|
version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
|
Line 51
|
Line 51
|
| #include "sudoers.h" |
#include "sudoers.h" |
| #include "sudo_auth.h" |
#include "sudo_auth.h" |
| |
|
| extern char *login_style; /* from sudo.c */ | # ifndef LOGIN_DEFROOTCLASS |
| | # define LOGIN_DEFROOTCLASS "daemon" |
| | # endif |
| |
|
| |
extern char *login_style; /* from sudoers.c */ |
| |
|
| |
struct bsdauth_state { |
| |
auth_session_t *as; |
| |
login_cap_t *lc; |
| |
}; |
| |
|
| int |
int |
| bsdauth_init(struct passwd *pw, sudo_auth *auth) |
bsdauth_init(struct passwd *pw, sudo_auth *auth) |
| { |
{ |
| static auth_session_t *as; | static struct bsdauth_state state; |
| extern login_cap_t *lc; /* from sudo.c */ | debug_decl(bsdauth_init, SUDO_DEBUG_AUTH) |
| |
|
| if ((as = auth_open()) == NULL) { | /* Get login class based on auth user, which may not be invoking user. */ |
| log_error(USE_ERRNO|NO_EXIT|NO_MAIL, | if (pw->pw_class && *pw->pw_class) |
| | state.lc = login_getclass(pw->pw_class); |
| | else |
| | state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS); |
| | if (state.lc == NULL) { |
| | log_error(USE_ERRNO|NO_MAIL, |
| | _("unable to get login class for user %s"), pw->pw_name); |
| | debug_return_int(AUTH_FATAL); |
| | } |
| | |
| | if ((state.as = auth_open()) == NULL) { |
| | log_error(USE_ERRNO|NO_MAIL, |
| _("unable to begin bsd authentication")); |
_("unable to begin bsd authentication")); |
| return AUTH_FATAL; | login_close(state.lc); |
| | debug_return_int(AUTH_FATAL); |
| } |
} |
| |
|
| /* XXX - maybe sanity check the auth style earlier? */ |
/* XXX - maybe sanity check the auth style earlier? */ |
| login_style = login_getstyle(lc, login_style, "auth-sudo"); | login_style = login_getstyle(state.lc, login_style, "auth-sudo"); |
| if (login_style == NULL) { |
if (login_style == NULL) { |
| log_error(NO_EXIT|NO_MAIL, _("invalid authentication type")); | log_error(NO_MAIL, _("invalid authentication type")); |
| auth_close(as); | auth_close(state.as); |
| return AUTH_FATAL; | login_close(state.lc); |
| | debug_return_int(AUTH_FATAL); |
| } |
} |
| |
|
| if (auth_setitem(as, AUTHV_STYLE, login_style) < 0 || | if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 || |
| auth_setitem(as, AUTHV_NAME, pw->pw_name) < 0 || | auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 || |
| auth_setitem(as, AUTHV_CLASS, login_class) < 0) { | auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) { |
| log_error(NO_EXIT|NO_MAIL, _("unable to setup authentication")); | log_error(NO_MAIL, _("unable to setup authentication")); |
| auth_close(as); | auth_close(state.as); |
| return AUTH_FATAL; | login_close(state.lc); |
| | debug_return_int(AUTH_FATAL); |
| } |
} |
| |
|
| auth->data = (void *) as; | auth->data = (void *) &state; |
| return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
| } |
} |
| |
|
| int |
int |
|
Line 93 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
Line 116 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
| size_t len; |
size_t len; |
| int authok = 0; |
int authok = 0; |
| sigaction_t sa, osa; |
sigaction_t sa, osa; |
| auth_session_t *as = (auth_session_t *) auth->data; | auth_session_t *as = ((struct bsdauth_state *) auth->data)->as; |
| | debug_decl(bsdauth_verify, SUDO_DEBUG_AUTH) |
| |
|
| /* save old signal handler */ |
/* save old signal handler */ |
| sigemptyset(&sa.sa_mask); |
sigemptyset(&sa.sa_mask); |
|
Line 140 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
Line 164 bsdauth_verify(struct passwd *pw, char *prompt, sudo_a
|
| (void) sigaction(SIGCHLD, &osa, NULL); |
(void) sigaction(SIGCHLD, &osa, NULL); |
| |
|
| if (authok) |
if (authok) |
| return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
| |
|
| if (!pass) |
if (!pass) |
| return AUTH_INTR; | debug_return_int(AUTH_INTR); |
| |
|
| if ((s = auth_getvalue(as, "errormsg")) != NULL) |
if ((s = auth_getvalue(as, "errormsg")) != NULL) |
| log_error(NO_EXIT|NO_MAIL, "%s", s); | log_error(NO_MAIL, "%s", s); |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| } |
} |
| |
|
| int |
int |
| bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) |
bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) |
| { |
{ |
| auth_session_t *as = (auth_session_t *) auth->data; | struct bsdauth_state *state = auth->data; |
| | debug_decl(bsdauth_cleanup, SUDO_DEBUG_AUTH) |
| |
|
| auth_close(as); | if (state != NULL) { |
| | auth_close(state->as); |
| | login_close(state->lc); |
| | } |
| |
|
| return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
| } |
} |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bsdauth.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers / auth