SIA support for digital unix

diff --git a/auth/sia.c b/auth/sia.c
new file mode 100644 (file)
index 0000000..9866885
--- /dev/null
+++ b/auth/sia.c
@@ -0,0 +1,136 @@
+/*
+ *  CU sudo version 1.6
+ *  Copyright (c) 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ *  sia.c -- check a user's password using Digital UN*X's
+ *          Security Integration Architecture (SIA)
+ *
+ * This code is derived from software contributed by Spider Boardman
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <sys/param.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <siad.h>
+
+#include "sudo.h"
+
+#ifndef lint
+static const char rcsid[] = "$Sudo$";
+#endif /* lint */
+
+static int tcollect    __P((int, int, uchar_t *, int, prompt_t *));
+
+/*
+ * Collection routine (callback) for limiting the timeouts in SIA
+ * prompts and (possibly) setting a custom prompt.
+ */
+static int
+tcollect(timeout, rendition, title, nprompts, prompts)
+    int timeout;
+    int rendition;
+    uchar_t *title;
+    int nprompts;
+    prompt_t *prompts;
+{
+    switch (rendition) {
+       case SIAFORM:
+       case SIAONELINER:
+           if (timeout <= 0 || timeout > PASSWORD_TIMEOUT * 60)
+               timeout = PASSWORD_TIMEOUT * 60;
+           /*
+            * Substitute custom prompt if a) the sudo prompt is not "Password:"
+            * and b) the SIA prompt is "Password:" (so we know it is safe).
+            * This keeps us from overwriting things like S/Key challenges.
+            */
+           /* XXX avoid "prompt" global */
+           if (strcmp((char *)prompts[0].prompt, "Password:") == 0 &&
+               strcmp(prompt, "Password:") != 0)
+               prompts[0].prompt = (unsigned char *)prompt;
+           break;
+       default:
+           break;
+    }
+
+    return sia_collect_trm(timeout, rendition, title, nprompts, prompts);
+}
+
+int
+sia_setup(pw, promptp, data)
+    struct passwd *pw;
+    char **promptp;
+    void **data;
+{
+    SIAENTITY *siah;
+
+    if (sia_ses_init(&siah, Argc, Argv, NULL, pw->pw_name, ttyname(0), 1, NULL)
+       != SIASUCCESS) {
+
+       set_perms(PERM_USER, 0);
+       log_error(BAD_AUTH_INIT);
+       inform_user(BAD_AUTH_INIT);
+       return(AUTH_FATAL);
+    }
+
+    *data = siah;
+    return(AUTH_SUCCESS);
+}
+
+int
+sia_verify(pw, prompt, data)
+    struct passwd *pw;
+    char *prompt;
+    void **data;
+{
+    SIAENTITY *siah = *data;
+
+    /* XXX - need a way to detect user hitting return or EOF at prompt */
+    if (sia_ses_reauthent(tcollect, siah) == SIASUCCESS)
+       return(AUTH_SUCCESS);
+    else
+       return(AUTH_FAILURE);
+}
+
+int
+sia_cleanup(pw, status, data)
+    struct passwd *pw;
+    int status;
+    void **data;
+{
+    SIAENTITY *siah = *data;
+
+    (void) sia_ses_release(&siah);
+}

diff --git a/auth/sudo_auth.h b/auth/sudo_auth.h
index 1974c8aeeb08a66f4e8448a0980912939c87959b..7ceb343889555f18d07d9ba46a7e42873c8a5d4a 100644 (file)
--- a/auth/sudo_auth.h
+++ b/auth/sudo_auth.h
@@ -23,6 +23,9 @@ int fwtk_cleanup __P((struct passwd *pw, int status, void **data));
 int pam_setup __P((struct passwd *pw, char **prompt, void **data));
 int pam_verify __P((struct passwd *pw, char *prompt, void **data));
 int pam_cleanup __P((struct passwd *pw, int status, void **data));
+int sia_setup __P((struct passwd *pw, char **prompt, void **data));
+int sia_verify __P((struct passwd *pw, char *prompt, void **data));
+int sia_cleanup __P((struct passwd *pw, int status, void **data));
 
 /* Prototypes for normal methods */
 int passwd_verify __P((struct passwd *pw, char *pass, void **data));
@@ -48,6 +51,9 @@ int kerb5_verify __P((struct passwd *pw, char *pass, void **data));
 #elif defined(HAVE_SECURID)
 #  define AUTH_STANDALONE \
        AUTH_ENTRY(1, "SecurId", securid_setup, securid_verify, NULL)
+#elif defined(HAVE_SIA)
+#  define AUTH_STANDALONE \
+       AUTH_ENTRY(1, "sia", sia_setup, sia_verify, sia_cleanup)
 #elif defined(HAVE_FWTK)
 #  define AUTH_STANDALONE \
        AUTH_ENTRY(1, "fwtk", fwtk_setup, fwtk_verify, fwtk_cleanup)