[I suspect the cleanest way to handle this is PAM (pluggable authentication modules) which if memory serves is part of the CDE (common desktop environment), and therefore in theory supported by all unix vendors. But I'm not sure how widely supported PAM is and all that stuff -kingdon] From: rreed - Russell Reed To: "'bug-cvs@prep.ai.mit.edu'" Subject: patch: Shadow passwords using getprpwnam() Date: Tue, 4 Nov 1997 15:52:09 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit This patch modifies CVS to use the getprpwnam() function to retrieve user passwords instead of getprnam(), if it exists, for the password server. This is another variant of shadow passwords, and is in use at least on Digital Unix 4.0. Russell Reed rreed@acxiom.com ---------------------------------- diff -c -r ./ChangeLog ../cvs-1.9/ChangeLog *** ./ChangeLog Wed Oct 2 01:03:33 1996 --- ../cvs-1.9/ChangeLog Tue Nov 4 15:46:41 1997 *************** *** 1,3 **** --- 1,9 ---- + Tue Nov 4 15:32:00 1997 Russell Reed + + * configure.in, config.h.in, src/server.c, src/main.c, src/cvs.h: + Modified the password routines to use getprpwnam() if it + exists, as it does on Digital Unix 4.0. + Tue Oct 1 14:32:44 1996 Jim Kingdon * NEWS, README: Revert changes regarding -D, -g, and A4. They diff -c -r ./NEWS ../cvs-1.9/NEWS *** ./NEWS Wed Oct 2 01:03:34 1996 --- ../cvs-1.9/NEWS Tue Nov 4 15:40:16 1997 *************** *** 1,3 **** --- 1,8 ---- + Changes since 1.9: + + * The password checking routines for the password server now work with + the authentication database on Digital Unix 4.0. + Changes since 1.8: * Windows NT client should now work on Windows 95 as well. diff -c -r ./config.h.in ../cvs-1.9/config.h.in *** ./config.h.in Mon Sep 30 11:35:24 1996 --- ../cvs-1.9/config.h.in Tue Nov 4 14:10:30 1997 *************** *** 105,110 **** --- 105,113 ---- /* Define if you have the getspnam function. */ #undef HAVE_GETSPNAM + /* Define if you have the getprpwnam function. */ + #undef HAVE_GETPRPWNAM + /* Define if you have the initgroups function. */ #undef HAVE_INITGROUPS diff -c -r ./configure.in ../cvs-1.9/configure.in *** ./configure.in Mon Sep 30 11:35:25 1996 --- ../cvs-1.9/configure.in Tue Nov 4 14:29:08 1997 *************** *** 67,72 **** --- 67,75 ---- echo "nope" fi + AC_CHECK_LIB(security, getprpwnam) + AC_CHECK_FUNCS(getprpwnam) + AC_CHECK_FUNC(re_exec, :, LIBOBJS="$LIBOBJS regex.o") AC_FUNC_UTIME_NULL AC_SYS_LONG_FILE_NAMES diff -c -r ./src/cvs.h ../cvs-1.9/src/cvs.h *** ./src/cvs.h Wed Oct 2 01:03:59 1996 --- ../cvs-1.9/src/cvs.h Tue Nov 4 14:19:46 1997 *************** *** 754,756 **** --- 754,761 ---- #if defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT) #include "server.h" #endif + + #ifdef HAVE_GETPRPWNAM + #include + #include + #endif diff -c -r ./src/main.c ../cvs-1.9/src/main.c *** ./src/main.c Wed Oct 2 01:04:02 1996 --- ../cvs-1.9/src/main.c Tue Nov 4 14:14:37 1997 *************** *** 324,329 **** --- 324,333 ---- int option_index = 0; int need_to_create_root = 0; + #ifdef HAVE_GETPRPWNAM + set_auth_parameters(argc, argv); + #endif + error_set_cleanup (error_cleanup); #ifdef SYSTEM_INITIALIZE diff -c -r ./src/server.c ../cvs-1.9/src/server.c *** ./src/server.c Fri Oct 4 15:03:12 1996 --- ../cvs-1.9/src/server.c Tue Nov 4 14:17:55 1997 *************** *** 56,61 **** --- 56,62 ---- #ifdef HAVE_GETSPNAM #include #endif + /* For initgroups(). */ #if HAVE_INITGROUPS #include *************** *** 4009,4015 **** { found_passwd = pw->sp_pwdp; } ! #else struct passwd *pw; pw = getpwnam (username); --- 4010,4025 ---- { found_passwd = pw->sp_pwdp; } ! #else /* !HAVE_GETSPNAM */ ! #ifdef HAVE_GETPRPWNAM ! struct pr_passwd *pw; ! ! pw = getprpwnam (username); ! if (pw != NULL) ! { ! found_passwd = pw->ufld.fd_encrypt; ! } ! #else /* !HAVE_GETPRPWNAM */ struct passwd *pw; pw = getpwnam (username); *************** *** 4017,4023 **** { found_passwd = pw->pw_passwd; } ! #endif if (pw == NULL) { --- 4027,4034 ---- { found_passwd = pw->pw_passwd; } ! #endif /* !HAVE_GETPRPWNAM */ ! #endif /* !HAVE_GETSPNAM */ if (pw == NULL) {