+/*
+ * Copyright (c) 2020 Duncan Overbruck <mail@duncano.de>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "config.h"
+
#if HAVE_CRYPT_H
# include <crypt.h>
#endif
#include <errno.h>
#include <limits.h>
#include <pwd.h>
-#ifdef HAVE_READPASSPHRASE_H
+#ifdef HAVE_READPASSPHRASE
# include <readpassphrase.h>
#else
-# include "readpassphrase.h"
+# include "sys-readpassphrase.h"
#endif
#include <shadow.h>
#include <stdio.h>
#include <unistd.h>
#include "openbsd.h"
+#include "doas.h"
#ifndef HOST_NAME_MAX
#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
#endif
-void
+int
shadowauth(const char *myname, int persist)
{
const char *hash;
hash = pw->pw_passwd;
if (hash[0] == 'x' && hash[1] == '\0') {
struct spwd *sp;
- if ((sp = getspnam(myname)) == NULL)
- errx(1, "Authorization failed");
+ if ((sp = getspnam(myname)) == NULL) {
+ return(5);
+ }
hash = sp->sp_pwdp;
} else if (hash[0] != '*') {
- errx(1, "Authorization failed");
+ return(5);
}
char host[HOST_NAME_MAX + 1];
err(1, "readpassphrase");
if ((encrypted = crypt(response, hash)) == NULL) {
explicit_bzero(rbuf, sizeof(rbuf));
- errx(1, "Authorization failed");
+ printf(getinsult());
+ return(5);
}
explicit_bzero(rbuf, sizeof(rbuf));
if (strcmp(encrypted, hash) != 0) {
syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
- errx(1, "Authorization failed");
+ return(5);
}
#ifdef USE_TIMESTAMP
close(fd);
}
#endif
+ return(0);
}