1 /*
2 * Copyright (c) 1996, 1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 *
16 * Sponsored in part by the Defense Advanced Research Projects
17 * Agency (DARPA) and Air Force Research Laboratory, Air Force
18 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
19 */
20
21 #include "config.h"
22
23 #include <sys/types.h>
24 #include <sys/stat.h>
25 #include <sys/param.h>
26 #include <stdio.h>
27 #ifdef STDC_HEADERS
28 # include <stdlib.h>
29 # include <stddef.h>
30 #else
31 # ifdef HAVE_STDLIB_H
32 # include <stdlib.h>
33 # endif
34 #endif /* STDC_HEADERS */
35 #ifdef HAVE_STRING_H
36 # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
37 # include <memory.h>
38 # endif
39 # include <string.h>
40 #else
41 # ifdef HAVE_STRINGS_H
42 # include <strings.h>
43 # endif
44 #endif /* HAVE_STRING_H */
45 #ifdef HAVE_UNISTD_H
46 # include <unistd.h>
47 #endif /* HAVE_UNISTD_H */
48 #include <pwd.h>
49 #ifdef HAVE_GETSPNAM
50 # include <shadow.h>
51 #endif /* HAVE_GETSPNAM */
52 #ifdef HAVE_GETPRPWNAM
53 # ifdef __hpux
54 # undef MAXINT
55 # include <hpsecurity.h>
56 # else
57 # include <sys/security.h>
58 # endif /* __hpux */
59 # include <prot.h>
60 #endif /* HAVE_GETPRPWNAM */
61 #ifdef HAVE_GETPWANAM
62 # include <sys/label.h>
63 # include <sys/audit.h>
64 # include <pwdadj.h>
65 #endif /* HAVE_GETPWANAM */
66 #ifdef HAVE_GETAUTHUID
67 # include <auth.h>
68 #endif /* HAVE_GETAUTHUID */
69
70 #include "sudo.h"
71
72 #ifndef lint
73 static const char rcsid[] = "$Sudo: getspwuid.c,v 1.65 2004/02/13 21:36:43 millert Exp $";
74 #endif /* lint */
75
76 /*
77 * Global variables (yuck)
78 */
79 #if defined(HAVE_GETPRPWNAM) && defined(__alpha)
80 int crypt_type = INT_MAX;
81 #endif /* HAVE_GETPRPWNAM && __alpha */
82
83
84 /*
85 * Return a copy of the encrypted password for the user described by pw.
86 * If shadow passwords are in use, look in the shadow file.
87 */
88 char *
sudo_getepw(pw)89 sudo_getepw(pw)
90 const struct passwd *pw;
91 {
92 char *epw;
93
94 /* If there is a function to check for shadow enabled, use it... */
95 #ifdef HAVE_ISCOMSEC
96 if (!iscomsec())
97 return(estrdup(pw->pw_passwd));
98 #endif /* HAVE_ISCOMSEC */
99 #ifdef HAVE_ISSECURE
100 if (!issecure())
101 return(estrdup(pw->pw_passwd));
102 #endif /* HAVE_ISSECURE */
103
104 epw = NULL;
105 #ifdef HAVE_GETPRPWNAM
106 {
107 struct pr_passwd *spw;
108
109 setprpwent();
110 if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) {
111 # ifdef __alpha
112 crypt_type = spw->ufld.fd_oldcrypt;
113 # endif /* __alpha */
114 epw = estrdup(spw->ufld.fd_encrypt);
115 }
116 endprpwent();
117 if (epw)
118 return(epw);
119 }
120 #endif /* HAVE_GETPRPWNAM */
121 #ifdef HAVE_GETSPNAM
122 {
123 struct spwd *spw;
124
125 setspent();
126 if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp)
127 epw = estrdup(spw->sp_pwdp);
128 endspent();
129 if (epw)
130 return(epw);
131 }
132 #endif /* HAVE_GETSPNAM */
133 #ifdef HAVE_GETSPWUID
134 {
135 struct s_passwd *spw;
136
137 setspwent();
138 if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd)
139 epw = estrdup(spw->pw_passwd);
140 endspwent();
141 if (epw)
142 return(epw);
143 }
144 #endif /* HAVE_GETSPWUID */
145 #ifdef HAVE_GETPWANAM
146 {
147 struct passwd_adjunct *spw;
148
149 setpwaent();
150 if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd)
151 epw = estrdup(spw->pwa_passwd);
152 endpwaent();
153 if (epw)
154 return(epw);
155 }
156 #endif /* HAVE_GETPWANAM */
157 #ifdef HAVE_GETAUTHUID
158 {
159 AUTHORIZATION *spw;
160
161 setauthent();
162 if ((spw = getauthuid(pw->pw_uid)) && spw->a_password)
163 epw = estrdup(spw->a_password);
164 endauthent();
165 if (epw)
166 return(epw);
167 }
168 #endif /* HAVE_GETAUTHUID */
169
170 /* Fall back on normal password. */
171 return(estrdup(pw->pw_passwd));
172 }
173
174 /*
175 * Dynamically allocate space for a struct password and the constituent parts
176 * that we care about. Fills in pw_passwd from shadow file if necessary.
177 */
178 struct passwd *
sudo_pwdup(pw)179 sudo_pwdup(pw)
180 const struct passwd *pw;
181 {
182 char *cp;
183 const char *pw_passwd, *pw_shell;
184 size_t nsize, psize, csize, gsize, dsize, ssize, total;
185 struct passwd *newpw;
186
187 /* Get shadow password if available. */
188 pw_passwd = sudo_getepw(pw);
189
190 /* If shell field is empty, expand to _PATH_BSHELL. */
191 pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0')
192 ? _PATH_BSHELL : pw->pw_shell;
193
194 /* Allocate in one big chunk for easy freeing. */
195 nsize = psize = csize = gsize = dsize = ssize = 0;
196 total = sizeof(struct passwd);
197 if (pw->pw_name) {
198 nsize = strlen(pw->pw_name) + 1;
199 total += nsize;
200 }
201 if (pw_passwd) {
202 psize = strlen(pw_passwd) + 1;
203 total += psize;
204 }
205 #ifdef HAVE_LOGIN_CAP_H
206 if (pw->pw_class) {
207 csize = strlen(pw->pw_class) + 1;
208 total += csize;
209 }
210 #endif
211 if (pw->pw_gecos) {
212 gsize = strlen(pw->pw_gecos) + 1;
213 total += gsize;
214 }
215 if (pw->pw_dir) {
216 dsize = strlen(pw->pw_dir) + 1;
217 total += dsize;
218 }
219 if (pw_shell) {
220 ssize = strlen(pw_shell) + 1;
221 total += ssize;
222 }
223 if ((cp = malloc(total)) == NULL)
224 return (NULL);
225 newpw = (struct passwd *)cp;
226
227 /*
228 * Copy in passwd contents and make strings relative to space
229 * at the end of the buffer.
230 */
231 (void)memcpy(newpw, pw, sizeof(struct passwd));
232 cp += sizeof(struct passwd);
233 if (nsize) {
234 (void)memcpy(cp, pw->pw_name, nsize);
235 newpw->pw_name = cp;
236 cp += nsize;
237 }
238 if (psize) {
239 (void)memcpy(cp, pw_passwd, psize);
240 newpw->pw_passwd = cp;
241 cp += psize;
242 }
243 #ifdef HAVE_LOGIN_CAP_H
244 if (csize) {
245 (void)memcpy(cp, pw->pw_class, csize);
246 newpw->pw_class = cp;
247 cp += csize;
248 }
249 #endif
250 if (gsize) {
251 (void)memcpy(cp, pw->pw_gecos, gsize);
252 newpw->pw_gecos = cp;
253 cp += gsize;
254 }
255 if (dsize) {
256 (void)memcpy(cp, pw->pw_dir, dsize);
257 newpw->pw_dir = cp;
258 cp += dsize;
259 }
260 if (ssize) {
261 (void)memcpy(cp, pw_shell, ssize);
262 newpw->pw_shell = cp;
263 cp += ssize;
264 }
265
266 return (newpw);
267 }
268
269 /*
270 * Get a password entry by uid and allocate space for it.
271 * Fills in pw_passwd from shadow file if necessary.
272 */
273 struct passwd *
sudo_getpwuid(uid)274 sudo_getpwuid(uid)
275 uid_t uid;
276 {
277 struct passwd *pw;
278
279 if ((pw = getpwuid(uid)) == NULL)
280 return(NULL);
281 else
282 return(sudo_pwdup(pw));
283 }
284
285 /*
286 * Get a password entry by name and allocate space for it.
287 * Fills in pw_passwd from shadow file if necessary.
288 */
289 struct passwd *
sudo_getpwnam(name)290 sudo_getpwnam(name)
291 const char *name;
292 {
293 struct passwd *pw;
294
295 if ((pw = getpwnam(name)) == NULL)
296 return(NULL);
297 else
298 return(sudo_pwdup(pw));
299 }
300