1/* 2 * Copyright (c) 1996, 1998-2005, 2010 3 * Todd C. Miller <Todd.Miller@courtesan.com> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * 17 * Sponsored in part by the Defense Advanced Research Projects 18 * Agency (DARPA) and Air Force Research Laboratory, Air Force 19 * Materiel Command, USAF, under agreement number F39502-99-1-0512. 20 */ 21 22#include <config.h> 23 24#include <sys/types.h> 25#include <sys/stat.h> 26#include <sys/param.h> 27#include <stdio.h> 28#ifdef STDC_HEADERS 29# include <stdlib.h> 30# include <stddef.h> 31#else 32# ifdef HAVE_STDLIB_H 33# include <stdlib.h> 34# endif 35#endif /* STDC_HEADERS */ 36#ifdef HAVE_STRING_H 37# include <string.h> 38#endif /* HAVE_STRING_H */ 39#ifdef HAVE_STRINGS_H 40# include <strings.h> 41#endif /* HAVE_STRINGS_H */ 42#ifdef HAVE_UNISTD_H 43# include <unistd.h> 44#endif /* HAVE_UNISTD_H */ 45#include <pwd.h> 46#include <grp.h> 47#ifdef HAVE_GETSPNAM 48# include <shadow.h> 49#endif /* HAVE_GETSPNAM */ 50#ifdef HAVE_GETPRPWNAM 51# ifdef __hpux 52# undef MAXINT 53# include <hpsecurity.h> 54# else 55# include <sys/security.h> 56# endif /* __hpux */ 57# include <prot.h> 58#endif /* HAVE_GETPRPWNAM */ 59#ifdef HAVE_GETPWANAM 60# include <sys/label.h> 61# include <sys/audit.h> 62# include <pwdadj.h> 63#endif /* HAVE_GETPWANAM */ 64#ifdef HAVE_GETAUTHUID 65# include <auth.h> 66#endif /* HAVE_GETAUTHUID */ 67 68#include "sudo.h" 69 70/* 71 * Exported for auth/secureware.c 72 */ 73#if defined(HAVE_GETPRPWNAM) && defined(__alpha) 74int crypt_type = INT_MAX; 75#endif /* HAVE_GETPRPWNAM && __alpha */ 76 77/* 78 * Return a copy of the encrypted password for the user described by pw. 79 * If shadow passwords are in use, look in the shadow file. 80 */ 81char * 82sudo_getepw(pw) 83 const struct passwd *pw; 84{ 85 char *epw = NULL; 86 87 /* If there is a function to check for shadow enabled, use it... */ 88#ifdef HAVE_ISCOMSEC 89 if (!iscomsec()) 90 goto done; 91#endif /* HAVE_ISCOMSEC */ 92#ifdef HAVE_ISSECURE 93 if (!issecure()) 94 goto done; 95#endif /* HAVE_ISSECURE */ 96 97#ifdef HAVE_GETPRPWNAM 98 { 99 struct pr_passwd *spw; 100 101 if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) { 102# ifdef __alpha 103 crypt_type = spw->ufld.fd_oldcrypt; 104# endif /* __alpha */ 105 epw = spw->ufld.fd_encrypt; 106 } 107 } 108#endif /* HAVE_GETPRPWNAM */ 109#ifdef HAVE_GETSPNAM 110 { 111 struct spwd *spw; 112 113 if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp) 114 epw = spw->sp_pwdp; 115 } 116#endif /* HAVE_GETSPNAM */ 117#ifdef HAVE_GETSPWUID 118 { 119 struct s_passwd *spw; 120 121 if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd) 122 epw = spw->pw_passwd; 123 } 124#endif /* HAVE_GETSPWUID */ 125#ifdef HAVE_GETPWANAM 126 { 127 struct passwd_adjunct *spw; 128 129 if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd) 130 epw = spw->pwa_passwd; 131 } 132#endif /* HAVE_GETPWANAM */ 133#ifdef HAVE_GETAUTHUID 134 { 135 AUTHORIZATION *spw; 136 137 if ((spw = getauthuid(pw->pw_uid)) && spw->a_password) 138 epw = spw->a_password; 139 } 140#endif /* HAVE_GETAUTHUID */ 141 142#if defined(HAVE_ISCOMSEC) || defined(HAVE_ISSECURE) 143done: 144#endif 145 /* If no shadow password, fall back on regular password. */ 146 return estrdup(epw ? epw : pw->pw_passwd); 147} 148 149void 150sudo_setspent() 151{ 152#ifdef HAVE_GETPRPWNAM 153 setprpwent(); 154#endif 155#ifdef HAVE_GETSPNAM 156 setspent(); 157#endif 158#ifdef HAVE_GETSPWUID 159 setspwent(); 160#endif 161#ifdef HAVE_GETPWANAM 162 setpwaent(); 163#endif 164#ifdef HAVE_GETAUTHUID 165 setauthent(); 166#endif 167} 168 169void 170sudo_endspent() 171{ 172#ifdef HAVE_GETPRPWNAM 173 endprpwent(); 174#endif 175#ifdef HAVE_GETSPNAM 176 endspent(); 177#endif 178#ifdef HAVE_GETSPWUID 179 endspwent(); 180#endif 181#ifdef HAVE_GETPWANAM 182 endpwaent(); 183#endif 184#ifdef HAVE_GETAUTHUID 185 endauthent(); 186#endif 187} 188