2 * Copyright (c) 1996, 1998-2005, 2010-2011
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
17 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
18 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
20 * Sponsored in part by the Defense Advanced Research Projects
21 * Agency (DARPA) and Air Force Research Laboratory, Air Force
22 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
25 * The code below basically comes from the examples supplied on
26 * the OSF DCE 1.0.3 manpages for the sec_login routines, with
27 * enough additional polishing to make the routine work with the
30 * This code is known to work on HP 700 and 800 series systems
31 * running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
32 * (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
38 #include <sys/types.h>
39 #include <sys/param.h>
48 #endif /* STDC_HEADERS */
51 #endif /* HAVE_STRING_H */
54 #endif /* HAVE_STRING_H */
57 #endif /* HAVE_UNISTD_H */
61 #include <dce/sec_login.h>
62 #include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
65 #include "sudo_auth.h"
67 static int check_dce_status(error_status_t, char *);
70 sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth)
72 struct passwd temp_pw;
73 sec_passwd_rec_t password_rec;
74 sec_login_handle_t login_context;
75 boolean32 reset_passwd;
76 sec_login_auth_src_t auth_src;
77 error_status_t status;
78 debug_decl(sudo_dce_verify, SUDO_DEBUG_AUTH)
81 * Create the local context of the DCE principal necessary
82 * to perform authenticated network operations. The network
83 * identity set up by this operation cannot be used until it
84 * is validated via sec_login_validate_identity().
86 if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
87 sec_login_no_flags, &login_context, &status)) {
89 if (check_dce_status(status, "sec_login_setup_identity(1):"))
90 debug_return_int(AUTH_FAILURE);
92 password_rec.key.key_type = sec_passwd_plain;
93 password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
94 password_rec.pepper = NULL;
95 password_rec.version_number = sec_passwd_c_version_none;
97 /* Validate the login context with the password */
98 if (sec_login_validate_identity(login_context, &password_rec,
99 &reset_passwd, &auth_src, &status)) {
101 if (check_dce_status(status, "sec_login_validate_identity(1):"))
102 debug_return_int(AUTH_FAILURE);
105 * Certify that the DCE Security Server used to set
106 * up and validate a login context is legitimate. Makes
107 * sure that we didn't get spoofed by another DCE server.
109 if (!sec_login_certify_identity(login_context, &status)) {
110 (void) fprintf(stderr, "Whoa! Bogus authentication server!\n");
111 (void) check_dce_status(status,"sec_login_certify_identity(1):");
112 debug_return_int(AUTH_FAILURE);
114 if (check_dce_status(status, "sec_login_certify_identity(2):"))
115 debug_return_int(AUTH_FAILURE);
118 * Sets the network credentials to those specified
119 * by the now validated login context.
121 sec_login_set_context(login_context, &status);
122 if (check_dce_status(status, "sec_login_set_context:"))
123 debug_return_int(AUTH_FAILURE);
126 * Oops, your credentials were no good. Possibly
127 * caused by clock times out of adjustment between
128 * DCE client and DCE security server...
130 if (auth_src != sec_login_auth_src_network) {
131 (void) fprintf(stderr,
132 "You have no network credentials.\n");
133 debug_return_int(AUTH_FAILURE);
135 /* Check if the password has aged and is thus no good */
137 (void) fprintf(stderr,
138 "Your DCE password needs resetting.\n");
139 debug_return_int(AUTH_FAILURE);
143 * We should be a valid user by this point. Pull the
144 * user's password structure from the DCE security
145 * server just to make sure. If we get it with no
146 * problems, then we really are legitimate...
148 sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
150 if (check_dce_status(status, "sec_login_get_pwent:"))
151 debug_return_int(AUTH_FAILURE);
154 * If we get to here, then the pwent above properly fetched
155 * the password structure from the DCE registry, so the user
156 * must be valid. We don't really care what the user's
157 * registry password is, just that the user could be
158 * validated. In fact, if we tried to compare the local
159 * password to the DCE entry at this point, the operation
160 * would fail if the hidden password feature is turned on,
161 * because the password field would contain an asterisk.
162 * Also go ahead and destroy the user's DCE login context
163 * before we leave here (and don't bother checking the
164 * status), in order to clean up credentials files in
165 * /opt/dcelocal/var/security/creds. By doing this, we are
166 * assuming that the user will not need DCE authentication
167 * later in the program, only local authentication. If this
168 * is not true, then the login_context will have to be
169 * returned to the calling program, and the context purged
170 * somewhere later in the program.
172 sec_login_purge_context(&login_context, &status);
173 debug_return_int(AUTH_SUCCESS);
175 if(check_dce_status(status, "sec_login_validate_identity(2):"))
176 debug_return_int(AUTH_FAILURE);
177 sec_login_purge_context(&login_context, &status);
178 if(check_dce_status(status, "sec_login_purge_context:"))
179 debug_return_int(AUTH_FAILURE);
182 (void) check_dce_status(status, "sec_login_setup_identity(2):");
183 debug_return_int(AUTH_FAILURE);
186 /* Returns 0 for DCE "ok" status, 1 otherwise */
188 check_dce_status(error_status_t input_status, char *comment)
191 unsigned char error_string[dce_c_error_string_len];
192 debug_decl(check_dce_status, SUDO_DEBUG_AUTH)
194 if (input_status == rpc_s_ok)
195 debug_return_bool(0);
196 dce_error_inq_text(input_status, error_string, &error_stat);
197 (void) fprintf(stderr, "%s %s\n", comment, error_string);
198 debug_return_bool(1);