The examples in this appendix illustrate how to use some of the routines
in the trusted Tru64 UNIX system.
D.1 Source Code for sia-reauth.c
Example D-1 is a program that performs password checking.
Example D-1: Reauthentication Program
#include <sia.h>
#include <siad.h>
#ifndef NOUID
#define NOUID ((uid_t) -1)
#endif
main (argc, argv)
int argc;
char **argv;
{
int i;
SIAENTITY *entity = NULL;
int (*sia_collect)() = sia_collect_trm;
char uname[32];
struct passwd *pw;
uid_t myuid;
myuid = getluid();
if (myuid == NOUID)
myuid = getuid(); /* get ruid */
pw = getpwuid(myuid);
if (!pw || !pw->pw_name || !*pw->pw_name) {
sleep(3); /* slow down attacks */
(void) fprintf(stderr, "sorry");
return 1;
}
(void) strcpy(uname, pw->pw_name);
i = sia_ses_init(&entity, argc, argv, NULL, uname, \
NULL, TRUE, NULL);
if (i != SIASUCCESS) {
sleep(3); /* slow down attacks */
(void) fprintf(stderr, "sorry");
return 1;
}
i = sia_ses_reauthent(sia_collect, entity);
if (i != SIASUCCESS) {
(void) sia_ses_release(&entity);
sleep(3); /* slow down attacks */
(void) fprintf(stderr, "sorry");
return 1;
}
i = sia_ses_release(&entity);
if (i != SIASUCCESS) {
sleep(3); /* slow down attacks */
(void) fprintf(stderr, "sorry");
return 1;
}
(void) fprintf(stderr, "Ok");
return 0;
}
D.2 Source Code for sia-suauth.c
Example D-2
is a program that allows root to become a user
to run daemons (such as
crontab
or
sendmail)
for the user.
Example D-2: Superuser Authentication Program
#include <sia.h>
#include <siad.h>
main (argc, argv)
int argc;
char **argv;
{
int i;
i = sia_auth(getuid());
printf("result is %d", i);
}
int sia_auth(uid)
int uid;
{
char uname[32];
static SIAENTITY *entity=NULL;
static int oargc = 1;
static char *oargv[1] = { "siatest" };
static int (*sia_collect)()=sia_collect_trm;
struct passwd *pw;
pw = getpwuid(uid);
if (!pw) {
printf("getpwuid failure");
return 8;
}
(void) strcpy(uname, pw->pw_name);
printf("SIA authentication for uid: %d, uname: %s ", \
uid, uname);
if (sia_ses_init(&entity,oargc,oargv,NULL,uname,NULL, \
FALSE, NULL) == SIASUCCESS) {
printf( "sia_ses_init successful");
entity->authtype = SIA_A_SUAUTH;
if (sia_make_entity_pwd(pw, entity) == SIASUCCESS) {
printf("sia_make_entity_pwd successful");
}
else {
printf("sia_make_entity_pwd un-successful");
}
if ((sia_ses_launch(NULL, entity)) == SIASUCCESS) {
printf( "sia_ses_launch successful");
}
else {
printf( "sia_ses_launch un-successful");
entity = NULL;
}
if ((sia_ses_release(&entity)) == SIASUCCESS) {
printf( "sia_ses_release successful");
}
else {
printf( "sia_ses_release un-successful");
return(4);
}
}
else {
printf( "sia_ses_init un-successful");
return(5);
}
printf( "sia **** successful");
return(6);
}