Use a simple string compare on systems without crypt(3).

This is only used on systems without PAM, BSD authentication or AIX
authentication.  Bug #940.

Author: millert

config.h.in

@@ -100,6 +100,9 @@
 /* Define to 1 if you have the `closefrom' function. */
 #undef HAVE_CLOSEFROM
 
+/* Define to 1 if you have the `crypt' function. */
+#undef HAVE_CRYPT
+
 /* Define to 1 if you use OSF DCE. */
 #undef HAVE_DCE
 

configure

@@ -15941,8 +15941,7 @@ else
 
 fi
 
-		LIB_CRYPT=1
-		SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt"
+		ac_cv_search_crypt="-lcrypt"
 
 		shadow_funcs="getspnam"
 		shadow_libs="-lsec"
@@ -25476,9 +25475,8 @@ fi
 fi
 
 if test ${with_passwd-'no'} != "no"; then
-                if test -z "$LIB_CRYPT"; then
-	_LIBS="$LIBS"
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
+                _LIBS="$LIBS"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
 $as_echo_n "checking for library containing crypt... " >&6; }
 if ${ac_cv_search_crypt+:} false; then :
   $as_echo_n "(cached) " >&6
@@ -25532,11 +25530,16 @@ ac_res=$ac_cv_search_crypt
 if test "$ac_res" != no; then :
   test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
-	    test "${ac_cv_search_crypt}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_crypt}"
+	test "${ac_cv_search_crypt}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_crypt}"
+	$as_echo "#define HAVE_CRYPT 1" >>confdefs.h
+
 
 fi
 
-	LIBS="$_LIBS"
+    LIBS="$_LIBS"
+    if test test "${ac_cv_search_crypt}" = "no"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No crypt function found, assuming plaintext passwords" >&5
+$as_echo "$as_me: WARNING: No crypt function found, assuming plaintext passwords" >&2;}
     fi
 
     if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
@@ -30413,5 +30416,6 @@ fi
 
 
 
+
 
 

configure.ac

@@ -2134,8 +2134,7 @@ case "$host" in
 		;;
     *-*-isc*)
 		AX_APPEND_FLAG([-D_ISC], [CPPFLAGS])
-		LIB_CRYPT=1
-		SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt"
+		ac_cv_search_crypt="-lcrypt"
 
 		shadow_funcs="getspnam"
 		shadow_libs="-lsec"
@@ -4009,12 +4008,14 @@ if test ${with_passwd-'no'} != "no"; then
     dnl
     dnl if crypt(3) not in libc, look elsewhere
     dnl
-    if test -z "$LIB_CRYPT"; then
-	_LIBS="$LIBS"
-	AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [
-	    test "${ac_cv_search_crypt}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_crypt}"
-	])
-	LIBS="$_LIBS"
+    _LIBS="$LIBS"
+    AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [
+	test "${ac_cv_search_crypt}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_crypt}"
+	AC_DEFINE(HAVE_CRYPT)
+    ])
+    LIBS="$_LIBS"
+    if test test "${ac_cv_search_crypt}" = "no"; then
+	AC_MSG_WARN([No crypt function found, assuming plaintext passwords])
     fi
 
     if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
@@ -4858,6 +4859,7 @@ AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
 AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
+AH_TEMPLATE(HAVE_CRYPT, [Define to 1 if you have the `crypt' function.])
 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])

plugins/sudoers/auth/passwd.c

@@ -55,6 +55,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth)
     debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_FATAL);
 }
 
+#ifdef HAVE_CRYPT
 int
 sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
 {
@@ -93,6 +94,20 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
 
     debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE);
 }
+#else
+int
+sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+{
+    char *pw_passwd = auth->data;
+    int matched;
+    debug_decl(sudo_passwd_verify, SUDOERS_DEBUG_AUTH);
+
+    /* Dummy version for systems without crypt(). */
+    matched = !strcmp(pass, pw_passwd);
+
+    debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE);
+}
+#endif
 
 int
 sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force)