51
51
static sudo_auth auth_switch[] = {
52
52
/* Standalone entries first */
54
AUTH_ENTRY("pam", FLAG_STANDALONE, pam_init, NULL, pam_verify, pam_cleanup, pam_begin_session, pam_end_session)
54
AUTH_ENTRY("pam", FLAG_STANDALONE, sudo_pam_init, NULL, sudo_pam_verify, sudo_pam_cleanup, sudo_pam_begin_session, sudo_pam_end_session)
56
56
#ifdef HAVE_SECURID
57
AUTH_ENTRY("SecurId", FLAG_STANDALONE, securid_init, securid_setup, securid_verify, NULL, NULL, NULL)
57
AUTH_ENTRY("SecurId", FLAG_STANDALONE, sudo_securid_init, sudo_securid_setup, sudo_securid_verify, NULL, NULL, NULL)
59
59
#ifdef HAVE_SIA_SES_INIT
60
AUTH_ENTRY("sia", FLAG_STANDALONE, NULL, sia_setup, sia_verify, sia_cleanup, NULL, NULL)
60
AUTH_ENTRY("sia", FLAG_STANDALONE, NULL, sudo_sia_setup, sudo_sia_verify, sudo_sia_cleanup, NULL, NULL)
62
62
#ifdef HAVE_AIXAUTH
63
AUTH_ENTRY("aixauth", FLAG_STANDALONE, NULL, NULL, aixauth_verify, aixauth_cleanup, NULL, NULL)
63
AUTH_ENTRY("aixauth", FLAG_STANDALONE, NULL, NULL, sudo_aix_verify, sudo_aix_cleanup, NULL, NULL)
66
AUTH_ENTRY("fwtk", FLAG_STANDALONE, fwtk_init, NULL, fwtk_verify, fwtk_cleanup, NULL, NULL)
66
AUTH_ENTRY("fwtk", FLAG_STANDALONE, sudo_fwtk_init, NULL, sudo_fwtk_verify, sudo_fwtk_cleanup, NULL, NULL)
68
68
#ifdef HAVE_BSD_AUTH_H
69
69
AUTH_ENTRY("bsdauth", FLAG_STANDALONE, bsdauth_init, NULL, bsdauth_verify, bsdauth_cleanup, NULL, NULL)
72
72
/* Non-standalone entries */
73
73
#ifndef WITHOUT_PASSWD
74
AUTH_ENTRY("passwd", 0, passwd_init, NULL, passwd_verify, passwd_cleanup, NULL, NULL)
74
AUTH_ENTRY("passwd", 0, sudo_passwd_init, NULL, sudo_passwd_verify, sudo_passwd_cleanup, NULL, NULL)
76
76
#if defined(HAVE_GETPRPWNAM) && !defined(WITHOUT_PASSWD)
77
AUTH_ENTRY("secureware", 0, secureware_init, NULL, secureware_verify, secureware_cleanup, NULL, NULL)
77
AUTH_ENTRY("secureware", 0, sudo_secureware_init, NULL, sudo_secureware_verify, sudo_secureware_cleanup, NULL, NULL)
80
AUTH_ENTRY("afs", 0, NULL, NULL, afs_verify, NULL, NULL, NULL)
80
AUTH_ENTRY("afs", 0, NULL, NULL, sudo_afs_verify, NULL, NULL, NULL)
83
AUTH_ENTRY("dce", 0, NULL, NULL, dce_verify, NULL, NULL, NULL)
86
AUTH_ENTRY("kerb4", 0, kerb4_init, NULL, kerb4_verify, NULL, NULL, NULL)
83
AUTH_ENTRY("dce", 0, NULL, NULL, sudo_dce_verify, NULL, NULL, NULL)
89
AUTH_ENTRY("kerb5", 0, kerb5_init, kerb5_setup, kerb5_verify, kerb5_cleanup, NULL, NULL)
86
AUTH_ENTRY("kerb5", 0, sudo_krb5_init, sudo_krb5_setup, sudo_krb5_verify, sudo_krb5_cleanup, NULL, NULL)
92
AUTH_ENTRY("S/Key", 0, NULL, rfc1938_setup, rfc1938_verify, NULL, NULL, NULL)
89
AUTH_ENTRY("S/Key", 0, NULL, sudo_rfc1938_setup, sudo_rfc1938_verify, NULL, NULL, NULL)
95
AUTH_ENTRY("OPIE", 0, NULL, rfc1938_setup, rfc1938_verify, NULL, NULL, NULL)
92
AUTH_ENTRY("OPIE", 0, NULL, sudo_rfc1938_setup, sudo_rfc1938_verify, NULL, NULL, NULL)
97
94
AUTH_ENTRY(NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL)
110
107
int status = AUTH_SUCCESS;
108
debug_decl(sudo_auth_init, SUDO_DEBUG_AUTH)
112
110
if (auth_switch[0].name == NULL)
111
debug_return_int(true);
115
113
/* Make sure we haven't mixed standalone and shared auth methods. */
116
114
standalone = IS_STANDALONE(&auth_switch[0]);
117
115
if (standalone && auth_switch[1].name != NULL) {
118
116
audit_failure(NewArgv, "invalid authentication methods");
119
log_error(0, _("Invalid authentication methods compiled into sudo! "
117
log_fatal(0, _("Invalid authentication methods compiled into sudo! "
120
118
"You may mix standalone and non-standalone authentication."));
119
debug_return_int(-1);
124
122
/* Set FLAG_ONEANDONLY if there is only one auth method. */
285
debug_return_int(rval);
289
sudo_auth_begin_session(struct passwd *pw)
289
sudo_auth_begin_session(struct passwd *pw, char **user_env[])
293
debug_decl(auth_begin_session, SUDO_DEBUG_AUTH)
294
295
for (auth = auth_switch; auth->name; auth++) {
295
296
if (auth->begin_session && !IS_DISABLED(auth)) {
296
status = (auth->begin_session)(pw, auth);
297
status = (auth->begin_session)(pw, user_env, auth);
297
298
if (status == AUTH_FATAL) {
299
300
audit_failure(NewArgv, "authentication failure");
300
return -1; /* assume error msg already printed */
301
debug_return_bool(-1); /* assume error msg already printed */
305
debug_return_bool(true);
313
debug_decl(auth_end_session, SUDO_DEBUG_AUTH)
313
315
for (auth = auth_switch; auth->name; auth++) {
314
316
if (auth->end_session && !IS_DISABLED(auth)) {
315
317
status = (auth->end_session)(pw, auth);
316
318
if (status == AUTH_FATAL) {
318
return -1; /* assume error msg already printed */
320
debug_return_bool(-1); /* assume error msg already printed */
324
debug_return_bool(true);
328
330
const char *warning = def_badpass_message;
331
debug_decl(pass_warn, SUDO_DEBUG_AUTH)
332
335
warning = INSULT;
334
337
sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", warning);
356
362
memset(&repl, 0, sizeof(repl));
357
363
sudo_conv(1, &msg, &repl);
358
364
/* XXX - check for ENOTTY? */
365
debug_return_str_masked(repl.reply);
363
369
dump_auth_methods(void)
372
debug_decl(dump_auth_methods, SUDO_DEBUG_AUTH)
367
374
sudo_printf(SUDO_CONV_INFO_MSG, _("Authentication methods:"));
368
375
for (auth = auth_switch; auth->name; auth++)
369
376
sudo_printf(SUDO_CONV_INFO_MSG, " '%s'", auth->name);
370
377
sudo_printf(SUDO_CONV_INFO_MSG, "\n");