Make the second arg to the sudo auth verify function const.
This may be either a plaintext password or a password prompt. Either way it should not be modified by the verify function.
This commit is contained in:
Todd C. Miller
@@ -14,7 +14,7 @@ typedef struct sudo_auth {
|
||||
|
||||
int (*init)(struct passwd *pw, sudo_auth *auth);
|
||||
int (*setup)(struct passwd *pw, char **prompt, sudo_auth *auth);
|
||||
int (*verify)(struct passwd *pw, char *p, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int (*verify)(struct passwd *pw, const char *p, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int (*approval)(struct passwd *pw, sudo_auth *auth);
|
||||
int (*cleanup)(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth);
|
||||
|
||||
@@ -45,7 +45,7 @@
|
||||
#include "check.h"
|
||||
|
||||
int
|
||||
sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_afs_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
struct ktc_encryptionKey afs_key;
|
||||
struct ktc_token afs_token;
|
||||
|
||||
@@ -229,7 +229,7 @@ sudo_aix_change_password(const char *user)
|
||||
}
|
||||
|
||||
int
|
||||
sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_aix_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
char *pass, *message = NULL;
|
||||
int result = 1, reenter = 0;
|
||||
|
||||
@@ -104,7 +104,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
|
||||
}
|
||||
|
||||
int
|
||||
bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
bsdauth_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
char *pass;
|
||||
char *s;
|
||||
|
||||
@@ -59,7 +59,7 @@
|
||||
static int check_dce_status(error_status_t, char *);
|
||||
|
||||
int
|
||||
sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_dce_verify(struct passwd *pw, const char *plain_pw, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
struct passwd temp_pw;
|
||||
sec_passwd_rec_t password_rec;
|
||||
|
||||
@@ -82,7 +82,7 @@ sudo_fwtk_init(struct passwd *pw, sudo_auth *auth)
|
||||
}
|
||||
|
||||
int
|
||||
sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_fwtk_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
char *pass; /* Password from the user */
|
||||
char buf[SUDO_CONV_REPL_MAX + 12]; /* General prupose buffer */
|
||||
|
||||
@@ -185,7 +185,7 @@ done:
|
||||
|
||||
#ifdef HAVE_KRB5_VERIFY_USER
|
||||
int
|
||||
sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_krb5_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
krb5_context sudo_context;
|
||||
krb5_principal princ;
|
||||
@@ -202,7 +202,7 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_con
|
||||
}
|
||||
#else
|
||||
int
|
||||
sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_krb5_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
krb5_context sudo_context;
|
||||
krb5_principal princ;
|
||||
|
||||
@@ -283,7 +283,7 @@ sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth)
|
||||
#endif /* _AIX */
|
||||
|
||||
int
|
||||
sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_pam_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
const char *envccname;
|
||||
const char *s;
|
||||
|
||||
@@ -61,7 +61,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth)
|
||||
|
||||
#ifdef HAVE_CRYPT
|
||||
int
|
||||
sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
char des_pass[9], *epass;
|
||||
char *pw_epasswd = auth->data;
|
||||
@@ -99,7 +99,7 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
|
||||
}
|
||||
#else
|
||||
int
|
||||
sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
char *pw_passwd = auth->data;
|
||||
int matched;
|
||||
|
||||
@@ -126,11 +126,11 @@ sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
||||
}
|
||||
|
||||
int
|
||||
sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_rfc1938_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
debug_decl(sudo_rfc1938_verify, SUDOERS_DEBUG_AUTH);
|
||||
|
||||
if (rfc1938verify((struct RFC1938 *) auth->data, pass) == 0)
|
||||
if (rfc1938verify((struct RFC1938 *) auth->data, (char *)pass) == 0)
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
else
|
||||
debug_return_int(AUTH_FAILURE);
|
||||
|
||||
@@ -71,7 +71,7 @@ sudo_secureware_init(struct passwd *pw, sudo_auth *auth)
|
||||
}
|
||||
|
||||
int
|
||||
sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_secureware_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
char *pw_epasswd = auth->data;
|
||||
char *epass = NULL;
|
||||
|
||||
@@ -138,7 +138,7 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
||||
*
|
||||
* Arguments in:
|
||||
* pw - struct passwd for username
|
||||
* pass - UNUSED
|
||||
* prompt - UNUSED
|
||||
* auth - sudo authentication structure for SecurID handle
|
||||
*
|
||||
* Results out:
|
||||
@@ -146,9 +146,10 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
||||
* incorrect authentication, fatal on errors
|
||||
*/
|
||||
int
|
||||
sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
sudo_securid_verify(struct passwd *pw, const char *promp, sudo_auth *auth, struct sudo_conv_callback *callback)
|
||||
{
|
||||
SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
|
||||
char *pass;
|
||||
int ret;
|
||||
debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH);
|
||||
|
||||
|
||||
@@ -75,7 +75,7 @@ sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
||||
}
|
||||
|
||||
int
|
||||
sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth,
|
||||
sudo_sia_verify(struct passwd *pw, const char *prompt, sudo_auth *auth,
|
||||
struct sudo_conv_callback *callback)
|
||||
{
|
||||
SIAENTITY *siah = auth->data;
|
||||
|
||||
@@ -33,7 +33,7 @@ typedef struct sudo_auth {
|
||||
void *data; /* method-specific data pointer */
|
||||
int (*init)(struct passwd *pw, struct sudo_auth *auth);
|
||||
int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth);
|
||||
int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int (*verify)(struct passwd *pw, const char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int (*approval)(struct passwd *pw, struct sudo_auth *auth, bool exempt);
|
||||
int (*cleanup)(struct passwd *pw, struct sudo_auth *auth, bool force);
|
||||
int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth);
|
||||
@@ -60,44 +60,44 @@ extern sudo_conv_t sudo_conv;
|
||||
|
||||
/* Prototypes for standalone methods */
|
||||
int bsdauth_init(struct passwd *pw, sudo_auth *auth);
|
||||
int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int bsdauth_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
|
||||
int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
int sudo_aix_init(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_aix_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_aix_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
int sudo_fwtk_init(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_fwtk_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
int sudo_pam_init(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_pam_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
|
||||
int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth);
|
||||
int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_securid_init(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_securid_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
|
||||
int sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_securid_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_sia_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
|
||||
int sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_sia_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
int sudo_sia_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth);
|
||||
|
||||
/* Prototypes for normal methods */
|
||||
int sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_dce_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_afs_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_dce_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_krb5_init(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_krb5_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
|
||||
int sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_krb5_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
int sudo_passwd_init(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
int sudo_rfc1938_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
|
||||
int sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_rfc1938_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_secureware_init(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_secureware_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_secureware_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
|
||||
/* Fields: name, flags, init, setup, verify, approval, cleanup, begin_sess, end_sess */
|
||||
|
||||
Reference in New Issue
Block a user