X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=blobdiff_plain;f=shadow.c;h=01509f03df15d25315b0de364fd40341bd2d51bb;hp=de53cea411d26598844f0fd40a4bb99f4830997a;hb=HEAD;hpb=a3264b9072fa61ac1a834445d6b2d80860f58435

diff --git a/shadow.c b/shadow.c
index de53cea..01509f0 100644
--- a/shadow.c
+++ b/shadow.c
@@ -23,10 +23,10 @@
 #include <errno.h>
 #include <limits.h>
 #include <pwd.h>
-#ifdef HAVE_READPASSPHRASE_H
+#ifdef HAVE_READPASSPHRASE
 #	include <readpassphrase.h>
 #else
-#	include "readpassphrase.h"
+#	include "sys-readpassphrase.h"
 #endif
 #include <shadow.h>
 #include <stdio.h>
@@ -35,12 +35,13 @@
 #include <unistd.h>
 
 #include "openbsd.h"
+#include "doas.h"
 
 #ifndef HOST_NAME_MAX
 #define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
 #endif
 
-void
+int
 shadowauth(const char *myname, int persist)
 {
 	const char *hash;
@@ -66,11 +67,12 @@ shadowauth(const char *myname, int persist)
 	hash = pw->pw_passwd;
 	if (hash[0] == 'x' && hash[1] == '\0') {
 		struct spwd *sp;
-		if ((sp = getspnam(myname)) == NULL)
-			errx(1, "Authorization failed");
+		if ((sp = getspnam(myname)) == NULL) {
+			return(5);
+		}
 		hash = sp->sp_pwdp;
 	} else if (hash[0] != '*') {
-		errx(1, "Authorization failed");
+		return(5);
 	}
 
 	char host[HOST_NAME_MAX + 1];
@@ -90,12 +92,13 @@ shadowauth(const char *myname, int persist)
 		err(1, "readpassphrase");
 	if ((encrypted = crypt(response, hash)) == NULL) {
 		explicit_bzero(rbuf, sizeof(rbuf));
-		errx(1, "Authorization failed");
+		printf(getinsult());
+		return(5);
 	}
 	explicit_bzero(rbuf, sizeof(rbuf));
 	if (strcmp(encrypted, hash) != 0) {
 		syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
-		errx(1, "Authorization failed");
+		return(5);
 	}
 
 #ifdef USE_TIMESTAMP
@@ -105,4 +108,5 @@ good:
 		close(fd);
 	}
 #endif
+	return(0);
 }