Annotation of embedaddon/sudo/plugins/sudoers/auth/fwtk.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 1999-2005, 2008, 2010-2011
! 3: * Todd C. Miller <Todd.Miller@courtesan.com>
! 4: *
! 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
! 8: *
! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: *
! 17: * Sponsored in part by the Defense Advanced Research Projects
! 18: * Agency (DARPA) and Air Force Research Laboratory, Air Force
! 19: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
! 20: */
! 21:
! 22: #include <config.h>
! 23:
! 24: #include <sys/types.h>
! 25: #include <sys/param.h>
! 26: #include <stdio.h>
! 27: #ifdef STDC_HEADERS
! 28: # include <stdlib.h>
! 29: # include <stddef.h>
! 30: #else
! 31: # ifdef HAVE_STDLIB_H
! 32: # include <stdlib.h>
! 33: # endif
! 34: #endif /* STDC_HEADERS */
! 35: #ifdef HAVE_STRING_H
! 36: # include <string.h>
! 37: #endif /* HAVE_STRING_H */
! 38: #ifdef HAVE_STRINGS_H
! 39: # include <strings.h>
! 40: #endif /* HAVE_STRING_H */
! 41: #ifdef HAVE_UNISTD_H
! 42: # include <unistd.h>
! 43: #endif /* HAVE_UNISTD_H */
! 44: #include <pwd.h>
! 45:
! 46: #include <auth.h>
! 47: #include <firewall.h>
! 48:
! 49: #include "sudoers.h"
! 50: #include "sudo_auth.h"
! 51:
! 52: int
! 53: fwtk_init(struct passwd *pw, sudo_auth *auth)
! 54: {
! 55: static Cfg *confp; /* Configuration entry struct */
! 56: char resp[128]; /* Response from the server */
! 57:
! 58: if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
! 59: warningx(_("unable to read fwtk config"));
! 60: return AUTH_FATAL;
! 61: }
! 62:
! 63: if (auth_open(confp)) {
! 64: warningx(_("unable to connect to authentication server"));
! 65: return AUTH_FATAL;
! 66: }
! 67:
! 68: /* Get welcome message from auth server */
! 69: if (auth_recv(resp, sizeof(resp))) {
! 70: warningx(_("lost connection to authentication server"));
! 71: return AUTH_FATAL;
! 72: }
! 73: if (strncmp(resp, "Authsrv ready", 13) != 0) {
! 74: warningx(_("authentication server error:\n%s"), resp);
! 75: return AUTH_FATAL;
! 76: }
! 77:
! 78: return AUTH_SUCCESS;
! 79: }
! 80:
! 81: int
! 82: fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
! 83: {
! 84: char *pass; /* Password from the user */
! 85: char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */
! 86: char resp[128]; /* Response from the server */
! 87: int error;
! 88:
! 89: /* Send username to authentication server. */
! 90: (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name);
! 91: restart:
! 92: if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
! 93: warningx(_("lost connection to authentication server"));
! 94: return AUTH_FATAL;
! 95: }
! 96:
! 97: /* Get the password/response from the user. */
! 98: if (strncmp(resp, "challenge ", 10) == 0) {
! 99: (void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
! 100: pass = auth_getpass(buf, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
! 101: if (pass && *pass == '\0') {
! 102: pass = auth_getpass("Response [echo on]: ",
! 103: def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_ON);
! 104: }
! 105: } else if (strncmp(resp, "chalnecho ", 10) == 0) {
! 106: pass = auth_getpass(&resp[10], def_passwd_timeout * 60,
! 107: SUDO_CONV_PROMPT_ECHO_OFF);
! 108: } else if (strncmp(resp, "password", 8) == 0) {
! 109: pass = auth_getpass(prompt, def_passwd_timeout * 60,
! 110: SUDO_CONV_PROMPT_ECHO_OFF);
! 111: } else if (strncmp(resp, "display ", 8) == 0) {
! 112: fprintf(stderr, "%s\n", &resp[8]);
! 113: strlcpy(buf, "response dummy", sizeof(buf));
! 114: goto restart;
! 115: } else {
! 116: warningx("%s", resp);
! 117: return AUTH_FATAL;
! 118: }
! 119: if (!pass) { /* ^C or error */
! 120: return AUTH_INTR;
! 121: }
! 122:
! 123: /* Send the user's response to the server */
! 124: (void) snprintf(buf, sizeof(buf), "response '%s'", pass);
! 125: if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
! 126: warningx(_("lost connection to authentication server"));
! 127: error = AUTH_FATAL;
! 128: goto done;
! 129: }
! 130:
! 131: if (strncmp(resp, "ok", 2) == 0) {
! 132: error = AUTH_SUCCESS;
! 133: goto done;
! 134: }
! 135:
! 136: /* Main loop prints "Permission Denied" or insult. */
! 137: if (strcmp(resp, "Permission Denied.") != 0)
! 138: warningx("%s", resp);
! 139: error = AUTH_FAILURE;
! 140: done:
! 141: zero_bytes(pass, strlen(pass));
! 142: zero_bytes(buf, strlen(buf));
! 143: return error;
! 144: }
! 145:
! 146: int
! 147: fwtk_cleanup(struct passwd *pw, sudo_auth *auth)
! 148: {
! 149:
! 150: auth_close();
! 151: return AUTH_SUCCESS;
! 152: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>