Added support for "userPassword: {UNIX}uid". getpwnam("uid") is

used to fetch the pw_passwd which is than passwd to crypt().
getspnam() is used instead of getpwnam() when available.
Added configration detection of pw_passwd, shadow.h, getpwnam()
and getspnam().

build/openldap.m4

@@ -197,6 +197,23 @@ if test $ol_cv_struct_passwd_pw_gecos = yes ; then
 fi
 ])
 dnl
+dnl --------------------------------------------------------------------
+dnl Check if struct passwd has pw_gecos
+AC_DEFUN([OL_STRUCT_PASSWD_PW_PASSWD], [# test for pw_passwd in struct passwd
+AC_MSG_CHECKING([struct passwd for pw_passwd])
+AC_CACHE_VAL(ol_cv_struct_passwd_pw_passwd,[
+	AC_TRY_COMPILE([#include <pwd.h>],[
+	struct passwd pwd;
+	pwd.pw_passwd = pwd.pw_name;
+],
+	[ol_cv_struct_passwd_pw_passwd=yes],
+	[ol_cv_struct_passwd_pw_passwd=no])])
+AC_MSG_RESULT($ol_cv_struct_passwd_pw_passwd)
+if test $ol_cv_struct_passwd_pw_passwd = yes ; then
+	AC_DEFINE(HAVE_PW_PASSWD,1, [define if struct passwd has pw_passwd])
+fi
+])
+dnl
 dnl ====================================================================
 dnl Check if db.h is Berkeley DB2
 dnl

configure.in

@@ -1643,6 +1643,7 @@ AC_CHECK_HEADERS(	\
 	pwd.h			\
 	resolv.h		\
 	sgtty.h			\
+	shadow.h		\
 	stdarg.h		\
 	stddef.h		\
 	string.h		\
@@ -1678,6 +1679,7 @@ AC_STRUCT_ST_BLKSIZE
 AC_HEADER_TIME
 AC_STRUCT_TM
 OL_STRUCT_PASSWD_PW_GECOS
+OL_STRUCT_PASSWD_PW_PASSWD
 
 OL_C_UPPER_LOWER
 AC_C_CONST
@@ -1738,6 +1740,8 @@ AC_CHECK_FUNCS(		\
 	gethostname		\
 	getpass			\
 	getpwuid		\
+	getpwnam		\
+	getspnam		\
 	gettimeofday	\
 	initgroups		\
 	lockf			\

include/portable.h.in

@@ -293,9 +293,15 @@
 /* Define if you have the getpass function.  */
 #undef HAVE_GETPASS
 
+/* Define if you have the getpwnam function.  */
+#undef HAVE_GETPWNAM
+
 /* Define if you have the getpwuid function.  */
 #undef HAVE_GETPWUID
 
+/* Define if you have the getspnam function.  */
+#undef HAVE_GETSPNAM
+
 /* Define if you have the gettimeofday function.  */
 #undef HAVE_GETTIMEOFDAY
 
@@ -536,6 +542,9 @@
 /* Define if you have the <sgtty.h> header file.  */
 #undef HAVE_SGTTY_H
 
+/* Define if you have the <shadow.h> header file.  */
+#undef HAVE_SHADOW_H
+
 /* Define if you have the <ssl.h> header file.  */
 #undef HAVE_SSL_H
 
@@ -773,6 +782,9 @@
 /* define if struct passwd has pw_gecos */
 #undef HAVE_PW_GECOS
 
+/* define if struct passwd has pw_passwd */
+#undef HAVE_PW_PASSWD
+
 /* define if toupper() requires islower() */
 #undef C_UPPER_LOWER
 

libraries/liblutil/passwd.c

@@ -19,6 +19,13 @@
 #include "lutil_sha1.h"
 #include "lutil.h"
 
+#ifdef HAVE_SHADOW_H
+#	include <shadow.h>
+#endif
+#ifdef HAVE_PWD_H
+#	include <pwd.h>
+#endif
+
 /*
  * Return 0 if creds are good.
  */
@@ -138,6 +145,29 @@ lutil_passwd(
 
 		return( strcmp(p, crypt(cred, p)) );
 
+# if defined( HAVE_GETSPNAM ) \
+  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+	} else if (strncasecmp(passwd, "{UNIX}", sizeof("{UNIX}") - 1) == 0 ) {
+		const char *u = passwd + (sizeof("{UNIX}") - 1);
+
+#  ifdef HAVE_GETSPNAM
+		struct spwd *spwd = getspnam(u);
+
+		if(spwd == NULL) {
+			return 1;	/* not found */
+		}
+
+		return strcmp(spwd->sp_pwdp, crypt(cred, spwd->sp_pwdp));
+#  else
+		struct passwd *pwd = getpwnam(u);
+
+		if(pwd == NULL) {
+			return 1;	/* not found */
+		}
+
+		return strcmp(pwd->pw_passwd, crypt(cred, pwd->pw_passwd));
+#  endif
+# endif
 #endif
 	}