Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sudo-project
GitHub Repository: sudo-project/sudo
 Path: blob/main/plugins/sudoers/auth/afs.c
1532 views
1
/*

2
 * SPDX-License-Identifier: ISC

3
 *

4
 * Copyright (c) 1999, 2001-2005, 2007, 2010-2012, 2014-2015

5
 *	Todd C. Miller <[email protected]>

6
 *

7
 * Permission to use, copy, modify, and distribute this software for any

8
 * purpose with or without fee is hereby granted, provided that the above

9
 * copyright notice and this permission notice appear in all copies.

10
 *

11
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

12
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

13
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

14
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

15
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

16
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

17
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

18
 *

19
 * Sponsored in part by the Defense Advanced Research Projects

20
 * Agency (DARPA) and Air Force Research Laboratory, Air Force

21
 * Materiel Command, USAF, under agreement number F39502-99-1-0512.

22
 */

23


24
#include <config.h>

25


26
#ifdef HAVE_AFS

27


28
#include <sys/types.h>

29
#include <stdio.h>

30
#include <stdlib.h>

31
#include <string.h>

32
#include <unistd.h>

33
#include <pwd.h>

34


35
#include <afs/stds.h>

36
#include <afs/kautils.h>

37


38
#include <sudoers.h>

39
#include "sudo_auth.h"

40
#include <timestamp.h>

41


42
int

43
sudo_afs_verify(const struct sudoers_context *ctx, struct passwd *pw,

44
    const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)

45
{

46
    struct ktc_encryptionKey afs_key;

47
    struct ktc_token afs_token;

48
    debug_decl(sudo_afs_verify, SUDOERS_DEBUG_AUTH);

49


50
    if (IS_NONINTERACTIVE(auth))

51
	debug_return_int(AUTH_NONINTERACTIVE);

52


53
    /* Display lecture if needed and we haven't already done so. */

54
    display_lecture(callback);

55


56
    /* Try to just check the password */

57
    ka_StringToKey(pass, NULL, &afs_key);

58
    if (ka_GetAdminToken(pw->pw_name,		/* name */

59
			 NULL,			/* instance */

60
			 NULL,			/* realm */

61
			 &afs_key,		/* key (contains password) */

62
			 0,			/* lifetime */

63
			 &afs_token,		/* token */

64
			 0) == 0)		/* new */

65
	debug_return_int(AUTH_SUCCESS);

66


67
    /* Fall back on old method XXX - needed? */

68
    setpag();

69
    if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION+KA_USERAUTH_DOSETPAG,

70
				   pw->pw_name,	/* name */

71
				   NULL,	/* instance */

72
				   NULL,	/* realm */

73
				   pass,	/* password */

74
				   0,		/* lifetime */

75
				   NULL,	/* expiration ptr (unused) */

76
				   0,		/* spare */

77
				   NULL) == 0)	/* reason */

78
	debug_return_int(AUTH_SUCCESS);

79


80
    debug_return_int(AUTH_FAILURE);

81
}

82


83
#endif HAVE_AFS

84


85