| /* |
| * Copyright (c) 1999-2005, 2010 |
| * Todd C. Miller <Todd.Miller@courtesan.com> |
| * |
| * Permission to use, copy, modify, and distribute this software for any |
| * purpose with or without fee is hereby granted, provided that the above |
| * copyright notice and this permission notice appear in all copies. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| * |
| * Sponsored in part by the Defense Advanced Research Projects |
| * Agency (DARPA) and Air Force Research Laboratory, Air Force |
| * Materiel Command, USAF, under agreement number F39502-99-1-0512. |
| */ |
| |
| #include <config.h> |
| |
| #include <sys/types.h> |
| #include <sys/param.h> |
| #include <stdio.h> |
| #ifdef STDC_HEADERS |
| # include <stdlib.h> |
| # include <stddef.h> |
| #else |
| # ifdef HAVE_STDLIB_H |
| # include <stdlib.h> |
| # endif |
| #endif /* STDC_HEADERS */ |
| #ifdef HAVE_STRING_H |
| # include <string.h> |
| #endif /* HAVE_STRING_H */ |
| #ifdef HAVE_STRINGS_H |
| # include <strings.h> |
| #endif /* HAVE_STRINGS_H */ |
| #ifdef HAVE_UNISTD_H |
| # include <unistd.h> |
| #endif /* HAVE_UNISTD_H */ |
| #include <pwd.h> |
| |
| #include "sudo.h" |
| #include "sudo_auth.h" |
| |
| #define DESLEN 13 |
| #define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',') |
| |
| int |
| passwd_init(pw, promptp, auth) |
| struct passwd *pw; |
| char **promptp; |
| sudo_auth *auth; |
| { |
| #ifdef HAVE_SKEYACCESS |
| if (skeyaccess(pw, user_tty, NULL, NULL) == 0) |
| return(AUTH_FAILURE); |
| #endif |
| return(AUTH_SUCCESS); |
| } |
| |
| int |
| passwd_verify(pw, pass, auth) |
| struct passwd *pw; |
| char *pass; |
| sudo_auth *auth; |
| { |
| char sav, *epass; |
| size_t pw_len; |
| int error; |
| |
| pw_len = strlen(pw->pw_passwd); |
| |
| #ifdef HAVE_GETAUTHUID |
| /* Ultrix shadow passwords may use crypt16() */ |
| error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd)); |
| if (!error) |
| return(AUTH_SUCCESS); |
| #endif /* HAVE_GETAUTHUID */ |
| |
| /* |
| * Truncate to 8 chars if standard DES since not all crypt()'s do this. |
| * If this turns out not to be safe we will have to use OS #ifdef's (sigh). |
| */ |
| sav = pass[8]; |
| if (pw_len == DESLEN || HAS_AGEINFO(pw->pw_passwd, pw_len)) |
| pass[8] = '\0'; |
| |
| /* |
| * Normal UN*X password check. |
| * HP-UX may add aging info (separated by a ',') at the end so |
| * only compare the first DESLEN characters in that case. |
| */ |
| epass = (char *) crypt(pass, pw->pw_passwd); |
| pass[8] = sav; |
| if (HAS_AGEINFO(pw->pw_passwd, pw_len) && strlen(epass) == DESLEN) |
| error = strncmp(pw->pw_passwd, epass, DESLEN); |
| else |
| error = strcmp(pw->pw_passwd, epass); |
| |
| return(error ? AUTH_FAILURE : AUTH_SUCCESS); |
| } |