version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
Line 51
|
Line 51
|
#include "sudoers.h" |
#include "sudoers.h" |
#include "sudo_auth.h" |
#include "sudo_auth.h" |
|
|
extern char *login_style; /* from sudo.c */ | # ifndef LOGIN_DEFROOTCLASS |
| # define LOGIN_DEFROOTCLASS "daemon" |
| # endif |
|
|
|
extern char *login_style; /* from sudoers.c */ |
|
|
|
struct bsdauth_state { |
|
auth_session_t *as; |
|
login_cap_t *lc; |
|
}; |
|
|
int |
int |
bsdauth_init(struct passwd *pw, sudo_auth *auth) |
bsdauth_init(struct passwd *pw, sudo_auth *auth) |
{ |
{ |
static auth_session_t *as; | static struct bsdauth_state state; |
extern login_cap_t *lc; /* from sudo.c */ | debug_decl(bsdauth_init, SUDO_DEBUG_AUTH) |
|
|
if ((as = auth_open()) == NULL) { | /* Get login class based on auth user, which may not be invoking user. */ |
log_error(USE_ERRNO|NO_EXIT|NO_MAIL, | if (pw->pw_class && *pw->pw_class) |
| state.lc = login_getclass(pw->pw_class); |
| else |
| state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS); |
| if (state.lc == NULL) { |
| log_error(USE_ERRNO|NO_MAIL, |
| _("unable to get login class for user %s"), pw->pw_name); |
| debug_return_int(AUTH_FATAL); |
| } |
| |
| if ((state.as = auth_open()) == NULL) { |
| log_error(USE_ERRNO|NO_MAIL, |
_("unable to begin bsd authentication")); |
_("unable to begin bsd authentication")); |
return AUTH_FATAL; | login_close(state.lc); |
| debug_return_int(AUTH_FATAL); |
} |
} |
|
|
/* XXX - maybe sanity check the auth style earlier? */ |
/* XXX - maybe sanity check the auth style earlier? */ |
login_style = login_getstyle(lc, login_style, "auth-sudo"); | login_style = login_getstyle(state.lc, login_style, "auth-sudo"); |
if (login_style == NULL) { |
if (login_style == NULL) { |
log_error(NO_EXIT|NO_MAIL, _("invalid authentication type")); | log_error(NO_MAIL, _("invalid authentication type")); |
auth_close(as); | auth_close(state.as); |
return AUTH_FATAL; | login_close(state.lc); |
| debug_return_int(AUTH_FATAL); |
} |
} |
|
|
if (auth_setitem(as, AUTHV_STYLE, login_style) < 0 || | if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 || |
auth_setitem(as, AUTHV_NAME, pw->pw_name) < 0 || | auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 || |
auth_setitem(as, AUTHV_CLASS, login_class) < 0) { | auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) { |
log_error(NO_EXIT|NO_MAIL, _("unable to setup authentication")); | log_error(NO_MAIL, _("unable to setup authentication")); |
auth_close(as); | auth_close(state.as); |
return AUTH_FATAL; | login_close(state.lc); |
| debug_return_int(AUTH_FATAL); |
} |
} |
|
|
auth->data = (void *) as; | auth->data = (void *) &state; |
return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
} |
} |
|
|
int |
int |
Line 93 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
Line 116 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
size_t len; |
size_t len; |
int authok = 0; |
int authok = 0; |
sigaction_t sa, osa; |
sigaction_t sa, osa; |
auth_session_t *as = (auth_session_t *) auth->data; | auth_session_t *as = ((struct bsdauth_state *) auth->data)->as; |
| debug_decl(bsdauth_verify, SUDO_DEBUG_AUTH) |
|
|
/* save old signal handler */ |
/* save old signal handler */ |
sigemptyset(&sa.sa_mask); |
sigemptyset(&sa.sa_mask); |
Line 140 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
Line 164 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
(void) sigaction(SIGCHLD, &osa, NULL); |
(void) sigaction(SIGCHLD, &osa, NULL); |
|
|
if (authok) |
if (authok) |
return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
|
|
if (!pass) |
if (!pass) |
return AUTH_INTR; | debug_return_int(AUTH_INTR); |
|
|
if ((s = auth_getvalue(as, "errormsg")) != NULL) |
if ((s = auth_getvalue(as, "errormsg")) != NULL) |
log_error(NO_EXIT|NO_MAIL, "%s", s); | log_error(NO_MAIL, "%s", s); |
return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
} |
} |
|
|
int |
int |
bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) |
bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) |
{ |
{ |
auth_session_t *as = (auth_session_t *) auth->data; | struct bsdauth_state *state = auth->data; |
| debug_decl(bsdauth_cleanup, SUDO_DEBUG_AUTH) |
|
|
auth_close(as); | if (state != NULL) { |
| auth_close(state->as); |
| login_close(state->lc); |
| } |
|
|
return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
} |
} |