1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
#include "error.h"
#include "exit.h"
#include "pathexec.h"
#include "prot.h"
extern char *crypt();
#include <pwd.h>
#include <stdlib.h> /* for getenv */
static struct passwd *pw;
#include "hasspnam.h"
#ifdef HASGETSPNAM
#include <shadow.h>
static struct spwd *spw;
#endif
#include "hasuserpw.h"
#ifdef HASUSERPW
#include <userpw.h>
static struct userpw *upw;
#endif
#ifdef NASTY_DEBUG
# include <stdio.h>
#endif
static char up[513];
static int uplen;
main(int argc,char **argv)
{
char *login;
char *password;
char *encrypted;
char *stored;
int r;
int i;
int unit = 3;
char* unit_str = getenv("CHECKPASSWORD_UNIT");
if (unit_str) unit = atoi(unit_str);
if (!argv[1]) _exit(2);
uplen = 0;
for (;;) {
do
r = read(unit, up + uplen,sizeof(up) - uplen);
while ((r == -1) && (errno == error_intr));
if (r == -1) _exit(111);
if (r == 0) break;
uplen += r;
if (uplen >= sizeof(up)) _exit(1);
}
close(unit);
i = 0;
if (i >= uplen) _exit(2);
login = up + i;
while (up[i++]) if (i >= uplen) _exit(2);
password = up + i;
if (i >= uplen) _exit(2);
while (up[i++]) if (i >= uplen) _exit(2);
#ifdef NASTY_DEBUG
fprintf(stderr, "checkpassw called with '%s' '%s'\n",
login, password);
#endif
pw = getpwnam(login);
if (pw)
stored = pw->pw_passwd;
else {
if (errno == error_txtbsy) _exit(111);
_exit(1);
}
#ifdef HASUSERPW
upw = getuserpw(login);
if (upw)
stored = upw->upw_passwd;
else
if (errno == error_txtbsy) _exit(111);
#endif
#ifdef HASGETSPNAM
spw = getspnam(login);
if (spw)
stored = spw->sp_pwdp;
else
if (errno == error_txtbsy) _exit(111);
#endif
if (!stored) _exit(1);
encrypted = crypt(password,stored);
for (i = 0;i < sizeof(up);++i) up[i] = 0; // don't leave it lying around
if (!*stored || strcmp(encrypted,stored)) _exit(1);
// OK, the password checks out:
if (argv[1][0] == '-' && argv[1][1] == 0) _exit(0);
if (prot_gid((int) pw->pw_gid) == -1) _exit(1);
if (prot_uid((int) pw->pw_uid) == -1) _exit(1);
if (chdir(pw->pw_dir) == -1) _exit(111);
if (!pathexec_env("USER",pw->pw_name)) _exit(111);
if (!pathexec_env("HOME",pw->pw_dir)) _exit(111);
if (!pathexec_env("SHELL",pw->pw_shell)) _exit(111);
pathexec(argv + 1);
_exit(111);
}
|