810 Chapter 39
if (cap_free(empty) == -1)
return -1;return s;
}int
main(int argc, char *argv[])
{
char *username, *password, *encrypted, *p;
struct passwd *pwd;
struct spwd *spwd;
Boolean authOk;
size_t len;
long lnmax;lnmax = sysconf(_SC_LOGIN_NAME_MAX);
if (lnmax == -1) /* If limit is indeterminate */
lnmax = 256; /* make a guess */username = malloc(lnmax);
if (username == NULL)
errExit("malloc");printf("Username: ");
fflush(stdout);
if (fgets(username, lnmax, stdin) == NULL)
exit(EXIT_FAILURE); /* Exit on EOF */len = strlen(username);
if (username[len - 1] == '\n')
username[len - 1] = '\0'; /* Remove trailing '\n' */pwd = getpwnam(username);
if (pwd == NULL)
fatal("couldn't get password record");/* Only raise CAP_DAC_READ_SEARCH for as long as we need it */if (raiseCap(CAP_DAC_READ_SEARCH) == -1)
fatal("raiseCap() failed");spwd = getspnam(username);
if (spwd == NULL && errno == EACCES)
fatal("no permission to read shadow password file");/* At this point, we won't need any more capabilities,
so drop all capabilities from all sets */if (dropAllCaps() == -1)
fatal("dropAllCaps() failed");if (spwd != NULL) /* If there is a shadow password record */
pwd->pw_passwd = spwd->sp_pwdp; /* Use the shadow password */