X-Git-Url: https://git.armaanb.net/?a=blobdiff_plain;f=shadow.c;h=2569b586635646a79fe0d818c9ff5c66e08a1e24;hb=9474e418d2184e86408f0dce09ca250e36138672;hp=a775b2beec88571d6e8ed44af651b58a47d084f2;hpb=3df794793ea3db2a6a8abfeb46803b9c5b80502a;p=opendoas.git

diff --git a/shadow.c b/shadow.c
index a775b2b..2569b58 100644
--- a/shadow.c
+++ b/shadow.c
@@ -1,3 +1,21 @@
+/*
+ * Copyright (c) 2020 Duncan Overbruck <mail@duncano.de>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "config.h"
+
 #if HAVE_CRYPT_H
 #	include <crypt.h>
 #endif
@@ -5,10 +23,10 @@
 #include <errno.h>
 #include <limits.h>
 #include <pwd.h>
-#ifdef HAVE_READPASSPHRASE_H
+#ifdef HAVE_READPASSPHRASE
 #	include <readpassphrase.h>
 #else
-#	include "readpassphrase.h"
+#	include "sys-readpassphrase.h"
 #endif
 #include <shadow.h>
 #include <stdio.h>
@@ -17,6 +35,11 @@
 #include <unistd.h>
 
 #include "openbsd.h"
+#include "doas.h"
+
+#ifndef HOST_NAME_MAX
+#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
+#endif
 
 void
 shadowauth(const char *myname, int persist)
@@ -45,10 +68,10 @@ shadowauth(const char *myname, int persist)
 	if (hash[0] == 'x' && hash[1] == '\0') {
 		struct spwd *sp;
 		if ((sp = getspnam(myname)) == NULL)
-			errx(1, "Authorization failed");
+			errx(1, "Authentication failed");
 		hash = sp->sp_pwdp;
 	} else if (hash[0] != '*') {
-		errx(1, "Authorization failed");
+		errx(1, "Authentication failed");
 	}
 
 	char host[HOST_NAME_MAX + 1];
@@ -64,15 +87,18 @@ shadowauth(const char *myname, int persist)
 			"tty required for %s", myname);
 		errx(1, "a tty is required");
 	}
-	if ((encrypted = crypt(response, hash)) == NULL)
-		err(1, "crypt");
+	if (response == NULL)
+		err(1, "readpassphrase");
+	if ((encrypted = crypt(response, hash)) == NULL) {
+		explicit_bzero(rbuf, sizeof(rbuf));
+		errx(1, "Authentication failed");
+	}
+	explicit_bzero(rbuf, sizeof(rbuf));
 	if (strcmp(encrypted, hash) != 0) {
 		syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
-		errx(1, "Authorization failed");
+		errx(1, "Authentication failed");
 	}
 
-	explicit_bzero(rbuf, sizeof(rbuf));
-
 #ifdef USE_TIMESTAMP
 good:
 	if (fd != -1) {