Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sudo-project
GitHub Repository: sudo-project/sudo
 Path: blob/main/plugins/sudoers/auth/sia.c
1532 views
1
/*

2
 * SPDX-License-Identifier: ISC

3
 *

4
 * Copyright (c) 1999-2005, 2007, 2010-2015

5
 *	Todd C. Miller <[email protected]>

6
 *

7
 * Permission to use, copy, modify, and distribute this software for any

8
 * purpose with or without fee is hereby granted, provided that the above

9
 * copyright notice and this permission notice appear in all copies.

10
 *

11
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

12
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

13
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

14
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

15
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

16
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

17
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

18
 *

19
 * Sponsored in part by the Defense Advanced Research Projects

20
 * Agency (DARPA) and Air Force Research Laboratory, Air Force

21
 * Materiel Command, USAF, under agreement number F39502-99-1-0512.

22
 */

23


24
#include <config.h>

25


26
#ifdef HAVE_SIA_SES_INIT

27


28
#include <sys/types.h>

29
#include <stdio.h>

30
#include <stdlib.h>

31
#include <string.h>

32
#include <unistd.h>

33
#include <pwd.h>

34
#include <signal.h>

35
#include <siad.h>

36


37
#include <sudoers.h>

38
#include "sudo_auth.h"

39


40
static int sudo_argc;

41
static char **sudo_argv;

42
static char *sudo_tty;

43


44
int

45
sudo_sia_setup(const struct sudoers_context *ctx, struct passwd *pw,

46
    char **promptp, sudo_auth *auth)

47
{

48
    SIAENTITY *siah;

49
    int i;

50
    debug_decl(sudo_sia_setup, SUDOERS_DEBUG_AUTH);

51


52
    /* Rebuild argv for sia_ses_init() */

53
    sudo_argc = ctx->runas.argc + 1;

54
    sudo_argv = reallocarray(NULL, sudo_argc + 1, sizeof(char *));

55
    if (sudo_argv == NULL) {

56
	log_warningx(ctx, 0, N_("unable to allocate memory"));

57
	debug_return_int(AUTH_ERROR);

58
    }

59
    sudo_argv[0] = "sudo";

60
    for (i = 0; i < ctx->runas.argc; i++)

61
	sudo_argv[i + 1] = ctx->runas.argv[i];

62
    sudo_argv[sudo_argc] = NULL;

63


64
    /* We don't let SIA prompt the user for input. */

65
    sudo_tty = ctx->user.ttypath;

66
    if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, sudo_tty, 0, NULL) != SIASUCCESS) {

67
	log_warning(ctx, 0, N_("unable to initialize SIA session"));

68
	debug_return_int(AUTH_ERROR);

69
    }

70


71
    auth->data = siah;

72
    debug_return_int(AUTH_SUCCESS);

73
}

74


75
int

76
sudo_sia_verify(const struct sudoers_context *ctx, struct passwd *pw,

77
    const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)

78
{

79
    SIAENTITY *siah = auth->data;

80
    char *pass;

81
    int rc;

82
    debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH);

83


84
    if (IS_NONINTERACTIVE(auth))

85
        debug_return_int(AUTH_NONINTERACTIVE);

86


87
    /* Get password, return AUTH_INTR if we got ^C */

88
    pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);

89
    if (pass == NULL)

90
	debug_return_int(AUTH_INTR);

91


92
    /* Check password and zero out plaintext copy. */

93
    rc = sia_ses_authent(NULL, pass, siah);

94
    freezero(pass, strlen(pass));

95


96
    if (rc == SIASUCCESS)

97
	debug_return_int(AUTH_SUCCESS);

98
    if (ISSET(rc, SIASTOP))

99
	debug_return_int(AUTH_ERROR);

100
    debug_return_int(AUTH_FAILURE);

101
}

102


103
int

104
sudo_sia_cleanup(const struct sudoers_context *ctx, struct passwd *pw,

105
    sudo_auth *auth, bool force)

106
{

107
    SIAENTITY *siah = auth->data;

108
    debug_decl(sudo_sia_cleanup, SUDOERS_DEBUG_AUTH);

109


110
    (void) sia_ses_release(&siah);

111
    auth->data = NULL;

112
    free(sudo_argv);

113
    debug_return_int(AUTH_SUCCESS);

114
}

115


116
int

117
sudo_sia_begin_session(const struct sudoers_context *ctx, struct passwd *pw,

118
    char **user_envp[], sudo_auth *auth)

119
{

120
    SIAENTITY *siah;

121
    int status = AUTH_ERROR;

122
    debug_decl(sudo_sia_begin_session, SUDOERS_DEBUG_AUTH);

123


124
    /* Re-init sia for the target user's session. */

125
    if (sia_ses_init(&siah, sudo_argc - 1, sudo_argv + 1, NULL, pw->pw_name, sudo_tty, 0, NULL) != SIASUCCESS) {

126
	log_warning(ctx, 0, N_("unable to initialize SIA session"));

127
	goto done;

128
    }

129


130
    if (sia_make_entity_pwd(pw, siah) != SIASUCCESS) {

131
	sudo_warn("sia_make_entity_pwd");

132
	goto done;

133
    }

134


135
    status = AUTH_FAILURE;		/* no more fatal errors. */

136


137
    siah->authtype = SIA_A_NONE;

138
    if (sia_ses_estab(sia_collect_trm, siah) != SIASUCCESS) {

139
	sudo_warn("sia_ses_estab");

140
	goto done;

141
    }

142


143
    if (sia_ses_launch(sia_collect_trm, siah) != SIASUCCESS) {

144
	sudo_warn("sia_ses_launch");

145
	goto done;

146
    }

147


148
    status = AUTH_SUCCESS;

149


150
done:

151
    (void) sia_ses_release(&siah);

152
    debug_return_int(status);

153
}

154


155
#endif /* HAVE_SIA_SES_INIT */

156


157