Unset AUTHSTATE after calling authenticate() as it may not be correct for

the user we are running the command as.
2008-11-06 00:08:24 +00:00
parent 8654dec3c0
commit 50d8974753
2 changed files with 6 additions and 1 deletions
--- a/auth/aix_auth.c
+++ b/auth/aix_auth.c
@@ -70,6 +70,8 @@ aixauth_verify(pw, prompt, auth)
 	/* XXX - should probably print message on failure. */
 	if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
 	    rval = AUTH_SUCCESS;
+	/* Unset AUTHSTATE as it may not be correct for the runas user. */
+	sudo_unsetenv("AUTHSTATE");
 	free(message);
 	zero_bytes(pass, strlen(pass));
    }
--- a/env.c
+++ b/env.c
@@ -133,6 +133,7 @@ static const char *initial_badenv_table[] = {
 #ifdef _AIX
    "LDR_*",
    "LIBPATH",
+    "AUTHSTATE",
 #endif
 #ifdef __APPLE__
    "DYLD_*",
@@ -292,7 +293,9 @@ sudo_setenv(var, val, dupcheck)
    }
    insert_env(estring, dupcheck, TRUE);
 }
+#endif /* HAVE_LDAP */

+#if defined(HAVE_LDAP) || defined(HAVE_AIXAUTH)
 /*
 * Similar to unsetenv(3) but operates on sudo's private copy of the
 * environment.
@@ -319,7 +322,7 @@ sudo_unsetenv(var)
 	}
    }
 }
-#endif /* HAVE_LDAP */
+#endif /* HAVE_LDAP || HAVE_AIXAUTH */

 /*
 * Insert str into env.envp, assumes str has an '=' in it.