+++ /dev/null
-/*
- * Copyright (c) 1996, 1998-2005, 2010
- * Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F39502-99-1-0512.
- */
-/*
- * The code below basically comes from the examples supplied on
- * the OSF DCE 1.0.3 manpages for the sec_login routines, with
- * enough additional polishing to make the routine work with the
- * rest of sudo.
- *
- * This code is known to work on HP 700 and 800 series systems
- * running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
- * (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
- * DCE 1.1).
- */
-
-#include <config.h>
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <stdio.h>
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif /* STDC_HEADERS */
-#ifdef HAVE_STRING_H
-# include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#include <pwd.h>
-
-#include <dce/rpc.h>
-#include <dce/sec_login.h>
-#include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
-
-#include "sudo.h"
-#include "sudo_auth.h"
-
-static int check_dce_status __P((error_status_t, char *));
-
-int
-dce_verify(pw, plain_pw, auth)
- struct passwd *pw;
- char *plain_pw;
- sudo_auth *auth;
-{
- struct passwd temp_pw;
- sec_passwd_rec_t password_rec;
- sec_login_handle_t login_context;
- boolean32 reset_passwd;
- sec_login_auth_src_t auth_src;
- error_status_t status;
-
- /*
- * Create the local context of the DCE principal necessary
- * to perform authenticated network operations. The network
- * identity set up by this operation cannot be used until it
- * is validated via sec_login_validate_identity().
- */
- if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
- sec_login_no_flags, &login_context, &status)) {
-
- if (check_dce_status(status, "sec_login_setup_identity(1):"))
- return(AUTH_FAILURE);
-
- password_rec.key.key_type = sec_passwd_plain;
- password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
- password_rec.pepper = NULL;
- password_rec.version_number = sec_passwd_c_version_none;
-
- /* Validate the login context with the password */
- if (sec_login_validate_identity(login_context, &password_rec,
- &reset_passwd, &auth_src, &status)) {
-
- if (check_dce_status(status, "sec_login_validate_identity(1):"))
- return(AUTH_FAILURE);
-
- /*
- * Certify that the DCE Security Server used to set
- * up and validate a login context is legitimate. Makes
- * sure that we didn't get spoofed by another DCE server.
- */
- if (!sec_login_certify_identity(login_context, &status)) {
- (void) fprintf(stderr, "Whoa! Bogus authentication server!\n");
- (void) check_dce_status(status,"sec_login_certify_identity(1):");
- return(AUTH_FAILURE);
- }
- if (check_dce_status(status, "sec_login_certify_identity(2):"))
- return(AUTH_FAILURE);
-
- /*
- * Sets the network credentials to those specified
- * by the now validated login context.
- */
- sec_login_set_context(login_context, &status);
- if (check_dce_status(status, "sec_login_set_context:"))
- return(AUTH_FAILURE);
-
- /*
- * Oops, your credentials were no good. Possibly
- * caused by clock times out of adjustment between
- * DCE client and DCE security server...
- */
- if (auth_src != sec_login_auth_src_network) {
- (void) fprintf(stderr,
- "You have no network credentials.\n");
- return(AUTH_FAILURE);
- }
- /* Check if the password has aged and is thus no good */
- if (reset_passwd) {
- (void) fprintf(stderr,
- "Your DCE password needs resetting.\n");
- return(AUTH_FAILURE);
- }
-
- /*
- * We should be a valid user by this point. Pull the
- * user's password structure from the DCE security
- * server just to make sure. If we get it with no
- * problems, then we really are legitimate...
- */
- sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
- &status);
- if (check_dce_status(status, "sec_login_get_pwent:"))
- return(AUTH_FAILURE);
-
- /*
- * If we get to here, then the pwent above properly fetched
- * the password structure from the DCE registry, so the user
- * must be valid. We don't really care what the user's
- * registry password is, just that the user could be
- * validated. In fact, if we tried to compare the local
- * password to the DCE entry at this point, the operation
- * would fail if the hidden password feature is turned on,
- * because the password field would contain an asterisk.
- * Also go ahead and destroy the user's DCE login context
- * before we leave here (and don't bother checking the
- * status), in order to clean up credentials files in
- * /opt/dcelocal/var/security/creds. By doing this, we are
- * assuming that the user will not need DCE authentication
- * later in the program, only local authentication. If this
- * is not true, then the login_context will have to be
- * returned to the calling program, and the context purged
- * somewhere later in the program.
- */
- sec_login_purge_context(&login_context, &status);
- return(AUTH_SUCCESS);
- } else {
- if(check_dce_status(status, "sec_login_validate_identity(2):"))
- return(AUTH_FAILURE);
- sec_login_purge_context(&login_context, &status);
- if(check_dce_status(status, "sec_login_purge_context:"))
- return(AUTH_FAILURE);
- }
- }
- (void) check_dce_status(status, "sec_login_setup_identity(2):");
- return(AUTH_FAILURE);
-}
-
-/* Returns 0 for DCE "ok" status, 1 otherwise */
-static int
-check_dce_status(input_status, comment)
- error_status_t input_status;
- char *comment;
-{
- int error_stat;
- unsigned char error_string[dce_c_error_string_len];
-
- if (input_status == rpc_s_ok)
- return(0);
- dce_error_inq_text(input_status, error_string, &error_stat);
- (void) fprintf(stderr, "%s %s\n", comment, error_string);
- return(1);
-}