sudo-1.7.4p4/auth/dce.c - nest-learning-thermostat/5.0.2/sudo - Git at Google

 /*
  * Copyright (c) 1996, 1998-2005, 2010
  *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  * Sponsored in part by the Defense Advanced Research Projects
  * Agency (DARPA) and Air Force Research Laboratory, Air Force
  * Materiel Command, USAF, under agreement number F39502-99-1-0512.
  */
 /*
  *  The code below basically comes from the examples supplied on
  *  the OSF DCE 1.0.3 manpages for the sec_login routines, with
  *  enough additional polishing to make the routine work with the
  *  rest of sudo.
  *
  *  This code is known to work on HP 700 and 800 series systems
  *  running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
  *  (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
  *  DCE 1.1).
  */

 #include <config.h>

 #include <sys/types.h>
 #include <sys/param.h>
 #include <stdio.h>
 #ifdef STDC_HEADERS
 # include <stdlib.h>
 # include <stddef.h>
 #else
 # ifdef HAVE_STDLIB_H
 #  include <stdlib.h>
 # endif
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
 #include <pwd.h>

 #include <dce/rpc.h>
 #include <dce/sec_login.h>
 #include <dce/dce_error.h> /* required to call dce_error_inq_text routine */

 #include "sudo.h"
 #include "sudo_auth.h"

 static int check_dce_status __P((error_status_t, char *));

 int
 dce_verify(pw, plain_pw, auth)
     struct passwd *pw;
     char *plain_pw;
     sudo_auth *auth;
 {
     struct passwd		temp_pw;
     sec_passwd_rec_t		password_rec;
     sec_login_handle_t		login_context;
     boolean32			reset_passwd;
     sec_login_auth_src_t	auth_src;
     error_status_t		status;

     /*
      * Create the local context of the DCE principal necessary
      * to perform authenticated network operations.  The network
      * identity set up by this operation cannot be used until it
      * is validated via sec_login_validate_identity().
      */
     if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
 	sec_login_no_flags, &login_context, &status)) {

 	if (check_dce_status(status, "sec_login_setup_identity(1):"))
 	    return(AUTH_FAILURE);

 	password_rec.key.key_type = sec_passwd_plain;
 	password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
 	password_rec.pepper = NULL;
 	password_rec.version_number = sec_passwd_c_version_none;

 	/* Validate the login context with the password */
 	if (sec_login_validate_identity(login_context, &password_rec,
 	    &reset_passwd, &auth_src, &status)) {

 	    if (check_dce_status(status, "sec_login_validate_identity(1):"))
 		return(AUTH_FAILURE);

 	    /*
 	     * Certify that the DCE Security Server used to set
 	     * up and validate a login context is legitimate.  Makes
 	     * sure that we didn't get spoofed by another DCE server.
 	     */
 	    if (!sec_login_certify_identity(login_context, &status)) {
 		(void) fprintf(stderr, "Whoa! Bogus authentication server!\n");
 		(void) check_dce_status(status,"sec_login_certify_identity(1):");
 		return(AUTH_FAILURE);
 	    }
 	    if (check_dce_status(status, "sec_login_certify_identity(2):"))
 		return(AUTH_FAILURE);

 	    /*
 	     * Sets the network credentials to those specified
 	     * by the now validated login context.
 	     */
 	    sec_login_set_context(login_context, &status);
 	    if (check_dce_status(status, "sec_login_set_context:"))
 		return(AUTH_FAILURE);

 	    /*
 	     * Oops, your credentials were no good. Possibly
 	     * caused by clock times out of adjustment between
 	     * DCE client and DCE security server...
 	     */
 	    if (auth_src != sec_login_auth_src_network) {
 		    (void) fprintf(stderr,
 			"You have no network credentials.\n");
 		    return(AUTH_FAILURE);
 	    }
 	    /* Check if the password has aged and is thus no good */
 	    if (reset_passwd) {
 		    (void) fprintf(stderr,
 			"Your DCE password needs resetting.\n");
 		    return(AUTH_FAILURE);
 	    }

 	    /*
 	     * We should be a valid user by this point.  Pull the
 	     * user's password structure from the DCE security
 	     * server just to make sure.  If we get it with no
 	     * problems, then we really are legitimate...
 	     */
 	    sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
 		&status);
 	    if (check_dce_status(status, "sec_login_get_pwent:"))
 		return(AUTH_FAILURE);

 	    /*
 	     * If we get to here, then the pwent above properly fetched
 	     * the password structure from the DCE registry, so the user
 	     * must be valid.  We don't really care what the user's
 	     * registry password is, just that the user could be
 	     * validated.  In fact, if we tried to compare the local
 	     * password to the DCE entry at this point, the operation
 	     * would fail if the hidden password feature is turned on,
 	     * because the password field would contain an asterisk.
 	     * Also go ahead and destroy the user's DCE login context
 	     * before we leave here (and don't bother checking the
 	     * status), in order to clean up credentials files in
 	     * /opt/dcelocal/var/security/creds.  By doing this, we are
 	     * assuming that the user will not need DCE authentication
 	     * later in the program, only local authentication.  If this
 	     * is not true, then the login_context will have to be
 	     * returned to the calling program, and the context purged
 	     * somewhere later in the program.
 	     */
 	    sec_login_purge_context(&login_context, &status);
 	    return(AUTH_SUCCESS);
 	} else {
 	    if(check_dce_status(status, "sec_login_validate_identity(2):"))
 		return(AUTH_FAILURE);
 	    sec_login_purge_context(&login_context, &status);
 	    if(check_dce_status(status, "sec_login_purge_context:"))
 		return(AUTH_FAILURE);
 	}
     }
     (void) check_dce_status(status, "sec_login_setup_identity(2):");
     return(AUTH_FAILURE);
 }

 /* Returns 0 for DCE "ok" status, 1 otherwise */
 static int
 check_dce_status(input_status, comment)
     error_status_t input_status;
     char *comment;
 {
     int error_stat;
     unsigned char error_string[dce_c_error_string_len];

     if (input_status == rpc_s_ok)
 	return(0);
     dce_error_inq_text(input_status, error_string, &error_stat);
     (void) fprintf(stderr, "%s %s\n", comment, error_string);
     return(1);
 }
	/*
	* Copyright (c) 1996, 1998-2005, 2010
	* Todd C. Miller <Todd.Miller@courtesan.com>
	*
	* Permission to use, copy, modify, and distribute this software for any
	* purpose with or without fee is hereby granted, provided that the above
	* copyright notice and this permission notice appear in all copies.
	*
	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
	* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
	* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*
	* Sponsored in part by the Defense Advanced Research Projects
	* Agency (DARPA) and Air Force Research Laboratory, Air Force
	* Materiel Command, USAF, under agreement number F39502-99-1-0512.
	*/
	/*
	* The code below basically comes from the examples supplied on
	* the OSF DCE 1.0.3 manpages for the sec_login routines, with
	* enough additional polishing to make the routine work with the
	* rest of sudo.
	*
	* This code is known to work on HP 700 and 800 series systems
	* running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
	* (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
	* DCE 1.1).
	*/

	#include <config.h>

	#include <sys/types.h>
	#include <sys/param.h>
	#include <stdio.h>
	#ifdef STDC_HEADERS
	# include <stdlib.h>
	# include <stddef.h>
	#else
	# ifdef HAVE_STDLIB_H
	# include <stdlib.h>
	# endif
	#endif /* STDC_HEADERS */
	#ifdef HAVE_STRING_H
	# include <string.h>
	#endif /* HAVE_STRING_H */
	#ifdef HAVE_STRINGS_H
	# include <strings.h>
	#endif /* HAVE_STRING_H */
	#ifdef HAVE_UNISTD_H
	# include <unistd.h>
	#endif /* HAVE_UNISTD_H */
	#include <pwd.h>

	#include <dce/rpc.h>
	#include <dce/sec_login.h>
	#include <dce/dce_error.h> /* required to call dce_error_inq_text routine */

	#include "sudo.h"
	#include "sudo_auth.h"

	static int check_dce_status __P((error_status_t, char *));

	int
	dce_verify(pw, plain_pw, auth)
	struct passwd *pw;
	char *plain_pw;
	sudo_auth *auth;
	{
	struct passwd temp_pw;
	sec_passwd_rec_t password_rec;
	sec_login_handle_t login_context;
	boolean32 reset_passwd;
	sec_login_auth_src_t auth_src;
	error_status_t status;

	/*
	* Create the local context of the DCE principal necessary
	* to perform authenticated network operations. The network
	* identity set up by this operation cannot be used until it
	* is validated via sec_login_validate_identity().
	*/
	if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
	sec_login_no_flags, &login_context, &status)) {

	if (check_dce_status(status, "sec_login_setup_identity(1):"))
	return(AUTH_FAILURE);

	password_rec.key.key_type = sec_passwd_plain;
	password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
	password_rec.pepper = NULL;
	password_rec.version_number = sec_passwd_c_version_none;

	/* Validate the login context with the password */
	if (sec_login_validate_identity(login_context, &password_rec,
	&reset_passwd, &auth_src, &status)) {

	if (check_dce_status(status, "sec_login_validate_identity(1):"))
	return(AUTH_FAILURE);

	/*
	* Certify that the DCE Security Server used to set
	* up and validate a login context is legitimate. Makes
	* sure that we didn't get spoofed by another DCE server.
	*/
	if (!sec_login_certify_identity(login_context, &status)) {
	(void) fprintf(stderr, "Whoa! Bogus authentication server!\n");
	(void) check_dce_status(status,"sec_login_certify_identity(1):");
	return(AUTH_FAILURE);
	}
	if (check_dce_status(status, "sec_login_certify_identity(2):"))
	return(AUTH_FAILURE);

	/*
	* Sets the network credentials to those specified
	* by the now validated login context.
	*/
	sec_login_set_context(login_context, &status);
	if (check_dce_status(status, "sec_login_set_context:"))
	return(AUTH_FAILURE);

	/*
	* Oops, your credentials were no good. Possibly
	* caused by clock times out of adjustment between
	* DCE client and DCE security server...
	*/
	if (auth_src != sec_login_auth_src_network) {
	(void) fprintf(stderr,
	"You have no network credentials.\n");
	return(AUTH_FAILURE);
	}
	/* Check if the password has aged and is thus no good */
	if (reset_passwd) {
	(void) fprintf(stderr,
	"Your DCE password needs resetting.\n");
	return(AUTH_FAILURE);
	}

	/*
	* We should be a valid user by this point. Pull the
	* user's password structure from the DCE security
	* server just to make sure. If we get it with no
	* problems, then we really are legitimate...
	*/
	sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
	&status);
	if (check_dce_status(status, "sec_login_get_pwent:"))
	return(AUTH_FAILURE);

	/*
	* If we get to here, then the pwent above properly fetched
	* the password structure from the DCE registry, so the user
	* must be valid. We don't really care what the user's
	* registry password is, just that the user could be
	* validated. In fact, if we tried to compare the local
	* password to the DCE entry at this point, the operation
	* would fail if the hidden password feature is turned on,
	* because the password field would contain an asterisk.
	* Also go ahead and destroy the user's DCE login context
	* before we leave here (and don't bother checking the
	* status), in order to clean up credentials files in
	* /opt/dcelocal/var/security/creds. By doing this, we are
	* assuming that the user will not need DCE authentication
	* later in the program, only local authentication. If this
	* is not true, then the login_context will have to be
	* returned to the calling program, and the context purged
	* somewhere later in the program.
	*/
	sec_login_purge_context(&login_context, &status);
	return(AUTH_SUCCESS);
	} else {
	if(check_dce_status(status, "sec_login_validate_identity(2):"))
	return(AUTH_FAILURE);
	sec_login_purge_context(&login_context, &status);
	if(check_dce_status(status, "sec_login_purge_context:"))
	return(AUTH_FAILURE);
	}
	}
	(void) check_dce_status(status, "sec_login_setup_identity(2):");
	return(AUTH_FAILURE);
	}

	/* Returns 0 for DCE "ok" status, 1 otherwise */
	static int
	check_dce_status(input_status, comment)
	error_status_t input_status;
	char *comment;
	{
	int error_stat;
	unsigned char error_string[dce_c_error_string_len];

	if (input_status == rpc_s_ok)
	return(0);
	dce_error_inq_text(input_status, error_string, &error_stat);
	(void) fprintf(stderr, "%s %s\n", comment, error_string);
	return(1);
	}