/*
- * Copyright (c) 2000-2001 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
+ * Copyright (c) 2000-2004 Todd C. Miller <Todd.Miller@courtesan.com>
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * 4. Products derived from this software may not be called "Sudo" nor
- * may "Sudo" appear in their names without specific prior written
- * permission from the author.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
#include "config.h"
#include "sudo_auth.h"
#ifndef lint
-static const char rcsid[] = "$Sudo: bsdauth.c,v 1.8 2002/01/22 03:37:55 millert Exp $";
+static const char rcsid[] = "$Sudo: bsdauth.c,v 1.16 2004/06/07 00:02:56 millert Exp $";
#endif /* lint */
extern char *login_style; /* from sudo.c */
extern login_cap_t *lc; /* from sudo.c */
if ((as = auth_open()) == NULL) {
- log_error(USE_ERRNO|NO_EXIT|NO_MAIL,
+ log_error(USE_ERRNO|NO_EXIT|NO_MAIL,
"unable to begin bsd authentication");
return(AUTH_FATAL);
}
char *prompt;
sudo_auth *auth;
{
- char *s, *pass;
+ char *pass;
+ char *s;
size_t len;
int authok = 0;
sigaction_t sa, osa;
* S/Key.
*/
if ((s = auth_challenge(as)) == NULL) {
- pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
+ pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
} else {
- pass = tgetpass(s, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
+ pass = tgetpass(s, def_passwd_timeout * 60, tgetpass_flags);
if (pass && *pass == '\0') {
if ((prompt = strrchr(s, '\n')))
prompt++;
while (isspace(prompt[len]) || prompt[len] == ':')
prompt[len--] = '\0';
easprintf(&s, "%s [echo on]: ", prompt);
- pass = tgetpass(s, def_ival(I_PASSWD_TIMEOUT) * 60,
+ pass = tgetpass(s, def_passwd_timeout * 60,
tgetpass_flags | TGP_ECHO);
free(s);
}
nil_pw = 1;
if (pass) {
- authok = auth_userresponse(as, pass, 1);
- memset(pass, 0, strlen(pass));
+ authok = auth_userresponse(as, (char *)pass, 1);
+ zero_bytes(pass, strlen(pass));
}
/* restore old signal handler */
projects / debian / sudo / blobdiff