version 1.1, 2012/02/21 16:23:02
|
version 1.1.1.4, 2013/10/14 07:56:35
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 1999-2005, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 1999-2005, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
* purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
Line 21
|
Line 21
|
#include <config.h> |
#include <config.h> |
|
|
#include <sys/types.h> |
#include <sys/types.h> |
#include <sys/param.h> |
|
#include <stdio.h> |
#include <stdio.h> |
#ifdef STDC_HEADERS |
#ifdef STDC_HEADERS |
# include <stdlib.h> |
# include <stdlib.h> |
Line 49
|
Line 48
|
#define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',') |
#define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',') |
|
|
int |
int |
passwd_init(struct passwd *pw, sudo_auth *auth) | sudo_passwd_init(struct passwd *pw, sudo_auth *auth) |
{ |
{ |
|
debug_decl(sudo_passwd_init, SUDO_DEBUG_AUTH) |
|
|
#ifdef HAVE_SKEYACCESS |
#ifdef HAVE_SKEYACCESS |
if (skeyaccess(pw, user_tty, NULL, NULL) == 0) |
if (skeyaccess(pw, user_tty, NULL, NULL) == 0) |
return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
#endif |
#endif |
sudo_setspent(); |
sudo_setspent(); |
auth->data = sudo_getepw(pw); |
auth->data = sudo_getepw(pw); |
sudo_endspent(); |
sudo_endspent(); |
return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
} |
} |
|
|
int |
int |
passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) | sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) |
{ |
{ |
char sav, *epass; |
char sav, *epass; |
char *pw_epasswd = auth->data; |
char *pw_epasswd = auth->data; |
size_t pw_len; |
size_t pw_len; |
int error; | int matched = 0; |
| debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH) |
|
|
pw_len = strlen(pw_epasswd); |
pw_len = strlen(pw_epasswd); |
|
|
#ifdef HAVE_GETAUTHUID |
#ifdef HAVE_GETAUTHUID |
/* Ultrix shadow passwords may use crypt16() */ |
/* Ultrix shadow passwords may use crypt16() */ |
error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd)); | epass = (char *) crypt16(pass, pw_epasswd); |
if (!error) | if (epass != NULL && strcmp(pw_epasswd, epass) == 0) |
return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
#endif /* HAVE_GETAUTHUID */ |
#endif /* HAVE_GETAUTHUID */ |
|
|
/* |
/* |
Line 93 passwd_verify(struct passwd *pw, char *pass, sudo_auth
|
Line 95 passwd_verify(struct passwd *pw, char *pass, sudo_auth
|
*/ |
*/ |
epass = (char *) crypt(pass, pw_epasswd); |
epass = (char *) crypt(pass, pw_epasswd); |
pass[8] = sav; |
pass[8] = sav; |
if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) | if (epass != NULL) { |
error = strncmp(pw_epasswd, epass, DESLEN); | if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) |
else | matched = !strncmp(pw_epasswd, epass, DESLEN); |
error = strcmp(pw_epasswd, epass); | else |
| matched = !strcmp(pw_epasswd, epass); |
| } |
|
|
return error ? AUTH_FAILURE : AUTH_SUCCESS; | debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE); |
} |
} |
|
|
int |
int |
passwd_cleanup(pw, auth) | sudo_passwd_cleanup(pw, auth) |
struct passwd *pw; |
struct passwd *pw; |
sudo_auth *auth; |
sudo_auth *auth; |
{ |
{ |
char *pw_epasswd = auth->data; |
char *pw_epasswd = auth->data; |
|
debug_decl(sudo_passwd_cleanup, SUDO_DEBUG_AUTH) |
|
|
if (pw_epasswd != NULL) { |
if (pw_epasswd != NULL) { |
zero_bytes(pw_epasswd, strlen(pw_epasswd)); | memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd)); |
efree(pw_epasswd); |
efree(pw_epasswd); |
} |
} |
return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
} |
} |