fi
])dnl
-dnl
-dnl check for shadow passwords
-dnl NOTE: not verbose
-dnl
-AC_DEFUN(SUDO_CHECK_SHADOW_GENERIC, [
-if test -z "$SHADOW_TYPE" -a -d /tcb/files/auth; then
- AC_CHECK_FUNC(getprpwuid, SHADOW_TYPE="SPW_SECUREWARE")
-fi
-if test -z "$SHADOW_TYPE" -a -s /etc/shadow; then
- AC_CHECK_FUNC(getspnam, SHADOW_TYPE="SPW_SVR4")
-fi
-if test -z "$SHADOW_TYPE" -a -s /etc/master.passwd; then
- SHADOW_TYPE="SPW_BSD"
-fi
-if test -z "$SHADOW_TYPE"; then
- SHADOW_TYPE="SPW_NONE"
- $2
-else
- $1
-fi
-AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
-])
-
-AC_DEFUN(SUDO_CHECK_SHADOW_SUNOS4, [AC_MSG_CHECKING(for shadow passwords)
-if test -s /etc/security/passwd.adjunct; then
- AC_MSG_RESULT(yes)
- [$1]
-else
- AC_MSG_RESULT(no)
- [$2]
-fi
-])
-
-AC_DEFUN(SUDO_CHECK_SHADOW_ULTRIX4, [AC_MSG_CHECKING(for shadow passwords)
-if test -s /etc/auth.pag; then
- AC_MSG_RESULT(yes)
- [$1]
-else
- AC_MSG_RESULT(no)
- [$2]
-fi
-])
-
-AC_DEFUN(SUDO_CHECK_SHADOW_BSD, [AC_MSG_CHECKING(for shadow passwords)
-if test -s /etc/master.passwd; then
- AC_MSG_RESULT(yes)
- [$1]
-else
- AC_MSG_RESULT(no)
- [$2]
-fi
-])
-
-AC_DEFUN(SUDO_CHECK_SHADOW_HPUX9, [AC_MSG_CHECKING(for shadow passwords)
-if test -s /.secure/etc/passwd; then
- AC_MSG_RESULT(yes)
- [$1]
-else
- AC_MSG_RESULT(no)
- [$2]
-fi
-])
-
-AC_DEFUN(SUDO_CHECK_SHADOW_SVR4, [AC_MSG_CHECKING(for shadow passwords)
-if test -s /etc/shadow; then
- AC_MSG_RESULT(yes)
- [$1]
-else
- AC_MSG_RESULT(no)
- [$2]
-fi
-])
-
-AC_DEFUN(SUDO_CHECK_SHADOW_SECUREWARE, [AC_MSG_CHECKING(for shadow passwords)
-if test -d /tcb/files/auth; then
- AC_MSG_RESULT(yes)
- [$1]
-else
- AC_MSG_RESULT(no)
- [$2]
-fi
-])
-
-AC_DEFUN(SUDO_CHECK_SHADOW_DUNIX, [AC_MSG_CHECKING(for shadow passwords)
-if test "`. /etc/rc.config ; echo $SECURITY`" = "ENHANCED"; then
- AC_MSG_RESULT(yes)
- [$1]
-else
- AC_MSG_RESULT(no)
- [$2]
-fi
-])
-
dnl
dnl
dnl check for fullly working void
#include <options.h>
#include "insults.h"
#include "version.h"
-#if (SHADOW_TYPE == SPW_SECUREWARE)
+#ifdef HAVE_GETPRPWUID
# ifdef __hpux
# include <hpsecurity.h>
# else
# include <sys/security.h>
# endif /* __hpux */
# include <prot.h>
-#endif /* SPW_SECUREWARE */
+#endif /* HAVE_GETPRPWUID */
#ifdef HAVE_KERB4
# include <krb.h>
#endif /* HAVE_KERB4 */
#ifdef HAVE_OPIE
struct opie opie;
#endif
-#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
-extern uchar_t crypt_type;
-#endif /* SPW_SECUREWARE && __alpha */
+#if defined(HAVE_GETPRPWUID) && defined(__alpha)
+extern int crypt_type;
+#endif /* HAVE_GETPRPWUID && __alpha */
/*
* If we use shadow passwords with a different crypt(3)
* check that here, else use standard crypt(3).
+ * XXX - break out into separate functions.
*/
-# if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD)
-# if (SHADOW_TYPE == SPW_ULTRIX4)
+# ifdef HAVE_GETAUTHUID
if (!strcmp(user_passwd, (char *) crypt16(pass, user_passwd)))
return; /* if the passwd is correct return() */
-# endif /* ULTRIX4 */
-# if (SHADOW_TYPE == SPW_SECUREWARE) && !defined(__alpha)
+# endif /* HAVE_GETAUTHUID */
+# ifdef HAVE_GETPRPWUID
+# ifndef __alpha
# ifdef HAVE_BIGCRYPT
if (strcmp(user_passwd, (char *) bigcrypt(pass, user_passwd)) == 0)
return; /* if the passwd is correct return() */
-# else
- if (strcmp(user_passwd, crypt(pass, user_passwd)) == 0)
- return; /* if the passwd is correct return() */
# endif /* HAVE_BIGCRYPT */
-# endif /* SECUREWARE && !__alpha */
-# if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
- if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
- if (!strcmp(user_passwd, bigcrypt(pass, user_passwd)))
- return; /* if the passwd is correct return() */
- } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
- if (!strcmp(user_passwd, crypt16(pass, user_passwd)))
- return; /* if the passwd is correct return() */
+# else /* !__alpha */
+ switch (crypt_type) {
+ case AUTH_CRYPT_BIGCRYPT:
+ if (!strcmp(user_passwd, bigcrypt(pass, user_passwd)))
+ return; /* if the passwd is correct return() */
+ break;
+ case AUTH_CRYPT_CRYPT16:
+ if (!strcmp(user_passwd, crypt16(pass, user_passwd)))
+ return; /* if the passwd is correct return() */
+ break;
# ifdef AUTH_CRYPT_OLDCRYPT
- } else if (crypt_type == AUTH_CRYPT_OLDCRYPT ||
- crypt_type == AUTH_CRYPT_C1CRYPT) {
- if (!strcmp(user_passwd, crypt(pass, user_passwd)))
- return; /* if the passwd is correct return() */
+ case AUTH_CRYPT_OLDCRYPT:
+ case AUTH_CRYPT_C1CRYPT:
# endif
- } else {
- (void) fprintf(stderr,
- "%s: Sorry, I don't know how to deal with crypt type %d.\n",
- Argv[0], crypt_type);
- exit(1);
+ case -1:
+ if (!strcmp(user_passwd, crypt(pass, user_passwd)))
+ return; /* if the passwd is correct return() */
+ break;
+ default:
+ (void) fprintf(stderr,
+ "%s: Sorry, I don't know how to deal with crypt type %d.\n",
+ Argv[0], crypt_type);
+ exit(1);
}
-# endif /* SECUREWARE && __alpha */
-# endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */
+# endif /* __alpha */
+# endif /* HAVE_GETPRPWUID */
/* Normal UN*X password check */
if (!strcmp(user_passwd, (char *) crypt(pass, user_passwd)))
# undef _PASSWD_LEN
# define _PASSWD_LEN 256
#else
-# if (SHADOW_TYPE == SPW_SECUREWARE)
+# ifdef HAVE_GETPRPWUID
# undef _PASSWD_LEN
# define _PASSWD_LEN AUTH_MAX_PASSWD_LENGTH
# else
# endif /* PASS_MAX */
# endif /* !_PASSWD_LEN */
# endif /* HAVE_KERB4 || HAVE_AFS || HAVE_DCE || HAVE_SKEY || HAVE_OPIE */
-#endif /* SPW_SECUREWARE */
+#endif /* HAVE_GETPRPWUID */
/*
* Some OS's lack these
/* Define if you have set_auth_parameters(3). */
#undef HAVE_SET_AUTH_PARAMETERS
+/* Define if you have getspnam(3). [SVR4-style shadow passwords] */
+#undef HAVE_GETSPNAM
+
+/* Define if you have getprpwuid(3). [SecureWare-style shadow passwords] */
+#undef HAVE_GETPRPWUID
+
+/* Define if you have getspwuid(3). [HP-UX <= 9.X shadow passwords] */
+#undef HAVE_GETSPWUID
+
+/* Define if you have getpwanam(3). [SunOS 4.x shadow passwords] */
+#undef HAVE_GETPWANAM
+
+/* Define if you have getauthuid(3). [ULTRIX 4.x shadow passwords] */
+#undef HAVE_GETAUTHUID
+
/* Define if you have seteuid(3). */
#undef HAVE_SETEUID
/* Define if your struct sockadr has an sa_len field. */
#undef HAVE_SA_LEN
-/* Supported shadow password types */
-#define SPW_NONE 0x00
-#define SPW_SECUREWARE 0x01
-#define SPW_HPUX9 0x02
-#define SPW_SUNOS4 0x03
-#define SPW_SVR4 0x04
-#define SPW_ULTRIX4 0x05
-#define SPW_BSD 0x06
-
-/* Define to the variety of shadow passwords supported on your OS */
-#undef SHADOW_TYPE
-
/* Define to void if your C compiler fully groks void, else char */
#undef VOID
/* Define if you want the log file line to be wrapped */
#undef WRAP_LOG
-
-/*
- * Paths to commands used by sudo. There are used by pathnames.h.
- * If you want to override these values, do so in pathnames.h, not here!
- */
-
-#ifndef _CONFIG_PATH_SENDMAIL
-#undef _CONFIG_PATH_SENDMAIL
-#endif /* _CONFIG_PATH_SENDMAIL */
-
-#ifndef _CONFIG_PATH_VI
-#undef _CONFIG_PATH_VI
-#endif /* _CONFIG_PATH_VI */
-
-#ifndef _CONFIG_PATH_PWD
-#undef _CONFIG_PATH_PWD
-#endif /* _CONFIG_PATH_PWD */
-
-#ifndef _CONFIG_PATH_MV
-#undef _CONFIG_PATH_MV
-#endif /* _CONFIG_PATH_MV */
-
-#ifndef _CONFIG_PATH_BSHELL
-#undef _CONFIG_PATH_BSHELL
-#endif /* _CONFIG_PATH_BSHELL */
-
-#ifndef _CONFIG_PATH_LOGFILE
-#undef _CONFIG_PATH_LOGFILE
-#endif /* _CONFIG_PATH_LOGFILE */
-
-#ifndef _CONFIG_PATH_TIMEDIR
-#undef _CONFIG_PATH_TIMEDIR
-#endif /* _CONFIG_PATH_TIMEDIR */
AC_SUBST(MANTYPE)dnl
MAN_POSTINSTALL=""
AC_SUBST(MAN_POSTINSTALL)dnl
+CHECKSHADOW="true"
dnl
dnl Override default configure dirs...
dnl Options for --enable
dnl
+AC_MSG_CHECKING(whether to disable shadow password support)
+AC_ARG_ENABLE(tgetpass,
+[ --enable-shadow Use shadow passwords if they exist (default)
+ --disable-shadow Never use shadow passwords],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(no)
+ ;;
+ no) AC_MSG_RESULT(yes)
+ CHECKSHADOW="false"
+ ;;
+ *) AC_MSG_RESULT(no)
+ echo "Ignoring unknown argument to --enable-tgetpass: $enableval"
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
AC_MSG_CHECKING(whether to use the system getpass function)
AC_ARG_ENABLE(tgetpass,
[ --enable-tgetpass Use sudo's getpass() that times out (default)
# getcwd(3) opens a pipe to getpwd(1)!?!
BROKEN_GETCWD=1
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SUNOS4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SUNOS4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
+ # check for password adjunct functions (shadow passwords)
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_FUNCS(getpwanam)
+ CHECKSHADOW="false"
fi
;;
*-*-solaris2*)
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SVR4(with_C2="yes")
- fi
- if test "$with_C2" != "no"; then
- with_C2="yes"
- SHADOW_TYPE="SPW_SVR4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- fi
-
# AFS support needs -lucb
if test "$with_AFS" = "yes"; then
AFS_LIBS="-lc -lucb"
SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
;;
*-*-hiuxmpp*)
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SECUREWARE(with_C2="yes")
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_LIB(sec, getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [SUDO_LIBS="${SUDO_LIBS} -lsec"], AC_CHECK_LIB(security, getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [SUDO_LIBS="${SUDO_LIBS} -lsecurity"]))
+ CHECKSHADOW="false"
fi
;;
*-*-hpux1[[0-9]]*)
# (XXX - should be an option to configure)
#STATIC_SUDO=true
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SECUREWARE(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SECUREWARE"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- SUDO_LIBS="${SUDO_LIBS} -lsec"
- LIBS="${LIBS} -lsec"
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_LIB(sec, getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [SUDO_LIBS="${SUDO_LIBS} -lsec"])
+ CHECKSHADOW="false"
fi
if test -n "$STATIC_SUDO"; then
AC_DEFINE(BROKEN_SYSLOG)
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_HPUX9(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_HPUX9"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_FUNCS(getspwuid)
+ CHECKSHADOW="false"
fi
if test -n "$STATIC_SUDO"; then
# ignore envariables wrt dynamic lib path
SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
- # C2 security stuff
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_DUNIX(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SUDO_LIBS="${SUDO_LIBS} -lsecurity -laud"
- LIBS="${LIBS} -lsecurity -laud"
- SHADOW_TYPE="SPW_SECUREWARE"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_LIB(security, getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [SUDO_LIBS="${SUDO_LIBS} -lsecurity"])
+ CHECKSHADOW="false"
fi
;;
*-*-irix*)
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SVR4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SVR4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- fi
-
# configure may not think irix has stdc headers
# but it's good enough for sudo
AC_DEFINE(STDC_HEADERS)
fi
;;
*-*-linux*)
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SVR4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SVR4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- OSDEFS="${OSDEFS} -DSHADOW_PWD"
- AC_CHECK_FUNC(getspnam, ,
- SUDO_LIBS="${SUDO_LIBS} -lshadow"
- LIBS="${LIBS} -lshadow")
+ # Some Linux versions need to link with -lshadow
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_FUNC(getspnam, AC_DEFINE(HAVE_GETSPNAM), AC_CHECK_LIB(shadow, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lshadow"]))
+ CHECKSHADOW="false"
fi
;;
*-convex-bsd*)
CFLAGS="${CFLAGS} -D__STDC__"
fi
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SECUREWARE(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- OSDEFS="${OSDEFS} -D_AUDIT -D_ACL -DSecureWare"
- SUDO_LIBS="${SUDO_LIBS} -lprot"
- LIBS="${LIBS} -lprot"
- SHADOW_TYPE="SPW_SECUREWARE"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_LIB(sec, getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [SUDO_LIBS="${SUDO_LIBS} -lprot"; OSDEFS="${OSDEFS} -D_AUDIT -D_ACL -DSecureWare"])
+ CHECKSHADOW="false"
fi
;;
*-*-ultrix*)
OS="ultrix"
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_ULTRIX4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SUDO_LIBS="${SUDO_LIBS} -lauth"
- LIBS="${LIBS} -lauth"
- SHADOW_TYPE="SPW_ULTRIX4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_LIB(auth, getauthuid, AC_DEFINE(HAVE_GETAUTHUID) [SUDO_LIBS="${SUDO_LIBS} -lauth"])
+ CHECKSHADOW="false"
fi
;;
*-*-riscos*)
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SVR4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SVR4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- fi
-
SUDO_LIBS="${SUDO_LIBS} -lsun -lbsd"
LIBS="${LIBS} -lsun -lbsd"
CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
SUDO_LIBS="${SUDO_LIBS} -lcrypt"
LIBS="${LIBS} -lcrypt"
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SVR4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SUDO_LIBS="${SUDO_LIBS} -lsec"
- LIBS="${LIBS} -lsec"
- SHADOW_TYPE="SPW_SVR4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"])
+ CHECKSHADOW="false"
fi
;;
*-*-sco*)
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SECUREWARE(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SECUREWARE"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- SUDO_LIBS="${SUDO_LIBS} -lprot -lx"
- LIBS="${LIBS} -lprot -lx"
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_LIB(prot, getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [SUDO_LIBS="${SUDO_LIBS} -lprot -lx"])
+ CHECKSHADOW="false"
fi
;;
*-*-unicos*)
# we don't want -linet
LIB_INET=0
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SVR4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SVR4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- SUDO_LIBS="${SUDO_LIBS} -lsec"
- LIBS="${LIBS} -lsec"
+ if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"])
+ CHECKSHADOW="false"
fi
;;
*-ccur-sysv4|*-ccur-sysvr4)
SUDO_LIBS="${SUDO_LIBS} -lgen -lsocket -lnsl"
LIB_SOCKET=1
LIB_NSL=1
-
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SVR4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SVR4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- fi
;;
*-*-bsdi*)
# Use shlicc for BSD/OS 2.x unless asked to do otherwise
ac_cv_prog_CC=shlicc
CC="$ac_cv_prog_CC"
fi
-
- # This should always be true but why not be careful...
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_BSD(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_BSD"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- fi
;;
*-*-*bsd*)
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_BSD(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_BSD"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
+ if test "$CHECKSHADOW" = "true"; then
+ CHECKSHADOW="false"
fi
;;
*-*-svr4*|*-*-sysv4*)
SUDO_LIBS="${SUDO_LIBS} -lsocket -lnsl"
LIB_SOCKET=1
LIB_NSL=1
-
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SVR4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SVR4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- fi
- ;;
- *-*-sysv*)
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_SVR4(with_C2="yes")
- fi
- if test "$with_C2" = "yes"; then
- SHADOW_TYPE="SPW_SVR4"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- fi
- ;;
- *)
- if test -z "$host"; then
- echo "Unable to guess system type, you may need to specify on the command line."
- fi
-
- dnl
- dnl Is this OS using shadow passwords?
- dnl Just check the most common schemes.
- dnl
- if test -z "$with_C2"; then
- SUDO_CHECK_SHADOW_GENERIC(with_C2="yes")
- AC_MSG_CHECKING(for shadow passwords and type)
- case "$SHADOW_TYPE" in
- "SPW_SVR4")
- echo "SVR4"
- ;;
- "SPW_BSD")
- echo "BSD"
- ;;
- "SPW_SECUREWARE")
- echo "SecureWare"
- SUDO_LIBS="${SUDO_LIBS} -lprot -lx"
- LIBS="${LIBS} -lprot -lx"
- ;;
- "SPW_NONE")
- echo "none"
- esac
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
- fi
;;
esac
dnl
-dnl Guess shadow password type unless we already know it.
-dnl This is used when the user specified --with-C2 option.
+dnl Check for shadow password routines if we have not already done so.
+dnl We check for SVR4-style first and then SecureWare-style.
dnl
-if test "$with_C2" = "yes" -a -z "$SHADOW_TYPE"; then
- AC_CHECK_FUNC(getprpwuid, SHADOW_TYPE="SPW_SECUREWARE", [AC_CHECK_FUNC(getspnam, SHADOW_TYPE="SPW_SVR4", [test -f /etc/master.passwd && SHADOW_TYPE="SPW_BSD"])])
- AC_MSG_CHECKING(for shadow password type)
- case "$SHADOW_TYPE" in
- "SPW_SVR4")
- echo "SVR4"
- ;;
- "SPW_BSD")
- echo "BSD"
- ;;
- "SPW_SECUREWARE")
- echo "SecureWare"
- SUDO_LIBS="${SUDO_LIBS} -lprot -lx"
- LIBS="${LIBS} -lprot -lx"
- ;;
- *)
- SHADOW_TYPE="SPW_NONE"
- echo "unknown"
- echo "Unable to determine shadow passwd type, sudo may not be able to verify passwords"
- ;;
- esac
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
-elif test -z "$SHADOW_TYPE"; then
- SHADOW_TYPE="SPW_NONE"
- AC_DEFINE_UNQUOTED(SHADOW_TYPE, $SHADOW_TYPE)
+if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_FUNC(getspnam, AC_DEFINE(HAVE_GETSPNAM) [CHECKSHADOW="false"])
+fi
+if test "$CHECKSHADOW" = "true"; then
+ AC_CHECK_FUNC(getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [CHECKSHADOW="false"], AC_CHECK_LIB(sec, getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [CHECKSHADOW="false"; SUDO_LIBS="${SUDO_LIBS} -lsec"], AC_CHECK_LIB(security, getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [CHECKSHADOW="false"; SUDO_LIBS="${SUDO_LIBS} -lsecurity"], AC_CHECK_LIB(prot, getprpwuid, AC_DEFINE(HAVE_GETPRPWUID) [CHECKSHADOW="false"; SUDO_LIBS="${SUDO_LIBS} -lprot"]))))
fi
dnl
#include <pwd.h>
#include "sudo.h"
#include <options.h>
-#if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD)
-# if (SHADOW_TYPE == SPW_SVR4)
-# include <shadow.h>
-# endif /* SVR4 */
-# if (SHADOW_TYPE == SPW_SECUREWARE)
-# ifdef __hpux
-# include <hpsecurity.h>
-# else
-# include <sys/security.h>
-# endif /* __hpux */
-# include <prot.h>
-# endif /* SECUREWARE */
-# if (SHADOW_TYPE == SPW_ULTRIX4)
-# include <auth.h>
-# endif /* ULTRIX4 */
-# if (SHADOW_TYPE == SPW_SUNOS4)
-# include <sys/label.h>
-# include <sys/audit.h>
-# include <pwdadj.h>
-# endif /* SUNOS4 */
-#endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */
+
+/* Shadow password includes */
+#ifdef HAVE_GETSPNAM
+# include <shadow.h>
+#endif /* HAVE_GETSPNAM */
+#ifdef HAVE_GETPRPWUID
+# ifdef __hpux
+# include <hpsecurity.h>
+# else
+# include <sys/security.h>
+# endif /* __hpux */
+# include <prot.h>
+#endif /* HAVE_GETPRPWUID */
+#ifdef HAVE_GETPWANAM
+# include <sys/label.h>
+# include <sys/audit.h>
+# include <pwdadj.h>
+#endif /* HAVE_GETPWANAM */
+#ifdef HAVE_GETAUTHUID
+# include <auth.h>
+#endif /* HAVE_GETAUTHUID */
#ifndef STDC_HEADERS
#ifndef __GNUC__ /* gcc has its own malloc */
/*
* Global variables (yuck)
*/
-#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
-uchar_t crypt_type;
-#endif /* SPW_SECUREWARE && __alpha */
+#if defined(HAVE_GETPRPWUID) && defined(__alpha)
+int crypt_type = -1;
+#endif /* HAVE_GETPRPWUID && __alpha */
/*
* Local functions not visible outside getspwuid.c
*/
static char *sudo_getshell __P((struct passwd *));
-static char *sudo_getspwd __P((struct passwd *));
+static char *sudo_getepw __P((struct passwd *));
/**********************************************************************
*
- * sudo_getspwd()
+ * sudo_getepw()
*
- * This function returns the shadow password for the user described
- * by pw_ent. If there is no shadow password the normal UN*X password
- * is returned instead.
+ * This function returns the encrypted password for the user described
+ * by pw_ent. If there is a shadow password it is returned, else the
+ * normal UN*X password is returned instead.
*/
-static char *sudo_getspwd(pw_ent)
+static char *sudo_getepw(pw_ent)
struct passwd *pw_ent;
-#if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD)
-# if (SHADOW_TYPE == SPW_SVR4)
{
- struct spwd *spw_ent;
+#ifdef HAVE_GETPRPWUID
+ {
+ struct pr_passwd *spw_ent;
+
+ spw_ent = getprpwuid(pw_ent->pw_uid);
+ if (spw_ent != NULL && spw_ent->ufld.fd_encrypt != NULL) {
+# ifdef __alpha
+ crypt_type = spw_ent -> ufld.fd_oldcrypt;
+# ifdef AUTH_CRYPT_C1CRYPT
+ if (crypt_type != AUTH_CRYPT_C1CRYPT)
+# endif /* AUTH_CRYPT_C1CRYPT */
+# endif /* __alpha */
+ return(spw_ent -> ufld.fd_encrypt);
+ }
+ }
+#endif /* HAVE_GETPRPWUID */
+#ifdef HAVE_GETSPNAM
+ {
+ struct spwd *spw_ent;
- if ((spw_ent = getspnam(pw_ent -> pw_name)) && spw_ent -> sp_pwdp)
- return(spw_ent -> sp_pwdp);
- else
- return(pw_ent -> pw_passwd);
-}
-# endif /* SVR4 */
-# if (SHADOW_TYPE == SPW_HPUX9)
-{
- struct s_passwd *spw_ent;
+ if ((spw_ent = getspnam(pw_ent -> pw_name)) && spw_ent -> sp_pwdp)
+ return(spw_ent -> sp_pwdp);
+ }
+#endif /* HAVE_GETSPNAM */
+#ifdef HAVE_GETSPWUID
+ {
+ struct s_passwd *spw_ent;
- if ((spw_ent = getspwuid(pw_ent -> pw_uid)) && spw_ent -> pw_passwd)
- return(spw_ent -> pw_passwd);
- else
- return(pw_ent -> pw_passwd);
-}
-# endif /* HPUX9 */
-# if (SHADOW_TYPE == SPW_SUNOS4)
-{
- struct passwd_adjunct *spw_ent;
+ if ((spw_ent = getspwuid(pw_ent -> pw_uid)) && spw_ent -> pw_passwd)
+ return(spw_ent -> pw_passwd);
+ }
+#endif /* HAVE_GETSPWUID */
+#ifdef HAVE_GETPWANAM
+ {
+ struct passwd_adjunct *spw_ent;
- if ((spw_ent = getpwanam(pw_ent -> pw_name)) && spw_ent -> pwa_passwd)
- return(spw_ent -> pwa_passwd);
- else
- return(pw_ent -> pw_passwd);
-}
-# endif /* SUNOS4 */
-# if (SHADOW_TYPE == SPW_ULTRIX4)
-{
- AUTHORIZATION *spw_ent;
+ if ((spw_ent = getpwanam(pw_ent -> pw_name)) && spw_ent -> pwa_passwd)
+ return(spw_ent -> pwa_passwd);
+ }
+#endif /* HAVE_GETPWANAM */
+#ifdef HAVE_GETAUTHUID
+ {
+ AUTHORIZATION *spw_ent;
- if ((spw_ent = getauthuid(pw_ent -> pw_uid)) && spw_ent -> a_password)
- return(spw_ent -> a_password);
- else
- return(pw_ent -> pw_passwd);
-}
-# endif /* ULTRIX4 */
-# if (SHADOW_TYPE == SPW_SECUREWARE)
-{
- struct pr_passwd *spw_ent;
-
- if ((spw_ent = getprpwuid(pw_ent->pw_uid)) && spw_ent->ufld.fd_encrypt) {
-# ifdef __alpha
- crypt_type = spw_ent -> ufld.fd_oldcrypt;
-# ifdef AUTH_CRYPT_C1CRYPT
- if (crypt_type == AUTH_CRYPT_C1CRYPT)
- return(pw_ent -> pw_passwd);
-# endif /* AUTH_CRYPT_C1CRYPT */
-# endif /* __alpha */
- return(spw_ent -> ufld.fd_encrypt);
- } else
- return(pw_ent -> pw_passwd);
-}
-# endif /* SECUREWARE */
-#else
-{
+ if ((spw_ent = getauthuid(pw_ent -> pw_uid)) && spw_ent -> a_password)
+ return(spw_ent -> a_password);
+ }
+#endif /* HAVE_GETAUTHUID */
+
+ /* Fall back on normal passwd */
return(pw_ent->pw_passwd);
}
-#endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */
/**********************************************************************
}
/* pw_passwd gets a shadow password if applicable */
- local_pw_ent->pw_passwd = (char *) strdup(sudo_getspwd(pw_ent));
+ local_pw_ent->pw_passwd = (char *) strdup(sudo_getepw(pw_ent));
if (local_pw_ent->pw_passwd == NULL) {
perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
#include <sys/param.h>
#include <netinet/in.h>
#include <netdb.h>
-#if (SHADOW_TYPE == SPW_SECUREWARE)
-# ifdef __hpux
-# include <hpsecurity.h>
-# else
-# include <sys/security.h>
-# endif /* __hpux */
-# include <prot.h>
-#endif /* SPW_SECUREWARE */
+#ifdef HAVE_GETPRPWUID
+#include <prot.h>
+#endif /* HAVE_GETPRPWUID */
#ifdef HAVE_DCE
#include <pthread.h>
#endif /* HAVE_DCE */
int sudo_mode = MODE_RUN;
extern char ** environ;
-#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(HAVE_SET_AUTH_PARAMETERS)
+#if defined(HAVE_GETPRPWUID) && defined(HAVE_SET_AUTH_PARAMETERS)
(void) set_auth_parameters(argc, argv);
-#endif /* SPW_SECUREWARE */
+#endif /* HAVE_GETPRPWUID && HAVE_SET_AUTH_PARAMETERS */
Argv = argv;
Argc = argc;
#include <sys/ioctl.h>
#endif /* HAVE_TERMIO_H */
#endif /* HAVE_TERMIOS_H */
-#if (SHADOW_TYPE == SPW_SECUREWARE)
-# ifdef __hpux
-# include <hpsecurity.h>
-# else
-# include <sys/security.h>
-# endif /* __hpux */
-# include <prot.h>
-#endif /* SPW_SECUREWARE */
+#ifdef HAVE_GETPRPWUID
+#include <prot.h> /* for AUTH_MAX_PASSWD_LENGTH */
+#endif /* HAVE_GETPRPWUID */
#include <pathnames.h>
#include "compat.h"
projects / sudo / commitdiff