8 #ifdef HAVE_READPASSPHRASE_H
9 # include <readpassphrase.h>
11 # include "readpassphrase.h"
22 #define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
26 shadowauth(const char *myname, int persist)
31 char *challenge, *response, rbuf[1024], cbuf[128];
38 fd = timestamp_open(&valid, 5 * 60);
39 if (fd != -1 && valid == 1)
45 if ((pw = getpwnam(myname)) == NULL)
49 if (hash[0] == 'x' && hash[1] == '\0') {
51 if ((sp = getspnam(myname)) == NULL)
52 errx(1, "Authorization failed");
54 } else if (hash[0] != '*') {
55 errx(1, "Authorization failed");
58 char host[HOST_NAME_MAX + 1];
59 if (gethostname(host, sizeof(host)))
60 snprintf(host, sizeof(host), "?");
61 snprintf(cbuf, sizeof(cbuf),
62 "\rdoas (%.32s@%.32s) password: ", myname, host);
65 response = readpassphrase(challenge, rbuf, sizeof(rbuf), RPP_REQUIRE_TTY);
66 if (response == NULL && errno == ENOTTY) {
67 syslog(LOG_AUTHPRIV | LOG_NOTICE,
68 "tty required for %s", myname);
69 errx(1, "a tty is required");
72 err(1, "readpassphrase");
73 if ((encrypted = crypt(response, hash)) == NULL) {
74 explicit_bzero(rbuf, sizeof(rbuf));
75 errx(1, "Authorization failed");
77 explicit_bzero(rbuf, sizeof(rbuf));
78 if (strcmp(encrypted, hash) != 0) {
79 syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
80 errx(1, "Authorization failed");
86 timestamp_set(fd, 5 * 60);