From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 11 Jul 1999 09:37:19 +0000 (+0000)
Subject: SIA support for digital unix
X-Git-Tag: SUDO_1_6_0~250
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c9e9f07ac3fc97a6c313cb2e661b48a731faf5f8;p=sudo

SIA support for digital unix
---

diff --git a/auth/sia.c b/auth/sia.c
new file mode 100644
index 000000000..986688557
--- /dev/null
+++ b/auth/sia.c
@@ -0,0 +1,136 @@
+/*
+ *  CU sudo version 1.6
+ *  Copyright (c) 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ *  sia.c -- check a user's password using Digital UN*X's
+ *	     Security Integration Architecture (SIA)
+ *
+ * This code is derived from software contributed by Spider Boardman
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <sys/param.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <siad.h>
+
+#include "sudo.h"
+
+#ifndef lint
+static const char rcsid[] = "$Sudo$";
+#endif /* lint */
+
+static int tcollect	__P((int, int, uchar_t *, int, prompt_t *));
+
+/*
+ * Collection routine (callback) for limiting the timeouts in SIA
+ * prompts and (possibly) setting a custom prompt.
+ */
+static int
+tcollect(timeout, rendition, title, nprompts, prompts)
+    int timeout;
+    int rendition;
+    uchar_t *title;
+    int nprompts;
+    prompt_t *prompts;
+{
+    switch (rendition) {
+	case SIAFORM:
+	case SIAONELINER:
+	    if (timeout <= 0 || timeout > PASSWORD_TIMEOUT * 60)
+		timeout = PASSWORD_TIMEOUT * 60;
+	    /*
+	     * Substitute custom prompt if a) the sudo prompt is not "Password:"
+	     * and b) the SIA prompt is "Password:" (so we know it is safe).
+	     * This keeps us from overwriting things like S/Key challenges.
+	     */
+	    /* XXX avoid "prompt" global */
+	    if (strcmp((char *)prompts[0].prompt, "Password:") == 0 &&
+		strcmp(prompt, "Password:") != 0)
+		prompts[0].prompt = (unsigned char *)prompt;
+	    break;
+	default:
+	    break;
+    }
+
+    return sia_collect_trm(timeout, rendition, title, nprompts, prompts);
+}
+
+int
+sia_setup(pw, promptp, data)
+    struct passwd *pw;
+    char **promptp;
+    void **data;
+{
+    SIAENTITY *siah;
+
+    if (sia_ses_init(&siah, Argc, Argv, NULL, pw->pw_name, ttyname(0), 1, NULL)
+	!= SIASUCCESS) {
+
+	set_perms(PERM_USER, 0);
+	log_error(BAD_AUTH_INIT);
+	inform_user(BAD_AUTH_INIT);
+	return(AUTH_FATAL);
+    }
+
+    *data = siah;
+    return(AUTH_SUCCESS);
+}
+
+int
+sia_verify(pw, prompt, data)
+    struct passwd *pw;
+    char *prompt;
+    void **data;
+{
+    SIAENTITY *siah = *data;
+
+    /* XXX - need a way to detect user hitting return or EOF at prompt */
+    if (sia_ses_reauthent(tcollect, siah) == SIASUCCESS)
+	return(AUTH_SUCCESS);
+    else
+	return(AUTH_FAILURE);
+}
+
+int
+sia_cleanup(pw, status, data)
+    struct passwd *pw;
+    int status;
+    void **data;
+{
+    SIAENTITY *siah = *data;
+
+    (void) sia_ses_release(&siah);
+}
diff --git a/auth/sudo_auth.h b/auth/sudo_auth.h
index 1974c8aee..7ceb34388 100644
--- a/auth/sudo_auth.h
+++ b/auth/sudo_auth.h
@@ -23,6 +23,9 @@ int fwtk_cleanup __P((struct passwd *pw, int status, void **data));
 int pam_setup __P((struct passwd *pw, char **prompt, void **data));
 int pam_verify __P((struct passwd *pw, char *prompt, void **data));
 int pam_cleanup __P((struct passwd *pw, int status, void **data));
+int sia_setup __P((struct passwd *pw, char **prompt, void **data));
+int sia_verify __P((struct passwd *pw, char *prompt, void **data));
+int sia_cleanup __P((struct passwd *pw, int status, void **data));
 
 /* Prototypes for normal methods */
 int passwd_verify __P((struct passwd *pw, char *pass, void **data));
@@ -48,6 +51,9 @@ int kerb5_verify __P((struct passwd *pw, char *pass, void **data));
 #elif defined(HAVE_SECURID)
 #  define AUTH_STANDALONE \
 	AUTH_ENTRY(1, "SecurId", securid_setup, securid_verify, NULL)
+#elif defined(HAVE_SIA)
+#  define AUTH_STANDALONE \
+	AUTH_ENTRY(1, "sia", sia_setup, sia_verify, sia_cleanup)
 #elif defined(HAVE_FWTK)
 #  define AUTH_STANDALONE \
 	AUTH_ENTRY(1, "fwtk", fwtk_setup, fwtk_verify, fwtk_cleanup)