Remove unused FLAG_USER auth flag. We have no auth methods that
require that authentication be run as the invoking user.
This commit is contained in:
Todd C. Miller
@@ -33,9 +33,6 @@ The variables in the struct are as follows:
|
|||||||
initialized in the "init" or "setup" routines.
|
initialized in the "init" or "setup" routines.
|
||||||
|
|
||||||
Possible values of sudo_auth.flags:
|
Possible values of sudo_auth.flags:
|
||||||
FLAG_USER Whether or not the auth functions should run with
|
|
||||||
the euid of the invoking user instead of 0.
|
|
||||||
|
|
||||||
FLAG_DISABLED Set if an "init" or "setup" function fails.
|
FLAG_DISABLED Set if an "init" or "setup" function fails.
|
||||||
|
|
||||||
FLAG_STANDALONE If set, this indicates that the method must
|
FLAG_STANDALONE If set, this indicates that the method must
|
||||||
|
|||||||
@@ -129,15 +129,8 @@ sudo_auth_init(struct passwd *pw)
|
|||||||
/* Initialize auth methods and unconfigure the method if necessary. */
|
/* Initialize auth methods and unconfigure the method if necessary. */
|
||||||
for (auth = auth_switch; auth->name; auth++) {
|
for (auth = auth_switch; auth->name; auth++) {
|
||||||
if (auth->init && !IS_DISABLED(auth)) {
|
if (auth->init && !IS_DISABLED(auth)) {
|
||||||
if (NEEDS_USER(auth))
|
|
||||||
set_perms(PERM_USER);
|
|
||||||
|
|
||||||
status = (auth->init)(pw, auth);
|
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
|
||||||
restore_perms();
|
|
||||||
|
|
||||||
/* Disable if it failed to init unless there was a fatal error. */
|
/* Disable if it failed to init unless there was a fatal error. */
|
||||||
|
status = (auth->init)(pw, auth);
|
||||||
if (status == AUTH_FAILURE)
|
if (status == AUTH_FAILURE)
|
||||||
SET(auth->flags, FLAG_DISABLED);
|
SET(auth->flags, FLAG_DISABLED);
|
||||||
else if (status == AUTH_FATAL)
|
else if (status == AUTH_FATAL)
|
||||||
@@ -161,14 +154,7 @@ sudo_auth_cleanup(struct passwd *pw)
|
|||||||
/* Call cleanup routines. */
|
/* Call cleanup routines. */
|
||||||
for (auth = auth_switch; auth->name; auth++) {
|
for (auth = auth_switch; auth->name; auth++) {
|
||||||
if (auth->cleanup && !IS_DISABLED(auth)) {
|
if (auth->cleanup && !IS_DISABLED(auth)) {
|
||||||
if (NEEDS_USER(auth))
|
|
||||||
set_perms(PERM_USER);
|
|
||||||
|
|
||||||
status = (auth->cleanup)(pw, auth);
|
status = (auth->cleanup)(pw, auth);
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
|
||||||
restore_perms();
|
|
||||||
|
|
||||||
if (status == AUTH_FATAL)
|
if (status == AUTH_FATAL)
|
||||||
break; /* assume error msg already printed */
|
break; /* assume error msg already printed */
|
||||||
}
|
}
|
||||||
@@ -212,14 +198,7 @@ verify_user(struct passwd *pw, char *prompt, int validated)
|
|||||||
/* Do any per-method setup and unconfigure the method if needed */
|
/* Do any per-method setup and unconfigure the method if needed */
|
||||||
for (auth = auth_switch; auth->name; auth++) {
|
for (auth = auth_switch; auth->name; auth++) {
|
||||||
if (auth->setup && !IS_DISABLED(auth)) {
|
if (auth->setup && !IS_DISABLED(auth)) {
|
||||||
if (NEEDS_USER(auth))
|
|
||||||
set_perms(PERM_USER);
|
|
||||||
|
|
||||||
status = (auth->setup)(pw, &prompt, auth);
|
status = (auth->setup)(pw, &prompt, auth);
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
|
||||||
restore_perms();
|
|
||||||
|
|
||||||
if (status == AUTH_FAILURE)
|
if (status == AUTH_FAILURE)
|
||||||
SET(auth->flags, FLAG_DISABLED);
|
SET(auth->flags, FLAG_DISABLED);
|
||||||
else if (status == AUTH_FATAL)
|
else if (status == AUTH_FATAL)
|
||||||
@@ -242,14 +221,7 @@ verify_user(struct passwd *pw, char *prompt, int validated)
|
|||||||
if (IS_DISABLED(auth))
|
if (IS_DISABLED(auth))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
|
||||||
set_perms(PERM_USER);
|
|
||||||
|
|
||||||
success = auth->status = (auth->verify)(pw, p, auth);
|
success = auth->status = (auth->verify)(pw, p, auth);
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
|
||||||
restore_perms();
|
|
||||||
|
|
||||||
if (auth->status != AUTH_FAILURE)
|
if (auth->status != AUTH_FAILURE)
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -37,13 +37,11 @@ typedef struct sudo_auth {
|
|||||||
} sudo_auth;
|
} sudo_auth;
|
||||||
|
|
||||||
/* Values for sudo_auth.flags. */
|
/* Values for sudo_auth.flags. */
|
||||||
#define FLAG_USER 0x01 /* functions must run as the user, not root */
|
|
||||||
#define FLAG_DISABLED 0x02 /* method disabled */
|
#define FLAG_DISABLED 0x02 /* method disabled */
|
||||||
#define FLAG_STANDALONE 0x04 /* standalone auth method */
|
#define FLAG_STANDALONE 0x04 /* standalone auth method */
|
||||||
#define FLAG_ONEANDONLY 0x08 /* one and only auth method */
|
#define FLAG_ONEANDONLY 0x08 /* one and only auth method */
|
||||||
|
|
||||||
/* Shortcuts for using the flags above. */
|
/* Shortcuts for using the flags above. */
|
||||||
#define NEEDS_USER(x) ((x)->flags & FLAG_USER)
|
|
||||||
#define IS_DISABLED(x) ((x)->flags & FLAG_DISABLED)
|
#define IS_DISABLED(x) ((x)->flags & FLAG_DISABLED)
|
||||||
#define IS_STANDALONE(x) ((x)->flags & FLAG_STANDALONE)
|
#define IS_STANDALONE(x) ((x)->flags & FLAG_STANDALONE)
|
||||||
#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)
|
#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)
|
||||||
|
|||||||
Reference in New Issue
Block a user