/*
- * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#endif /* STDC_HEADERS */
#ifdef HAVE_STRING_H
# include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-# include <strings.h>
-# endif
#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
{
#ifdef HAVE_SKEYACCESS
if (skeyaccess(pw, user_tty, NULL, NULL) == 0)
- return(AUTH_FAILURE);
+ return AUTH_FAILURE;
#endif
- return(AUTH_SUCCESS);
+ sudo_setspent();
+ auth->data = sudo_getepw(pw);
+ sudo_endspent();
+ return AUTH_SUCCESS;
}
int
sudo_auth *auth;
{
char sav, *epass;
+ char *pw_epasswd = auth->data;
size_t pw_len;
int error;
- pw_len = strlen(pw->pw_passwd);
+ pw_len = strlen(pw_epasswd);
#ifdef HAVE_GETAUTHUID
/* Ultrix shadow passwords may use crypt16() */
- error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd));
+ error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
if (!error)
- return(AUTH_SUCCESS);
+ return AUTH_SUCCESS;
#endif /* HAVE_GETAUTHUID */
/*
* If this turns out not to be safe we will have to use OS #ifdef's (sigh).
*/
sav = pass[8];
- if (pw_len == DESLEN || HAS_AGEINFO(pw->pw_passwd, pw_len))
+ if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len))
pass[8] = '\0';
/*
* HP-UX may add aging info (separated by a ',') at the end so
* only compare the first DESLEN characters in that case.
*/
- epass = (char *) crypt(pass, pw->pw_passwd);
+ epass = (char *) crypt(pass, pw_epasswd);
pass[8] = sav;
- if (HAS_AGEINFO(pw->pw_passwd, pw_len) && strlen(epass) == DESLEN)
- error = strncmp(pw->pw_passwd, epass, DESLEN);
+ if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+ error = strncmp(pw_epasswd, epass, DESLEN);
else
- error = strcmp(pw->pw_passwd, epass);
+ error = strcmp(pw_epasswd, epass);
+
+ return error ? AUTH_FAILURE : AUTH_SUCCESS;
+}
+
+int
+passwd_cleanup(pw, auth)
+ struct passwd *pw;
+ sudo_auth *auth;
+{
+ char *pw_epasswd = auth->data;
- return(error ? AUTH_FAILURE : AUTH_SUCCESS);
+ if (pw_epasswd != NULL) {
+ zero_bytes(pw_epasswd, strlen(pw_epasswd));
+ efree(pw_epasswd);
+ }
+ return AUTH_SUCCESS;
}