|
version 1.1, 2012/02/21 16:23:02
|
version 1.1.1.5, 2014/06/15 16:12:54
|
|
Line 1
|
Line 1
|
| /* |
/* |
| * Copyright (c) 2000-2005, 2007-2008, 2010-2011 | * Copyright (c) 2000-2005, 2007-2008, 2010-2013 |
| * Todd C. Miller <Todd.Miller@courtesan.com> |
* Todd C. Miller <Todd.Miller@courtesan.com> |
| * |
* |
| * Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
|
Line 22
|
Line 22
|
| #include <config.h> |
#include <config.h> |
| |
|
| #include <sys/types.h> |
#include <sys/types.h> |
| #include <sys/param.h> |
|
| #include <stdio.h> |
#include <stdio.h> |
| #ifdef STDC_HEADERS |
#ifdef STDC_HEADERS |
| # include <stdlib.h> |
# include <stdlib.h> |
|
Line 51
|
Line 50
|
| #include "sudoers.h" |
#include "sudoers.h" |
| #include "sudo_auth.h" |
#include "sudo_auth.h" |
| |
|
| extern char *login_style; /* from sudo.c */ | # ifndef LOGIN_DEFROOTCLASS |
| | # define LOGIN_DEFROOTCLASS "daemon" |
| | # endif |
| |
|
| |
struct bsdauth_state { |
| |
auth_session_t *as; |
| |
login_cap_t *lc; |
| |
}; |
| |
|
| int |
int |
| bsdauth_init(struct passwd *pw, sudo_auth *auth) |
bsdauth_init(struct passwd *pw, sudo_auth *auth) |
| { |
{ |
| static auth_session_t *as; | static struct bsdauth_state state; |
| extern login_cap_t *lc; /* from sudo.c */ | debug_decl(bsdauth_init, SUDO_DEBUG_AUTH) |
| |
|
| if ((as = auth_open()) == NULL) { | /* Get login class based on auth user, which may not be invoking user. */ |
| log_error(USE_ERRNO|NO_EXIT|NO_MAIL, | if (pw->pw_class && *pw->pw_class) |
| _("unable to begin bsd authentication")); | state.lc = login_getclass(pw->pw_class); |
| return AUTH_FATAL; | else |
| | state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS); |
| | if (state.lc == NULL) { |
| | log_warning(USE_ERRNO|NO_MAIL, |
| | N_("unable to get login class for user %s"), pw->pw_name); |
| | debug_return_int(AUTH_FATAL); |
| } |
} |
| |
|
| |
if ((state.as = auth_open()) == NULL) { |
| |
log_warning(USE_ERRNO|NO_MAIL, |
| |
N_("unable to begin bsd authentication")); |
| |
login_close(state.lc); |
| |
debug_return_int(AUTH_FATAL); |
| |
} |
| |
|
| /* XXX - maybe sanity check the auth style earlier? */ |
/* XXX - maybe sanity check the auth style earlier? */ |
| login_style = login_getstyle(lc, login_style, "auth-sudo"); | login_style = login_getstyle(state.lc, login_style, "auth-sudo"); |
| if (login_style == NULL) { |
if (login_style == NULL) { |
| log_error(NO_EXIT|NO_MAIL, _("invalid authentication type")); | log_warning(NO_MAIL, N_("invalid authentication type")); |
| auth_close(as); | auth_close(state.as); |
| return AUTH_FATAL; | login_close(state.lc); |
| | debug_return_int(AUTH_FATAL); |
| } |
} |
| |
|
| if (auth_setitem(as, AUTHV_STYLE, login_style) < 0 || | if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 || |
| auth_setitem(as, AUTHV_NAME, pw->pw_name) < 0 || | auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 || |
| auth_setitem(as, AUTHV_CLASS, login_class) < 0) { | auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) { |
| log_error(NO_EXIT|NO_MAIL, _("unable to setup authentication")); | log_warning(NO_MAIL, N_("unable to initialize BSD authentication")); |
| auth_close(as); | auth_close(state.as); |
| return AUTH_FATAL; | login_close(state.lc); |
| | debug_return_int(AUTH_FATAL); |
| } |
} |
| |
|
| auth->data = (void *) as; | auth->data = (void *) &state; |
| return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
| } |
} |
| |
|
| int |
int |
|
Line 93 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
Line 113 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
| size_t len; |
size_t len; |
| int authok = 0; |
int authok = 0; |
| sigaction_t sa, osa; |
sigaction_t sa, osa; |
| auth_session_t *as = (auth_session_t *) auth->data; | auth_session_t *as = ((struct bsdauth_state *) auth->data)->as; |
| | debug_decl(bsdauth_verify, SUDO_DEBUG_AUTH) |
| |
|
| /* save old signal handler */ |
/* save old signal handler */ |
| sigemptyset(&sa.sa_mask); |
sigemptyset(&sa.sa_mask); |
|
Line 133 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
Line 154 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
| |
|
| if (pass) { |
if (pass) { |
| authok = auth_userresponse(as, pass, 1); |
authok = auth_userresponse(as, pass, 1); |
| zero_bytes(pass, strlen(pass)); | memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass)); |
| } |
} |
| |
|
| /* restore old signal handler */ |
/* restore old signal handler */ |
| (void) sigaction(SIGCHLD, &osa, NULL); |
(void) sigaction(SIGCHLD, &osa, NULL); |
| |
|
| if (authok) |
if (authok) |
| return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
| |
|
| if (!pass) |
if (!pass) |
| return AUTH_INTR; | debug_return_int(AUTH_INTR); |
| |
|
| if ((s = auth_getvalue(as, "errormsg")) != NULL) |
if ((s = auth_getvalue(as, "errormsg")) != NULL) |
| log_error(NO_EXIT|NO_MAIL, "%s", s); | log_warning(NO_MAIL, "%s", s); |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| } |
} |
| |
|
| int |
int |
| bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) |
bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) |
| { |
{ |
| auth_session_t *as = (auth_session_t *) auth->data; | struct bsdauth_state *state = auth->data; |
| | debug_decl(bsdauth_cleanup, SUDO_DEBUG_AUTH) |
| |
|
| auth_close(as); | if (state != NULL) { |
| | auth_close(state->as); |
| | login_close(state->lc); |
| | } |
| |
|
| return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
| } |
} |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bsdauth.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers / auth