8 #ifdef HAVE_READPASSPHRASE_H
9 # include <readpassphrase.h>
11 # include "readpassphrase.h"
22 shadowauth(const char *myname, int persist)
27 char *challenge, *response, rbuf[1024], cbuf[128];
34 fd = timestamp_open(&valid, 5 * 60);
35 if (fd != -1 && valid == 1)
41 if ((pw = getpwnam(myname)) == NULL)
45 if (hash[0] == 'x' && hash[1] == '\0') {
47 if ((sp = getspnam(myname)) == NULL)
48 errx(1, "Authorization failed");
50 } else if (hash[0] != '*') {
51 errx(1, "Authorization failed");
54 char host[HOST_NAME_MAX + 1];
55 if (gethostname(host, sizeof(host)))
56 snprintf(host, sizeof(host), "?");
57 snprintf(cbuf, sizeof(cbuf),
58 "\rdoas (%.32s@%.32s) password: ", myname, host);
61 response = readpassphrase(challenge, rbuf, sizeof(rbuf), RPP_REQUIRE_TTY);
62 if (response == NULL && errno == ENOTTY) {
63 syslog(LOG_AUTHPRIV | LOG_NOTICE,
64 "tty required for %s", myname);
65 errx(1, "a tty is required");
67 if ((encrypted = crypt(response, hash)) == NULL)
69 if (strcmp(encrypted, hash) != 0) {
70 syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
71 errx(1, "Authorization failed");
74 explicit_bzero(rbuf, sizeof(rbuf));
79 timestamp_set(fd, 5 * 60);