CoCalc -- dce.c

GitHub Repository: sudo-project/sudo
Path: blob/main/plugins/sudoers/auth/dce.c
¹⁵³² views
1
/*
2
 * SPDX-License-Identifier: ISC
3
 *
4
 * Copyright (c) 1996, 1998-2005, 2010-2012, 2014-2015
5
 *	Todd C. Miller <[email protected]>
6
 *
7
 * Permission to use, copy, modify, and distribute this software for any
8
 * purpose with or without fee is hereby granted, provided that the above
9
 * copyright notice and this permission notice appear in all copies.
10
 *
11
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
 *
19
 * Sponsored in part by the Defense Advanced Research Projects
20
 * Agency (DARPA) and Air Force Research Laboratory, Air Force
21
 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
22
 */
23

24
/*
25
 *  The code below basically comes from the examples supplied on
26
 *  the OSF DCE 1.0.3 manpages for the sec_login routines, with
27
 *  enough additional polishing to make the routine work with the
28
 *  rest of sudo.
29
 *
30
 *  This code is known to work on HP 700 and 800 series systems
31
 *  running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
32
 *  (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
33
 *  DCE 1.1).
34
 */
35

36
#include <config.h>
37

38
#ifdef HAVE_DCE
39

40
#include <sys/types.h>
41
#include <stdio.h>
42
#include <stdlib.h>
43
#include <string.h>
44
#include <unistd.h>
45
#include <pwd.h>
46

47
#include <dce/rpc.h>
48
#include <dce/sec_login.h>
49
#include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
50

51
#include <sudoers.h>
52
#include "sudo_auth.h"
53
#include <timestamp.h>
54

55
static int check_dce_status(error_status_t, char *);
56

57
int
58
sudo_dce_verify(const struct sudoers_context *ctx, struct passwd *pw,
59
    const char *plain_pw, sudo_auth *auth, struct sudo_conv_callback *callback)
60
{
61
    struct passwd		temp_pw;
62
    sec_passwd_rec_t		password_rec;
63
    sec_login_handle_t		login_context;
64
    boolean32			reset_passwd;
65
    sec_login_auth_src_t	auth_src;
66
    error_status_t		status;
67
    debug_decl(sudo_dce_verify, SUDOERS_DEBUG_AUTH);
68

69
    if (IS_NONINTERACTIVE(auth))
70
	debug_return_int(AUTH_NONINTERACTIVE);
71

72
    /* Display lecture if needed and we haven't already done so. */
73
    display_lecture(callback);
74

75
    /*
76
     * Create the local context of the DCE principal necessary
77
     * to perform authenticated network operations.  The network
78
     * identity set up by this operation cannot be used until it
79
     * is validated via sec_login_validate_identity().
80
     */
81
    if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
82
	sec_login_no_flags, &login_context, &status)) {
83

84
	if (check_dce_status(status, "sec_login_setup_identity(1):"))
85
	    debug_return_int(AUTH_FAILURE);
86

87
	password_rec.key.key_type = sec_passwd_plain;
88
	password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
89
	password_rec.pepper = NULL;
90
	password_rec.version_number = sec_passwd_c_version_none;
91

92
	/* Validate the login context with the password */
93
	if (sec_login_validate_identity(login_context, &password_rec,
94
	    &reset_passwd, &auth_src, &status)) {
95

96
	    if (check_dce_status(status, "sec_login_validate_identity(1):"))
97
		debug_return_int(AUTH_FAILURE);
98

99
	    /*
100
	     * Certify that the DCE Security Server used to set
101
	     * up and validate a login context is legitimate.  Makes
102
	     * sure that we didn't get spoofed by another DCE server.
103
	     */
104
	    if (!sec_login_certify_identity(login_context, &status)) {
105
		sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
106
		    "Whoa! Bogus authentication server!\n");
107
		(void) check_dce_status(status,"sec_login_certify_identity(1):");
108
		debug_return_int(AUTH_FAILURE);
109
	    }
110
	    if (check_dce_status(status, "sec_login_certify_identity(2):"))
111
		debug_return_int(AUTH_FAILURE);
112

113
	    /*
114
	     * Sets the network credentials to those specified
115
	     * by the now validated login context.
116
	     */
117
	    sec_login_set_context(login_context, &status);
118
	    if (check_dce_status(status, "sec_login_set_context:"))
119
		debug_return_int(AUTH_FAILURE);
120

121
	    /*
122
	     * Oops, your credentials were no good. Possibly
123
	     * caused by clock times out of adjustment between
124
	     * DCE client and DCE security server...
125
	     */
126
	    if (auth_src != sec_login_auth_src_network) {
127
		    sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
128
			"You have no network credentials.\n");
129
		    debug_return_int(AUTH_FAILURE);
130
	    }
131
	    /* Check if the password has aged and is thus no good */
132
	    if (reset_passwd) {
133
		    sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
134
			"Your DCE password needs resetting.\n");
135
		    debug_return_int(AUTH_FAILURE);
136
	    }
137

138
	    /*
139
	     * We should be a valid user by this point.  Pull the
140
	     * user's password structure from the DCE security
141
	     * server just to make sure.  If we get it with no
142
	     * problems, then we really are legitimate...
143
	     */
144
	    sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
145
		&status);
146
	    if (check_dce_status(status, "sec_login_get_pwent:"))
147
		debug_return_int(AUTH_FAILURE);
148

149
	    /*
150
	     * If we get to here, then the pwent above properly fetched
151
	     * the password structure from the DCE registry, so the user
152
	     * must be valid.  We don't really care what the user's
153
	     * registry password is, just that the user could be
154
	     * validated.  In fact, if we tried to compare the local
155
	     * password to the DCE entry at this point, the operation
156
	     * would fail if the hidden password feature is turned on,
157
	     * because the password field would contain an asterisk.
158
	     * Also go ahead and destroy the user's DCE login context
159
	     * before we leave here (and don't bother checking the
160
	     * status), in order to clean up credentials files in
161
	     * /opt/dcelocal/var/security/creds.  By doing this, we are
162
	     * assuming that the user will not need DCE authentication
163
	     * later in the program, only local authentication.  If this
164
	     * is not true, then the login_context will have to be
165
	     * returned to the calling program, and the context purged
166
	     * somewhere later in the program.
167
	     */
168
	    sec_login_purge_context(&login_context, &status);
169
	    debug_return_int(AUTH_SUCCESS);
170
	} else {
171
	    if(check_dce_status(status, "sec_login_validate_identity(2):"))
172
		debug_return_int(AUTH_FAILURE);
173
	    sec_login_purge_context(&login_context, &status);
174
	    if(check_dce_status(status, "sec_login_purge_context:"))
175
		debug_return_int(AUTH_FAILURE);
176
	}
177
    }
178
    (void) check_dce_status(status, "sec_login_setup_identity(2):");
179
    debug_return_int(AUTH_FAILURE);
180
}
181

182
/* Returns 0 for DCE "ok" status, 1 otherwise */
183
static int
184
check_dce_status(error_status_t input_status, char *comment)
185
{
186
    int error_stat;
187
    unsigned char error_string[dce_c_error_string_len];
188
    debug_decl(check_dce_status, SUDOERS_DEBUG_AUTH);
189

190
    if (input_status == rpc_s_ok)
191
	debug_return_int(0);
192
    dce_error_inq_text(input_status, error_string, &error_stat);
193
    sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
194
	"%s %s\n", comment, error_string);
195
    debug_return_int(1);
196
}
197

198
#endif /* HAVE_DCE */
199

200
Product

Resources

Company
