Annotation of embedaddon/sudo/plugins/sudoers/auth/aix_auth.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (c) 1999-2005, 2007-2011 Todd C. Miller <Todd.Miller@courtesan.com>
3: *
4: * Permission to use, copy, modify, and distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
7: *
8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15: *
16: * Sponsored in part by the Defense Advanced Research Projects
17: * Agency (DARPA) and Air Force Research Laboratory, Air Force
18: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
19: */
20:
21: #include <config.h>
22:
23: #include <sys/types.h>
24: #include <sys/param.h>
25: #include <stdio.h>
26: #ifdef STDC_HEADERS
27: # include <stdlib.h>
28: # include <stddef.h>
29: #else
30: # ifdef HAVE_STDLIB_H
31: # include <stdlib.h>
32: # endif
33: #endif /* STDC_HEADERS */
34: #ifdef HAVE_STRING_H
35: # include <string.h>
36: #endif /* HAVE_STRING_H */
37: #ifdef HAVE_STRINGS_H
38: # include <strings.h>
39: #endif /* HAVE_STRING_H */
40: #ifdef HAVE_UNISTD_H
41: # include <unistd.h>
42: #endif /* HAVE_UNISTD_H */
43: #include <pwd.h>
44: #include <usersec.h>
45:
46: #include "sudoers.h"
47: #include "sudo_auth.h"
48:
49: /*
50: * For a description of the AIX authentication API, see
51: * http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm
52: */
53: int
54: aixauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
55: {
56: char *pass, *message = NULL;
57: int result = 1, reenter = 0;
58: int rval = AUTH_SUCCESS;
59:
60: do {
61: pass = auth_getpass(prompt, def_passwd_timeout * 60,
62: SUDO_CONV_PROMPT_ECHO_OFF);
63: if (pass == NULL)
64: break;
65: efree(message);
66: message = NULL;
67: result = authenticate(pw->pw_name, pass, &reenter, &message);
68: zero_bytes(pass, strlen(pass));
69: prompt = message;
70: } while (reenter);
71:
72: if (result != 0) {
73: /* Display error message, if any. */
74: if (message != NULL) {
75: struct sudo_conv_message msg;
76: struct sudo_conv_reply repl;
77:
78: memset(&msg, 0, sizeof(msg));
79: msg.msg_type = SUDO_CONV_ERROR_MSG;
80: msg.msg = message;
81: memset(&repl, 0, sizeof(repl));
82: sudo_conv(1, &msg, &repl);
83: }
84: rval = pass ? AUTH_FAILURE : AUTH_INTR;
85: }
86: efree(message);
87: return rval;
88: }
89:
90: int
91: aixauth_cleanup(struct passwd *pw, sudo_auth *auth)
92: {
93: /* Unset AUTHSTATE as it may not be correct for the runas user. */
94: unsetenv("AUTHSTATE");
95:
96: return AUTH_SUCCESS;
97: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>