Unset AUTHSTATE after calling authenticate() as it may not be correct for
the user we are running the command as.
This commit is contained in:
Todd C. Miller
@@ -70,6 +70,8 @@ aixauth_verify(pw, prompt, auth)
|
|||||||
/* XXX - should probably print message on failure. */
|
/* XXX - should probably print message on failure. */
|
||||||
if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
|
if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
|
||||||
rval = AUTH_SUCCESS;
|
rval = AUTH_SUCCESS;
|
||||||
|
/* Unset AUTHSTATE as it may not be correct for the runas user. */
|
||||||
|
sudo_unsetenv("AUTHSTATE");
|
||||||
free(message);
|
free(message);
|
||||||
zero_bytes(pass, strlen(pass));
|
zero_bytes(pass, strlen(pass));
|
||||||
}
|
}
|
||||||
|
|||||||
5
env.c
5
env.c
@@ -133,6 +133,7 @@ static const char *initial_badenv_table[] = {
|
|||||||
#ifdef _AIX
|
#ifdef _AIX
|
||||||
"LDR_*",
|
"LDR_*",
|
||||||
"LIBPATH",
|
"LIBPATH",
|
||||||
|
"AUTHSTATE",
|
||||||
#endif
|
#endif
|
||||||
#ifdef __APPLE__
|
#ifdef __APPLE__
|
||||||
"DYLD_*",
|
"DYLD_*",
|
||||||
@@ -292,7 +293,9 @@ sudo_setenv(var, val, dupcheck)
|
|||||||
}
|
}
|
||||||
insert_env(estring, dupcheck, TRUE);
|
insert_env(estring, dupcheck, TRUE);
|
||||||
}
|
}
|
||||||
|
#endif /* HAVE_LDAP */
|
||||||
|
|
||||||
|
#if defined(HAVE_LDAP) || defined(HAVE_AIXAUTH)
|
||||||
/*
|
/*
|
||||||
* Similar to unsetenv(3) but operates on sudo's private copy of the
|
* Similar to unsetenv(3) but operates on sudo's private copy of the
|
||||||
* environment.
|
* environment.
|
||||||
@@ -319,7 +322,7 @@ sudo_unsetenv(var)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* HAVE_LDAP */
|
#endif /* HAVE_LDAP || HAVE_AIXAUTH */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Insert str into env.envp, assumes str has an '=' in it.
|
* Insert str into env.envp, assumes str has an '=' in it.
|
||||||
|
|||||||
Reference in New Issue
Block a user