File: | src/lib/libc/gen/authenticate.c |
Warning: | line 227, column 7 Null pointer passed as 1st argument to string length function |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: authenticate.c,v 1.29 2021/10/24 21:24:20 deraadt Exp $ */ | |||
2 | ||||
3 | /*- | |||
4 | * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. | |||
5 | * | |||
6 | * Redistribution and use in source and binary forms, with or without | |||
7 | * modification, are permitted provided that the following conditions | |||
8 | * are met: | |||
9 | * 1. Redistributions of source code must retain the above copyright | |||
10 | * notice, this list of conditions and the following disclaimer. | |||
11 | * 2. Redistributions in binary form must reproduce the above copyright | |||
12 | * notice, this list of conditions and the following disclaimer in the | |||
13 | * documentation and/or other materials provided with the distribution. | |||
14 | * 3. All advertising materials mentioning features or use of this software | |||
15 | * must display the following acknowledgement: | |||
16 | * This product includes software developed by Berkeley Software Design, | |||
17 | * Inc. | |||
18 | * 4. The name of Berkeley Software Design, Inc. may not be used to endorse | |||
19 | * or promote products derived from this software without specific prior | |||
20 | * written permission. | |||
21 | * | |||
22 | * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND | |||
23 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||
24 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||
25 | * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE | |||
26 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||
27 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||
28 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||
29 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||
30 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||
31 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||
32 | * SUCH DAMAGE. | |||
33 | * | |||
34 | * BSDI $From: authenticate.c,v 2.21 1999/09/08 22:33:26 prb Exp $ | |||
35 | */ | |||
36 | ||||
37 | #include <sys/stat.h> | |||
38 | ||||
39 | #include <ctype.h> | |||
40 | #include <err.h> | |||
41 | #include <fcntl.h> | |||
42 | #include <limits.h> | |||
43 | #include <login_cap.h> | |||
44 | #include <paths.h> | |||
45 | #include <pwd.h> | |||
46 | #include <stdarg.h> | |||
47 | #include <stdio.h> | |||
48 | #include <stdlib.h> | |||
49 | #include <string.h> | |||
50 | #include <syslog.h> | |||
51 | #include <unistd.h> | |||
52 | ||||
53 | #include <bsd_auth.h> | |||
54 | ||||
55 | static int _auth_checknologin(login_cap_t *, int); | |||
56 | ||||
57 | char * | |||
58 | auth_mkvalue(char *value) | |||
59 | { | |||
60 | char *big, *p; | |||
61 | ||||
62 | big = malloc(strlen(value) * 4 + 1); | |||
63 | if (big == NULL((void *)0)) | |||
64 | return (NULL((void *)0)); | |||
65 | /* | |||
66 | * XXX - There should be a more standardized | |||
67 | * routine for doing this sort of thing. | |||
68 | */ | |||
69 | for (p = big; *value; ++value) { | |||
70 | switch (*value) { | |||
71 | case '\r': | |||
72 | *p++ = '\\'; | |||
73 | *p++ = 'r'; | |||
74 | break; | |||
75 | case '\n': | |||
76 | *p++ = '\\'; | |||
77 | *p++ = 'n'; | |||
78 | break; | |||
79 | case '\\': | |||
80 | *p++ = '\\'; | |||
81 | *p++ = *value; | |||
82 | break; | |||
83 | case '\t': | |||
84 | case ' ': | |||
85 | if (p == big) | |||
86 | *p++ = '\\'; | |||
87 | *p++ = *value; | |||
88 | break; | |||
89 | default: | |||
90 | if (!isprint((unsigned char)*value)) { | |||
91 | *p++ = '\\'; | |||
92 | *p++ = ((*value >> 6) & 0x3) + '0'; | |||
93 | *p++ = ((*value >> 3) & 0x7) + '0'; | |||
94 | *p++ = ((*value ) & 0x7) + '0'; | |||
95 | } else | |||
96 | *p++ = *value; | |||
97 | break; | |||
98 | } | |||
99 | } | |||
100 | *p = '\0'; | |||
101 | return (big); | |||
102 | } | |||
103 | DEF_WEAK(auth_mkvalue)__asm__(".weak " "auth_mkvalue" " ; " "auth_mkvalue" " = " "_libc_auth_mkvalue" ); | |||
104 | ||||
105 | void | |||
106 | auth_checknologin(login_cap_t *lc) | |||
107 | { | |||
108 | if (_auth_checknologin(lc, 1)) | |||
109 | exit(1); | |||
110 | } | |||
111 | DEF_WEAK(auth_checknologin)__asm__(".weak " "auth_checknologin" " ; " "auth_checknologin" " = " "_libc_auth_checknologin"); | |||
112 | ||||
113 | static int | |||
114 | _auth_checknologin(login_cap_t *lc, int print) | |||
115 | { | |||
116 | struct stat sb; | |||
117 | char *nologin; | |||
118 | int mustfree; | |||
119 | ||||
120 | if (login_getcapbool(lc, "ignorenologin", 0)) | |||
121 | return (0); | |||
122 | ||||
123 | /* | |||
124 | * If we fail to get the nologin file due to a database error, | |||
125 | * assume there should have been one... | |||
126 | */ | |||
127 | nologin = login_getcapstr(lc, "nologin", "", NULL((void *)0)); | |||
128 | mustfree = nologin && *nologin != '\0'; | |||
129 | if (nologin == NULL((void *)0)) | |||
130 | goto print_nologin; | |||
131 | ||||
132 | /* First try the nologin file specified in login.conf. */ | |||
133 | if (*nologin != '\0' && stat(nologin, &sb) == 0) | |||
134 | goto print_nologin; | |||
135 | if (mustfree) { | |||
136 | free(nologin); | |||
137 | mustfree = 0; | |||
138 | } | |||
139 | ||||
140 | /* If that doesn't exist try _PATH_NOLOGIN. */ | |||
141 | if (stat(_PATH_NOLOGIN"/etc/nologin", &sb) == 0) { | |||
142 | nologin = _PATH_NOLOGIN"/etc/nologin"; | |||
143 | goto print_nologin; | |||
144 | } | |||
145 | ||||
146 | /* Couldn't stat any nologin files, must be OK to login. */ | |||
147 | return (0); | |||
148 | ||||
149 | print_nologin: | |||
150 | if (print) { | |||
151 | if (!nologin || *nologin == '\0' || auth_cat(nologin) == 0) { | |||
152 | puts("Logins are not allowed at this time."); | |||
153 | fflush(stdout(&__sF[1])); | |||
154 | } | |||
155 | } | |||
156 | if (mustfree) | |||
157 | free(nologin); | |||
158 | return (-1); | |||
159 | } | |||
160 | ||||
161 | int | |||
162 | auth_cat(char *file) | |||
163 | { | |||
164 | int fd, nchars; | |||
165 | char tbuf[8192]; | |||
166 | ||||
167 | if ((fd = open(file, O_RDONLY0x0000)) == -1) | |||
168 | return (0); | |||
169 | while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) | |||
170 | (void)write(fileno(stdout)(!__isthreaded ? (((&__sF[1]))->_file) : (fileno)((& __sF[1]))), tbuf, nchars); | |||
171 | (void)close(fd); | |||
172 | return (1); | |||
173 | } | |||
174 | DEF_WEAK(auth_cat)__asm__(".weak " "auth_cat" " ; " "auth_cat" " = " "_libc_auth_cat" ); | |||
175 | ||||
176 | int | |||
177 | _auth_validuser(const char *name) | |||
178 | { | |||
179 | /* User name must be specified and may not start with a '-'. */ | |||
180 | if (*name == '\0' || *name == '-') { | |||
181 | syslog(LOG_ERR3, "invalid user name %s", name); | |||
182 | return 0; | |||
183 | } | |||
184 | return 1; | |||
185 | } | |||
186 | ||||
187 | int | |||
188 | auth_approval(auth_session_t *as, login_cap_t *lc, char *name, char *type) | |||
189 | { | |||
190 | int close_on_exit, close_lc_on_exit, len; | |||
191 | struct passwd pwstore, *pwd; | |||
192 | char *approve, *s, path[PATH_MAX1024], pwbuf[_PW_BUF_LEN1024]; | |||
193 | ||||
194 | pwd = NULL((void *)0); | |||
195 | close_on_exit = as == NULL((void *)0); | |||
| ||||
196 | close_lc_on_exit = lc == NULL((void *)0); | |||
197 | ||||
198 | if (as
| |||
199 | name = auth_getitem(as, AUTHV_NAME); | |||
200 | ||||
201 | if (as
| |||
202 | pwd = auth_getpwd(as); | |||
203 | ||||
204 | if (pwd
| |||
205 | if (name != NULL((void *)0)) { | |||
206 | if (!_auth_validuser(name)) { | |||
207 | warnx("cannot approve who we don't recognize"); | |||
208 | return (0); | |||
209 | } | |||
210 | getpwnam_r(name, &pwstore, pwbuf, sizeof(pwbuf), &pwd); | |||
211 | } else { | |||
212 | getpwuid_r(getuid(), &pwstore, pwbuf, sizeof(pwbuf), | |||
213 | &pwd); | |||
214 | if (pwd == NULL((void *)0)) { | |||
215 | syslog(LOG_ERR3, "no such user id %u", getuid()); | |||
216 | warnx("cannot approve who we don't recognize"); | |||
217 | return (0); | |||
218 | } | |||
219 | name = pwd->pw_name; | |||
220 | } | |||
221 | } | |||
222 | ||||
223 | if (name == NULL((void *)0)) | |||
224 | name = pwd->pw_name; | |||
225 | ||||
226 | if (lc
| |||
227 | if (strlen(name) >= PATH_MAX1024) { | |||
| ||||
228 | syslog(LOG_ERR3, "username to login %.*s...", | |||
229 | PATH_MAX1024, name); | |||
230 | warnx("username too long"); | |||
231 | return (0); | |||
232 | } | |||
233 | if (pwd == NULL((void *)0) && (approve = strchr(name, '.')) != NULL((void *)0)) { | |||
234 | strlcpy(path, name, sizeof path); | |||
235 | path[approve - name] = '\0'; | |||
236 | getpwnam_r(name, &pwstore, pwbuf, sizeof(pwbuf), &pwd); | |||
237 | } | |||
238 | lc = login_getclass(pwd ? pwd->pw_class : NULL((void *)0)); | |||
239 | if (lc == NULL((void *)0)) { | |||
240 | warnx("unable to classify user"); | |||
241 | return (0); | |||
242 | } | |||
243 | } | |||
244 | ||||
245 | if (!type) | |||
246 | type = LOGIN_DEFSERVICE"login"; | |||
247 | else { | |||
248 | if (strncmp(type, "approve-", 8) == 0) | |||
249 | type += 8; | |||
250 | ||||
251 | len = snprintf(path, sizeof(path), "approve-%s", type); | |||
252 | if (len < 0 || len >= sizeof(path)) { | |||
253 | if (close_lc_on_exit) | |||
254 | login_close(lc); | |||
255 | syslog(LOG_ERR3, "approval path too long %.*s...", | |||
256 | PATH_MAX1024, type); | |||
257 | warnx("approval script path too long"); | |||
258 | return (0); | |||
259 | } | |||
260 | } | |||
261 | ||||
262 | if ((approve = login_getcapstr(lc, s = path, NULL((void *)0), NULL((void *)0))) == NULL((void *)0)) | |||
263 | approve = login_getcapstr(lc, s = "approve", NULL((void *)0), NULL((void *)0)); | |||
264 | ||||
265 | if (approve && approve[0] != '/') { | |||
266 | if (close_lc_on_exit) | |||
267 | login_close(lc); | |||
268 | syslog(LOG_ERR3, "Invalid %s script: %s", s, approve); | |||
269 | warnx("invalid path to approval script"); | |||
270 | free(approve); | |||
271 | return (0); | |||
272 | } | |||
273 | ||||
274 | if (as == NULL((void *)0) && (as = auth_open()) == NULL((void *)0)) { | |||
275 | if (close_lc_on_exit) | |||
276 | login_close(lc); | |||
277 | syslog(LOG_ERR3, "%m"); | |||
278 | warn(NULL((void *)0)); | |||
279 | free(approve); | |||
280 | return (0); | |||
281 | } | |||
282 | ||||
283 | auth_setstate(as, AUTH_OKAY0x01); | |||
284 | if (auth_setitem(as, AUTHV_NAME, name) < 0) { | |||
285 | syslog(LOG_ERR3, "%m"); | |||
286 | warn(NULL((void *)0)); | |||
287 | goto out; | |||
288 | } | |||
289 | if (auth_check_expire(as) < 0) /* is this account expired */ | |||
290 | goto out; | |||
291 | if (_auth_checknologin(lc, | |||
292 | auth_getitem(as, AUTHV_INTERACTIVE) != NULL((void *)0))) { | |||
293 | auth_setstate(as, (auth_getstate(as) & ~AUTH_ALLOW(0x01 | 0x02 | 0x04))); | |||
294 | goto out; | |||
295 | } | |||
296 | if (login_getcapbool(lc, "requirehome", 0) && pwd && pwd->pw_dir && | |||
297 | pwd->pw_dir[0]) { | |||
298 | struct stat sb; | |||
299 | ||||
300 | if (stat(pwd->pw_dir, &sb) == -1 || !S_ISDIR(sb.st_mode)((sb.st_mode & 0170000) == 0040000) || | |||
301 | (pwd->pw_uid && sb.st_uid == pwd->pw_uid && | |||
302 | (sb.st_mode & S_IXUSR0000100) == 0)) { | |||
303 | auth_setstate(as, (auth_getstate(as) & ~AUTH_ALLOW(0x01 | 0x02 | 0x04))); | |||
304 | goto out; | |||
305 | } | |||
306 | } | |||
307 | if (approve) | |||
308 | auth_call(as, approve, strrchr(approve, '/') + 1, "--", name, | |||
309 | lc->lc_class, type, (char *)NULL((void *)0)); | |||
310 | ||||
311 | out: | |||
312 | free(approve); | |||
313 | if (close_lc_on_exit) | |||
314 | login_close(lc); | |||
315 | ||||
316 | if (close_on_exit) | |||
317 | return (auth_close(as)); | |||
318 | return (auth_getstate(as) & AUTH_ALLOW(0x01 | 0x02 | 0x04)); | |||
319 | } | |||
320 | DEF_WEAK(auth_approval)__asm__(".weak " "auth_approval" " ; " "auth_approval" " = " "_libc_auth_approval" ); | |||
321 | ||||
322 | auth_session_t * | |||
323 | auth_usercheck(char *name, char *style, char *type, char *password) | |||
324 | { | |||
325 | char namebuf[LOGIN_NAME_MAX32 + 1 + NAME_MAX255 + 1]; | |||
326 | char pwbuf[_PW_BUF_LEN1024]; | |||
327 | auth_session_t *as; | |||
328 | login_cap_t *lc; | |||
329 | struct passwd pwstore, *pwd = NULL((void *)0); | |||
330 | char *slash; | |||
331 | ||||
332 | if (!_auth_validuser(name)) | |||
333 | return (NULL((void *)0)); | |||
334 | if (strlcpy(namebuf, name, sizeof(namebuf)) >= sizeof(namebuf)) | |||
335 | return (NULL((void *)0)); | |||
336 | name = namebuf; | |||
337 | ||||
338 | /* | |||
339 | * Split up user:style names if we were not given a style | |||
340 | */ | |||
341 | if (style == NULL((void *)0) && (style = strchr(name, ':')) != NULL((void *)0)) | |||
342 | *style++ = '\0'; | |||
343 | ||||
344 | /* | |||
345 | * Cope with user/instance. We are only using this to get | |||
346 | * the class so it is okay if we strip a /root instance | |||
347 | * The actual login script will pay attention to the instance. | |||
348 | */ | |||
349 | getpwnam_r(name, &pwstore, pwbuf, sizeof(pwbuf), &pwd); | |||
350 | if (pwd == NULL((void *)0)) { | |||
351 | if ((slash = strchr(name, '/')) != NULL((void *)0)) { | |||
352 | *slash = '\0'; | |||
353 | getpwnam_r(name, &pwstore, pwbuf, sizeof(pwbuf), &pwd); | |||
354 | *slash = '/'; | |||
355 | } | |||
356 | } | |||
357 | if ((lc = login_getclass(pwd ? pwd->pw_class : NULL((void *)0))) == NULL((void *)0)) | |||
358 | return (NULL((void *)0)); | |||
359 | ||||
360 | if ((style = login_getstyle(lc, style, type)) == NULL((void *)0)) { | |||
361 | login_close(lc); | |||
362 | return (NULL((void *)0)); | |||
363 | } | |||
364 | ||||
365 | if (password) { | |||
366 | if ((as = auth_open()) == NULL((void *)0)) { | |||
367 | login_close(lc); | |||
368 | return (NULL((void *)0)); | |||
369 | } | |||
370 | auth_setitem(as, AUTHV_SERVICE, "response"); | |||
371 | auth_setdata(as, "", 1); | |||
372 | auth_setdata(as, password, strlen(password) + 1); | |||
373 | explicit_bzero(password, strlen(password)); | |||
374 | } else | |||
375 | as = NULL((void *)0); | |||
376 | as = auth_verify(as, style, name, lc->lc_class, (char *)NULL((void *)0)); | |||
377 | login_close(lc); | |||
378 | return (as); | |||
379 | } | |||
380 | DEF_WEAK(auth_usercheck)__asm__(".weak " "auth_usercheck" " ; " "auth_usercheck" " = " "_libc_auth_usercheck"); | |||
381 | ||||
382 | int | |||
383 | auth_userokay(char *name, char *style, char *type, char *password) | |||
384 | { | |||
385 | auth_session_t *as; | |||
386 | ||||
387 | as = auth_usercheck(name, style, type, password); | |||
388 | ||||
389 | return (as != NULL((void *)0) ? auth_close(as) : 0); | |||
390 | } | |||
391 | DEF_WEAK(auth_userokay)__asm__(".weak " "auth_userokay" " ; " "auth_userokay" " = " "_libc_auth_userokay" ); | |||
392 | ||||
393 | auth_session_t * | |||
394 | auth_userchallenge(char *name, char *style, char *type, char **challengep) | |||
395 | { | |||
396 | char namebuf[LOGIN_NAME_MAX32 + 1 + NAME_MAX255 + 1]; | |||
397 | auth_session_t *as; | |||
398 | login_cap_t *lc; | |||
399 | struct passwd pwstore, *pwd = NULL((void *)0); | |||
400 | char *slash, pwbuf[_PW_BUF_LEN1024]; | |||
401 | ||||
402 | if (!_auth_validuser(name)) | |||
403 | return (NULL((void *)0)); | |||
404 | if (strlen(name) >= sizeof(namebuf)) | |||
405 | return (NULL((void *)0)); | |||
406 | strlcpy(namebuf, name, sizeof namebuf); | |||
407 | name = namebuf; | |||
408 | ||||
409 | /* | |||
410 | * Split up user:style names if we were not given a style | |||
411 | */ | |||
412 | if (style == NULL((void *)0) && (style = strchr(name, ':')) != NULL((void *)0)) | |||
413 | *style++ = '\0'; | |||
414 | ||||
415 | /* | |||
416 | * Cope with user/instance. We are only using this to get | |||
417 | * the class so it is okay if we strip a /root instance | |||
418 | * The actual login script will pay attention to the instance. | |||
419 | */ | |||
420 | getpwnam_r(name, &pwstore, pwbuf, sizeof(pwbuf), &pwd); | |||
421 | if (pwd == NULL((void *)0)) { | |||
422 | if ((slash = strchr(name, '/')) != NULL((void *)0)) { | |||
423 | *slash = '\0'; | |||
424 | getpwnam_r(name, &pwstore, pwbuf, sizeof(pwbuf), &pwd); | |||
425 | *slash = '/'; | |||
426 | } | |||
427 | } | |||
428 | if ((lc = login_getclass(pwd ? pwd->pw_class : NULL((void *)0))) == NULL((void *)0)) | |||
429 | return (NULL((void *)0)); | |||
430 | ||||
431 | if ((style = login_getstyle(lc, style, type)) == NULL((void *)0) || | |||
432 | (as = auth_open()) == NULL((void *)0)) { | |||
433 | login_close(lc); | |||
434 | return (NULL((void *)0)); | |||
435 | } | |||
436 | if (auth_setitem(as, AUTHV_STYLE, style) < 0 || | |||
437 | auth_setitem(as, AUTHV_NAME, name) < 0 || | |||
438 | auth_setitem(as, AUTHV_CLASS, lc->lc_class) < 0) { | |||
439 | auth_close(as); | |||
440 | login_close(lc); | |||
441 | return (NULL((void *)0)); | |||
442 | } | |||
443 | login_close(lc); | |||
444 | *challengep = auth_challenge(as); | |||
445 | return (as); | |||
446 | } | |||
447 | DEF_WEAK(auth_userchallenge)__asm__(".weak " "auth_userchallenge" " ; " "auth_userchallenge" " = " "_libc_auth_userchallenge"); | |||
448 | ||||
449 | int | |||
450 | auth_userresponse(auth_session_t *as, char *response, int more) | |||
451 | { | |||
452 | char path[PATH_MAX1024]; | |||
453 | char *style, *name, *challenge, *class; | |||
454 | int len; | |||
455 | ||||
456 | if (as == NULL((void *)0)) | |||
457 | return (0); | |||
458 | ||||
459 | auth_setstate(as, 0); | |||
460 | ||||
461 | if ((style = auth_getitem(as, AUTHV_STYLE)) == NULL((void *)0) || | |||
462 | (name = auth_getitem(as, AUTHV_NAME)) == NULL((void *)0) || | |||
463 | !_auth_validuser(name)) { | |||
464 | if (more == 0) | |||
465 | return (auth_close(as)); | |||
466 | return(0); | |||
467 | } | |||
468 | ||||
469 | len = snprintf(path, sizeof(path), _PATH_AUTHPROG"/usr/libexec/auth/login_" "%s", style); | |||
470 | if (len < 0 || len >= sizeof(path)) { | |||
471 | if (more == 0) | |||
472 | return (auth_close(as)); | |||
473 | return (0); | |||
474 | } | |||
475 | ||||
476 | challenge = auth_getitem(as, AUTHV_CHALLENGE); | |||
477 | class = auth_getitem(as, AUTHV_CLASS); | |||
478 | ||||
479 | if (challenge) | |||
480 | auth_setdata(as, challenge, strlen(challenge) + 1); | |||
481 | else | |||
482 | auth_setdata(as, "", 1); | |||
483 | if (response) { | |||
484 | auth_setdata(as, response, strlen(response) + 1); | |||
485 | explicit_bzero(response, strlen(response)); | |||
486 | } else | |||
487 | auth_setdata(as, "", 1); | |||
488 | ||||
489 | auth_call(as, path, style, "-s", "response", "--", name, | |||
490 | class, (char *)NULL((void *)0)); | |||
491 | ||||
492 | /* | |||
493 | * If they authenticated then make sure they did not expire | |||
494 | */ | |||
495 | if (auth_getstate(as) & AUTH_ALLOW(0x01 | 0x02 | 0x04)) | |||
496 | auth_check_expire(as); | |||
497 | if (more == 0) | |||
498 | return (auth_close(as)); | |||
499 | return (auth_getstate(as) & AUTH_ALLOW(0x01 | 0x02 | 0x04)); | |||
500 | } | |||
501 | DEF_WEAK(auth_userresponse)__asm__(".weak " "auth_userresponse" " ; " "auth_userresponse" " = " "_libc_auth_userresponse"); | |||
502 | ||||
503 | /* | |||
504 | * Authenticate name with the specified style. | |||
505 | * If ``as'' is NULL a new session is formed with the default service. | |||
506 | * Returns NULL only if ``as'' is NULL and we were unable to allocate | |||
507 | * a new session. | |||
508 | * | |||
509 | * Use auth_close() or auth_getstate() to determine if the authentication | |||
510 | * worked. | |||
511 | */ | |||
512 | auth_session_t * | |||
513 | auth_verify(auth_session_t *as, char *style, char *name, ...) | |||
514 | { | |||
515 | va_list ap; | |||
516 | char path[PATH_MAX1024]; | |||
517 | ||||
518 | if ((name == NULL((void *)0) || style == NULL((void *)0)) && as == NULL((void *)0)) | |||
519 | return (NULL((void *)0)); | |||
520 | ||||
521 | if (as == NULL((void *)0) && (as = auth_open()) == NULL((void *)0)) | |||
522 | return (NULL((void *)0)); | |||
523 | auth_setstate(as, 0); | |||
524 | ||||
525 | if (style != NULL((void *)0) && auth_setitem(as, AUTHV_STYLE, style) < 0) | |||
526 | return (as); | |||
527 | ||||
528 | if (name != NULL((void *)0) && auth_setitem(as, AUTHV_NAME, name) < 0) | |||
529 | return (as); | |||
530 | ||||
531 | style = auth_getitem(as, AUTHV_STYLE); | |||
532 | name = auth_getitem(as, AUTHV_NAME); | |||
533 | if (!_auth_validuser(name)) | |||
534 | return (as); | |||
535 | ||||
536 | snprintf(path, sizeof(path), _PATH_AUTHPROG"/usr/libexec/auth/login_" "%s", style); | |||
537 | va_start(ap, name)__builtin_va_start(ap, name); | |||
538 | auth_set_va_list(as, ap); | |||
539 | auth_call(as, path, auth_getitem(as, AUTHV_STYLE), "-s", | |||
540 | auth_getitem(as, AUTHV_SERVICE), "--", name, (char *)NULL((void *)0)); | |||
541 | va_end(ap)__builtin_va_end(ap); | |||
542 | return (as); | |||
543 | } | |||
544 | DEF_WEAK(auth_verify)__asm__(".weak " "auth_verify" " ; " "auth_verify" " = " "_libc_auth_verify" ); |