Imported Upstream version 1.7.6p1

[debian/sudo] / auth / passwd.c

diff --git a/auth/passwd.c b/auth/passwd.c
index e35130664c98e8ca34bd4c418982d2b8b6320c94..8835c0363c96529c1a24fec428186218b8912b92 100644 (file)
--- a/auth/passwd.c
+++ b/auth/passwd.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2010
+ *     Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -33,11 +34,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-#  include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
@@ -57,9 +57,12 @@ passwd_init(pw, promptp, auth)
 {
 #ifdef HAVE_SKEYACCESS
     if (skeyaccess(pw, user_tty, NULL, NULL) == 0)
-       return(AUTH_FAILURE);
+       return AUTH_FAILURE;
 #endif
-    return(AUTH_SUCCESS);
+    sudo_setspent();
+    auth->data = sudo_getepw(pw);
+    sudo_endspent();
+    return AUTH_SUCCESS;
 }
 
 int
@@ -69,16 +72,17 @@ passwd_verify(pw, pass, auth)
     sudo_auth *auth;
 {
     char sav, *epass;
+    char *pw_epasswd = auth->data;
     size_t pw_len;
     int error;
 
-    pw_len = strlen(pw->pw_passwd);
+    pw_len = strlen(pw_epasswd);
 
 #ifdef HAVE_GETAUTHUID
     /* Ultrix shadow passwords may use crypt16() */
-    error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd));
+    error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
     if (!error)
-       return(AUTH_SUCCESS);
+       return AUTH_SUCCESS;
 #endif /* HAVE_GETAUTHUID */
 
     /*
@@ -86,7 +90,7 @@ passwd_verify(pw, pass, auth)
      * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
      */
     sav = pass[8];
-    if (pw_len == DESLEN || HAS_AGEINFO(pw->pw_passwd, pw_len))
+    if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len))
        pass[8] = '\0';
 
     /*
@@ -94,12 +98,26 @@ passwd_verify(pw, pass, auth)
      * HP-UX may add aging info (separated by a ',') at the end so
      * only compare the first DESLEN characters in that case.
      */
-    epass = (char *) crypt(pass, pw->pw_passwd);
+    epass = (char *) crypt(pass, pw_epasswd);
     pass[8] = sav;
-    if (HAS_AGEINFO(pw->pw_passwd, pw_len) && strlen(epass) == DESLEN)
-       error = strncmp(pw->pw_passwd, epass, DESLEN);
+    if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+       error = strncmp(pw_epasswd, epass, DESLEN);
     else
-       error = strcmp(pw->pw_passwd, epass);
+       error = strcmp(pw_epasswd, epass);
+
+    return error ? AUTH_FAILURE : AUTH_SUCCESS;
+}
+
+int
+passwd_cleanup(pw, auth)
+    struct passwd *pw;
+    sudo_auth *auth;
+{
+    char *pw_epasswd = auth->data;
 
-    return(error ? AUTH_FAILURE : AUTH_SUCCESS);
+    if (pw_epasswd != NULL) {
+       zero_bytes(pw_epasswd, strlen(pw_epasswd));
+       efree(pw_epasswd);
+    }
+    return AUTH_SUCCESS;
 }