[64] in linux-security and linux-alert archive
Re: Anyone get Sudo working w/ Shadow?
daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Wed Mar 8 12:13:28 1995
To: linux-security@tarsier.cv.nrao.edu
Date: Wed, 8 Mar 1995 12:47:31 +0100 (MEZ)
From: Marek Michalkiewicz <ind43@ci3ux.ci.pwr.wroc.pl>
In-Reply-To: <Pine.3.89.9503071239.A13852-0100000@superior> from "Rob Hardy" at Mar 7, 95 12:17:05 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
[Mod: The shadow discussion is now officially (as official as we can
make it ;-) dead. However, I'm approving this because it contains real
information (not just opinions, ideas, or guessing) in the form of a
patch to something. My initial reaction to this post was that it (the
patch) should have been directed back to the originator of the bug
question, rather than this list, but there may be others that first
heard of the problem on this list that may also be interested in fixing
this problem (or testing this fix); thus the patch may be useful to more
than just that one person. Since a new GPL/shadow list has been
created, no more shadow discussions will take place here, nor will
followups to this post be approved. Hash it out in another list or in
private e-mail please. <climbs off soapbox> --Jeff]
> I've been trying for awhile to get sudo to work with shadow passwords.
> The package says it already supports shadow but it doesn't work.
After looking at the source (version 1.2 from slackware-source, I don't know
if this is the latest version) I found that the shadow support is bogus...
Below is a patch (untested - it compiles, but I haven't tried yet if it works).
Hope this helps.
--
Marek Michalkiewicz
marekm@i17linuxa.ists.pwr.wroc.pl || ind43@ci3ux.ci.pwr.wroc.pl
diff -ur old/sudo-1.2/Makefile sudo-1.2/Makefile
--- old/sudo-1.2/Makefile Sun Mar 20 20:45:40 1994
+++ sudo-1.2/Makefile Wed Mar 8 12:43:41 1995
@@ -88,7 +88,7 @@
#
# define this for shadow passwords
- SHADOW =
+ SHADOW = -DSHADOW_PWD
CC = gcc
LEX = flex
YACC = bison -y
@@ -108,7 +108,7 @@
MANSECTION = 8
MANDIR = /usr/man/man${MANSECTION}
PROG = sudo.bin
- LIBS = -lfl
+ LIBS = -lfl -lshadow
SUNOS4 = -Bstatic
LINUX =
diff -ur old/sudo-1.2/check.c sudo-1.2/check.c
--- old/sudo-1.2/check.c Sun Dec 5 23:57:31 1993
+++ sudo-1.2/check.c Wed Mar 8 12:41:46 1995
@@ -48,6 +48,11 @@
#include <sys/types.h>
#endif
+#ifdef SHADOW_PWD
+#include <shadow.h>
+#define crypt pw_encrypt
+#endif
+
char *getpass();
static int check_timestamp();
@@ -79,7 +84,7 @@
}
rtn = check_timestamp();
#ifdef LINUX
-if ( setreuid (uid) ) { /* don't want to be root longer than necessary */
+if ( setreuid (uid, -1) ) { /* don't want to be root longer than necessary */
#else
if ( setruid (uid) ) { /* don't want to be root longer than necessary */
#endif
@@ -96,7 +101,7 @@
}
update_timestamp();
#ifdef LINUX
-if ( setreuid (uid) ) { /* don't want to be root longer than necessary */
+if ( setreuid (uid, -1) ) { /* don't want to be root longer than necessary */
#else
if ( setruid (uid) ) { /* don't want to be root longer than necessary */
#endif
@@ -217,14 +222,14 @@
static void check_passwd()
{
-#ifndef SHADOW_PWD
char *crypt();
-#endif
struct passwd *pw_ent;
char *encrypted; /* this comes from /etc/passwd */
char *pass; /* this is what gets entered */
register int counter=TRIES_FOR_PASSWORD;
-
+#ifdef SHADOW_PWD
+struct spwd *sp;
+#endif
if ( (pw_ent = getpwuid( uid )) == NULL ) {
sprintf ( user, "%u", uid );
@@ -232,7 +237,11 @@
inform_user ( GLOBAL_NO_PW_ENT );
exit (1);
}
-
+#ifdef SHADOW_PWD
+sp = getspnam(pw_ent->pw_name);
+if (sp)
+ pw_ent->pw_passwd = sp->sp_pwdp;
+#endif
encrypted = pw_ent -> pw_passwd;
/* you get TRIES_FOR_PASSWORD times to guess your password */
