#! /bin/sh /usr/share/dpatch/dpatch-run
## 303-shadow-passwords-supported.dpatch by  <kmccarty@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Allow Cern's server code to read from /etc/shadow.

@DPATCH@
diff -urNad cernlib-2005.05.09/src/packlib/cspack/tcpaw/tcpaw.c /tmp/dpep.KyLyTI/cernlib-2005.05.09/src/packlib/cspack/tcpaw/tcpaw.c
--- cernlib-2005.05.09/src/packlib/cspack/tcpaw/tcpaw.c	2005-04-18 11:39:28.000000000 -0400
+++ /tmp/dpep.KyLyTI/cernlib-2005.05.09/src/packlib/cspack/tcpaw/tcpaw.c	2005-06-08 16:55:00.088372396 -0400
@@ -28,6 +28,9 @@
  *
  */
 #include "cspack/pilot.h"
+#if defined(CERNLIB_LINUX) && ! defined(CERNLIB_MACOSX)
+#define SHADOW_SUPPORT /* for Debian */
+#endif
 #if !defined(CERNLIB_IBM)||defined(CERNLIB_TCPSOCK)
 /*N.B. Must define sequence TCPLOG if a log file is required, e.g.*/
 /*#define LOGFILE "disk$dd:-ben.socks-serv.log"*/ /* VMS    */
@@ -231,7 +234,7 @@
 #endif /* OSK */
 #endif /* AUTHENT */
  
-#ifdef linux_softland
+#if defined(linux_softland) || defined(SHADOW_SUPPORT)
 #include <shadow.h>
 #endif /* linux_softland */
  
@@ -1780,10 +1783,10 @@
         union wait ret;
 #endif /* APOPWD1 */
  
-        char   *xpasswd, *crypt();
+        char   *xpasswd, *encrypted, *crypt();
         struct passwd *pw;
  
-#ifdef linux_softland
+#if defined(linux_softland) || defined(SHADOW_SUPPORT)
         struct spwd *spwd;
 #endif /* linux_softland */
  
@@ -1798,6 +1801,7 @@
                 reply("Unknown user %s.\n", user);
                 return(-2);
         }
+	encrypted = pw->pw_passwd;
  
 #ifdef linux_softland
         spwd = getspnam(user);
@@ -1805,6 +1809,29 @@
                 reply("User %s has illegal shadow password\n",user);
                 return(-2);
         }
+	encrypted = spwd->sp_pwdp;
+
+#elif defined(SHADOW_SUPPORT)
+	/* shadow passwords may not be enabled in Debian, so must check */
+	{
+		FILE *test = fopen("/etc/shadow", "r");
+		if (test) {
+			fclose(test);
+			spwd = getspnam(user);
+			if (spwd == NULL) {
+				reply("User %s has illegal shadow password\n",
+				      user);
+				return(-2);
+			}
+			encrypted = spwd->sp_pwdp;
+		}
+		else if (errno == EACCES) {
+			reply("Server has insufficient permissions to "
+			      "read /etc/shadow file\n");
+			return(-2);
+		}
+	}
+
 #endif /* linux_softland */
  
 #ifdef APOPWD1
@@ -1850,15 +1877,16 @@
 #else
  
 #ifdef linux_softland
-            xpasswd = pw_encrypt(pass,spwd->sp_pwdp);
+            xpasswd = pw_encrypt(pass, encrypted);
 #else
-            xpasswd = crypt(pass, pw->pw_passwd);
+            xpasswd = crypt(pass, encrypted);
 #endif /* linux_softland */
+
             /* The strcmp does not catch null passwords! */
-#ifdef linux_softland
-            if (spwd->sp_pwdp == '\0' || strcmp(xpasswd,spwd->sp_pwdp)) {
+#if defined(linux_softland) || defined(SHADOW_SUPPORT)
+            if (*encrypted == '\0' || strcmp(xpasswd,spwd->sp_pwdp)) {
 #else
-            if (*pw->pw_passwd == '\0' || strcmp(xpasswd,pw->pw_passwd)) {
+            if (*encrypted == '\0' || strcmp(xpasswd,pw->pw_passwd)) {
 #endif /* linux_softland */
  
 #endif /* AFS */