isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for getpwnam_shadow() on OpenBSD

Browse Source
This commit is contained in:
Todd C. Miller
2016-11-17 17:55:44 -07:00
parent f70f595b5b
commit 695784e6ee
4 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config.h.in
View File

@@ -289,6 +289,9 @@
passwords). */ passwords). */
#undef HAVE_GETPRPWNAM #undef HAVE_GETPRPWNAM
/* Define to 1 if you have the `getpwnam_shadow' function. */
#undef HAVE_GETPWNAM_SHADOW
/* Define to 1 if you have the `getresuid' function. */ /* Define to 1 if you have the `getresuid' function. */
#undef HAVE_GETRESUID #undef HAVE_GETRESUID

6
configure vendored
View File

@@ -15633,7 +15633,7 @@ done
# OpenBSD has a real setreuid(2) starting with 3.3 but # OpenBSD has a real setreuid(2) starting with 3.3 but
# we will use setresuid(2) instead. # we will use setresuid(2) instead.
SKIP_SETREUID=yes SKIP_SETREUID=yes
CHECKSHADOW="false"
# OpenBSD >= 3.0 supports BSD auth # OpenBSD >= 3.0 supports BSD auth
if test -z "$with_bsdauth"; then if test -z "$with_bsdauth"; then
if test "$OSMAJOR" -ge 3; then if test "$OSMAJOR" -ge 3; then
@@ -15642,6 +15642,9 @@ done
fi fi
: ${with_logincap='maybe'} : ${with_logincap='maybe'}
# Newer OpenBSD only fills in pw_password for getpwnam_shadow()
shadow_funcs="getpwnam_shadow"
# Examples go in share/examples/sudo # Examples go in share/examples/sudo
if test X"$with_exampledir" = X""; then if test X"$with_exampledir" = X""; then
exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
@@ -28050,5 +28053,6 @@ fi

6
configure.ac
View File

@@ -2037,7 +2037,7 @@ case "$host" in
# OpenBSD has a real setreuid(2) starting with 3.3 but # OpenBSD has a real setreuid(2) starting with 3.3 but
# we will use setresuid(2) instead. # we will use setresuid(2) instead.
SKIP_SETREUID=yes SKIP_SETREUID=yes
CHECKSHADOW="false"
# OpenBSD >= 3.0 supports BSD auth # OpenBSD >= 3.0 supports BSD auth
if test -z "$with_bsdauth"; then if test -z "$with_bsdauth"; then
if test "$OSMAJOR" -ge 3; then if test "$OSMAJOR" -ge 3; then
@@ -2046,6 +2046,9 @@ case "$host" in
fi fi
: ${with_logincap='maybe'} : ${with_logincap='maybe'}
# Newer OpenBSD only fills in pw_password for getpwnam_shadow()
shadow_funcs="getpwnam_shadow"
# Examples go in share/examples/sudo # Examples go in share/examples/sudo
if test X"$with_exampledir" = X""; then if test X"$with_exampledir" = X""; then
exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
@@ -4295,6 +4298,7 @@ AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcnt
AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).]) AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).])
AH_TEMPLATE(HAVE_GETPWNAM_SHADOW, [Define to 1 if you have the `getpwnam_shadow' function.])
AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).]) AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).])
AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])

8
plugins/sudoers/getspwuid.c
View File

@@ -72,6 +72,14 @@ sudo_getepw(const struct passwd *pw)
goto done; goto done;
#endif /* HAVE_ISCOMSEC */ #endif /* HAVE_ISCOMSEC */
#ifdef HAVE_GETPWNAM_SHADOW
{
struct passwd *spw;
if ((spw = getpwnam_shadow(pw->pw_name)) != NULL)
epw = spw->pw_passwd;
}
#endif /* HAVE_GETPWNAM_SHADOW */
#ifdef HAVE_GETPRPWNAM #ifdef HAVE_GETPRPWNAM
{ {
struct pr_passwd *spw; struct pr_passwd *spw;