|
version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
|
Line 67
|
Line 67
|
| static int check_dce_status(error_status_t, char *); |
static int check_dce_status(error_status_t, char *); |
| |
|
| int |
int |
| dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) | sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) |
| { |
{ |
| struct passwd temp_pw; |
struct passwd temp_pw; |
| sec_passwd_rec_t password_rec; |
sec_passwd_rec_t password_rec; |
|
Line 75 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
Line 75 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
| boolean32 reset_passwd; |
boolean32 reset_passwd; |
| sec_login_auth_src_t auth_src; |
sec_login_auth_src_t auth_src; |
| error_status_t status; |
error_status_t status; |
| |
debug_decl(sudo_dce_verify, SUDO_DEBUG_AUTH) |
| |
|
| /* |
/* |
| * Create the local context of the DCE principal necessary |
* Create the local context of the DCE principal necessary |
|
Line 86 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
Line 87 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
| sec_login_no_flags, &login_context, &status)) { |
sec_login_no_flags, &login_context, &status)) { |
| |
|
| if (check_dce_status(status, "sec_login_setup_identity(1):")) |
if (check_dce_status(status, "sec_login_setup_identity(1):")) |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| |
|
| password_rec.key.key_type = sec_passwd_plain; |
password_rec.key.key_type = sec_passwd_plain; |
| password_rec.key.tagged_union.plain = (idl_char *) plain_pw; |
password_rec.key.tagged_union.plain = (idl_char *) plain_pw; |
|
Line 98 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
Line 99 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
| &reset_passwd, &auth_src, &status)) { |
&reset_passwd, &auth_src, &status)) { |
| |
|
| if (check_dce_status(status, "sec_login_validate_identity(1):")) |
if (check_dce_status(status, "sec_login_validate_identity(1):")) |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| |
|
| /* |
/* |
| * Certify that the DCE Security Server used to set |
* Certify that the DCE Security Server used to set |
|
Line 108 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
Line 109 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
| if (!sec_login_certify_identity(login_context, &status)) { |
if (!sec_login_certify_identity(login_context, &status)) { |
| (void) fprintf(stderr, "Whoa! Bogus authentication server!\n"); |
(void) fprintf(stderr, "Whoa! Bogus authentication server!\n"); |
| (void) check_dce_status(status,"sec_login_certify_identity(1):"); |
(void) check_dce_status(status,"sec_login_certify_identity(1):"); |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| } |
} |
| if (check_dce_status(status, "sec_login_certify_identity(2):")) |
if (check_dce_status(status, "sec_login_certify_identity(2):")) |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| |
|
| /* |
/* |
| * Sets the network credentials to those specified |
* Sets the network credentials to those specified |
|
Line 119 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
Line 120 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
| */ |
*/ |
| sec_login_set_context(login_context, &status); |
sec_login_set_context(login_context, &status); |
| if (check_dce_status(status, "sec_login_set_context:")) |
if (check_dce_status(status, "sec_login_set_context:")) |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| |
|
| /* |
/* |
| * Oops, your credentials were no good. Possibly |
* Oops, your credentials were no good. Possibly |
|
Line 129 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
Line 130 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
| if (auth_src != sec_login_auth_src_network) { |
if (auth_src != sec_login_auth_src_network) { |
| (void) fprintf(stderr, |
(void) fprintf(stderr, |
| "You have no network credentials.\n"); |
"You have no network credentials.\n"); |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| } |
} |
| /* Check if the password has aged and is thus no good */ |
/* Check if the password has aged and is thus no good */ |
| if (reset_passwd) { |
if (reset_passwd) { |
| (void) fprintf(stderr, |
(void) fprintf(stderr, |
| "Your DCE password needs resetting.\n"); |
"Your DCE password needs resetting.\n"); |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| } |
} |
| |
|
| /* |
/* |
|
Line 147 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
Line 148 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
| sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw, |
sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw, |
| &status); |
&status); |
| if (check_dce_status(status, "sec_login_get_pwent:")) |
if (check_dce_status(status, "sec_login_get_pwent:")) |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| |
|
| /* |
/* |
| * If we get to here, then the pwent above properly fetched |
* If we get to here, then the pwent above properly fetched |
|
Line 169 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
Line 170 dce_verify(struct passwd *pw, char *plain_pw, sudo_aut
|
| * somewhere later in the program. |
* somewhere later in the program. |
| */ |
*/ |
| sec_login_purge_context(&login_context, &status); |
sec_login_purge_context(&login_context, &status); |
| return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
| } else { |
} else { |
| if(check_dce_status(status, "sec_login_validate_identity(2):")) |
if(check_dce_status(status, "sec_login_validate_identity(2):")) |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| sec_login_purge_context(&login_context, &status); |
sec_login_purge_context(&login_context, &status); |
| if(check_dce_status(status, "sec_login_purge_context:")) |
if(check_dce_status(status, "sec_login_purge_context:")) |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| } |
} |
| } |
} |
| (void) check_dce_status(status, "sec_login_setup_identity(2):"); |
(void) check_dce_status(status, "sec_login_setup_identity(2):"); |
| return AUTH_FAILURE; | debug_return_int(AUTH_FAILURE); |
| } |
} |
| |
|
| /* Returns 0 for DCE "ok" status, 1 otherwise */ |
/* Returns 0 for DCE "ok" status, 1 otherwise */ |
|
Line 188 check_dce_status(error_status_t input_status, char *co
|
Line 189 check_dce_status(error_status_t input_status, char *co
|
| { |
{ |
| int error_stat; |
int error_stat; |
| unsigned char error_string[dce_c_error_string_len]; |
unsigned char error_string[dce_c_error_string_len]; |
| |
debug_decl(check_dce_status, SUDO_DEBUG_AUTH) |
| |
|
| if (input_status == rpc_s_ok) |
if (input_status == rpc_s_ok) |
| return 0; | debug_return_bool(0); |
| dce_error_inq_text(input_status, error_string, &error_stat); |
dce_error_inq_text(input_status, error_string, &error_stat); |
| (void) fprintf(stderr, "%s %s\n", comment, error_string); |
(void) fprintf(stderr, "%s %s\n", comment, error_string); |
| return 1; | debug_return_bool(1); |
| } |
} |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dce.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers / auth