methods.
int nil_pw; /* I hate resorting to globals like this... */
void
-verify_user(prompt)
+verify_user(pw, prompt)
+ struct passwd *pw;
char *prompt;
{
short counter = def_ival(I_PW_TRIES) + 1;
if (NEEDS_USER(auth))
set_perms(PERM_USER, 0);
- status = (auth->init)(sudo_user.pw, &prompt, auth);
+ status = (auth->init)(pw, &prompt, auth);
if (status == AUTH_FAILURE)
auth->flags &= ~FLAG_CONFIGURED;
else if (status == AUTH_FATAL) /* XXX log */
if (NEEDS_USER(auth))
set_perms(PERM_USER, 0);
- status = (auth->setup)(sudo_user.pw, &prompt, auth);
+ status = (auth->setup)(pw, &prompt, auth);
if (status == AUTH_FAILURE)
auth->flags &= ~FLAG_CONFIGURED;
else if (status == AUTH_FATAL) /* XXX log */
if (NEEDS_USER(auth))
set_perms(PERM_USER, 0);
- success = auth->status = (auth->verify)(sudo_user.pw, p, auth);
+ success = auth->status = (auth->verify)(pw, p, auth);
if (NEEDS_USER(auth))
set_perms(PERM_ROOT, 0);
if (NEEDS_USER(auth))
set_perms(PERM_USER, 0);
- status = (auth->cleanup)(sudo_user.pw, auth);
+ status = (auth->cleanup)(pw, auth);
if (status == AUTH_FATAL) /* XXX log */
exit(1); /* assume error msg already printed */
prompt = expand_prompt(user_prompt ? user_prompt : def_str(I_PASSPROMPT),
user_name, user_shost);
- verify_user(prompt);
+ verify_user(auth_pw, prompt);
}
if (status != TS_ERROR)
update_timestamp(timestampdir, timestampfile);
/*
* Local functions not visible outside getspwuid.c
*/
-static char *sudo_getshell __P((struct passwd *));
+static char *sudo_getshell __P((struct passwd *));
+static struct passwd *sudo_pwdup __P((struct passwd *));
/*
* Dynamically allocate space for a struct password and the constituent parts
* that we care about. Fills in pw_passwd from shadow file if necessary.
*/
-struct passwd *
-sudo_getpwuid(uid)
- uid_t uid;
+static struct passwd *
+sudo_pwdup(pw)
+ struct passwd *pw;
{
- struct passwd *pw, *local_pw;
-
- if ((pw = getpwuid(uid)) == NULL)
- return(NULL);
+ struct passwd *local_pw;
/* Allocate space for a local copy of pw. */
local_pw = (struct passwd *) emalloc(sizeof(struct passwd));
return(local_pw);
}
+
+/*
+ * Get a password entry by uid and allocate space for it.
+ * Fills in pw_passwd from shadow file if necessary.
+ */
+struct passwd *
+sudo_getpwuid(uid)
+ uid_t uid;
+{
+ struct passwd *pw;
+
+ if ((pw = getpwuid(uid)) == NULL)
+ return(NULL);
+ else
+ return(sudo_pwdup(pw));
+}
+
+/*
+ * Get a password entry by name and allocate space for it.
+ * Fills in pw_passwd from shadow file if necessary.
+ */
+struct passwd *
+sudo_getpwnam(name)
+ const char *name;
+{
+ struct passwd *pw;
+
+ if ((pw = getpwnam(name)) == NULL)
+ return(NULL);
+ else
+ return(sudo_pwdup(pw));
+}
static void add_env __P((int));
static void clean_env __P((char **, struct env_table *));
static void initial_setup __P((void));
-static void update_epasswd __P((void));
+static struct passwd *get_authpw __P((void));
extern struct passwd *sudo_getpwuid __P((uid_t));
+extern struct passwd *sudo_getpwnam __P((const char *));
extern void list_matches __P((void));
/*
int NewArgc = 0;
char **NewArgv = NULL;
struct sudo_user sudo_user;
+struct passwd *auth_pw;
FILE *sudoers_fp = NULL;
struct interface *interfaces;
int num_interfaces;
(void) close(fd);
}
- /* Update encrypted password in user_password if sudoers said to. */
- update_epasswd();
+ /* Fill in passwd struct based on user we are authenticating as. */
+ auth_pw = get_authpw();
/* Require a password unless the NOPASS tag was set. */
if (!(validated & FLAG_NOPASS))
}
/*
- * If the sudoers file says to prompt for a different user's password,
- * update the encrypted password in user_passwd accordingly.
+ * Get passwd entry for the user we are going to authenticate as.
+ * By default, this is the user invoking sudo...
*/
-static void
-update_epasswd()
+static struct passwd *
+get_authpw()
{
struct passwd *pw;
- /* We may be configured to prompt for a password other than the user's */
if (def_ival(I_ROOTPW)) {
- if ((pw = getpwuid(0)) == NULL)
+ if ((pw = sudo_getpwuid(0)) == NULL)
log_error(0, "uid 0 does not exist in the passwd file!");
- free(user_passwd);
- user_passwd = estrdup(sudo_getepw(pw));
} else if (def_ival(I_RUNASPW)) {
- if ((pw = getpwnam(def_str(I_RUNAS_DEF))) == NULL)
+ if ((pw = sudo_getpwnam(def_str(I_RUNAS_DEF))) == NULL)
log_error(0, "user %s does not exist in the passwd file!",
def_str(I_RUNAS_DEF));
- free(user_passwd);
- user_passwd = estrdup(sudo_getepw(pw));
} else if (def_ival(I_TARGETPW)) {
if (**user_runas == '#') {
- if ((pw = getpwuid(atoi(*user_runas + 1))) == NULL)
+ if ((pw = sudo_getpwuid(atoi(*user_runas + 1))) == NULL)
log_error(0, "uid %s does not exist in the passwd file!",
user_runas);
} else {
- if ((pw = getpwnam(*user_runas)) == NULL)
+ if ((pw = sudo_getpwnam(*user_runas)) == NULL)
log_error(0, "user %s does not exist in the passwd file!",
user_runas);
}
- free(user_passwd);
- user_passwd = estrdup(sudo_getepw(pw));
- }
+ } else
+ pw = sudo_user.pw;
+
+ return(pw);
}
/*
char *tgetpass __P((const char *, int, int));
int find_path __P((char *, char **));
void check_user __P((void));
-void verify_user __P((char *));
+void verify_user __P((struct passwd *, char *));
int sudoers_lookup __P((int));
void set_perms __P((int, int));
void remove_timestamp __P((int));
/* Only provide extern declarations outside of sudo.c. */
#ifndef _SUDO_SUDO_C
extern struct sudo_user sudo_user;
+extern struct passwd *auth_pw;
extern int Argc;
extern char **Argv;
projects / sudo / commitdiff