void
session_setup_sia(struct passwd *pw, char *tty)
{
SIAENTITY *ent = NULL;
const char *host;
host = get_canonical_hostname(options.verify_reverse_mapping);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty,
0, NULL) != SIASUCCESS)
fatal("sia_ses_init failed");
if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
sia_ses_release(&ent);
fatal("sia_make_entity_pwd failed");
}
ent->authtype = SIA_A_NONE;
if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
fatal("Couldn't establish session for %s from %s",
pw->pw_name, host);
if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
fatal("Couldn't launch session for %s from %s", pw->pw_name,
host);
sia_ses_release(&ent);
if (setreuid(geteuid(), geteuid()) < 0)
fatal("setreuid: %s", strerror(errno));
}
int
auth_sia_password(Authctxt *authctxt, char *pass)
{
int ret;
SIAENTITY *ent = NULL;
const char *host;
host = get_canonical_hostname(options.verify_reverse_mapping);
if (!authctxt->user || !pass || pass[0] == '\0')
return(0);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,
NULL, 0, NULL) != SIASUCCESS)
return(0);
if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
error("Couldn't authenticate %s from %s", authctxt->user,
host);
if (ret & SIASTOP)
sia_ses_release(&ent);
return(0);
}
sia_ses_release(&ent);
return(1);
}
void
session_setup_sia(struct passwd *pw, char *tty)
{
SIAENTITY *ent = NULL;
const char *host;
host = get_canonical_hostname(options.use_dns);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name,
tty, 0, NULL) != SIASUCCESS)
fatal("sia_ses_init failed");
if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
sia_ses_release(&ent);
fatal("sia_make_entity_pwd failed");
}
ent->authtype = SIA_A_NONE;
if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
fatal("Couldn't establish session for %s from %s",
pw->pw_name, host);
if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
fatal("Couldn't launch session for %s from %s",
pw->pw_name, host);
sia_ses_release(&ent);
setuid(0);
permanently_set_uid(pw);
}
int
sia_cleanup(struct passwd *pw, sudo_auth *auth)
{
SIAENTITY *siah = (SIAENTITY *) auth->data;
(void) sia_ses_release(&siah);
return AUTH_SUCCESS;
}
void
session_setup_sia(char *user, char *tty)
{
struct passwd *pw;
SIAENTITY *ent = NULL;
const char *host;
host = get_canonical_hostname (options.verify_reverse_mapping);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0,
NULL) != SIASUCCESS) {
fatal("sia_ses_init failed");
}
if ((pw = getpwnam(user)) == NULL) {
sia_ses_release(&ent);
fatal("getpwnam: no user: %s", user);
}
if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
sia_ses_release(&ent);
fatal("sia_make_entity_pwd failed");
}
ent->authtype = SIA_A_NONE;
if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) {
fatal("Couldn't establish session for %s from %s", user,
host);
}
if (setpriority(PRIO_PROCESS, 0, 0) == -1) {
sia_ses_release(&ent);
fatal("setpriority: %s", strerror (errno));
}
if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) {
fatal("Couldn't launch session for %s from %s", user, host);
}
sia_ses_release(&ent);
if (setreuid(geteuid(), geteuid()) < 0) {
fatal("setreuid: %s", strerror(errno));
}
}
int
my_sia_validate_user(sia_collect_func_t *collect, /* communication routine */
int argc,
char **argv,
char *hostname, /* remote host (or user@host) info */
char *username,
char *tty, /* ttyname() or X display (if any) */
int colinput, /* can call collect() for input */
char *gssapi,
char *passphrase) /* pre-gathered passphrase (bad) */
{
SIAENTITY *ent = NULL;
int status;
status = sia_ses_init(&ent, argc, argv,
hostname, username, tty, colinput, gssapi);
if (status != SIASUCCESS || !ent)
return SIAFAIL;
status = sia_ses_authent(collect, passphrase, ent);
(void) sia_ses_release(&ent);
return status;
}
