Annotation of embedaddon/sudo/plugins/sudoers/auth/sia.c, revision 1.1.1.2
1.1 misho 1: /*
2: * Copyright (c) 1999-2005, 2007, 2010-2011
3: * Todd C. Miller <Todd.Miller@courtesan.com>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
17: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18: *
19: * Sponsored in part by the Defense Advanced Research Projects
20: * Agency (DARPA) and Air Force Research Laboratory, Air Force
21: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
22: */
23:
24: #include <config.h>
25:
26: #include <sys/types.h>
27: #include <sys/param.h>
28: #include <stdio.h>
29: #ifdef STDC_HEADERS
30: # include <stdlib.h>
31: # include <stddef.h>
32: #else
33: # ifdef HAVE_STDLIB_H
34: # include <stdlib.h>
35: # endif
36: #endif /* STDC_HEADERS */
37: #ifdef HAVE_STRING_H
38: # include <string.h>
39: #endif /* HAVE_STRING_H */
40: #ifdef HAVE_STRINGS_H
41: # include <strings.h>
42: #endif /* HAVE_STRINGS_H */
43: #ifdef HAVE_UNISTD_H
44: # include <unistd.h>
45: #endif /* HAVE_UNISTD_H */
46: #include <pwd.h>
47: #include <siad.h>
48:
49: #include "sudoers.h"
50: #include "sudo_auth.h"
51:
52: static int sudo_collect(int, int, uchar_t *, int, prompt_t *);
53:
54: static char *def_prompt;
55: static char **sudo_argv;
56: static int sudo_argc;
57:
58: /*
59: * Collection routine (callback) for limiting the timeouts in SIA
60: * prompts and (possibly) setting a custom prompt.
61: */
62: static int
63: sudo_collect(int timeout, int rendition, uchar_t *title, int nprompts,
64: prompt_t *prompts)
65: {
1.1.1.2 ! misho 66: debug_decl(sudo_collect, SUDO_DEBUG_AUTH)
! 67:
1.1 misho 68: switch (rendition) {
69: case SIAFORM:
70: case SIAONELINER:
71: if (timeout <= 0 || timeout > def_passwd_timeout * 60)
72: timeout = def_passwd_timeout * 60;
73: /*
74: * Substitute custom prompt if a) the sudo prompt is not "Password:"
75: * and b) the SIA prompt is "Password:" (so we know it is safe).
76: * This keeps us from overwriting things like S/Key challenges.
77: */
78: if (strcmp((char *)prompts[0].prompt, "Password:") == 0 &&
79: strcmp(def_prompt, "Password:") != 0)
80: prompts[0].prompt = (unsigned char *)def_prompt;
81: break;
82: default:
83: break;
84: }
85:
1.1.1.2 ! misho 86: debug_return_int(sia_collect_trm(timeout, rendition, title, nprompts, prompts));
1.1 misho 87: }
88:
89: int
1.1.1.2 ! misho 90: sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
1.1 misho 91: {
92: SIAENTITY *siah = NULL;
93: int i;
94: extern int NewArgc;
95: extern char **NewArgv;
1.1.1.2 ! misho 96: debug_decl(sudo_sia_setup, SUDO_DEBUG_AUTH)
1.1 misho 97:
98: /* Rebuild argv for sia_ses_init() */
99: sudo_argc = NewArgc + 1;
100: sudo_argv = emalloc2(sudo_argc + 1, sizeof(char *));
101: sudo_argv[0] = "sudo";
102: for (i = 0; i < NewArgc; i++)
103: sudo_argv[i + 1] = NewArgv[i];
104: sudo_argv[sudo_argc] = NULL;
105:
106: if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 1, NULL) != SIASUCCESS) {
107:
1.1.1.2 ! misho 108: log_error(USE_ERRNO|NO_MAIL,
1.1 misho 109: _("unable to initialize SIA session"));
1.1.1.2 ! misho 110: debug_return_int(AUTH_FATAL);
1.1 misho 111: }
112:
113: auth->data = (void *) siah;
1.1.1.2 ! misho 114: debug_return_int(AUTH_SUCCESS);
1.1 misho 115: }
116:
117: int
1.1.1.2 ! misho 118: sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
1.1 misho 119: {
120: SIAENTITY *siah = (SIAENTITY *) auth->data;
1.1.1.2 ! misho 121: debug_decl(sudo_sia_verify, SUDO_DEBUG_AUTH)
1.1 misho 122:
123: def_prompt = prompt; /* for sudo_collect */
124:
125: /* XXX - need a way to detect user hitting return or EOF at prompt */
126: if (sia_ses_reauthent(sudo_collect, siah) == SIASUCCESS)
1.1.1.2 ! misho 127: debug_return_int(AUTH_SUCCESS);
1.1 misho 128: else
1.1.1.2 ! misho 129: debug_return_int(AUTH_FAILURE);
1.1 misho 130: }
131:
132: int
1.1.1.2 ! misho 133: sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth)
1.1 misho 134: {
135: SIAENTITY *siah = (SIAENTITY *) auth->data;
1.1.1.2 ! misho 136: debug_decl(sudo_sia_cleanup, SUDO_DEBUG_AUTH)
1.1 misho 137:
138: (void) sia_ses_release(&siah);
139: efree(sudo_argv);
1.1.1.2 ! misho 140: debug_return_int(AUTH_SUCCESS);
1.1 misho 141: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>