version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.4, 2013/10/14 07:56:35
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 1999-2005, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 1999-2005, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
* purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
Line 21
|
Line 21
|
#include <config.h> |
#include <config.h> |
|
|
#include <sys/types.h> |
#include <sys/types.h> |
#include <sys/param.h> |
|
#include <stdio.h> |
#include <stdio.h> |
#ifdef STDC_HEADERS |
#ifdef STDC_HEADERS |
# include <stdlib.h> |
# include <stdlib.h> |
Line 69 sudo_passwd_verify(struct passwd *pw, char *pass, sudo
|
Line 68 sudo_passwd_verify(struct passwd *pw, char *pass, sudo
|
char sav, *epass; |
char sav, *epass; |
char *pw_epasswd = auth->data; |
char *pw_epasswd = auth->data; |
size_t pw_len; |
size_t pw_len; |
int error; | int matched = 0; |
debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH) |
debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH) |
|
|
pw_len = strlen(pw_epasswd); |
pw_len = strlen(pw_epasswd); |
|
|
#ifdef HAVE_GETAUTHUID |
#ifdef HAVE_GETAUTHUID |
/* Ultrix shadow passwords may use crypt16() */ |
/* Ultrix shadow passwords may use crypt16() */ |
error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd)); | epass = (char *) crypt16(pass, pw_epasswd); |
if (!error) | if (epass != NULL && strcmp(pw_epasswd, epass) == 0) |
debug_return_int(AUTH_SUCCESS); |
debug_return_int(AUTH_SUCCESS); |
#endif /* HAVE_GETAUTHUID */ |
#endif /* HAVE_GETAUTHUID */ |
|
|
Line 96 sudo_passwd_verify(struct passwd *pw, char *pass, sudo
|
Line 95 sudo_passwd_verify(struct passwd *pw, char *pass, sudo
|
*/ |
*/ |
epass = (char *) crypt(pass, pw_epasswd); |
epass = (char *) crypt(pass, pw_epasswd); |
pass[8] = sav; |
pass[8] = sav; |
if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) | if (epass != NULL) { |
error = strncmp(pw_epasswd, epass, DESLEN); | if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) |
else | matched = !strncmp(pw_epasswd, epass, DESLEN); |
error = strcmp(pw_epasswd, epass); | else |
| matched = !strcmp(pw_epasswd, epass); |
| } |
|
|
debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); | debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE); |
} |
} |
|
|
int |
int |
Line 113 sudo_passwd_cleanup(pw, auth)
|
Line 114 sudo_passwd_cleanup(pw, auth)
|
debug_decl(sudo_passwd_cleanup, SUDO_DEBUG_AUTH) |
debug_decl(sudo_passwd_cleanup, SUDO_DEBUG_AUTH) |
|
|
if (pw_epasswd != NULL) { |
if (pw_epasswd != NULL) { |
zero_bytes(pw_epasswd, strlen(pw_epasswd)); | memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd)); |
efree(pw_epasswd); |
efree(pw_epasswd); |
} |
} |
debug_return_int(AUTH_SUCCESS); |
debug_return_int(AUTH_SUCCESS); |