sync login_oath with base login_passwd for getpwnam_shadow

sysutils/login_oath/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.8 2014/12/09 15:54:25 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.9 2015/11/19 14:58:50 sthen Exp $
 
 COMMENT=	authentication provider for OATH one-time passwords
 
 DISTNAME=	login_oath-0.8
-REVISION=	2
+REVISION=	3
 CATEGORIES=	sysutils
 
 MASTER_SITES=	http://spacehopper.org/mirrors/

sysutils/login_oath/patches/patch-login_passwd_common_h

@@ -0,0 +1,27 @@
+$OpenBSD: patch-login_passwd_common_h,v 1.1 2015/11/19 14:58:50 sthen Exp $
+--- login_passwd/common.h.orig	Thu Nov 19 14:35:15 2015
++++ login_passwd/common.h	Thu Nov 19 14:35:21 2015
+@@ -30,7 +30,6 @@
+ 
+ #include <sys/types.h>
+ #include <sys/resource.h>
+-#include <sys/param.h>
+ 
+ #include <signal.h>
+ #include <syslog.h>
+@@ -43,6 +42,7 @@
+ #include <pwd.h>
+ #include <err.h>
+ #include <util.h>
++#include <limits.h>
+ 
+ 
+ #define MODE_LOGIN 0
+@@ -56,7 +56,6 @@ extern FILE *back;
+ 
+ #ifdef PASSWD
+ int pwd_login(char *, char *, char *, int, char *);
+-int pwd_gensalt(char *, int, login_cap_t *, char);
+ #endif
+ #ifdef OATH
+ int oath_login(char *, char *, char *);

sysutils/login_oath/patches/patch-login_passwd_login_c

@@ -0,0 +1,33 @@
+$OpenBSD: patch-login_passwd_login_c,v 1.1 2015/11/19 14:58:50 sthen Exp $
+--- login_passwd/login.c.orig	Thu Nov 19 14:35:15 2015
++++ login_passwd/login.c	Thu Nov 19 14:35:21 2015
+@@ -46,7 +46,7 @@ main(int argc, char **argv)
+ 	char *username, *password = NULL, *otp = NULL;
+ 	char response[1024];
+ 	int arg_login = 0, arg_notickets = 0;
+-	char invokinguser[MAXLOGNAME];
++	char invokinguser[LOGIN_NAME_MAX];
+ 	char *wheel = NULL, *class = NULL;
+ 
+ 	invokinguser[0] = '\0';
+@@ -167,7 +167,7 @@ main(int argc, char **argv)
+ 	ret = AUTH_FAILED;
+ #ifdef KRB5
+ 	ret = krb5_login(username, invokinguser, password, arg_login,
+-			 !arg_notickets);
++			 !arg_notickets, class);
+ #endif
+ #ifdef PASSWD
+ 	if (ret != AUTH_OK)
+@@ -183,9 +183,9 @@ main(int argc, char **argv)
+ #endif
+ 
+ 	if (password != NULL)
+-		memset(password, 0, strlen(password));
++		explicit_bzero(password, strlen(password));
+ 	if (otp != NULL)
+-		memset(otp, 0, strlen(otp));
++		explicit_bzero(otp, strlen(otp));
+ 	if (ret != AUTH_OK)
+ 		fprintf(back, BI_REJECT "\n");
+ #ifdef OATH

sysutils/login_oath/patches/patch-login_passwd_login_passwd_c

@@ -0,0 +1,54 @@
+$OpenBSD: patch-login_passwd_login_passwd_c,v 1.1 2015/11/19 14:58:50 sthen Exp $
+--- login_passwd/login_passwd.c.orig	Thu Nov 19 14:35:15 2015
++++ login_passwd/login_passwd.c	Thu Nov 19 14:35:21 2015
+@@ -34,9 +34,9 @@ pwd_login(char *username, char *password, char *wheel,
+     char *class)
+ {
+ 	struct passwd *pwd;
+-	login_cap_t *lc;
+ 	size_t plen;
+-	char *salt, saltbuf[_PASSWORD_LEN + 1];
++	char *goodhash = NULL;
++	int passok = 0;
+ 
+ 	if (wheel != NULL && strcmp(wheel, "yes") != 0) {
+ 		fprintf(back, BI_VALUE " errormsg %s\n",
+@@ -47,32 +47,18 @@ pwd_login(char *username, char *password, char *wheel,
+ 	if (password == NULL)
+ 		return (AUTH_FAILED);
+ 
+-	pwd = getpwnam(username);
++	pwd = getpwnam_shadow(username);
+ 	if (pwd)
+-		salt = pwd->pw_passwd;
+-	else {
+-		/* no such user, get appropriate salt */
+-		if ((lc = login_getclass(NULL)) == NULL ||
+-		    pwd_gensalt(saltbuf, sizeof(saltbuf), lc, 'l') == 0)
+-			salt = "xx";
+-		else
+-			salt = saltbuf;
+-	}
++		goodhash = pwd->pw_passwd;
+ 
+ 	setpriority(PRIO_PROCESS, 0, -4);
+ 
+-	salt = crypt(password, salt);
++	if (crypt_checkpass(password, goodhash) == 0)
++		passok = 1;
+ 	plen = strlen(password);
+-	memset(password, 0, plen);
++	explicit_bzero(password, plen);
+ 
+-	/*
+-	 * Authentication fails if the user does not exist in the password
+-	 * database, the given password does not match the entry in the
+-	 * password database, or if the user's password field is empty
+-	 * and the given password is not the empty string.
+-	 */
+-	if (!pwd || strcmp(salt, pwd->pw_passwd) != 0 ||
+-	    (*pwd->pw_passwd == '\0' && plen > 0))
++	if (!passok)
+ 		return (AUTH_FAILED);
+ 
+ #ifndef OATH