예제 #1
0
파일: doas.c 프로젝트: slicer69/doas
static void
authuser(char *myname, char *login_style, int persist)
{
	char *challenge = NULL, *response, rbuf[1024], cbuf[128];
	auth_session_t *as;
	int fd = -1;

	if (persist)
		fd = open("/dev/tty", O_RDWR);
	if (fd != -1) {
		if (ioctl(fd, TIOCCHKVERAUTH) == 0)
			goto good;
	}

	if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
	    &challenge)))
		errx(1, "Authorization failed");
	if (!challenge) {
		char host[HOST_NAME_MAX + 1];
		if (gethostname(host, sizeof(host)))
			snprintf(host, sizeof(host), "?");
		snprintf(cbuf, sizeof(cbuf),
		    "\rdoas (%.32s@%.32s) password: "******"tty required for %s", myname);
		errx(1, "a tty is required");
	}
	if (!auth_userresponse(as, response, 0)) {
		syslog(LOG_AUTHPRIV | LOG_NOTICE,
		    "failed auth for %s", myname);
		errc(1, EPERM, NULL);
	}
	explicit_bzero(rbuf, sizeof(rbuf));
good:
	if (fd != -1) {
		int secs = 5 * 60;
		ioctl(fd, TIOCSETVERAUTH, &secs);
		close(fd);
	}
}
예제 #2
0
int
bsdauth_query(void *ctx, char **name, char **infotxt,
   u_int *numprompts, char ***prompts, u_int **echo_on)
{
	Authctxt *authctxt = ctx;
	char *challenge = NULL;

	*infotxt = NULL;
	*numprompts = 0;
	*prompts = NULL;
	*echo_on = NULL;

	if (authctxt->as != NULL) {
		debug2("bsdauth_query: try reuse session");
		challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
		if (challenge == NULL) {
			auth_close(authctxt->as);
			authctxt->as = NULL;
		}
	}

	if (challenge == NULL) {
		debug2("bsdauth_query: new bsd auth session");
		debug3("bsdauth_query: style %s",
		    authctxt->style ? authctxt->style : "<default>");
		authctxt->as = auth_userchallenge(authctxt->user,
		    authctxt->style, "auth-ssh", &challenge);
		if (authctxt->as == NULL)
			challenge = NULL;
		debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
	}

	if (challenge == NULL)
		return -1;

	*name = xstrdup("");
	*infotxt = xstrdup("");
	*numprompts = 1;
	*prompts = xcalloc(*numprompts, sizeof(char *));
	*echo_on = xcalloc(*numprompts, sizeof(u_int));
	(*prompts)[0] = xstrdup(challenge);

	return 0;
}
예제 #3
0
int
authhelp_go (void)
{
  auth_session_t *as;
  char *chal = NULL;
  char *pass;
  char *p;
  int res;

  as = auth_userchallenge (user, NULL, NULL, &chal);
  pass = authhelp_input (chal ? chal : "Password: ", 0);
  if (!as)
    return -1;
  res = auth_userresponse (as, pass, 0);
  xfree (pass);

  if ((p = strchr (user, ':')))
    *p = '\0';
  if (res)
    authhelp_approve (user, NULL);

  return res ? 0 : -1;
}