    uinfo_t uinfo;
-    char *upasswd, *newname = NULL;
-# else
     struct spwd *sp=NULL;
-# endif
 #endif
 
     if(smGD.secureSystem)
@@ -1796,20 +1787,12 @@ localAuthenticate(
       pwent = getpwuid(uid);
       if (pwent != NULL) 
       {
-# ifdef USL
-	name = newname = strdup(pwent->pw_name);
-# else
         name = pwent->pw_name;
-#endif
       }
     }
 
     if (name == NULL ||
-# ifdef USL
-	ia_openinfo(name, &uinfo)
-# else
 	(sp = getspnam(name)) == NULL
-# endif
 	)
     {
      /*
@@ -1822,7 +1805,12 @@ localAuthenticate(
    /*
     * Get password entry for 'name' or 'uid'.
     */
+#if defined(__OpenBSD__) && OSMAJORVERSION > 5
+    if ((pwent = (name == NULL ?
+            getpwuid_shadow(uid) : getpwnam_shadow(name))) == NULL)
+#else
     if ((pwent = (name == NULL ? getpwuid(uid) : getpwnam(name))) == NULL)
+#endif
     {
      /*
       * Can't get entry.
@@ -1839,18 +1827,11 @@ localAuthenticate(
 
     if (done == False)
     {
-#ifdef USL
-	ia_get_logpwd(uinfo, &upasswd);
-#endif
       if (
           pwent->pw_passwd == NULL 
           || pwent->pw_passwd[0] == '*'
 #ifdef SVR4
-# ifdef USL
-	  || upasswd == NULL
-# else
           || sp == NULL
-# endif
 #endif
           )
       {
@@ -1881,11 +1862,7 @@ localAuthenticate(
       * Check password.
       */
 #ifdef SVR4
-# ifdef USL
-      if (strcmp(crypt(passwd, upasswd), upasswd) != 0)
-# else
       if (strcmp(crypt(passwd,sp->sp_pwdp),sp->sp_pwdp) != 0)
-# endif
 #else
       if (strcmp(pwent->pw_passwd, crypt(passwd, pwent->pw_passwd)) != 0)
 #endif
@@ -1900,12 +1877,7 @@ localAuthenticate(
 
     endpwent();
 #ifdef SVR4
-# ifdef USL
-    ia_closeinfo(uinfo);
-    if (newname) free(newname);
-# else
     endspent();
-# endif
 #endif
 
     return(rc);