auth-shadow.c

   1 /* auth-shadow.c -- shadow authentification routine for vlock,
   2  *                   the VT locking program for linux
   3  *
   4  * This program is copyright (C) 2007 Frank Benkstein, and is free
   5  * software which is freely distributable under the terms of the
   6  * GNU General Public License version 2, included as the file COPYING in this
   7  * distribution.  It is NOT public domain software, and any
   8  * redistribution not permitted by the GNU General Public License is
   9  * expressly forbidden without prior written permission from
  10  * the author.
  11  *
  12  */
  13
  14 #define _XOPEN_SOURCE
  15 #include <unistd.h>
  16 #include <stdio.h>
  17 #include <string.h>
  18
  19 #include <sys/mman.h>
  20
  21 #include <shadow.h>
  22
  23 #define PWD_BUFFER_SIZE 256
  24
  25 /* Try to authenticate the user.  When the user is successfully authenticated
  26  * this function returns 1.  When the authentication fails for whatever reason
  27  * the function returns 0.
  28  */
  29 int auth(const char *user) {
  30   char buffer[PWD_BUFFER_SIZE];
  31   size_t pwlen;
  32   char *cryptpw;
  33   struct spwd *spw;
  34   int result = 0;
  35
  36   /* lock the password buffer */
  37   (void) mlock(buffer, sizeof buffer);
  38
  39   /* write out the prompt */
  40   fprintf(stderr, "%s's Password: ", user); fflush(stderr);
  41
  42   /* read the password */
  43   if (fgets(buffer, sizeof buffer, stdin) == NULL)
  44     goto out;
  45
  46   /* put newline */
  47   fputc('\n', stderr);
  48
  49   pwlen = strlen(buffer);
  50
  51   /* strip the newline */
  52   if (buffer[pwlen-1] == '\n')
  53     buffer[pwlen-1] = '\0';
  54
  55   /* get the shadow password */
  56   if ((spw = getspnam(user)) == NULL)
  57     goto out_shadow;
  58
  59   /* hash the password */
  60   if ((cryptpw = crypt(buffer, spw->sp_pwdp)) == NULL) {
  61     perror("vlock: crypt()");
  62     goto out_shadow;
  63   }
  64
  65   /* XXX: sp_lstchg, sp_min, sp_inact, sp_expire should also be checked here */
  66
  67   result = strcmp(cryptpw, spw->sp_pwdp) == 0;
  68
  69 out_shadow:
  70   /* deallocate shadow resources */
  71   endspent();
  72
  73 out:
  74   /* clear the buffer */
  75   memset(buffer, 0, sizeof buffer);
  76
  77   /* unlock the password buffer */
  78   (void) munlock(buffer, sizeof buffer);
  79
  80   return result;
  81 }