Annotation of embedaddon/sudo/plugins/sudoers/auth/dce.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 1996, 1998-2005, 2010-2011
! 3: * Todd C. Miller <Todd.Miller@courtesan.com>
! 4: *
! 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
! 8: *
! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
! 17: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
! 18: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 19: *
! 20: * Sponsored in part by the Defense Advanced Research Projects
! 21: * Agency (DARPA) and Air Force Research Laboratory, Air Force
! 22: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
! 23: */
! 24: /*
! 25: * The code below basically comes from the examples supplied on
! 26: * the OSF DCE 1.0.3 manpages for the sec_login routines, with
! 27: * enough additional polishing to make the routine work with the
! 28: * rest of sudo.
! 29: *
! 30: * This code is known to work on HP 700 and 800 series systems
! 31: * running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
! 32: * (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
! 33: * DCE 1.1).
! 34: */
! 35:
! 36: #include <config.h>
! 37:
! 38: #include <sys/types.h>
! 39: #include <sys/param.h>
! 40: #include <stdio.h>
! 41: #ifdef STDC_HEADERS
! 42: # include <stdlib.h>
! 43: # include <stddef.h>
! 44: #else
! 45: # ifdef HAVE_STDLIB_H
! 46: # include <stdlib.h>
! 47: # endif
! 48: #endif /* STDC_HEADERS */
! 49: #ifdef HAVE_STRING_H
! 50: # include <string.h>
! 51: #endif /* HAVE_STRING_H */
! 52: #ifdef HAVE_STRINGS_H
! 53: # include <strings.h>
! 54: #endif /* HAVE_STRING_H */
! 55: #ifdef HAVE_UNISTD_H
! 56: # include <unistd.h>
! 57: #endif /* HAVE_UNISTD_H */
! 58: #include <pwd.h>
! 59:
! 60: #include <dce/rpc.h>
! 61: #include <dce/sec_login.h>
! 62: #include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
! 63:
! 64: #include "sudoers.h"
! 65: #include "sudo_auth.h"
! 66:
! 67: static int check_dce_status(error_status_t, char *);
! 68:
! 69: int
! 70: dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth)
! 71: {
! 72: struct passwd temp_pw;
! 73: sec_passwd_rec_t password_rec;
! 74: sec_login_handle_t login_context;
! 75: boolean32 reset_passwd;
! 76: sec_login_auth_src_t auth_src;
! 77: error_status_t status;
! 78:
! 79: /*
! 80: * Create the local context of the DCE principal necessary
! 81: * to perform authenticated network operations. The network
! 82: * identity set up by this operation cannot be used until it
! 83: * is validated via sec_login_validate_identity().
! 84: */
! 85: if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
! 86: sec_login_no_flags, &login_context, &status)) {
! 87:
! 88: if (check_dce_status(status, "sec_login_setup_identity(1):"))
! 89: return AUTH_FAILURE;
! 90:
! 91: password_rec.key.key_type = sec_passwd_plain;
! 92: password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
! 93: password_rec.pepper = NULL;
! 94: password_rec.version_number = sec_passwd_c_version_none;
! 95:
! 96: /* Validate the login context with the password */
! 97: if (sec_login_validate_identity(login_context, &password_rec,
! 98: &reset_passwd, &auth_src, &status)) {
! 99:
! 100: if (check_dce_status(status, "sec_login_validate_identity(1):"))
! 101: return AUTH_FAILURE;
! 102:
! 103: /*
! 104: * Certify that the DCE Security Server used to set
! 105: * up and validate a login context is legitimate. Makes
! 106: * sure that we didn't get spoofed by another DCE server.
! 107: */
! 108: if (!sec_login_certify_identity(login_context, &status)) {
! 109: (void) fprintf(stderr, "Whoa! Bogus authentication server!\n");
! 110: (void) check_dce_status(status,"sec_login_certify_identity(1):");
! 111: return AUTH_FAILURE;
! 112: }
! 113: if (check_dce_status(status, "sec_login_certify_identity(2):"))
! 114: return AUTH_FAILURE;
! 115:
! 116: /*
! 117: * Sets the network credentials to those specified
! 118: * by the now validated login context.
! 119: */
! 120: sec_login_set_context(login_context, &status);
! 121: if (check_dce_status(status, "sec_login_set_context:"))
! 122: return AUTH_FAILURE;
! 123:
! 124: /*
! 125: * Oops, your credentials were no good. Possibly
! 126: * caused by clock times out of adjustment between
! 127: * DCE client and DCE security server...
! 128: */
! 129: if (auth_src != sec_login_auth_src_network) {
! 130: (void) fprintf(stderr,
! 131: "You have no network credentials.\n");
! 132: return AUTH_FAILURE;
! 133: }
! 134: /* Check if the password has aged and is thus no good */
! 135: if (reset_passwd) {
! 136: (void) fprintf(stderr,
! 137: "Your DCE password needs resetting.\n");
! 138: return AUTH_FAILURE;
! 139: }
! 140:
! 141: /*
! 142: * We should be a valid user by this point. Pull the
! 143: * user's password structure from the DCE security
! 144: * server just to make sure. If we get it with no
! 145: * problems, then we really are legitimate...
! 146: */
! 147: sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
! 148: &status);
! 149: if (check_dce_status(status, "sec_login_get_pwent:"))
! 150: return AUTH_FAILURE;
! 151:
! 152: /*
! 153: * If we get to here, then the pwent above properly fetched
! 154: * the password structure from the DCE registry, so the user
! 155: * must be valid. We don't really care what the user's
! 156: * registry password is, just that the user could be
! 157: * validated. In fact, if we tried to compare the local
! 158: * password to the DCE entry at this point, the operation
! 159: * would fail if the hidden password feature is turned on,
! 160: * because the password field would contain an asterisk.
! 161: * Also go ahead and destroy the user's DCE login context
! 162: * before we leave here (and don't bother checking the
! 163: * status), in order to clean up credentials files in
! 164: * /opt/dcelocal/var/security/creds. By doing this, we are
! 165: * assuming that the user will not need DCE authentication
! 166: * later in the program, only local authentication. If this
! 167: * is not true, then the login_context will have to be
! 168: * returned to the calling program, and the context purged
! 169: * somewhere later in the program.
! 170: */
! 171: sec_login_purge_context(&login_context, &status);
! 172: return AUTH_SUCCESS;
! 173: } else {
! 174: if(check_dce_status(status, "sec_login_validate_identity(2):"))
! 175: return AUTH_FAILURE;
! 176: sec_login_purge_context(&login_context, &status);
! 177: if(check_dce_status(status, "sec_login_purge_context:"))
! 178: return AUTH_FAILURE;
! 179: }
! 180: }
! 181: (void) check_dce_status(status, "sec_login_setup_identity(2):");
! 182: return AUTH_FAILURE;
! 183: }
! 184:
! 185: /* Returns 0 for DCE "ok" status, 1 otherwise */
! 186: static int
! 187: check_dce_status(error_status_t input_status, char *comment)
! 188: {
! 189: int error_stat;
! 190: unsigned char error_string[dce_c_error_string_len];
! 191:
! 192: if (input_status == rpc_s_ok)
! 193: return 0;
! 194: dce_error_inq_text(input_status, error_string, &error_stat);
! 195: (void) fprintf(stderr, "%s %s\n", comment, error_string);
! 196: return 1;
! 197: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>