login_passwd/login_passwd.c

   1 /*      $OpenBSD: login_passwd.c,v 1.15 2018/06/13 15:02:09 reyk Exp $  */
   2
   3 /*-
   4  * Copyright (c) 2001 Hans Insulander <hin@openbsd.org>.
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  26  * SUCH DAMAGE.
  27  */
  28
  29 #include "common.h"
  30
  31 int
  32 pwd_login(char *username, char *password, char *wheel, int lastchance,
  33     char *class, struct passwd *pwd)
  34 {
  35         size_t plen;
  36         char *goodhash = NULL;
  37         int passok = 0;
  38
  39         if (wheel != NULL && strcmp(wheel, "yes") != 0) {
  40                 fprintf(back, BI_VALUE " errormsg %s\n",
  41                     "you are not in group wheel");
  42                 fprintf(back, BI_REJECT "\n");
  43                 return (AUTH_FAILED);
  44         }
  45         if (password == NULL)
  46                 return (AUTH_FAILED);
  47
  48         if (pwd)
  49                 goodhash = pwd->pw_passwd;
  50
  51         setpriority(PRIO_PROCESS, 0, -4);
  52
  53         if (pledge("stdio rpath", NULL) == -1) {
  54                 syslog(LOG_ERR, "pledge: %m");
  55                 return (AUTH_FAILED);
  56         }
  57
  58         if (crypt_checkpass(password, goodhash) == 0)
  59                 passok = 1;
  60         plen = strlen(password);
  61         explicit_bzero(password, plen);
  62
  63         if (!passok)
  64                 return (AUTH_FAILED);
  65
  66         if (login_check_expire(back, pwd, class, lastchance) == 0)
  67                 fprintf(back, BI_AUTH "\n");
  68         else
  69                 return (AUTH_FAILED);
  70
  71         return (AUTH_OK);
  72 }