X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=cde%2Fprograms%2Fdtsession%2FSmLock.c;h=e20207131d67719d2ce0bb82a653c02758118e19;hb=e5b3c011c64ab00cc00b771d203f8d1809ca846d;hp=0e7307c737152f3b117efcbccfa585cc820fe040;hpb=d8db13985c66de2c765124a647ee492c52d715bc;p=oweals%2Fcde.git
diff --git a/cde/programs/dtsession/SmLock.c b/cde/programs/dtsession/SmLock.c
index 0e7307c7..e2020713 100644
--- a/cde/programs/dtsession/SmLock.c
+++ b/cde/programs/dtsession/SmLock.c
@@ -16,7 +16,7 @@
* details.
*
* You should have received a copy of the GNU Lesser General Public
- * License along with these librararies and programs; if not, write
+ * License along with these libraries and programs; if not, write
* to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
* Floor, Boston, MA 02110-1301 USA
*/
@@ -74,16 +74,10 @@
#include
#include
#ifdef SVR4
-# ifdef USL
-# include
-# include
-# include
-# else
# include
#endif
-#endif
-#if defined(linux)
+#if defined(__linux__)
# include
#endif
#if defined(CSRG_BASED)
@@ -150,7 +144,7 @@ static void RequirePassword( XtPointer, XtIntervalId *) ;
static void CycleSaver( XtPointer, XtIntervalId *) ;
static void BlinkCaret( XtPointer, XtIntervalId *) ;
-#if defined(linux)
+#if defined(__linux__)
/* #define JET_AUTHDEBUG */
/* Test for re-auth ability - see if we can re-authenticate via pwd,
@@ -159,13 +153,20 @@ static void BlinkCaret( XtPointer, XtIntervalId *) ;
static Boolean CanReAuthenticate(char *name, uid_t uid, char *passwd,
struct passwd **pwent, struct spwd **spent)
{
- Boolean fail = False;
+ if (!pwent)
+ return False;
*pwent = (name == NULL) ? getpwuid(uid) : getpwnam(name);
+ if (!*pwent)
+ return False;
+
*spent = getspnam((*pwent)->pw_name);
#ifdef JET_AUTHDEBUG
- fprintf(stderr, "CanReAuthenticate(): %s %s %s\n",
+ fprintf(stderr, "CanReAuthenticate(): uid: %d name: '%s' errno %d %s %s %s\n",
+ uid,
+ (name) ? name : "NULL",
+ errno,
(*pwent) ? "PWENT" : "NULL",
(*spent) ? "SPENT" : "NULL",
(name) ? name : "NULL");
@@ -870,7 +871,7 @@ RecolorCursor( void )
*
* Inputs:
* ------
- * w = widget where event occured
+ * w = widget where event occurred
* client_data = client specific data sent to callback
* event = event that triggered callback
*
@@ -969,19 +970,27 @@ CheckString(
register char *s,
register int i )
{
+ /* maximum supported length of password */
+#if defined(SIA)
+#define MAX_PASSWORD_LENGTH SIAMXPASSWORD
+#else
+ /* seems to be reasonable maximal length */
+#define MAX_PASSWORD_LENGTH 65535
+#endif
+
+ /* step when allocating/extending buffer */
+#define BUF_ALLOC_LEN 64
+
/*
* password rules:
- * - Only the first eight characters are used.
- * - If pw_length > 8, we've gone over eight characters and won't
+ * - If pw_length > MAX_PASSWORD_LENGTH, we've gone over the limit and won't
* accept any more.
* - An ESC kills the line.
*/
-#ifdef SIA
- static char passwd[82]; /* password space */
-#else
- static char passwd[10]; /* password space */
-#endif
- static int pw_length = 0; /* password length */
+ static char *passwd = NULL; /* password space */
+ static int pw_buf_length = 0; /* length of allocated password buffer */
+ static int pw_length = 0; /* password length */
+ char * tmpptr;
if (s == NULL)
{
@@ -991,9 +1000,23 @@ CheckString(
pw_length = 0;
return;
}
-
for (; i>0; s++,i--)
{
+ /* extend buffer by BUF_ALLOC_LEN bytes if needed*/
+#ifdef JET_AUTHDEBUG
+ fprintf(stderr, "CheckString: pw_length=%d\n",pw_length);
+#endif
+
+ if (pw_length == pw_buf_length)
+ {
+ tmpptr = SM_REALLOC(passwd, pw_buf_length + BUF_ALLOC_LEN);
+ if (!tmpptr) {
+ PrintErrnoError(DtError, smNLS.cantMallocErrorString);
+ return;
+ }
+ pw_buf_length += BUF_ALLOC_LEN;
+ passwd = tmpptr;
+ }
switch(*s)
{
case '\010':
@@ -1007,17 +1030,10 @@ CheckString(
case '\n':
case '\r':
-#ifdef SIA
- if (pw_length > 80)
+ if (pw_length > MAX_PASSWORD_LENGTH)
{
- pw_length = 80;
+ pw_length = MAX_PASSWORD_LENGTH;
}
-#else
- if (pw_length > 8)
- {
- pw_length = 8;
- }
-#endif
passwd[pw_length] = '\0'; /* terminate string */
pw_length = 0; /* reset length */
if (CheckPassword(passwd))
@@ -1030,34 +1046,14 @@ CheckString(
break;
default:
-#ifdef SIA
- if (pw_length < 80)
-#else
- if (pw_length < 8)
-#endif
- passwd[pw_length] = *s; /* store character */
- /*
- * The length is incremented no matter what, so the user can
- * think the program handles multi-thousand-character
- * passwords. If the user types twenty characters and eighteen
- * erases (#), the result will be the first two characters
- * entered, as expected. Up to a point -- 65536 is long
- * enough!
- */
- if (pw_length < 65535)
- pw_length++;
+ if (pw_length < MAX_PASSWORD_LENGTH)
+ {
+ passwd[pw_length++] = *s; /* store character */
+ }
break;
}
}
-
- if(pw_length > 8)
- {
- UpdatePasswdField(8);
- }
- else
- {
- UpdatePasswdField(pw_length);
- }
+ UpdatePasswdField(pw_length > MAX_PASSWORD_LENGTH ? MAX_PASSWORD_LENGTH : pw_length);
}
@@ -1364,7 +1360,7 @@ TakeDownLogin(
*
* Description:
* -----------
- * Redisplays the cover and the login when neccessary.
+ * Redisplays the cover and the login when necessary.
*
*
* Inputs:
@@ -1671,7 +1667,7 @@ localAuthenticate(
return FALSE;
}
-#elif defined(linux)
+#elif defined(__linux__)
{
struct passwd *pwent = NULL;
@@ -1774,12 +1770,7 @@ localAuthenticate(
#ifdef SVR4
-# ifdef USL
- uinfo_t uinfo;
- char *upasswd, *newname = NULL;
-# else
struct spwd *sp=NULL;
-# endif
#endif
if(smGD.secureSystem)
@@ -1796,20 +1787,12 @@ localAuthenticate(
pwent = getpwuid(uid);
if (pwent != NULL)
{
-# ifdef USL
- name = newname = strdup(pwent->pw_name);
-# else
name = pwent->pw_name;
-#endif
}
}
if (name == NULL ||
-# ifdef USL
- ia_openinfo(name, &uinfo)
-# else
(sp = getspnam(name)) == NULL
-# endif
)
{
/*
@@ -1822,7 +1805,12 @@ localAuthenticate(
/*
* Get password entry for 'name' or 'uid'.
*/
+#if defined(__OpenBSD__) && OSMAJORVERSION > 5
+ if ((pwent = (name == NULL ?
+ getpwuid_shadow(uid) : getpwnam_shadow(name))) == NULL)
+#else
if ((pwent = (name == NULL ? getpwuid(uid) : getpwnam(name))) == NULL)
+#endif
{
/*
* Can't get entry.
@@ -1839,18 +1827,11 @@ localAuthenticate(
if (done == False)
{
-#ifdef USL
- ia_get_logpwd(uinfo, &upasswd);
-#endif
if (
pwent->pw_passwd == NULL
|| pwent->pw_passwd[0] == '*'
#ifdef SVR4
-# ifdef USL
- || upasswd == NULL
-# else
|| sp == NULL
-# endif
#endif
)
{
@@ -1881,11 +1862,7 @@ localAuthenticate(
* Check password.
*/
#ifdef SVR4
-# ifdef USL
- if (strcmp(crypt(passwd, upasswd), upasswd) != 0)
-# else
if (strcmp(crypt(passwd,sp->sp_pwdp),sp->sp_pwdp) != 0)
-# endif
#else
if (strcmp(pwent->pw_passwd, crypt(passwd, pwent->pw_passwd)) != 0)
#endif
@@ -1900,12 +1877,7 @@ localAuthenticate(
endpwent();
#ifdef SVR4
-# ifdef USL
- ia_closeinfo(uinfo);
- if (newname) free(newname);
-# else
endspent();
-# endif
#endif
return(rc);