#include <config.h>
#include <sys/types.h>
#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# include <stddef.h>
#else
# ifdef HAVE_STDLIB_H
# include <stdlib.h>
# endif
#endif
#ifdef HAVE_STRING_H
# include <string.h>
#else
# ifdef HAVE_STRINGS_H
# include <strings.h>
# endif
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
#include <pwd.h>
#define UNIX 1
#include <acexport.h>
#include <sdacmvls.h>
#include "sudo.h"
#include "sudo_auth.h"
#ifndef lint
__unused static const char rcsid[] = "$Sudo: securid5.c,v 1.13 2008/11/09 14:13:13 millert Exp $";
#endif
int
securid_init(pw, promptp, auth)
struct passwd *pw;
char **promptp;
sudo_auth *auth;
{
static SDI_HANDLE sd_dat;
auth->data = (void *) &sd_dat;
if (AceInitialize() != SD_FALSE)
return(AUTH_SUCCESS);
warningx("failed to initialise the ACE API library");
return(AUTH_FATAL);
}
int
securid_setup(pw, promptp, auth)
struct passwd *pw;
char **promptp;
sudo_auth *auth;
{
SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
int retval;
if (SD_Init(sd) != ACM_OK) {
warningx("unable to contact the SecurID server");
return(AUTH_FATAL);
}
retval = SD_Lock(*sd, pw->pw_name);
switch (retval) {
case ACM_OK:
warningx("User ID locked for SecurID Authentication");
return(AUTH_SUCCESS);
case ACE_UNDEFINED_USERNAME:
warningx("invalid username length for SecurID");
return(AUTH_FATAL);
case ACE_ERR_INVALID_HANDLE:
warningx("invalid Authentication Handle for SecurID");
return(AUTH_FATAL);
case ACM_ACCESS_DENIED:
warningx("SecurID communication failed");
return(AUTH_FATAL);
default:
warningx("unknown SecurID error");
return(AUTH_FATAL);
}
}
int
securid_verify(pw, pass, auth)
struct passwd *pw;
char *pass;
sudo_auth *auth;
{
SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
int rval;
pass = (char *) tgetpass("Enter your PASSCODE: ",
def_passwd_timeout * 60, tgetpass_flags);
switch (SD_Check(*sd, pass, pw->pw_name)) {
case ACM_OK:
rval = AUTH_SUCESS;
break;
case ACE_UNDEFINED_PASSCODE:
warningx("invalid passcode length for SecurID");
rval = AUTH_FATAL;
break;
case ACE_UNDEFINED_USERNAME:
warningx("invalid username length for SecurID");
rval = AUTH_FATAL;
break;
case ACE_ERR_INVALID_HANDLE:
warningx("invalid Authentication Handle for SecurID");
rval = AUTH_FATAL;
break;
case ACM_ACCESS_DENIED:
rval = AUTH_FAILURE;
break;
case ACM_NEXT_CODE_REQUIRED:
pass = (char *) tgetpass("\
!!! ATTENTION !!!\n\
Wait for the token code to change, \n\
then enter the new token code.\n", \
def_passwd_timeout * 60, tgetpass_flags);
if (SD_Next(*sd, pass) == ACM_OK) {
rval = AUTH_SUCCESS;
break;
}
rval = AUTH_FAILURE;
break;
case ACM_NEW_PIN_REQUIRED:
SD_Pin(*sd, "");
fprintf(stderr, "Your SecurID access has not yet been set up.\n");
fprintf(stderr, "Please set up a PIN before you try to authenticate.\n");
rval = AUTH_FATAL;
break;
default:
warningx("unknown SecurID error");
rval = AUTH_FATAL;
break;
}
SD_Close(*sd);
return(rval);
}