Annotation of src/usr.bin/sudo/getspwuid.c, Revision 1.7
1.1 millert 1: /*
1.7 ! millert 2: * Copyright (c) 1996, 1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 millert 3: * All rights reserved.
4: *
5: * Redistribution and use in source and binary forms, with or without
6: * modification, are permitted provided that the following conditions
7: * are met:
8: *
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: *
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: *
16: * 3. The name of the author may not be used to endorse or promote products
17: * derived from this software without specific prior written permission.
18: *
19: * 4. Products derived from this software may not be called "Sudo" nor
20: * may "Sudo" appear in their names without specific prior written
21: * permission from the author.
22: *
23: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25: * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
26: * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
29: * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
30: * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
31: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
32: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.7 ! millert 33: *
! 34: * Sponsored in part by the Defense Advanced Research Projects
! 35: * Agency (DARPA) and Air Force Research Laboratory, Air Force
! 36: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
1.1 millert 37: */
38:
39: #include "config.h"
40:
1.5 millert 41: #include <sys/types.h>
42: #include <sys/stat.h>
43: #include <sys/param.h>
1.1 millert 44: #include <stdio.h>
45: #ifdef STDC_HEADERS
46: # include <stdlib.h>
1.5 millert 47: # include <stddef.h>
48: #else
49: # ifdef HAVE_STDLIB_H
50: # include <stdlib.h>
51: # endif
1.1 millert 52: #endif /* STDC_HEADERS */
53: #ifdef HAVE_STRING_H
1.5 millert 54: # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
55: # include <memory.h>
56: # endif
1.1 millert 57: # include <string.h>
1.5 millert 58: #else
59: # ifdef HAVE_STRINGS_H
60: # include <strings.h>
61: # endif
1.1 millert 62: #endif /* HAVE_STRING_H */
63: #ifdef HAVE_UNISTD_H
64: # include <unistd.h>
65: #endif /* HAVE_UNISTD_H */
66: #include <pwd.h>
67: #ifdef HAVE_GETSPNAM
68: # include <shadow.h>
69: #endif /* HAVE_GETSPNAM */
70: #ifdef HAVE_GETPRPWNAM
71: # ifdef __hpux
72: # undef MAXINT
73: # include <hpsecurity.h>
74: # else
75: # include <sys/security.h>
76: # endif /* __hpux */
77: # include <prot.h>
78: #endif /* HAVE_GETPRPWNAM */
79: #ifdef HAVE_GETPWANAM
80: # include <sys/label.h>
81: # include <sys/audit.h>
82: # include <pwdadj.h>
83: #endif /* HAVE_GETPWANAM */
84: #ifdef HAVE_GETAUTHUID
85: # include <auth.h>
86: #endif /* HAVE_GETAUTHUID */
87:
88: #include "sudo.h"
89:
90: #ifndef lint
1.7 ! millert 91: static const char rcsid[] = "$Sudo: getspwuid.c,v 1.63 2003/04/16 00:42:10 millert Exp $";
1.1 millert 92: #endif /* lint */
93:
94: /*
95: * Global variables (yuck)
96: */
97: #if defined(HAVE_GETPRPWNAM) && defined(__alpha)
98: int crypt_type = INT_MAX;
99: #endif /* HAVE_GETPRPWNAM && __alpha */
100:
101:
102: /*
103: * Local functions not visible outside getspwuid.c
104: */
1.3 millert 105: static struct passwd *sudo_pwdup __P((struct passwd *));
1.1 millert 106:
107:
108: /*
1.5 millert 109: * Return a copy of the encrypted password for the user described by pw.
110: * If shadow passwords are in use, look in the shadow file.
1.1 millert 111: */
1.2 millert 112: char *
1.1 millert 113: sudo_getepw(pw)
114: struct passwd *pw;
115: {
1.5 millert 116: char *epw;
1.1 millert 117:
118: /* If there is a function to check for shadow enabled, use it... */
119: #ifdef HAVE_ISCOMSEC
120: if (!iscomsec())
1.5 millert 121: return(estrdup(pw->pw_passwd));
1.1 millert 122: #endif /* HAVE_ISCOMSEC */
123: #ifdef HAVE_ISSECURE
124: if (!issecure())
1.5 millert 125: return(estrdup(pw->pw_passwd));
1.1 millert 126: #endif /* HAVE_ISSECURE */
127:
1.5 millert 128: epw = NULL;
1.1 millert 129: #ifdef HAVE_GETPRPWNAM
130: {
131: struct pr_passwd *spw;
132:
1.5 millert 133: setprpwent();
134: if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) {
1.1 millert 135: # ifdef __alpha
136: crypt_type = spw->ufld.fd_oldcrypt;
137: # endif /* __alpha */
1.5 millert 138: epw = estrdup(spw->ufld.fd_encrypt);
1.1 millert 139: }
1.5 millert 140: endprpwent();
141: if (epw)
142: return(epw);
1.1 millert 143: }
144: #endif /* HAVE_GETPRPWNAM */
145: #ifdef HAVE_GETSPNAM
146: {
147: struct spwd *spw;
148:
1.5 millert 149: setspent();
1.1 millert 150: if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp)
1.5 millert 151: epw = estrdup(spw->sp_pwdp);
152: endspent();
153: if (epw)
154: return(epw);
1.1 millert 155: }
156: #endif /* HAVE_GETSPNAM */
157: #ifdef HAVE_GETSPWUID
158: {
159: struct s_passwd *spw;
160:
1.5 millert 161: setspwent();
1.1 millert 162: if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd)
1.5 millert 163: epw = estrdup(spw->pw_passwd);
164: endspwent();
165: if (epw)
166: return(epw);
1.1 millert 167: }
168: #endif /* HAVE_GETSPWUID */
169: #ifdef HAVE_GETPWANAM
170: {
171: struct passwd_adjunct *spw;
172:
1.5 millert 173: setpwaent();
1.1 millert 174: if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd)
1.5 millert 175: epw = estrdup(spw->pwa_passwd);
176: endpwaent();
177: if (epw)
178: return(epw);
1.1 millert 179: }
180: #endif /* HAVE_GETPWANAM */
181: #ifdef HAVE_GETAUTHUID
182: {
183: AUTHORIZATION *spw;
184:
1.5 millert 185: setauthent();
1.1 millert 186: if ((spw = getauthuid(pw->pw_uid)) && spw->a_password)
1.5 millert 187: epw = estrdup(spw->a_password);
188: endauthent();
189: if (epw)
190: return(epw);
1.1 millert 191: }
192: #endif /* HAVE_GETAUTHUID */
193:
194: /* Fall back on normal password. */
1.5 millert 195: return(estrdup(pw->pw_passwd));
1.1 millert 196: }
197:
198: /*
199: * Dynamically allocate space for a struct password and the constituent parts
200: * that we care about. Fills in pw_passwd from shadow file if necessary.
201: */
1.3 millert 202: static struct passwd *
203: sudo_pwdup(pw)
204: struct passwd *pw;
1.1 millert 205: {
1.3 millert 206: struct passwd *local_pw;
1.1 millert 207:
208: /* Allocate space for a local copy of pw. */
209: local_pw = (struct passwd *) emalloc(sizeof(struct passwd));
210:
211: /*
212: * Copy the struct passwd and the interesting strings...
213: */
214: (void) memcpy(local_pw, pw, sizeof(struct passwd));
215: local_pw->pw_name = estrdup(pw->pw_name);
216: local_pw->pw_dir = estrdup(pw->pw_dir);
1.4 millert 217: local_pw->pw_gecos = estrdup(pw->pw_gecos);
218: #ifdef HAVE_LOGIN_CAP_H
219: local_pw->pw_class = estrdup(pw->pw_class);
220: #endif
1.1 millert 221:
1.6 millert 222: /* If shell field is empty, expand to _PATH_BSHELL. */
223: if (local_pw->pw_shell[0] == '\0')
224: local_pw->pw_shell = _PATH_BSHELL;
225: else
226: local_pw->pw_shell = estrdup(pw->pw_shell);
1.1 millert 227:
228: /* pw_passwd gets a shadow password if applicable */
1.5 millert 229: local_pw->pw_passwd = sudo_getepw(pw);
1.1 millert 230:
231: return(local_pw);
1.3 millert 232: }
233:
234: /*
235: * Get a password entry by uid and allocate space for it.
236: * Fills in pw_passwd from shadow file if necessary.
237: */
238: struct passwd *
239: sudo_getpwuid(uid)
240: uid_t uid;
241: {
242: struct passwd *pw;
243:
244: if ((pw = getpwuid(uid)) == NULL)
245: return(NULL);
246: else
247: return(sudo_pwdup(pw));
248: }
249:
250: /*
251: * Get a password entry by name and allocate space for it.
252: * Fills in pw_passwd from shadow file if necessary.
253: */
254: struct passwd *
255: sudo_getpwnam(name)
256: const char *name;
257: {
258: struct passwd *pw;
259:
260: if ((pw = getpwnam(name)) == NULL)
261: return(NULL);
262: else
263: return(sudo_pwdup(pw));
1.1 millert 264: }