login_passwd/login_passwd.c

   1 /*      $OpenBSD: login_passwd.c,v 1.10 2014/09/16 22:07:02 tedu Exp $  */
   2
   3 /*-
   4  * Copyright (c) 2001 Hans Insulander <hin@openbsd.org>.
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  26  * SUCH DAMAGE.
  27  */
  28
  29 #include "common.h"
  30
  31 int
  32 pwd_login(char *username, char *password, char *wheel, int lastchance,
  33     char *class)
  34 {
  35         struct passwd *pwd;
  36         size_t plen;
  37         char *goodhash = NULL;
  38         int passok = 0;
  39
  40         if (wheel != NULL && strcmp(wheel, "yes") != 0) {
  41                 fprintf(back, BI_VALUE " errormsg %s\n",
  42                     auth_mkvalue("you are not in group wheel"));
  43                 fprintf(back, BI_REJECT "\n");
  44                 return (AUTH_FAILED);
  45         }
  46         if (password == NULL)
  47                 return (AUTH_FAILED);
  48
  49         pwd = getpwnam_shadow(username);
  50         if (pwd)
  51                 goodhash = pwd->pw_passwd;
  52
  53         setpriority(PRIO_PROCESS, 0, -4);
  54
  55         if (pledge("stdio rpath", NULL) == -1)
  56                 err(1, "pledge");
  57
  58         if (crypt_checkpass(password, goodhash) == 0)
  59                 passok = 1;
  60         plen = strlen(password);
  61         explicit_bzero(password, plen);
  62
  63         if (!passok)
  64                 return (AUTH_FAILED);
  65
  66         if (login_check_expire(back, pwd, class, lastchance) == 0)
  67                 fprintf(back, BI_AUTH "\n");
  68         else
  69                 return (AUTH_FAILED);
  70
  71         return (AUTH_OK);
  72 }