Annotation of embedaddon/sudo/plugins/sudoers/auth/kerb4.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 1999-2005, 2007, 2010-2011
! 3: * Todd C. Miller <Todd.Miller@courtesan.com>
! 4: *
! 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
! 8: *
! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: *
! 17: * Sponsored in part by the Defense Advanced Research Projects
! 18: * Agency (DARPA) and Air Force Research Laboratory, Air Force
! 19: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
! 20: */
! 21:
! 22: #include <config.h>
! 23:
! 24: #include <sys/types.h>
! 25: #include <sys/param.h>
! 26: #include <stdio.h>
! 27: #ifdef STDC_HEADERS
! 28: # include <stdlib.h>
! 29: # include <stddef.h>
! 30: #else
! 31: # ifdef HAVE_STDLIB_H
! 32: # include <stdlib.h>
! 33: # endif
! 34: #endif /* STDC_HEADERS */
! 35: #ifdef HAVE_STRING_H
! 36: # include <string.h>
! 37: #endif /* HAVE_STRING_H */
! 38: #ifdef HAVE_STRINGS_H
! 39: # include <strings.h>
! 40: #endif /* HAVE_STRING_H */
! 41: #ifdef HAVE_UNISTD_H
! 42: # include <unistd.h>
! 43: #endif /* HAVE_UNISTD_H */
! 44: #include <pwd.h>
! 45: #include <krb.h>
! 46:
! 47: #include "sudoers.h"
! 48: #include "sudo_auth.h"
! 49:
! 50: int
! 51: kerb4_init(struct passwd *pw, sudo_auth *auth)
! 52: {
! 53: static char realm[REALM_SZ];
! 54:
! 55: /* Don't try to verify root */
! 56: if (pw->pw_uid == 0)
! 57: return AUTH_FAILURE;
! 58:
! 59: /* Get the local realm, or retrun failure (no krb.conf) */
! 60: if (krb_get_lrealm(realm, 1) != KSUCCESS)
! 61: return AUTH_FAILURE;
! 62:
! 63: /* Stash a pointer to the realm (used in kerb4_verify) */
! 64: auth->data = (void *) realm;
! 65:
! 66: return AUTH_SUCCESS;
! 67: }
! 68:
! 69: int
! 70: kerb4_verify(struct passwd *pw, char *pass, sudo_auth *auth)
! 71: {
! 72: char tkfile[sizeof(_PATH_SUDO_TIMEDIR) + 4 + MAX_UID_T_LEN];
! 73: char *realm = (char *) auth->data;
! 74: int error;
! 75:
! 76: /*
! 77: * Set the ticket file to be in sudo sudo timedir so we don't
! 78: * wipe out other (real) kerberos tickets.
! 79: */
! 80: (void) snprintf(tkfile, sizeof(tkfile), "%s/tkt%u",
! 81: _PATH_SUDO_TIMEDIR, (unsigned int) pw->pw_uid);
! 82: (void) krb_set_tkt_string(tkfile);
! 83:
! 84: /* Convert the password to a ticket given. */
! 85: error = krb_get_pw_in_tkt(pw->pw_name, "", realm, "krbtgt", realm,
! 86: DEFAULT_TKT_LIFE, pass);
! 87:
! 88: switch (error) {
! 89: case INTK_OK:
! 90: dest_tkt(); /* we are done with the temp ticket */
! 91: return AUTH_SUCCESS;
! 92: break;
! 93: case INTK_BADPW:
! 94: case KDC_PR_UNKNOWN:
! 95: break;
! 96: default:
! 97: (void) fprintf(stderr, "Warning: Kerberos error: %s\n",
! 98: krb_err_txt[error]);
! 99: }
! 100:
! 101: return AUTH_FAILURE;
! 102: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>