Annotation of embedaddon/sudo/plugins/sudoers/auth/sia.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 1999-2005, 2007, 2010-2011
! 3: * Todd C. Miller <Todd.Miller@courtesan.com>
! 4: *
! 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
! 8: *
! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
! 17: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 18: *
! 19: * Sponsored in part by the Defense Advanced Research Projects
! 20: * Agency (DARPA) and Air Force Research Laboratory, Air Force
! 21: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
! 22: */
! 23:
! 24: #include <config.h>
! 25:
! 26: #include <sys/types.h>
! 27: #include <sys/param.h>
! 28: #include <stdio.h>
! 29: #ifdef STDC_HEADERS
! 30: # include <stdlib.h>
! 31: # include <stddef.h>
! 32: #else
! 33: # ifdef HAVE_STDLIB_H
! 34: # include <stdlib.h>
! 35: # endif
! 36: #endif /* STDC_HEADERS */
! 37: #ifdef HAVE_STRING_H
! 38: # include <string.h>
! 39: #endif /* HAVE_STRING_H */
! 40: #ifdef HAVE_STRINGS_H
! 41: # include <strings.h>
! 42: #endif /* HAVE_STRINGS_H */
! 43: #ifdef HAVE_UNISTD_H
! 44: # include <unistd.h>
! 45: #endif /* HAVE_UNISTD_H */
! 46: #include <pwd.h>
! 47: #include <siad.h>
! 48:
! 49: #include "sudoers.h"
! 50: #include "sudo_auth.h"
! 51:
! 52: static int sudo_collect(int, int, uchar_t *, int, prompt_t *);
! 53:
! 54: static char *def_prompt;
! 55: static char **sudo_argv;
! 56: static int sudo_argc;
! 57:
! 58: /*
! 59: * Collection routine (callback) for limiting the timeouts in SIA
! 60: * prompts and (possibly) setting a custom prompt.
! 61: */
! 62: static int
! 63: sudo_collect(int timeout, int rendition, uchar_t *title, int nprompts,
! 64: prompt_t *prompts)
! 65: {
! 66: switch (rendition) {
! 67: case SIAFORM:
! 68: case SIAONELINER:
! 69: if (timeout <= 0 || timeout > def_passwd_timeout * 60)
! 70: timeout = def_passwd_timeout * 60;
! 71: /*
! 72: * Substitute custom prompt if a) the sudo prompt is not "Password:"
! 73: * and b) the SIA prompt is "Password:" (so we know it is safe).
! 74: * This keeps us from overwriting things like S/Key challenges.
! 75: */
! 76: if (strcmp((char *)prompts[0].prompt, "Password:") == 0 &&
! 77: strcmp(def_prompt, "Password:") != 0)
! 78: prompts[0].prompt = (unsigned char *)def_prompt;
! 79: break;
! 80: default:
! 81: break;
! 82: }
! 83:
! 84: return sia_collect_trm(timeout, rendition, title, nprompts, prompts);
! 85: }
! 86:
! 87: int
! 88: sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
! 89: {
! 90: SIAENTITY *siah = NULL;
! 91: int i;
! 92: extern int NewArgc;
! 93: extern char **NewArgv;
! 94:
! 95: /* Rebuild argv for sia_ses_init() */
! 96: sudo_argc = NewArgc + 1;
! 97: sudo_argv = emalloc2(sudo_argc + 1, sizeof(char *));
! 98: sudo_argv[0] = "sudo";
! 99: for (i = 0; i < NewArgc; i++)
! 100: sudo_argv[i + 1] = NewArgv[i];
! 101: sudo_argv[sudo_argc] = NULL;
! 102:
! 103: if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 1, NULL) != SIASUCCESS) {
! 104:
! 105: log_error(USE_ERRNO|NO_EXIT|NO_MAIL,
! 106: _("unable to initialize SIA session"));
! 107: return AUTH_FATAL;
! 108: }
! 109:
! 110: auth->data = (void *) siah;
! 111: return AUTH_SUCCESS;
! 112: }
! 113:
! 114: int
! 115: sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
! 116: {
! 117: SIAENTITY *siah = (SIAENTITY *) auth->data;
! 118:
! 119: def_prompt = prompt; /* for sudo_collect */
! 120:
! 121: /* XXX - need a way to detect user hitting return or EOF at prompt */
! 122: if (sia_ses_reauthent(sudo_collect, siah) == SIASUCCESS)
! 123: return AUTH_SUCCESS;
! 124: else
! 125: return AUTH_FAILURE;
! 126: }
! 127:
! 128: int
! 129: sia_cleanup(struct passwd *pw, sudo_auth *auth)
! 130: {
! 131: SIAENTITY *siah = (SIAENTITY *) auth->data;
! 132:
! 133: (void) sia_ses_release(&siah);
! 134: efree(sudo_argv);
! 135: return AUTH_SUCCESS;
! 136: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>