sudo/plugins/sudoers/auth/sia.c

/*
 * SPDX-License-Identifier: ISC
 *
 * Copyright (c) 1999-2005, 2007, 2010-2015
 *	Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Sponsored in part by the Defense Advanced Research Projects
 * Agency (DARPA) and Air Force Research Laboratory, Air Force
 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
 */

/*
 * This is an open source non-commercial project. Dear PVS-Studio, please check it.
 * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
 */

#include <config.h>

#ifdef HAVE_SIA_SES_INIT

#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
#include <signal.h>
#include <siad.h>

#include "sudoers.h"
#include "sudo_auth.h"

static char **sudo_argv;
static int sudo_argc;

int
sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
{
    SIAENTITY *siah;
    int i;
    debug_decl(sudo_sia_setup, SUDOERS_DEBUG_AUTH);

    /* Rebuild argv for sia_ses_init() */
    sudo_argc = NewArgc + 1;
    sudo_argv = reallocarray(NULL, sudo_argc + 1, sizeof(char *));
    if (sudo_argv == NULL) {
	log_warningx(0, N_("unable to allocate memory"));
	debug_return_int(AUTH_FATAL);
    }
    sudo_argv[0] = "sudo";
    for (i = 0; i < NewArgc; i++)
	sudo_argv[i + 1] = NewArgv[i];
    sudo_argv[sudo_argc] = NULL;

    /* We don't let SIA prompt the user for input. */
    if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 0, NULL) != SIASUCCESS) {
	log_warning(0, N_("unable to initialize SIA session"));
	debug_return_int(AUTH_FATAL);
    }

    auth->data = siah;
    debug_return_int(AUTH_SUCCESS);
}

int
sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth,
    struct sudo_conv_callback *callback)
{
    SIAENTITY *siah = auth->data;
    char *pass;
    int rc;
    debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH);

    /* Get password, return AUTH_INTR if we got ^C */
    pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
    if (pass == NULL)
	debug_return_int(AUTH_INTR);

    /* Check password and zero out plaintext copy. */
    rc = sia_ses_authent(NULL, pass, siah);
    freezero(pass, strlen(pass));

    if (rc == SIASUCCESS)
	debug_return_int(AUTH_SUCCESS);
    if (ISSET(rc, SIASTOP))
	debug_return_int(AUTH_FATAL);
    debug_return_int(AUTH_FAILURE);
}

int
sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
{
    SIAENTITY *siah = auth->data;
    debug_decl(sudo_sia_cleanup, SUDOERS_DEBUG_AUTH);

    (void) sia_ses_release(&siah);
    auth->data = NULL;
    free(sudo_argv);
    debug_return_int(AUTH_SUCCESS);
}

int
sudo_sia_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
{
    SIAENTITY *siah;
    int status = AUTH_FATAL;
    debug_decl(sudo_sia_begin_session, SUDOERS_DEBUG_AUTH);

    /* Re-init sia for the target user's session. */
    if (sia_ses_init(&siah, NewArgc, NewArgv, NULL, pw->pw_name, user_ttypath, 0, NULL) != SIASUCCESS) {
	log_warning(0, N_("unable to initialize SIA session"));
	goto done;
    }

    if (sia_make_entity_pwd(pw, siah) != SIASUCCESS) {
	sudo_warn("sia_make_entity_pwd");
	goto done;
    }

    status = AUTH_FAILURE;		/* no more fatal errors. */

    siah->authtype = SIA_A_NONE;
    if (sia_ses_estab(sia_collect_trm, siah) != SIASUCCESS) {
	sudo_warn("sia_ses_estab");
	goto done;
    }

    if (sia_ses_launch(sia_collect_trm, siah) != SIASUCCESS) {
	sudo_warn("sia_ses_launch");
	goto done;
    }

    status = AUTH_SUCCESS;

done:
    (void) sia_ses_release(&siah);
    debug_return_int(status);
}

#endif /* HAVE_SIA_SES_INIT */
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`/*`
Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00			`* SPDX-License-Identifier: ISC`
			`*`
Go back to a 2 args debug_decl and just use the "default" instance, now renamed "active". 2015-02-01 08:24:49 -07:00			`* Copyright (c) 1999-2005, 2007, 2010-2015`
update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00			`* Todd C. Miller <Todd.Miller@sudo.ws>`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`*`
More to a less restrictive, ISC-style license. 2004-02-13 21:36:49 +00:00			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR`
			`* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN`
			`* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF`
			`* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
add DARPA credit on affected files 2003-04-16 00:42:10 +00:00			`*`
			`* Sponsored in part by the Defense Advanced Research Projects`
			`* Agency (DARPA) and Air Force Research Laboratory, Air Force`
			`* Materiel Command, USAF, under agreement number F39502-99-1-0512.`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`*/`

Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00			`/*`
			`* This is an open source non-commercial project. Dear PVS-Studio, please check it.`
			`* PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com`
			`*/`
Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Use: #include <config.h> Not: #include "config.h" That way we get the correct config.h when build dir != src dir 2004-11-19 18:39:14 +00:00			`#include <config.h>`
SIA support for digital unix 1999-07-11 09:37:19 +00:00
Add target for "make splint". A few files need extra guards to avoid errors on systems where they would not otherwise be compiled. No warnings from splint. 2015-05-21 11:07:13 -06:00			`#ifdef HAVE_SIA_SES_INIT`

o Reorder some headers and use STDC_HEADERS define properly o Update copyright year 2001-12-14 19:52:54 +00:00			`#include <sys/types.h>`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`#include <stdio.h>`
We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00			`#include <stdlib.h>`
Include string.h unconditionally and only use strings.h for strn?casecmp() In the pre-POSIX days BSD had strings.h, not string.h. Now strings.h is only used for non-ANSI string functions. 2020-05-18 07:59:24 -06:00			`#include <string.h>`
There's no need to conditionalize the #include <unistd.h>, we require a POSIX system. 2015-07-02 09:08:28 -06:00			`#include <unistd.h>`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`#include <pwd.h>`
Block SIGINT and SIGQUIT while verifying passwords so that authentication modules that use sleep() are not interrupted. If the user interrupted authentication, exit the loop. 2014-09-27 10:16:31 -06:00			`#include <signal.h>`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`#include <siad.h>`

Initial bits of sudoers plugin; still needs work. 2010-03-14 19:58:47 -04:00			`#include "sudoers.h"`
Fix an uninitialized variable and some cleanup. Now works (tested) 1999-07-11 10:43:42 +00:00			`#include "sudo_auth.h"`
SIA support for digital unix 1999-07-11 09:37:19 +00:00
Fix SIA support; we no longer have access to the real argc and argv so allocate space for a fake one and use the argv passed to the plugin with "sudo" for argv[0]. 2011-04-26 09:51:34 -04:00			`static char **sudo_argv;`
			`static int sudo_argc;`
SIA support for digital unix 1999-07-11 09:37:19 +00:00
			`int`
Prefix authentication functions with a "sudo_" prefix to avoid namespace problems. 2011-11-13 11:46:39 -05:00			`sudo_sia_setup(struct passwd pw, char promptp, sudo_auth auth)`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`{`
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`SIAENTITY *siah;`
Fix SIA support; we no longer have access to the real argc and argv so allocate space for a fake one and use the argv passed to the plugin with "sudo" for argv[0]. 2011-04-26 09:51:34 -04:00			`int i;`
debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00			`debug_decl(sudo_sia_setup, SUDOERS_DEBUG_AUTH);`
SIA support for digital unix 1999-07-11 09:37:19 +00:00
Fix SIA support; we no longer have access to the real argc and argv so allocate space for a fake one and use the argv passed to the plugin with "sudo" for argv[0]. 2011-04-26 09:51:34 -04:00			`/* Rebuild argv for sia_ses_init() */`
			`sudo_argc = NewArgc + 1;`
Use reallocarray() instead of sudo_emallocarray() and return an error on allocation failure. 2015-05-20 10:59:03 -06:00			`sudo_argv = reallocarray(NULL, sudo_argc + 1, sizeof(char *));`
			`if (sudo_argv == NULL) {`
Use non-exiting allocatings in the sudoers plugin. 2015-06-17 06:49:59 -06:00			`log_warningx(0, N_("unable to allocate memory"));`
Use reallocarray() instead of sudo_emallocarray() and return an error on allocation failure. 2015-05-20 10:59:03 -06:00			`debug_return_int(AUTH_FATAL);`
			`}`
Fix SIA support; we no longer have access to the real argc and argv so allocate space for a fake one and use the argv passed to the plugin with "sudo" for argv[0]. 2011-04-26 09:51:34 -04:00			`sudo_argv[0] = "sudo";`
			`for (i = 0; i < NewArgc; i++)`
			`sudo_argv[i + 1] = NewArgv[i];`
			`sudo_argv[sudo_argc] = NULL;`

Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`/* We don't let SIA prompt the user for input. */`
			`if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 0, NULL) != SIASUCCESS) {`
Rename log_warning flags and only send mail if SLOG_SEND_MAIL is set instead of mailing by default like we used to. 2014-05-02 20:54:01 -06:00			`log_warning(0, N_("unable to initialize SIA session"));`
Add debug_decl/debug_return (almost) everywhere. Remove old sudo_debug() and convert users to sudo_debug_printf(). 2011-10-22 14:40:21 -04:00			`debug_return_int(AUTH_FATAL);`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`}`

Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`auth->data = siah;`
Add debug_decl/debug_return (almost) everywhere. Remove old sudo_debug() and convert users to sudo_debug_printf(). 2011-10-22 14:40:21 -04:00			`debug_return_int(AUTH_SUCCESS);`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`}`

			`int`
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`sudo_sia_verify(struct passwd pw, char prompt, sudo_auth *auth,`
			`struct sudo_conv_callback *callback)`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`{`
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`SIAENTITY *siah = auth->data;`
			`char *pass;`
			`int rc;`
debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00			`debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH);`
Fix an uninitialized variable and some cleanup. Now works (tested) 1999-07-11 10:43:42 +00:00
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`/* Get password, return AUTH_INTR if we got ^C */`
Store passwd_timeout and timestamp_timeout as a struct timespec instead of as a float. Remove timeout argument to auth_getpass() as it was never used. 2018-01-22 12:18:48 -07:00			`pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);`
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`if (pass == NULL)`
			`debug_return_int(AUTH_INTR);`

			`/* Check password and zero out plaintext copy. */`
			`rc = sia_ses_authent(NULL, pass, siah);`
Use OpenBSD-compatible freezero() in place of explicit_bzero() + free() 2020-08-10 19:24:33 -06:00			`freezero(pass, strlen(pass));`
SIA support for digital unix 1999-07-11 09:37:19 +00:00
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`if (rc == SIASUCCESS)`
Add debug_decl/debug_return (almost) everywhere. Remove old sudo_debug() and convert users to sudo_debug_printf(). 2011-10-22 14:40:21 -04:00			`debug_return_int(AUTH_SUCCESS);`
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`if (ISSET(rc, SIASTOP))`
			`debug_return_int(AUTH_FATAL);`
			`debug_return_int(AUTH_FAILURE);`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`}`

			`int`
Add a force flag to sudo_auth_cleanup() to force immediate cleanup. This is used for PAM authentication to make sure pam_end() is called via sudo_auth_cleanup() when the user authenticates successfully but sudoers denies the command. Debian bug #669687 2020-04-01 14:41:38 -06:00			`sudo_sia_cleanup(struct passwd pw, sudo_auth auth, bool force)`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`{`
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`SIAENTITY *siah = auth->data;`
debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00			`debug_decl(sudo_sia_cleanup, SUDOERS_DEBUG_AUTH);`
SIA support for digital unix 1999-07-11 09:37:19 +00:00
			`(void) sia_ses_release(&siah);`
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`auth->data = NULL;`
Use reallocarray() instead of sudo_emallocarray() and return an error on allocation failure. 2015-05-20 10:59:03 -06:00			`free(sudo_argv);`
Add debug_decl/debug_return (almost) everywhere. Remove old sudo_debug() and convert users to sudo_debug_printf(). 2011-10-22 14:40:21 -04:00			`debug_return_int(AUTH_SUCCESS);`
SIA support for digital unix 1999-07-11 09:37:19 +00:00			`}`
Add target for "make splint". A few files need extra guards to avoid errors on systems where they would not otherwise be compiled. No warnings from splint. 2015-05-21 11:07:13 -06:00
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00			`int`
			`sudo_sia_begin_session(struct passwd pw, char user_envp[], sudo_auth auth)`
			`{`
			`SIAENTITY *siah;`
			`int status = AUTH_FATAL;`
debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00			`debug_decl(sudo_sia_begin_session, SUDOERS_DEBUG_AUTH);`
Use the auth_getpass (and the plugin conversation fuction) for Tru64 SIA. This prevents sudo from sleeping while holding the tty ticket lock. 2015-10-06 10:25:53 -06:00
			`/* Re-init sia for the target user's session. */`
			`if (sia_ses_init(&siah, NewArgc, NewArgv, NULL, pw->pw_name, user_ttypath, 0, NULL) != SIASUCCESS) {`
			`log_warning(0, N_("unable to initialize SIA session"));`
			`goto done;`
			`}`

			`if (sia_make_entity_pwd(pw, siah) != SIASUCCESS) {`
			`sudo_warn("sia_make_entity_pwd");`
			`goto done;`
			`}`

			`status = AUTH_FAILURE; /* no more fatal errors. */`

			`siah->authtype = SIA_A_NONE;`
			`if (sia_ses_estab(sia_collect_trm, siah) != SIASUCCESS) {`
			`sudo_warn("sia_ses_estab");`
			`goto done;`
			`}`

			`if (sia_ses_launch(sia_collect_trm, siah) != SIASUCCESS) {`
			`sudo_warn("sia_ses_launch");`
			`goto done;`
			`}`

			`status = AUTH_SUCCESS;`

			`done:`
			`(void) sia_ses_release(&siah);`
			`debug_return_int(status);`
			`}`

Add target for "make splint". A few files need extra guards to avoid errors on systems where they would not otherwise be compiled. No warnings from splint. 2015-05-21 11:07:13 -06:00			`#endif /* HAVE_SIA_SES_INIT */`