2 * Copyright (c) 1996, 1998, 1999, 2001
3 * Todd C. Miller <Todd.Miller@courtesan.com>. All rights reserved.
5 * This code is derived from software contributed by Jeff Earickson
6 * of Colby College, Waterville, ME <jaearick@colby.edu>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * 4. Products derived from this software may not be called "Sudo" nor
23 * may "Sudo" appear in their names without specific prior written
24 * permission from the author.
26 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
29 * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
30 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
31 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
32 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
33 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
34 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
35 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 * The code below basically comes from the examples supplied on
39 * the OSF DCE 1.0.3 manpages for the sec_login routines, with
40 * enough additional polishing to make the routine work with the
43 * This code is known to work on HP 700 and 800 series systems
44 * running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
45 * (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
51 #include <sys/types.h>
52 #include <sys/param.h>
61 #endif /* STDC_HEADERS */
65 # ifdef HAVE_STRINGS_H
68 #endif /* HAVE_STRING_H */
71 #endif /* HAVE_UNISTD_H */
75 #include <dce/sec_login.h>
76 #include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
79 #include "sudo_auth.h"
82 static const char rcsid[] = "$Sudo: dce.c,v 1.8 2001/12/14 19:52:53 millert Exp $";
85 static int check_dce_status __P((error_status_t, char *));
88 dce_verify(pw, plain_pw, auth)
93 struct passwd temp_pw;
94 sec_passwd_rec_t password_rec;
95 sec_login_handle_t login_context;
96 boolean32 reset_passwd;
97 sec_login_auth_src_t auth_src;
98 error_status_t status;
101 * Create the local context of the DCE principal necessary
102 * to perform authenticated network operations. The network
103 * identity set up by this operation cannot be used until it
104 * is validated via sec_login_validate_identity().
106 if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
107 sec_login_no_flags, &login_context, &status)) {
109 if (check_dce_status(status, "sec_login_setup_identity(1):"))
110 return(AUTH_FAILURE);
112 password_rec.key.key_type = sec_passwd_plain;
113 password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
114 password_rec.pepper = NULL;
115 password_rec.version_number = sec_passwd_c_version_none;
117 /* Validate the login context with the password */
118 if (sec_login_validate_identity(login_context, &password_rec,
119 &reset_passwd, &auth_src, &status)) {
121 if (check_dce_status(status, "sec_login_validate_identity(1):"))
122 return(AUTH_FAILURE);
125 * Certify that the DCE Security Server used to set
126 * up and validate a login context is legitimate. Makes
127 * sure that we didn't get spoofed by another DCE server.
129 if (!sec_login_certify_identity(login_context, &status)) {
130 (void) fprintf(stderr, "Whoa! Bogus authentication server!\n");
131 (void) check_dce_status(status,"sec_login_certify_identity(1):");
132 return(AUTH_FAILURE);
134 if (check_dce_status(status, "sec_login_certify_identity(2):"))
135 return(AUTH_FAILURE);
138 * Sets the network credentials to those specified
139 * by the now validated login context.
141 sec_login_set_context(login_context, &status);
142 if (check_dce_status(status, "sec_login_set_context:"))
143 return(AUTH_FAILURE);
146 * Oops, your credentials were no good. Possibly
147 * caused by clock times out of adjustment between
148 * DCE client and DCE security server...
150 if (auth_src != sec_login_auth_src_network) {
151 (void) fprintf(stderr,
152 "You have no network credentials.\n");
153 return(AUTH_FAILURE);
155 /* Check if the password has aged and is thus no good */
157 (void) fprintf(stderr,
158 "Your DCE password needs resetting.\n");
159 return(AUTH_FAILURE);
163 * We should be a valid user by this point. Pull the
164 * user's password structure from the DCE security
165 * server just to make sure. If we get it with no
166 * problems, then we really are legitimate...
168 sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
170 if (check_dce_status(status, "sec_login_get_pwent:"))
171 return(AUTH_FAILURE);
174 * If we get to here, then the pwent above properly fetched
175 * the password structure from the DCE registry, so the user
176 * must be valid. We don't really care what the user's
177 * registry password is, just that the user could be
178 * validated. In fact, if we tried to compare the local
179 * password to the DCE entry at this point, the operation
180 * would fail if the hidden password feature is turned on,
181 * because the password field would contain an asterisk.
182 * Also go ahead and destroy the user's DCE login context
183 * before we leave here (and don't bother checking the
184 * status), in order to clean up credentials files in
185 * /opt/dcelocal/var/security/creds. By doing this, we are
186 * assuming that the user will not need DCE authentication
187 * later in the program, only local authentication. If this
188 * is not true, then the login_context will have to be
189 * returned to the calling program, and the context purged
190 * somewhere later in the program.
192 sec_login_purge_context(&login_context, &status);
193 return(AUTH_SUCCESS);
195 if(check_dce_status(status, "sec_login_validate_identity(2):"))
196 return(AUTH_FAILURE);
197 sec_login_purge_context(&login_context, &status);
198 if(check_dce_status(status, "sec_login_purge_context:"))
199 return(AUTH_FAILURE);
202 (void) check_dce_status(status, "sec_login_setup_identity(2):");
203 return(AUTH_FAILURE);
206 /* Returns 0 for DCE "ok" status, 1 otherwise */
208 check_dce_status(input_status, comment)
209 error_status_t input_status;
213 unsigned char error_string[dce_c_error_string_len];
215 if (input_status == rpc_s_ok)
217 dce_error_inq_text(input_status, error_string, &error_stat);
218 (void) fprintf(stderr, "%s %s\n", comment, error_string);