Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sudo-project
GitHub Repository: sudo-project/sudo
 Path: blob/main/plugins/sudoers/auth/secureware.c
1532 views
1
/*

2
 * SPDX-License-Identifier: ISC

3
 *

4
 * Copyright (c) 1998-2005, 2010-2015 Todd C. Miller <[email protected]>

5
 *

6
 * Permission to use, copy, modify, and distribute this software for any

7
 * purpose with or without fee is hereby granted, provided that the above

8
 * copyright notice and this permission notice appear in all copies.

9
 *

10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

17
 *

18
 * Sponsored in part by the Defense Advanced Research Projects

19
 * Agency (DARPA) and Air Force Research Laboratory, Air Force

20
 * Materiel Command, USAF, under agreement number F39502-99-1-0512.

21
 */

22


23
#include <config.h>

24


25
#ifdef HAVE_GETPRPWNAM

26


27
#include <sys/types.h>

28
#include <stdio.h>

29
#include <stdlib.h>

30
#include <string.h>

31
#include <unistd.h>

32
#include <pwd.h>

33
#ifdef __hpux

34
#  undef MAXINT

35
#  include <hpsecurity.h>

36
#else

37
#  include <sys/security.h>

38
#endif /* __hpux */

39
#include <prot.h>

40


41
#include <sudoers.h>

42
#include "sudo_auth.h"

43


44
#ifdef __alpha

45
extern int crypt_type;

46
#endif

47


48
int

49
sudo_secureware_init(const struct sudoers_context *ctx, struct passwd *pw,

50
    sudo_auth *auth)

51
{

52
    debug_decl(sudo_secureware_init, SUDOERS_DEBUG_AUTH);

53


54
    /* Only initialize once. */

55
    if (auth->data != NULL)

56
	debug_return_int(AUTH_SUCCESS);

57


58
#ifdef __alpha

59
    if (crypt_type == INT_MAX)

60
	debug_return_int(AUTH_FAILURE);			/* no shadow */

61
#endif

62


63
    sudo_setspent();

64
    auth->data = sudo_getepw(pw);

65
    sudo_endspent();

66
    debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_ERROR);

67
}

68


69
int

70
sudo_secureware_verify(const struct sudoers_context *ctx, struct passwd *pw,

71
    const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)

72
{

73
    char *pw_epasswd = auth->data;

74
    char *epass = NULL;

75
    debug_decl(sudo_secureware_verify, SUDOERS_DEBUG_AUTH);

76


77
    /* An empty plain-text password must match an empty encrypted password. */

78
    if (pass[0] == '\0')

79
	debug_return_int(pw_epasswd[0] ? AUTH_FAILURE : AUTH_SUCCESS);

80


81
#if defined(__alpha)

82
# ifdef HAVE_DISPCRYPT

83
	epass = dispcrypt(pass, pw_epasswd, crypt_type);

84
# else

85
	if (crypt_type == AUTH_CRYPT_BIGCRYPT)

86
	    epass = bigcrypt(pass, pw_epasswd);

87
	else if (crypt_type == AUTH_CRYPT_CRYPT16)

88
	    epass = crypt(pass, pw_epasswd);

89
# endif /* HAVE_DISPCRYPT */

90
#elif defined(HAVE_BIGCRYPT)

91
    epass = bigcrypt(pass, pw_epasswd);

92
#endif /* __alpha */

93


94
    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)

95
	debug_return_int(AUTH_SUCCESS);

96
    debug_return_int(AUTH_FAILURE);

97
}

98


99
int

100
sudo_secureware_cleanup(const struct sudoers_context *ctx, struct passwd *pw,

101
    sudo_auth *auth, bool force)

102
{

103
    char *pw_epasswd = auth->data;

104
    debug_decl(sudo_secureware_cleanup, SUDOERS_DEBUG_AUTH);

105


106
    if (pw_epasswd != NULL)

107
	freezero(pw_epasswd, strlen(pw_epasswd));

108
    debug_return_int(AUTH_SUCCESS);

109
}

110


111
#endif /* HAVE_GETPRPWNAM */

112


113