Move get_auth() into check.c where it is actually used.
This commit is contained in:
Todd C. Miller
@@ -90,6 +90,7 @@ static char *expand_prompt(char *, char *, char *);
|
||||
static void lecture(int);
|
||||
static void update_timestamp(char *, char *);
|
||||
static int tty_is_devpts(const char *);
|
||||
static struct passwd *get_authpw(void);
|
||||
|
||||
/*
|
||||
* Returns TRUE if the user successfully authenticates, else FALSE.
|
||||
@@ -127,6 +128,8 @@ check_user(int validated, int mode)
|
||||
TS_MAKE_DIRS);
|
||||
|
||||
if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
|
||||
struct passwd *auth_pw;
|
||||
|
||||
/* Bail out if we are non-interactive and a password is required */
|
||||
if (ISSET(mode, MODE_NONINTERACTIVE)) {
|
||||
warningx("sorry, a password is required to run %s", getprogname());
|
||||
@@ -140,7 +143,9 @@ check_user(int validated, int mode)
|
||||
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
|
||||
user_name, user_shost);
|
||||
|
||||
auth_pw = get_authpw();
|
||||
rval = verify_user(auth_pw, prompt);
|
||||
pw_delref(auth_pw);
|
||||
}
|
||||
/* Only update timestamp if user was validated. */
|
||||
if (rval == TRUE && ISSET(validated, VALIDATE_OK) &&
|
||||
@@ -148,10 +153,6 @@ check_user(int validated, int mode)
|
||||
update_timestamp(timestampdir, timestampfile);
|
||||
efree(timestampdir);
|
||||
efree(timestampfile);
|
||||
if (auth_pw) {
|
||||
pw_delref(auth_pw);
|
||||
auth_pw = NULL;
|
||||
}
|
||||
|
||||
return rval;
|
||||
}
|
||||
@@ -688,3 +689,33 @@ tty_is_devpts(const char *tty)
|
||||
#endif /* __linux__ */
|
||||
return retval;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get passwd entry for the user we are going to authenticate as.
|
||||
* By default, this is the user invoking sudo. In the most common
|
||||
* case, this matches sudo_user.pw or runas_pw.
|
||||
*/
|
||||
static struct passwd *
|
||||
get_authpw(void)
|
||||
{
|
||||
struct passwd *pw;
|
||||
|
||||
if (def_rootpw) {
|
||||
if ((pw = sudo_getpwuid(0)) == NULL)
|
||||
log_error(0, "unknown uid: 0");
|
||||
} else if (def_runaspw) {
|
||||
if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
|
||||
log_error(0, "unknown user: %s", def_runas_default);
|
||||
} else if (def_targetpw) {
|
||||
if (runas_pw->pw_name == NULL)
|
||||
log_error(NO_MAIL|MSG_ONLY, "unknown uid: %lu",
|
||||
(unsigned long) runas_pw->pw_uid);
|
||||
pw_addref(runas_pw);
|
||||
pw = runas_pw;
|
||||
} else {
|
||||
pw_addref(sudo_user.pw);
|
||||
pw = sudo_user.pw;
|
||||
}
|
||||
|
||||
return(pw);
|
||||
}
|
||||
|
||||
@@ -108,7 +108,6 @@ static void set_project(struct passwd *);
|
||||
static void set_runasgr(char *);
|
||||
static void set_runaspw(char *);
|
||||
static int sudoers_policy_version(int verbose);
|
||||
static struct passwd *get_authpw(void);
|
||||
static int deserialize_info(char * const settings[], char * const user_info[]);
|
||||
static char *find_editor(int nfiles, char **files, char ***argv_out);
|
||||
static void create_admin_success_flag(void);
|
||||
@@ -122,7 +121,7 @@ extern GETGROUPS_T *runas_groups;
|
||||
*/
|
||||
char *prev_user;
|
||||
struct sudo_user sudo_user;
|
||||
struct passwd *auth_pw, *list_pw;
|
||||
struct passwd *list_pw;
|
||||
struct interface *interfaces;
|
||||
int num_interfaces;
|
||||
int long_list;
|
||||
@@ -440,9 +439,6 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
/* Build a new environment that avoids any nasty bits. */
|
||||
rebuild_env(def_noexec);
|
||||
|
||||
/* Fill in passwd struct based on user we are authenticating as. */
|
||||
auth_pw = get_authpw();
|
||||
|
||||
/* Require a password if sudoers says so. */
|
||||
if (def_authenticate) {
|
||||
int rc = check_user(validated, sudo_mode);
|
||||
@@ -1112,36 +1108,6 @@ set_runasgr(char *group)
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Get passwd entry for the user we are going to authenticate as.
|
||||
* By default, this is the user invoking sudo. In the most common
|
||||
* case, this matches sudo_user.pw or runas_pw.
|
||||
*/
|
||||
static struct passwd *
|
||||
get_authpw(void)
|
||||
{
|
||||
struct passwd *pw;
|
||||
|
||||
if (def_rootpw) {
|
||||
if ((pw = sudo_getpwuid(0)) == NULL)
|
||||
log_error(0, "unknown uid: 0");
|
||||
} else if (def_runaspw) {
|
||||
if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
|
||||
log_error(0, "unknown user: %s", def_runas_default);
|
||||
} else if (def_targetpw) {
|
||||
if (runas_pw->pw_name == NULL)
|
||||
log_error(NO_MAIL|MSG_ONLY, "unknown uid: %lu",
|
||||
(unsigned long) runas_pw->pw_uid);
|
||||
pw_addref(runas_pw);
|
||||
pw = runas_pw;
|
||||
} else {
|
||||
pw_addref(sudo_user.pw);
|
||||
pw = sudo_user.pw;
|
||||
}
|
||||
|
||||
return(pw);
|
||||
}
|
||||
|
||||
/*
|
||||
* Cleanup hook for error()/errorx()
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user