/*
* Standard sudo lecture.
*/
static void
lecture(int status)
{
FILE *fp;
char buf[BUFSIZ];
ssize_t nread;
struct sudo_conv_message msg;
struct sudo_conv_reply repl;
debug_decl(lecture, SUDO_DEBUG_AUTH)
if (def_lecture == never ||
(def_lecture == once && status != TS_MISSING && status != TS_ERROR))
debug_return;
memset(&msg, 0, sizeof(msg));
memset(&repl, 0, sizeof(repl));
if (def_lecture_file && (fp = fopen(def_lecture_file, "r")) != NULL) {
while ((nread = fread(buf, sizeof(char), sizeof(buf) - 1, fp)) != 0) {
buf[nread] = '\0';
msg.msg_type = SUDO_CONV_ERROR_MSG;
msg.msg = buf;
sudo_conv(1, &msg, &repl);
}
fclose(fp);
} else {
msg.msg_type = SUDO_CONV_ERROR_MSG;
msg.msg = _(DEFAULT_LECTURE);
sudo_conv(1, &msg, &repl);
}
debug_return;
}
/*
* Display sudo lecture (standard or custom).
* Returns true if the user was lectured, else false.
*/
static bool
display_lecture(int status)
{
FILE *fp;
char buf[BUFSIZ];
ssize_t nread;
struct sudo_conv_message msg;
struct sudo_conv_reply repl;
debug_decl(lecture, SUDO_DEBUG_AUTH)
if (def_lecture == never ||
(def_lecture == once && already_lectured(status)))
debug_return_bool(false);
memset(&msg, 0, sizeof(msg));
memset(&repl, 0, sizeof(repl));
if (def_lecture_file && (fp = fopen(def_lecture_file, "r")) != NULL) {
while ((nread = fread(buf, sizeof(char), sizeof(buf) - 1, fp)) != 0) {
buf[nread] = '\0';
msg.msg_type = SUDO_CONV_ERROR_MSG;
msg.msg = buf;
sudo_conv(1, &msg, &repl);
}
fclose(fp);
} else {
msg.msg_type = SUDO_CONV_ERROR_MSG;
msg.msg = _("\n"
"We trust you have received the usual lecture from the local System\n"
"Administrator. It usually boils down to these three things:\n\n"
" #1) Respect the privacy of others.\n"
" #2) Think before you type.\n"
" #3) With great power comes great responsibility.\n\n");
sudo_conv(1, &msg, &repl);
}
debug_return_bool(true);
}
static int
output(const char *buf)
{
struct sudo_conv_message msg;
struct sudo_conv_reply repl;
/* Call conversation function */
memset(&msg, 0, sizeof(msg));
msg.msg_type = SUDO_CONV_INFO_MSG;
msg.msg = buf;
memset(&repl, 0, sizeof(repl));
if (sudo_conv(1, &msg, &repl) == -1)
return 0;
return (int)strlen(buf);
}
static int
output(const char *buf)
{
struct sudo_conv_message msg;
struct sudo_conv_reply repl;
debug_decl(output, SUDO_DEBUG_NSS)
/* Call conversation function */
memset(&msg, 0, sizeof(msg));
msg.msg_type = SUDO_CONV_INFO_MSG;
msg.msg = buf;
memset(&repl, 0, sizeof(repl));
if (sudo_conv(1, &msg, &repl) == -1)
debug_return_int(0);
debug_return_int(strlen(buf));
}
/*
* For a description of the AIX authentication API, see
* http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm
*/
int
sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
{
char *pass, *message = NULL;
int result = 1, reenter = 0;
int rval = AUTH_SUCCESS;
debug_decl(sudo_aix_verify, SUDO_DEBUG_AUTH)
do {
pass = auth_getpass(prompt, def_passwd_timeout * 60,
SUDO_CONV_PROMPT_ECHO_OFF);
if (pass == NULL)
break;
efree(message);
message = NULL;
result = authenticate(pw->pw_name, pass, &reenter, &message);
memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
prompt = message;
} while (reenter);
if (result != 0) {
/* Display error message, if any. */
if (message != NULL) {
struct sudo_conv_message msg;
struct sudo_conv_reply repl;
memset(&msg, 0, sizeof(msg));
msg.msg_type = SUDO_CONV_ERROR_MSG;
msg.msg = message;
memset(&repl, 0, sizeof(repl));
sudo_conv(1, &msg, &repl);
}
rval = pass ? AUTH_FAILURE : AUTH_INTR;
}
efree(message);
debug_return_int(rval);
}
char *
auth_getpass(const char *prompt, int timeout, int type)
{
struct sudo_conv_message msg;
struct sudo_conv_reply repl;
/* Mask user input if pwfeedback set and echo is off. */
if (type == SUDO_CONV_PROMPT_ECHO_OFF && def_pwfeedback)
type = SUDO_CONV_PROMPT_MASK;
/* If visiblepw set, do not error out if there is no tty. */
if (def_visiblepw)
type |= SUDO_CONV_PROMPT_ECHO_OK;
/* Call conversation function */
memset(&msg, 0, sizeof(msg));
msg.msg_type = type;
msg.timeout = def_passwd_timeout * 60;
msg.msg = prompt;
memset(&repl, 0, sizeof(repl));
sudo_conv(1, &msg, &repl);
/* XXX - check for ENOTTY? */
return repl.reply;
}