isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make most sudo_auth functions return AUTH_{SUCCESS,FAILURE,FATAL}.

Browse Source
This commit is contained in:
Todd C. Miller
2023-09-09 14:07:07 -06:00
parent 2ef90231a1
commit 0495afac57
5 changed files with 156 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
plugins/sudoers/Makefile.in
View File

@@ -719,20 +719,20 @@ afs.lo: $(authdir)/afs.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/timestamp.h $(top_builddir)/config.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/afs.c $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/afs.c
afs.i: $(authdir)/afs.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ afs.i: $(authdir)/afs.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/timestamp.h $(top_builddir)/config.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
afs.plog: afs.i afs.plog: afs.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/afs.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/afs.c --i-file $< --output-file $@
@@ -929,10 +929,11 @@ callbacks.lo: $(srcdir)/callbacks.c $(devdir)/def_data.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(srcdir)/timestamp.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/callbacks.c $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/callbacks.c
callbacks.i: $(srcdir)/callbacks.c $(devdir)/def_data.h \ callbacks.i: $(srcdir)/callbacks.c $(devdir)/def_data.h \
$(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \
@@ -941,10 +942,11 @@ callbacks.i: $(srcdir)/callbacks.c $(devdir)/def_data.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(srcdir)/timestamp.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
callbacks.plog: callbacks.i callbacks.plog: callbacks.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/callbacks.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/callbacks.c --i-file $< --output-file $@
@@ -976,18 +978,20 @@ check.lo: $(srcdir)/check.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/check.c $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/check.c
check.i: $(srcdir)/check.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ check.i: $(srcdir)/check.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
check.plog: check.i check.plog: check.i
@@ -1227,14 +1231,14 @@ check_serialize_list.plog: check_serialize_list.i
check_starttime.o: $(srcdir)/regress/starttime/check_starttime.c \ check_starttime.o: $(srcdir)/regress/starttime/check_starttime.c \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_util.h $(srcdir)/timestamp.h \ $(incdir)/sudo_util.h $(srcdir)/auth/sudo_auth.h \
$(top_builddir)/config.h $(srcdir)/timestamp.h $(top_builddir)/config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/starttime/check_starttime.c $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/starttime/check_starttime.c
check_starttime.i: $(srcdir)/regress/starttime/check_starttime.c \ check_starttime.i: $(srcdir)/regress/starttime/check_starttime.c \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_util.h $(srcdir)/timestamp.h \ $(incdir)/sudo_util.h $(srcdir)/auth/sudo_auth.h \
$(top_builddir)/config.h $(srcdir)/timestamp.h $(top_builddir)/config.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
check_starttime.plog: check_starttime.i check_starttime.plog: check_starttime.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/starttime/check_starttime.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/starttime/check_starttime.c --i-file $< --output-file $@
@@ -1473,20 +1477,20 @@ dce.lo: $(authdir)/dce.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/timestamp.h $(top_builddir)/config.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/dce.c $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/dce.c
dce.i: $(authdir)/dce.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ dce.i: $(authdir)/dce.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/timestamp.h $(top_builddir)/config.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
dce.plog: dce.i dce.plog: dce.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/dce.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/dce.c --i-file $< --output-file $@
@@ -1796,8 +1800,9 @@ fuzz_stubs.o: $(srcdir)/regress/fuzz/fuzz_stubs.c $(devdir)/def_data.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/fuzz/fuzz_stubs.c $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/fuzz/fuzz_stubs.c
@@ -1807,8 +1812,9 @@ fuzz_stubs.i: $(srcdir)/regress/fuzz/fuzz_stubs.c $(devdir)/def_data.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
@@ -2754,10 +2760,11 @@ set_perms.lo: $(srcdir)/set_perms.c $(devdir)/def_data.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(srcdir)/timestamp.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/set_perms.c $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/set_perms.c
set_perms.i: $(srcdir)/set_perms.c $(devdir)/def_data.h \ set_perms.i: $(srcdir)/set_perms.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
@@ -2765,10 +2772,11 @@ set_perms.i: $(srcdir)/set_perms.c $(devdir)/def_data.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(srcdir)/timestamp.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
set_perms.plog: set_perms.i set_perms.plog: set_perms.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/set_perms.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/set_perms.c --i-file $< --output-file $@
@@ -2866,10 +2874,11 @@ starttime.lo: $(srcdir)/starttime.c $(devdir)/def_data.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(srcdir)/timestamp.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/starttime.c $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/starttime.c
starttime.i: $(srcdir)/starttime.c $(devdir)/def_data.h \ starttime.i: $(srcdir)/starttime.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
@@ -2877,10 +2886,11 @@ starttime.i: $(srcdir)/starttime.c $(devdir)/def_data.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(srcdir)/timestamp.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
starttime.plog: starttime.i starttime.plog: starttime.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/starttime.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/starttime.c --i-file $< --output-file $@
@@ -2972,7 +2982,8 @@ sudo_auth.lo: $(authdir)/sudo_auth.c $(authdir)/sudo_auth.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_rand.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(incdir)/sudo_rand.h $(incdir)/sudo_util.h \
$(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/ins_2001.h $(srcdir)/ins_classic.h \ $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h \
$(srcdir)/ins_csops.h $(srcdir)/ins_goons.h \ $(srcdir)/ins_csops.h $(srcdir)/ins_goons.h \
$(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \ $(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \
@@ -2986,7 +2997,8 @@ sudo_auth.i: $(authdir)/sudo_auth.c $(authdir)/sudo_auth.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_rand.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(incdir)/sudo_rand.h $(incdir)/sudo_util.h \
$(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/ins_2001.h $(srcdir)/ins_classic.h \ $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h \
$(srcdir)/ins_csops.h $(srcdir)/ins_goons.h \ $(srcdir)/ins_csops.h $(srcdir)/ins_goons.h \
$(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \ $(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \
@@ -3036,7 +3048,8 @@ sudoers.lo: $(srcdir)/sudoers.c $(devdir)/def_data.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(srcdir)/timestamp.h $(top_builddir)/config.h \ $(srcdir)/timestamp.h $(top_builddir)/config.h \
@@ -3048,7 +3061,8 @@ sudoers.i: $(srcdir)/sudoers.c $(devdir)/def_data.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(srcdir)/timestamp.h $(top_builddir)/config.h \ $(srcdir)/timestamp.h $(top_builddir)/config.h \
@@ -3224,10 +3238,11 @@ timestamp.lo: $(srcdir)/timestamp.c $(devdir)/def_data.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(srcdir)/timestamp.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/timestamp.c $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/timestamp.c
timestamp.i: $(srcdir)/timestamp.c $(devdir)/def_data.h \ timestamp.i: $(srcdir)/timestamp.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
@@ -3235,10 +3250,11 @@ timestamp.i: $(srcdir)/timestamp.c $(devdir)/def_data.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(srcdir)/timestamp.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
timestamp.plog: timestamp.i timestamp.plog: timestamp.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/timestamp.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/timestamp.c --i-file $< --output-file $@
@@ -3314,18 +3330,20 @@ tsdump.o: $(srcdir)/tsdump.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/tsdump.c $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/tsdump.c
tsdump.i: $(srcdir)/tsdump.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ tsdump.i: $(srcdir)/tsdump.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
tsdump.plog: tsdump.i tsdump.plog: tsdump.i

81
plugins/sudoers/auth/sudo_auth.c
View File

@@ -96,18 +96,17 @@ static bool standalone;
/* /*
* Initialize sudoers authentication method(s). * Initialize sudoers authentication method(s).
* Returns 0 on success and -1 on error. * Returns AUTH_SUCCESS on success and AUTH_ERROR on error.
*/ */
int int
sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw,
unsigned int mode) unsigned int mode)
{ {
sudo_auth *auth; sudo_auth *auth;
int status = AUTH_SUCCESS;
debug_decl(sudo_auth_init, SUDOERS_DEBUG_AUTH); debug_decl(sudo_auth_init, SUDOERS_DEBUG_AUTH);
if (auth_switch[0].name == NULL) if (auth_switch[0].name == NULL)
debug_return_int(0); debug_return_int(AUTH_SUCCESS);
/* Initialize auth methods and unconfigure the method if necessary. */ /* Initialize auth methods and unconfigure the method if necessary. */
for (auth = auth_switch; auth->name; auth++) { for (auth = auth_switch; auth->name; auth++) {
@@ -115,8 +114,7 @@ sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw,
SET(auth->flags, FLAG_NONINTERACTIVE); SET(auth->flags, FLAG_NONINTERACTIVE);
if (auth->init && !IS_DISABLED(auth)) { if (auth->init && !IS_DISABLED(auth)) {
/* Disable if it failed to init unless there was a fatal error. */ /* Disable if it failed to init unless there was a fatal error. */
status = (auth->init)(ctx, pw, auth); switch ((auth->init)(ctx, pw, auth)) {
switch (status) {
case AUTH_SUCCESS: case AUTH_SUCCESS:
break; break;
case AUTH_FAILURE: case AUTH_FAILURE:
@@ -124,7 +122,7 @@ sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw,
break; break;
default: default:
/* Assume error msg already printed. */ /* Assume error msg already printed. */
debug_return_int(-1); debug_return_int(AUTH_ERROR);
} }
} }
} }
@@ -144,7 +142,7 @@ sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw,
log_warningx(ctx, SLOG_SEND_MAIL, log_warningx(ctx, SLOG_SEND_MAIL,
N_("Invalid authentication methods compiled into sudo! " N_("Invalid authentication methods compiled into sudo! "
"You may not mix standalone and non-standalone authentication.")); "You may not mix standalone and non-standalone authentication."));
debug_return_int(-1); debug_return_int(AUTH_ERROR);
} }
if (!found) { if (!found) {
/* Found first standalone method. */ /* Found first standalone method. */
@@ -172,37 +170,38 @@ sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw,
} }
} }
debug_return_int(0); debug_return_int(AUTH_SUCCESS);
} }
/* /*
* Cleanup all authentication approval methods. * Call all authentication approval methods, if any.
* Returns true on success, false on failure and -1 on error. * Returns AUTH_SUCCESS, AUTH_FAILURE or AUTH_ERROR.
*/ */
int int
sudo_auth_approval(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth_approval(const struct sudoers_context *ctx, struct passwd *pw,
unsigned int validated, bool exempt) unsigned int validated, bool exempt)
{ {
int ret = AUTH_SUCCESS;
sudo_auth *auth; sudo_auth *auth;
debug_decl(sudo_auth_approval, SUDOERS_DEBUG_AUTH); debug_decl(sudo_auth_approval, SUDOERS_DEBUG_AUTH);
/* Call approval routines. */ /* Call approval routines. */
for (auth = auth_switch; auth->name; auth++) { for (auth = auth_switch; auth->name; auth++) {
if (auth->approval && !IS_DISABLED(auth)) { if (auth->approval && !IS_DISABLED(auth)) {
int status = (auth->approval)(ctx, pw, auth, exempt); ret = (auth->approval)(ctx, pw, auth, exempt);
if (status != AUTH_SUCCESS) { if (ret != AUTH_SUCCESS) {
/* Assume error msg already printed. */ /* Assume error msg already printed. */
log_auth_failure(ctx, validated, 0); log_auth_failure(ctx, validated, 0);
debug_return_int(status == AUTH_FAILURE ? false : -1); break;
} }
} }
} }
debug_return_int(true); debug_return_int(ret);
} }
/* /*
* Cleanup all authentication methods. * Cleanup all authentication methods.
* Returns 0 on success and -1 on error. * Returns AUTH_SUCCESS on success and AUTH_ERROR on error.
*/ */
int int
sudo_auth_cleanup(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth_cleanup(const struct sudoers_context *ctx, struct passwd *pw,
@@ -217,11 +216,11 @@ sudo_auth_cleanup(const struct sudoers_context *ctx, struct passwd *pw,
int status = (auth->cleanup)(ctx, pw, auth, force); int status = (auth->cleanup)(ctx, pw, auth, force);
if (status != AUTH_SUCCESS) { if (status != AUTH_SUCCESS) {
/* Assume error msg already printed. */ /* Assume error msg already printed. */
debug_return_int(-1); debug_return_int(AUTH_ERROR);
} }
} }
} }
debug_return_int(0); debug_return_int(AUTH_SUCCESS);
} }
static void static void
@@ -250,17 +249,17 @@ user_interrupted(void)
/* /*
* Verify the specified user. * Verify the specified user.
* Returns true if verified, false if not or -1 on error. * Returns AUTH_SUCCESS, AUTH_FAILURE or AUTH_ERROR.
*/ */
int int
verify_user(const struct sudoers_context *ctx, struct passwd *pw, char *prompt, verify_user(const struct sudoers_context *ctx, struct passwd *pw, char *prompt,
unsigned int validated, struct sudo_conv_callback *callback) unsigned int validated, struct sudo_conv_callback *callback)
{ {
unsigned int ntries;
int ret, status, success = AUTH_FAILURE;
sudo_auth *auth;
sigset_t mask, omask;
struct sigaction sa, saved_sigtstp; struct sigaction sa, saved_sigtstp;
int ret = AUTH_FAILURE;
unsigned int ntries;
sigset_t mask, omask;
sudo_auth *auth;
debug_decl(verify_user, SUDOERS_DEBUG_AUTH); debug_decl(verify_user, SUDOERS_DEBUG_AUTH);
/* Make sure we have at least one auth method. */ /* Make sure we have at least one auth method. */
@@ -270,7 +269,7 @@ verify_user(const struct sudoers_context *ctx, struct passwd *pw, char *prompt,
N_("There are no authentication methods compiled into sudo! " N_("There are no authentication methods compiled into sudo! "
"If you want to turn off authentication, use the " "If you want to turn off authentication, use the "
"--disable-authentication configure option.")); "--disable-authentication configure option."));
debug_return_int(-1); debug_return_int(AUTH_ERROR);
} }
/* Enable suspend during password entry. */ /* Enable suspend during password entry. */
@@ -307,13 +306,21 @@ verify_user(const struct sudoers_context *ctx, struct passwd *pw, char *prompt,
continue; continue;
num_methods++; num_methods++;
if (auth->setup != NULL) { if (auth->setup != NULL) {
status = (auth->setup)(ctx, pw, &prompt, auth); switch ((auth->setup)(ctx, pw, &prompt, auth)) {
if (status == AUTH_FAILURE) case AUTH_SUCCESS:
if (user_interrupted())
goto done; /* assume error msg already printed */
break;
case AUTH_FAILURE:
SET(auth->flags, FLAG_DISABLED); SET(auth->flags, FLAG_DISABLED);
else if (status == AUTH_NONINTERACTIVE) break;
case AUTH_NONINTERACTIVE:
/* Non-interactive mode, cannot prompt user. */
goto done; goto done;
else if (status != AUTH_SUCCESS || user_interrupted()) default:
goto done; /* assume error msg already printed */ ret = AUTH_ERROR;
goto done;
}
} }
} }
if (num_methods == 0) { if (num_methods == 0) {
@@ -321,13 +328,13 @@ verify_user(const struct sudoers_context *ctx, struct passwd *pw, char *prompt,
N_("no authentication methods")); N_("no authentication methods"));
log_warningx(ctx, SLOG_SEND_MAIL, log_warningx(ctx, SLOG_SEND_MAIL,
N_("Unable to initialize authentication methods.")); N_("Unable to initialize authentication methods."));
debug_return_int(-1); debug_return_int(AUTH_ERROR);
} }
/* Get the password unless the auth function will do it for us */ /* Get the password unless the auth function will do it for us */
if (!standalone) { if (!standalone) {
if (IS_NONINTERACTIVE(&auth_switch[0])) { if (IS_NONINTERACTIVE(&auth_switch[0])) {
success = AUTH_NONINTERACTIVE; ret = AUTH_NONINTERACTIVE;
goto done; goto done;
} }
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback); pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
@@ -340,15 +347,15 @@ verify_user(const struct sudoers_context *ctx, struct passwd *pw, char *prompt,
if (IS_DISABLED(auth)) if (IS_DISABLED(auth))
continue; continue;
success = auth->status = (auth->verify)(ctx, pw, ret = auth->status = (auth->verify)(ctx, pw,
standalone ? prompt : pass, auth, callback); standalone ? prompt : pass, auth, callback);
if (success != AUTH_FAILURE) if (ret != AUTH_FAILURE)
break; break;
} }
if (pass != NULL) if (pass != NULL)
freezero(pass, strlen(pass)); freezero(pass, strlen(pass));
if (success != AUTH_FAILURE) if (ret != AUTH_FAILURE)
goto done; goto done;
} }
@@ -357,23 +364,23 @@ done:
(void) sigaction(SIGTSTP, &saved_sigtstp, NULL); (void) sigaction(SIGTSTP, &saved_sigtstp, NULL);
(void) sigprocmask(SIG_SETMASK, &omask, NULL); (void) sigprocmask(SIG_SETMASK, &omask, NULL);
switch (success) { switch (ret) {
case AUTH_SUCCESS: case AUTH_SUCCESS:
ret = true;
break; break;
case AUTH_INTR: case AUTH_INTR:
ret = AUTH_FAILURE;
FALLTHROUGH;
case AUTH_FAILURE: case AUTH_FAILURE:
if (ntries != 0) if (ntries != 0)
SET(validated, FLAG_BAD_PASSWORD); SET(validated, FLAG_BAD_PASSWORD);
log_auth_failure(ctx, validated, ntries); log_auth_failure(ctx, validated, ntries);
ret = false;
break; break;
case AUTH_NONINTERACTIVE: case AUTH_NONINTERACTIVE:
SET(validated, FLAG_NO_USER_INPUT); SET(validated, FLAG_NO_USER_INPUT);
FALLTHROUGH; FALLTHROUGH;
default: default:
log_auth_failure(ctx, validated, 0); log_auth_failure(ctx, validated, 0);
ret = -1; ret = AUTH_ERROR;
break; break;
} }

1
plugins/sudoers/auth/sudo_auth.h
View File

@@ -26,6 +26,7 @@
#define AUTH_ERROR 0x1629e037 /* 0010110001010011110000000110111 */ #define AUTH_ERROR 0x1629e037 /* 0010110001010011110000000110111 */
#define AUTH_NONINTERACTIVE 0x1fc8d3ac /* 11111110010001101001110101100 */ #define AUTH_NONINTERACTIVE 0x1fc8d3ac /* 11111110010001101001110101100 */
struct sudoers_context;
typedef struct sudo_auth { typedef struct sudo_auth {
unsigned int flags; /* various flags, see below */ unsigned int flags; /* various flags, see below */
int status; /* status from verify routine */ int status; /* status from verify routine */

31
plugins/sudoers/check.c
View File

@@ -82,8 +82,8 @@ getpass_resume(int signo, void *vclosure)
} }
/* /*
* Returns true if the user successfully authenticates, false if not * Returns AUTH_SUCCESS if the user successfully authenticates, AUTH_FAILURE
* or -1 on fatal error. * if not or AUTH_ERROR on fatal error.
*/ */
static int static int
check_user_interactive(unsigned int validated, unsigned int mode, check_user_interactive(unsigned int validated, unsigned int mode,
@@ -91,7 +91,7 @@ check_user_interactive(unsigned int validated, unsigned int mode,
{ {
const struct sudoers_context *ctx = closure->ctx; const struct sudoers_context *ctx = closure->ctx;
struct sudo_conv_callback callback; struct sudo_conv_callback callback;
int ret = -1; int ret = AUTH_ERROR;
char *prompt; char *prompt;
debug_decl(check_user_interactive, SUDOERS_DEBUG_AUTH); debug_decl(check_user_interactive, SUDOERS_DEBUG_AUTH);
@@ -122,7 +122,7 @@ check_user_interactive(unsigned int validated, unsigned int mode,
case TS_CURRENT: case TS_CURRENT:
/* Time stamp file is valid and current. */ /* Time stamp file is valid and current. */
if (!ISSET(validated, FLAG_CHECK_USER)) { if (!ISSET(validated, FLAG_CHECK_USER)) {
ret = true; ret = AUTH_SUCCESS;
break; break;
} }
sudo_debug_printf(SUDO_DEBUG_INFO, sudo_debug_printf(SUDO_DEBUG_INFO,
@@ -144,7 +144,7 @@ check_user_interactive(unsigned int validated, unsigned int mode,
goto done; goto done;
ret = verify_user(ctx, closure->auth_pw, prompt, validated, &callback); ret = verify_user(ctx, closure->auth_pw, prompt, validated, &callback);
if (ret == true && closure->lectured) if (ret == AUTH_SUCCESS && closure->lectured)
(void)set_lectured(ctx->user.name); /* lecture error not fatal */ (void)set_lectured(ctx->user.name); /* lecture error not fatal */
free(prompt); free(prompt);
break; break;
@@ -163,7 +163,7 @@ check_user(struct sudoers_context *ctx, unsigned int validated,
unsigned int mode) unsigned int mode)
{ {
struct getpass_closure closure = { TS_ERROR }; struct getpass_closure closure = { TS_ERROR };
int ret = -1; int ret = AUTH_ERROR;
bool exempt = false; bool exempt = false;
debug_decl(check_user, SUDOERS_DEBUG_AUTH); debug_decl(check_user, SUDOERS_DEBUG_AUTH);
@@ -183,7 +183,7 @@ check_user(struct sudoers_context *ctx, unsigned int validated,
*/ */
if ((closure.auth_pw = get_authpw(ctx, mode)) == NULL) if ((closure.auth_pw = get_authpw(ctx, mode)) == NULL)
goto done; goto done;
if (sudo_auth_init(ctx, closure.auth_pw, mode) == -1) if (sudo_auth_init(ctx, closure.auth_pw, mode) != AUTH_SUCCESS)
goto done; goto done;
closure.ctx = ctx; closure.ctx = ctx;
@@ -196,7 +196,7 @@ check_user(struct sudoers_context *ctx, unsigned int validated,
!def_authenticate ? "authentication disabled" : !def_authenticate ? "authentication disabled" :
"user exempt from authentication"); "user exempt from authentication");
exempt = true; exempt = true;
ret = true; ret = AUTH_SUCCESS;
goto done; goto done;
} }
if (ctx->user.uid == 0 || (ctx->user.uid == ctx->runas.pw->pw_uid && if (ctx->user.uid == 0 || (ctx->user.uid == ctx->runas.pw->pw_uid &&
@@ -214,7 +214,7 @@ check_user(struct sudoers_context *ctx, unsigned int validated,
{ {
sudo_debug_printf(SUDO_DEBUG_INFO, sudo_debug_printf(SUDO_DEBUG_INFO,
"%s: user running command as self", __func__); "%s: user running command as self", __func__);
ret = true; ret = AUTH_SUCCESS;
goto done; goto done;
} }
} }
@@ -222,7 +222,7 @@ check_user(struct sudoers_context *ctx, unsigned int validated,
ret = check_user_interactive(validated, mode, &closure); ret = check_user_interactive(validated, mode, &closure);
done: done:
if (ret == true) { if (ret == AUTH_SUCCESS) {
/* The approval function may disallow a user post-authentication. */ /* The approval function may disallow a user post-authentication. */
ret = sudo_auth_approval(ctx, closure.auth_pw, validated, exempt); ret = sudo_auth_approval(ctx, closure.auth_pw, validated, exempt);
@@ -230,7 +230,7 @@ done:
* Only update time stamp if user validated and was approved. * Only update time stamp if user validated and was approved.
* Failure to update the time stamp is not a fatal error. * Failure to update the time stamp is not a fatal error.
*/ */
if (ret == true && ISSET(validated, VALIDATE_SUCCESS)) { if (ret == AUTH_SUCCESS && ISSET(validated, VALIDATE_SUCCESS)) {
if (ISSET(mode, MODE_UPDATE_TICKET) && closure.tstat != TS_ERROR) if (ISSET(mode, MODE_UPDATE_TICKET) && closure.tstat != TS_ERROR)
(void)timestamp_update(closure.cookie, closure.auth_pw); (void)timestamp_update(closure.cookie, closure.auth_pw);
} }
@@ -240,7 +240,14 @@ done:
if (closure.auth_pw != NULL) if (closure.auth_pw != NULL)
sudo_pw_delref(closure.auth_pw); sudo_pw_delref(closure.auth_pw);
debug_return_int(ret); switch (ret) {
case AUTH_SUCCESS:
debug_return_int(true);
case AUTH_FAILURE:
debug_return_int(false);
default:
debug_return_int(-1);
}
} }
/* /*

2
plugins/sudoers/timestamp.h
View File

@@ -24,6 +24,8 @@
#ifndef SUDOERS_TIMESTAMP_H #ifndef SUDOERS_TIMESTAMP_H
#define SUDOERS_TIMESTAMP_H #define SUDOERS_TIMESTAMP_H
#include "auth/sudo_auth.h"
/* Status codes for timestamp_status() */ /* Status codes for timestamp_status() */
#define TS_CURRENT 0 #define TS_CURRENT 0
#define TS_OLD 1 #define TS_OLD 1