isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DCE authentication method; basically unchanged from dce_pwent.c

Browse Source
This commit is contained in:
Todd C. Miller
1999-07-11 11:22:16 +00:00
parent ce2573d997
commit 0e40c78886
2 changed files with 207 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
auth/dce.c Normal file
View File

@@ -0,0 +1,202 @@
/*
* CU sudo version 1.6
* Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
*******************************************************************
*
* This code is derived from software contributed by Jeff Earickson
* of Colby College, Waterville, ME <jaearick@colby.edu>
*
* The code below basically comes from the examples supplied on
* the OSF DCE 1.0.3 manpages for the sec_login routines, with
* enough additional polishing to make the routine work with the
* rest of sudo.
*
* This code is known to work on HP 700 and 800 series systems
* running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
* (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
* DCE 1.1).
*
* Use at your own risk!!! (But I would like to hear about bugs.)
*/
#include "config.h"
#include <stdio.h>
#ifdef STDC_HEADERS
#include <stdlib.h>
#endif /* STDC_HEADERS */
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#ifdef HAVE_STRING_H
#include <string.h>
#endif /* HAVE_STRING_H */
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif /* HAVE_STRINGS_H */
#include <sys/param.h>
#include <sys/types.h>
#include <pwd.h>
#include <dce/rpc.h>
#include <dce/sec_login.h>
#include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
#include "sudo.h"
#include "sudo_auth.h"
#ifndef lint
static const char rcsid[] = "$Sudo$";
#endif /* lint */
static int check_dce_status __P((error_status_t, char *));
int
dce_verify(pw, plain_pw, data)
struct passwd *pw;
char *plain_pw;
void **data;
{
struct passwd temp_pw;
sec_passwd_rec_t password_rec;
sec_login_handle_t login_context;
boolean32 reset_passwd;
sec_login_auth_src_t auth_src;
error_status_t status;
/*
* Create the local context of the DCE principal necessary
* to perform authenticated network operations. The network
* identity set up by this operation cannot be used until it
* is validated via sec_login_validate_identity().
*/
if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
sec_login_no_flags, &login_context, &status)) {
if (check_dce_status(status, "sec_login_setup_identity(1):"))
return(AUTH_FAILURE);
password_rec.key.key_type = sec_passwd_plain;
password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
password_rec.pepper = NULL;
password_rec.version_number = sec_passwd_c_version_none;
/* Validate the login context with the password */
if (sec_login_validate_identity(login_context, &password_rec,
&reset_passwd, &auth_src, &status)) {
if (check_dce_status(status, "sec_login_validate_identity(1):"))
return(0);
/*
* Certify that the DCE Security Server used to set
* up and validate a login context is legitimate. Makes
* sure that we didn't get spoofed by another DCE server.
*/
if (!sec_login_certify_identity(login_context, &status)) {
fprintf(stderr,"Whoa! Bogus authentication server!\n");
(void) check_dce_status(status,"sec_login_certify_identity(1):");
return(AUTH_FAILURE);
}
if (check_dce_status(status, "sec_login_certify_identity(2):"))
return(0);
/*
* Sets the network credentials to those specified
* by the now validated login context.
*/
sec_login_set_context(login_context, &status);
if (check_dce_status(status, "sec_login_set_context:"))
return(0);
/*
* Oops, your credentials were no good. Possibly
* caused by clock times out of adjustment between
* DCE client and DCE security server...
*/
if (auth_src != sec_login_auth_src_network) {
fprintf(stderr,"You have no network credentials.\n");
return(AUTH_FAILURE);
}
/* Check if the password has aged and is thus no good */
if (reset_passwd) {
fprintf(stderr,"Your DCE password needs resetting.\n");
return(AUTH_FAILURE);
}
/*
* We should be a valid user by this point. Pull the
* user's password structure from the DCE security
* server just to make sure. If we get it with no
* problems, then we really are legitimate...
*/
sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
&status);
if (check_dce_status(status, "sec_login_get_pwent:"))
return(AUTH_FAILURE);
/*
* If we get to here, then the pwent above properly fetched
* the password structure from the DCE registry, so the user
* must be valid. We don't really care what the user's
* registry password is, just that the user could be
* validated. In fact, if we tried to compare the local
* password to the DCE entry at this point, the operation
* would fail if the hidden password feature is turned on,
* because the password field would contain an asterisk.
* Also go ahead and destroy the user's DCE login context
* before we leave here (and don't bother checking the
* status), in order to clean up credentials files in
* /opt/dcelocal/var/security/creds. By doing this, we are
* assuming that the user will not need DCE authentication
* later in the program, only local authentication. If this
* is not true, then the login_context will have to be
* returned to the calling program, and the context purged
* somewhere later in the program.
*/
sec_login_purge_context(&login_context, &status);
return(AUTH_SUCCESS);
} else {
if(check_dce_status(status, "sec_login_validate_identity(2):"))
return(AUTH_FAILURE);
sec_login_purge_context(&login_context, &status);
if(check_dce_status(status, "sec_login_purge_context:"))
return(AUTH_FAILURE);
}
}
(void) check_dce_status(status, "sec_login_setup_identity(2):");
return(AUTH_FAILURE);
}
/* Returns 0 for DCE "ok" status, 1 otherwise */
static int
check_dce_status(input_status, comment)
error_status_t input_status;
char *comment;
{
int error_stat;
unsigned char error_string[dce_c_error_string_len];
if (input_status == rpc_s_ok)
return(0);
dce_error_inq_text(input_status, error_string, &error_stat);
fprintf(stderr, "%s %s\n", comment, error_string);
return(1);
}

6
auth/sudo_auth.h
View File

@@ -26,7 +26,8 @@ int pam_cleanup __P((struct passwd *pw, int status, void **data));
int sia_setup __P((struct passwd *pw, char **prompt, void **data));
int sia_verify __P((struct passwd *pw, char *prompt, void **data));
int sia_cleanup __P((struct passwd *pw, int status, void **data));
int aixauth_verify __P((struct passwd *pw, char *prompt, void **data));
int aixauth_verify __P((struct passwd *pw, char *pass, void **data));
int dce_verify __P((struct passwd *pw, char *pass, void **data));
/* Prototypes for normal methods */
int passwd_verify __P((struct passwd *pw, char *pass, void **data));
@@ -55,6 +56,9 @@ int kerb5_verify __P((struct passwd *pw, char *pass, void **data));
#elif defined(HAVE_SIA)
# define AUTH_STANDALONE \
AUTH_ENTRY(1, "sia", sia_setup, sia_verify, sia_cleanup)
#elif defined(HAVE_DCE)
# define AUTH_STANDALONE \
AUTH_ENTRY(1, "dce", NULL, dce_verify, NULL)
#elif defined(HAVE_AUTHENTICATE)
# define AUTH_STANDALONE \
AUTH_ENTRY(1, "aixauth", NULL, aixauth_verify, NULL)