1 /*
2 * Copyright (c) 1999, 2001, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 *
16 * Sponsored in part by the Defense Advanced Research Projects
17 * Agency (DARPA) and Air Force Research Laboratory, Air Force
18 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
19 */
20
21 #include "config.h"
22
23 #include <sys/param.h>
24 #include <sys/types.h>
25 #include <stdio.h>
26 #ifdef STDC_HEADERS
27 # include <stdlib.h>
28 # include <stddef.h>
29 #else
30 # ifdef HAVE_STDLIB_H
31 # include <stdlib.h>
32 # endif
33 #endif /* STDC_HEADERS */
34 #ifdef HAVE_STRING_H
35 # include <string.h>
36 #else
37 # ifdef HAVE_STRINGS_H
38 # include <strings.h>
39 # endif
40 #endif /* HAVE_STRING_H */
41 #ifdef HAVE_UNISTD_H
42 # include <unistd.h>
43 #endif /* HAVE_UNISTD_H */
44 #include <pwd.h>
45
46 #include "sudo.h"
47 #include "sudo_auth.h"
48
49 #undef VOID
50 #include <afs/stds.h>
51 #include <afs/kautils.h>
52
53 #ifndef lint
54 static const char rcsid[] = "$Sudo: afs.c,v 1.10 2004/02/13 21:36:47 millert Exp $";
55 #endif /* lint */
56
57 int
afs_verify(pw,pass,auth)58 afs_verify(pw, pass, auth)
59 struct passwd *pw;
60 char *pass;
61 sudo_auth *auth;
62 {
63 struct ktc_encryptionKey afs_key;
64 struct ktc_token afs_token;
65
66 /* Try to just check the password */
67 ka_StringToKey(pass, NULL, &afs_key);
68 if (ka_GetAdminToken(pw->pw_name, /* name */
69 NULL, /* instance */
70 NULL, /* realm */
71 &afs_key, /* key (contains password) */
72 0, /* lifetime */
73 &afs_token, /* token */
74 0) == 0) /* new */
75 return(AUTH_SUCCESS);
76
77 /* Fall back on old method XXX - needed? */
78 setpag();
79 if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION+KA_USERAUTH_DOSETPAG,
80 pw->pw_name, /* name */
81 NULL, /* instance */
82 NULL, /* realm */
83 pass, /* password */
84 0, /* lifetime */
85 NULL, /* expiration ptr (unused) */
86 0, /* spare */
87 NULL) == 0) /* reason */
88 return(AUTH_SUCCESS);
89
90 return(AUTH_FAILURE);
91 }
92