From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 18 Nov 2016 00:55:44 +0000 (-0700)
Subject: Add support for getpwnam_shadow() on OpenBSD
X-Git-Tag: SUDO_1_8_19^2~23
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=695784e6ee7f48469ae8d6fb6fb7727df04833de;p=sudo

Add support for getpwnam_shadow() on OpenBSD
---

diff --git a/config.h.in b/config.h.in
index b07626dd3..4a080aaf9 100644
--- a/config.h.in
+++ b/config.h.in
@@ -289,6 +289,9 @@
    passwords). */
 #undef HAVE_GETPRPWNAM
 
+/* Define to 1 if you have the `getpwnam_shadow' function. */
+#undef HAVE_GETPWNAM_SHADOW
+
 /* Define to 1 if you have the `getresuid' function. */
 #undef HAVE_GETRESUID
 
diff --git a/configure b/configure
index 22a3e9c1f..0af324726 100755
--- a/configure
+++ b/configure
@@ -15633,7 +15633,7 @@ done
 		# OpenBSD has a real setreuid(2) starting with 3.3 but
 		# we will use setresuid(2) instead.
 		SKIP_SETREUID=yes
-		CHECKSHADOW="false"
+
 		# OpenBSD >= 3.0 supports BSD auth
 		if test -z "$with_bsdauth"; then
 		    if test "$OSMAJOR" -ge 3; then
@@ -15642,6 +15642,9 @@ done
 		fi
 		: ${with_logincap='maybe'}
 
+		# Newer OpenBSD only fills in pw_password for getpwnam_shadow()
+		shadow_funcs="getpwnam_shadow"
+
 		# Examples go in share/examples/sudo
 		if test X"$with_exampledir" = X""; then
 		    exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
@@ -28050,5 +28053,6 @@ fi
 
 
 
+
 
 
diff --git a/configure.ac b/configure.ac
index 86912f231..02f47fb49 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2037,7 +2037,7 @@ case "$host" in
 		# OpenBSD has a real setreuid(2) starting with 3.3 but
 		# we will use setresuid(2) instead.
 		SKIP_SETREUID=yes
-		CHECKSHADOW="false"
+
 		# OpenBSD >= 3.0 supports BSD auth
 		if test -z "$with_bsdauth"; then
 		    if test "$OSMAJOR" -ge 3; then
@@ -2046,6 +2046,9 @@ case "$host" in
 		fi
 		: ${with_logincap='maybe'}
 
+		# Newer OpenBSD only fills in pw_password for getpwnam_shadow()
+		shadow_funcs="getpwnam_shadow"
+
 		# Examples go in share/examples/sudo
 		if test X"$with_exampledir" = X""; then
 		    exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
@@ -4295,6 +4298,7 @@ AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcnt
 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function.  (SecureWare-style shadow passwords).])
+AH_TEMPLATE(HAVE_GETPWNAM_SHADOW, [Define to 1 if you have the `getpwnam_shadow' function.])
 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).])
 AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
diff --git a/plugins/sudoers/getspwuid.c b/plugins/sudoers/getspwuid.c
index 7a8fc75e4..212c0c23d 100644
--- a/plugins/sudoers/getspwuid.c
+++ b/plugins/sudoers/getspwuid.c
@@ -72,6 +72,14 @@ sudo_getepw(const struct passwd *pw)
 	goto done;
 #endif /* HAVE_ISCOMSEC */
 
+#ifdef HAVE_GETPWNAM_SHADOW
+    {
+	struct passwd *spw;
+
+	if ((spw = getpwnam_shadow(pw->pw_name)) != NULL)
+	    epw = spw->pw_passwd;
+    }
+#endif /* HAVE_GETPWNAM_SHADOW */
 #ifdef HAVE_GETPRPWNAM
     {
 	struct pr_passwd *spw;