version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.5, 2014/06/15 16:12:54
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 1999-2005, 2008, 2010-2011 | * Copyright (c) 1999-2005, 2008, 2010-2013 |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
Line 22
|
Line 22
|
#include <config.h> |
#include <config.h> |
|
|
#include <sys/types.h> |
#include <sys/types.h> |
#include <sys/param.h> |
|
#include <stdio.h> |
#include <stdio.h> |
#ifdef STDC_HEADERS |
#ifdef STDC_HEADERS |
# include <stdlib.h> |
# include <stdlib.h> |
Line 50
|
Line 49
|
#include "sudo_auth.h" |
#include "sudo_auth.h" |
|
|
int |
int |
fwtk_init(struct passwd *pw, sudo_auth *auth) | sudo_fwtk_init(struct passwd *pw, sudo_auth *auth) |
{ |
{ |
static Cfg *confp; /* Configuration entry struct */ |
static Cfg *confp; /* Configuration entry struct */ |
char resp[128]; /* Response from the server */ |
char resp[128]; /* Response from the server */ |
|
debug_decl(sudo_fwtk_init, SUDO_DEBUG_AUTH) |
|
|
if ((confp = cfg_read("sudo")) == (Cfg *)-1) { |
if ((confp = cfg_read("sudo")) == (Cfg *)-1) { |
warningx(_("unable to read fwtk config")); | warningx(U_("unable to read fwtk config")); |
return AUTH_FATAL; | debug_return_int(AUTH_FATAL); |
} |
} |
|
|
if (auth_open(confp)) { |
if (auth_open(confp)) { |
warningx(_("unable to connect to authentication server")); | warningx(U_("unable to connect to authentication server")); |
return AUTH_FATAL; | debug_return_int(AUTH_FATAL); |
} |
} |
|
|
/* Get welcome message from auth server */ |
/* Get welcome message from auth server */ |
if (auth_recv(resp, sizeof(resp))) { |
if (auth_recv(resp, sizeof(resp))) { |
warningx(_("lost connection to authentication server")); | warningx(U_("lost connection to authentication server")); |
return AUTH_FATAL; | debug_return_int(AUTH_FATAL); |
} |
} |
if (strncmp(resp, "Authsrv ready", 13) != 0) { |
if (strncmp(resp, "Authsrv ready", 13) != 0) { |
warningx(_("authentication server error:\n%s"), resp); | warningx(U_("authentication server error:\n%s"), resp); |
return AUTH_FATAL; | debug_return_int(AUTH_FATAL); |
} |
} |
|
|
return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
} |
} |
|
|
int |
int |
fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth) | sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth) |
{ |
{ |
char *pass; /* Password from the user */ |
char *pass; /* Password from the user */ |
char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */ | char buf[SUDO_CONV_REPL_MAX + 12]; /* General prupose buffer */ |
char resp[128]; /* Response from the server */ |
char resp[128]; /* Response from the server */ |
int error; |
int error; |
|
debug_decl(sudo_fwtk_verify, SUDO_DEBUG_AUTH) |
|
|
/* Send username to authentication server. */ |
/* Send username to authentication server. */ |
(void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); |
(void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); |
restart: |
restart: |
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { |
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { |
warningx(_("lost connection to authentication server")); | warningx(U_("lost connection to authentication server")); |
return AUTH_FATAL; | debug_return_int(AUTH_FATAL); |
} |
} |
|
|
/* Get the password/response from the user. */ |
/* Get the password/response from the user. */ |
Line 114 restart:
|
Line 115 restart:
|
goto restart; |
goto restart; |
} else { |
} else { |
warningx("%s", resp); |
warningx("%s", resp); |
return AUTH_FATAL; | debug_return_int(AUTH_FATAL); |
} |
} |
if (!pass) { /* ^C or error */ |
if (!pass) { /* ^C or error */ |
return AUTH_INTR; | debug_return_int(AUTH_INTR); |
} |
} |
|
|
/* Send the user's response to the server */ |
/* Send the user's response to the server */ |
(void) snprintf(buf, sizeof(buf), "response '%s'", pass); |
(void) snprintf(buf, sizeof(buf), "response '%s'", pass); |
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { |
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { |
warningx(_("lost connection to authentication server")); | warningx(U_("lost connection to authentication server")); |
error = AUTH_FATAL; |
error = AUTH_FATAL; |
goto done; |
goto done; |
} |
} |
Line 138 restart:
|
Line 139 restart:
|
warningx("%s", resp); |
warningx("%s", resp); |
error = AUTH_FAILURE; |
error = AUTH_FAILURE; |
done: |
done: |
zero_bytes(pass, strlen(pass)); | memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass)); |
zero_bytes(buf, strlen(buf)); | memset_s(buf, sizeof(buf), 0, sizeof(buf)); |
return error; | debug_return_int(error); |
} |
} |
|
|
int |
int |
fwtk_cleanup(struct passwd *pw, sudo_auth *auth) | sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth) |
{ |
{ |
|
debug_decl(sudo_fwtk_cleanup, SUDO_DEBUG_AUTH) |
|
|
auth_close(); |
auth_close(); |
return AUTH_SUCCESS; | debug_return_int(AUTH_SUCCESS); |
} |
} |