From e521196b8c745d46dc01fef321d6fe376855c736 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 20 Nov 1995 03:24:09 +0000 Subject: now smells like sudo --- dce_pwent.c | 167 ++++++++++++++++++++++++++++++++---------------------------- 1 file changed, 89 insertions(+), 78 deletions(-) (limited to 'dce_pwent.c') diff --git a/dce_pwent.c b/dce_pwent.c index 2513d45dc..6fd5908c9 100644 --- a/dce_pwent.c +++ b/dce_pwent.c @@ -16,6 +16,7 @@ #ifdef HAVE_DCE #include +#include #include #include #include @@ -25,91 +26,101 @@ static int error_stat; static unsigned char error_string[dce_c_error_string_len]; int check(error_status_t input_status, char *comment); -void exit(); -int dce_pwent(char *username, char *plain_pw) -/* returns 1 ("true") if user is a valid DCE principal, 0 otherwise */ +/* returns 1 (true) if user is a valid DCE principal, 0 (false) otherwise */ +int dce_pwent(username, plain_pw) + char *username; + char *plain_pw; { - struct passwd *pwd; - sec_passwd_rec_t password_rec; - sec_login_handle_t login_context; - boolean32 reset_passwd; - sec_login_auth_src_t auth_src; - error_status_t status; - unsigned32 nbytes; - - if(sec_login_setup_identity((unsigned_char_p_t) username, - sec_login_no_flags,&login_context,&status)) - { - if(check(status,"sec_login_setup_identity(1):")) return(0); - - password_rec.key.key_type = sec_passwd_plain; - password_rec.key.tagged_union.plain = (idl_char *) plain_pw; - - if(sec_login_validate_identity(login_context,&password_rec, - &reset_passwd,&auth_src,&status)) - { - if(check(status,"sec_login_validate_identity(1):")) return(0); - - if(!sec_login_certify_identity(login_context,&status)) - { - fprintf(stderr,"Whoa! Bogus authentication server!\n"); - (void) check(status,"sec_login_certify_identity(1):"); - return(0); - } - if(check(status,"sec_login_certify_identity(2):")) return(0); - - sec_login_set_context(login_context,&status); - if(check(status,"sec_login_set_context:")) return(0); - - if(auth_src != sec_login_auth_src_network) - { - fprintf(stderr,"You have no network credentials\n"); - return(0); - } - if(reset_passwd) - { - fprintf(stderr,"Your DCE password needs resetting\n"); - return(0); - } - - /* malloc space for passwd structure */ - nbytes = sizeof(struct passwd); - if((pwd = (struct passwd *) malloc(nbytes)) == NULL) - { - fprintf(stderr,"malloc for passwd struct failed\n"); - return(0);; - } - sec_login_get_pwent(login_context,&pwd,&status); - free(pwd); - if(check(status,"sec_login_get_pwent:")) return(0); - - /* if we get to here, then the pwent above */ - /* properly fetched the password structure */ - /* from the DCE registry, so the user must */ - /* be valid. We don't really care what */ - /* the user's registry password is, just */ - /* that the user could be validated.... */ - return(1); - } - else - { - if(check(status,"sec_login_validate_identity(2):")) return(0); - sec_login_purge_context(&login_context,&status); - if(check(status,"sec_login_purge_context:")) return(0); - } + struct passwd *pwd; + sec_passwd_rec_t password_rec; + sec_login_handle_t login_context; + boolean32 reset_passwd; + sec_login_auth_src_t auth_src; + error_status_t status; + unsigned32 nbytes; + + if(sec_login_setup_identity((unsigned_char_p_t) username, + sec_login_no_flags, &login_context, &status)) { + + if (check(status, "sec_login_setup_identity(1):")) + return(0); + + password_rec.key.key_type = sec_passwd_plain; + password_rec.key.tagged_union.plain = (idl_char *) plain_pw; + + if(sec_login_validate_identity(login_context, &password_rec, + &reset_passwd, &auth_src, &status)) { + + if (check(status, "sec_login_validate_identity(1):")) + return(0); + + if (!sec_login_certify_identity(login_context, &status)) { + (void) fprintf(stderr, "Whoa! Bogus authentication server!\n"); + (void) check(status, "sec_login_certify_identity(1):"); + return(0); + } + + if(check(status, "sec_login_certify_identity(2):")) + return(0); + + (void) sec_login_set_context(login_context, &status); + if (check(status, "sec_login_set_context:")) + return(0); + + if (auth_src != sec_login_auth_src_network) { + (void) fprintf(stderr, "You have no network credentials\n"); + return(0); + } + if (reset_passwd) { + (void) fprintf(stderr, "Your DCE password needs resetting\n"); + return(0); + } + + /* malloc space for passwd structure */ + nbytes = sizeof(struct passwd); + if((pwd = (struct passwd *) malloc(nbytes)) == NULL) { + (void) fprintf(stderr, "malloc for passwd struct failed\n"); + return(0);; + } + (void) sec_login_get_pwent(login_context, &pwd, &status); + (void) free(pwd); + + if (check(status, "sec_login_get_pwent:")) + return(0); + + /* if we get to here, then the pwent above */ + /* properly fetched the password structure */ + /* from the DCE registry, so the user must */ + /* be valid. We don't really care what */ + /* the user's registry password is, just */ + /* that the user could be validated.... */ + return(1); + } else { + if (check(status, "sec_login_validate_identity(2):")) + return(0); + sec_login_purge_context(&login_context, &status); + if (check(status, "sec_login_purge_context:")) + return(0); } - if(check(status,"sec_login_setup_identity(2):")) return(0); + } + if (check(status, "sec_login_setup_identity(2):")) return(0); + + return(0); } -int check(error_status_t input_status, char *comment) -/* returns 1 (aka, true) for DCE "ok" status, 0 otherwise */ +/* returns 1 (true) for DCE "ok" status, 0 (false) otherwise */ +int check(input_status, comment) + error_status_t input_status; + char *comment; { - if(input_status == rpc_s_ok) return(0); - dce_error_inq_text(input_status, error_string, &error_stat); - fprintf(stderr, "%s %s\n", comment, error_string); - return(1); + if (input_status == rpc_s_ok) + return(0); + (void) dce_error_inq_text(input_status, error_string, &error_stat); + (void) fprintf(stderr, "%s %s\n", comment, error_string); + + return(1); } #endif /* HAVE_DCE */ -- cgit v1.2.1