Rename VALIDATE_OK -> VALIDATE_SUCCESS
Rename VALIDATE_NOT_OK -> VALIDATE_FAILURE
This commit is contained in:
Todd C. Miller
@@ -105,7 +105,7 @@ check_user_interactive(int validated, int mode, struct passwd *auth_pw)
|
|||||||
sudo_efree(prompt);
|
sudo_efree(prompt);
|
||||||
}
|
}
|
||||||
/* Only update timestamp if user was validated. */
|
/* Only update timestamp if user was validated. */
|
||||||
if (rval == true && ISSET(validated, VALIDATE_OK) &&
|
if (rval == true && ISSET(validated, VALIDATE_SUCCESS) &&
|
||||||
!ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR)
|
!ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR)
|
||||||
update_timestamp(auth_pw);
|
update_timestamp(auth_pw);
|
||||||
done:
|
done:
|
||||||
|
|||||||
@@ -2719,8 +2719,8 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (matched || user_uid == 0) {
|
if (matched || user_uid == 0) {
|
||||||
SET(ret, VALIDATE_OK);
|
SET(ret, VALIDATE_SUCCESS);
|
||||||
CLR(ret, VALIDATE_NOT_OK);
|
CLR(ret, VALIDATE_FAILURE);
|
||||||
if (def_authenticate) {
|
if (def_authenticate) {
|
||||||
switch (pwcheck) {
|
switch (pwcheck) {
|
||||||
case always:
|
case always:
|
||||||
@@ -2766,11 +2766,11 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
|
|||||||
if (user_type == NULL)
|
if (user_type == NULL)
|
||||||
user_type = def_type;
|
user_type = def_type;
|
||||||
#endif /* HAVE_SELINUX */
|
#endif /* HAVE_SELINUX */
|
||||||
SET(ret, VALIDATE_OK);
|
SET(ret, VALIDATE_SUCCESS);
|
||||||
CLR(ret, VALIDATE_NOT_OK);
|
CLR(ret, VALIDATE_FAILURE);
|
||||||
} else {
|
} else {
|
||||||
SET(ret, VALIDATE_NOT_OK);
|
SET(ret, VALIDATE_FAILURE);
|
||||||
CLR(ret, VALIDATE_OK);
|
CLR(ret, VALIDATE_SUCCESS);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -2781,7 +2781,7 @@ done:
|
|||||||
DPRINTF1("user_matches=%d", lres->user_matches);
|
DPRINTF1("user_matches=%d", lres->user_matches);
|
||||||
DPRINTF1("host_matches=%d", lres->host_matches);
|
DPRINTF1("host_matches=%d", lres->host_matches);
|
||||||
|
|
||||||
if (!ISSET(ret, VALIDATE_OK)) {
|
if (!ISSET(ret, VALIDATE_SUCCESS)) {
|
||||||
/* No matching entries. */
|
/* No matching entries. */
|
||||||
if (pwflag && list_pw == NULL)
|
if (pwflag && list_pw == NULL)
|
||||||
SET(ret, FLAG_NO_CHECK);
|
SET(ret, FLAG_NO_CHECK);
|
||||||
|
|||||||
@@ -358,7 +358,7 @@ log_auth_failure(int status, unsigned int tries)
|
|||||||
* so if we are going to send an email about the denial, that takes
|
* so if we are going to send an email about the denial, that takes
|
||||||
* precedence.
|
* precedence.
|
||||||
*/
|
*/
|
||||||
if (ISSET(status, VALIDATE_OK)) {
|
if (ISSET(status, VALIDATE_SUCCESS)) {
|
||||||
/* Command allowed, auth failed; do we need to send mail? */
|
/* Command allowed, auth failed; do we need to send mail? */
|
||||||
if (def_mail_badpass || def_mail_always)
|
if (def_mail_badpass || def_mail_always)
|
||||||
SET(flags, SLOG_SEND_MAIL);
|
SET(flags, SLOG_SEND_MAIL);
|
||||||
@@ -759,7 +759,7 @@ should_mail(int status)
|
|||||||
debug_return_bool(def_mail_always ||
|
debug_return_bool(def_mail_always ||
|
||||||
(def_mail_no_user && ISSET(status, FLAG_NO_USER)) ||
|
(def_mail_no_user && ISSET(status, FLAG_NO_USER)) ||
|
||||||
(def_mail_no_host && ISSET(status, FLAG_NO_HOST)) ||
|
(def_mail_no_host && ISSET(status, FLAG_NO_HOST)) ||
|
||||||
(def_mail_no_perms && !ISSET(status, VALIDATE_OK)));
|
(def_mail_no_perms && !ISSET(status, VALIDATE_SUCCESS)));
|
||||||
}
|
}
|
||||||
|
|
||||||
#define LL_TTY_STR "TTY="
|
#define LL_TTY_STR "TTY="
|
||||||
|
|||||||
@@ -201,9 +201,9 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag)
|
|||||||
}
|
}
|
||||||
if (match == ALLOW || user_uid == 0) {
|
if (match == ALLOW || user_uid == 0) {
|
||||||
/* User has an entry for this host. */
|
/* User has an entry for this host. */
|
||||||
SET(validated, VALIDATE_OK);
|
SET(validated, VALIDATE_SUCCESS);
|
||||||
} else if (match == DENY)
|
} else if (match == DENY)
|
||||||
SET(validated, VALIDATE_NOT_OK);
|
SET(validated, VALIDATE_FAILURE);
|
||||||
if (pwcheck == always && def_authenticate)
|
if (pwcheck == always && def_authenticate)
|
||||||
SET(validated, FLAG_CHECK_USER);
|
SET(validated, FLAG_CHECK_USER);
|
||||||
else if (pwcheck == never || nopass == true)
|
else if (pwcheck == never || nopass == true)
|
||||||
@@ -267,8 +267,8 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag)
|
|||||||
}
|
}
|
||||||
matched2:
|
matched2:
|
||||||
if (match == ALLOW) {
|
if (match == ALLOW) {
|
||||||
SET(validated, VALIDATE_OK);
|
SET(validated, VALIDATE_SUCCESS);
|
||||||
CLR(validated, VALIDATE_NOT_OK);
|
CLR(validated, VALIDATE_FAILURE);
|
||||||
if (tags != NULL) {
|
if (tags != NULL) {
|
||||||
if (tags->nopasswd != UNSPEC)
|
if (tags->nopasswd != UNSPEC)
|
||||||
def_authenticate = !tags->nopasswd;
|
def_authenticate = !tags->nopasswd;
|
||||||
@@ -282,8 +282,8 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag)
|
|||||||
def_log_output = tags->log_output;
|
def_log_output = tags->log_output;
|
||||||
}
|
}
|
||||||
} else if (match == DENY) {
|
} else if (match == DENY) {
|
||||||
SET(validated, VALIDATE_NOT_OK);
|
SET(validated, VALIDATE_FAILURE);
|
||||||
CLR(validated, VALIDATE_OK);
|
CLR(validated, VALIDATE_SUCCESS);
|
||||||
if (tags != NULL && tags->nopasswd != UNSPEC)
|
if (tags != NULL && tags->nopasswd != UNSPEC)
|
||||||
def_authenticate = !tags->nopasswd;
|
def_authenticate = !tags->nopasswd;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1015,8 +1015,8 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (matched || user_uid == 0) {
|
if (matched || user_uid == 0) {
|
||||||
SET(ret, VALIDATE_OK);
|
SET(ret, VALIDATE_SUCCESS);
|
||||||
CLR(ret, VALIDATE_NOT_OK);
|
CLR(ret, VALIDATE_FAILURE);
|
||||||
if (def_authenticate) {
|
if (def_authenticate) {
|
||||||
switch (pwcheck) {
|
switch (pwcheck) {
|
||||||
case always:
|
case always:
|
||||||
@@ -1065,11 +1065,11 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
|
|||||||
if (user_type == NULL)
|
if (user_type == NULL)
|
||||||
user_type = def_type;
|
user_type = def_type;
|
||||||
#endif /* HAVE_SELINUX */
|
#endif /* HAVE_SELINUX */
|
||||||
SET(ret, VALIDATE_OK);
|
SET(ret, VALIDATE_SUCCESS);
|
||||||
CLR(ret, VALIDATE_NOT_OK);
|
CLR(ret, VALIDATE_FAILURE);
|
||||||
} else {
|
} else {
|
||||||
SET(ret, VALIDATE_NOT_OK);
|
SET(ret, VALIDATE_FAILURE);
|
||||||
CLR(ret, VALIDATE_OK);
|
CLR(ret, VALIDATE_SUCCESS);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -1078,7 +1078,7 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
|
|||||||
done:
|
done:
|
||||||
sudo_debug_printf(SUDO_DEBUG_DIAG, "Done with LDAP searches");
|
sudo_debug_printf(SUDO_DEBUG_DIAG, "Done with LDAP searches");
|
||||||
|
|
||||||
if (!ISSET(ret, VALIDATE_OK)) {
|
if (!ISSET(ret, VALIDATE_SUCCESS)) {
|
||||||
/* No matching entries. */
|
/* No matching entries. */
|
||||||
if (pwflag && list_pw == NULL)
|
if (pwflag && list_pw == NULL)
|
||||||
SET(ret, FLAG_NO_CHECK);
|
SET(ret, FLAG_NO_CHECK);
|
||||||
|
|||||||
@@ -160,6 +160,7 @@ sudoers_policy_init(void *info, char * const envp[])
|
|||||||
N_("problem with defaults entries"));
|
N_("problem with defaults entries"));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
/* XXX - used to send mail for sudoers parse errors. */
|
||||||
TAILQ_REMOVE(snl, nss, entries);
|
TAILQ_REMOVE(snl, nss, entries);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -289,7 +290,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
|||||||
TAILQ_FOREACH(nss, snl, entries) {
|
TAILQ_FOREACH(nss, snl, entries) {
|
||||||
validated = nss->lookup(nss, validated, pwflag);
|
validated = nss->lookup(nss, validated, pwflag);
|
||||||
|
|
||||||
if (ISSET(validated, VALIDATE_OK)) {
|
if (ISSET(validated, VALIDATE_SUCCESS)) {
|
||||||
/* Handle [SUCCESS=return] */
|
/* Handle [SUCCESS=return] */
|
||||||
if (nss->ret_if_found)
|
if (nss->ret_if_found)
|
||||||
break;
|
break;
|
||||||
@@ -368,7 +369,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
|||||||
rval = check_user(validated, sudo_mode);
|
rval = check_user(validated, sudo_mode);
|
||||||
if (rval != true) {
|
if (rval != true) {
|
||||||
/* Note: log_denial() calls audit for us. */
|
/* Note: log_denial() calls audit for us. */
|
||||||
if (!ISSET(validated, VALIDATE_OK))
|
if (!ISSET(validated, VALIDATE_SUCCESS))
|
||||||
log_denial(validated, false);
|
log_denial(validated, false);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@@ -388,7 +389,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* If the user was not allowed to run the command we are done. */
|
/* If the user was not allowed to run the command we are done. */
|
||||||
if (!ISSET(validated, VALIDATE_OK)) {
|
if (!ISSET(validated, VALIDATE_SUCCESS)) {
|
||||||
/* Note: log_failure() calls audit for us. */
|
/* Note: log_failure() calls audit for us. */
|
||||||
log_failure(validated, cmnd_status);
|
log_failure(validated, cmnd_status);
|
||||||
goto bad;
|
goto bad;
|
||||||
|
|||||||
@@ -113,9 +113,8 @@ struct sudo_user {
|
|||||||
* Return values for sudoers_lookup(), also used as arguments for log_auth()
|
* Return values for sudoers_lookup(), also used as arguments for log_auth()
|
||||||
* Note: cannot use '0' as a value here.
|
* Note: cannot use '0' as a value here.
|
||||||
*/
|
*/
|
||||||
/* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */
|
#define VALIDATE_SUCCESS 0x001
|
||||||
#define VALIDATE_OK 0x001
|
#define VALIDATE_FAILURE 0x002
|
||||||
#define VALIDATE_NOT_OK 0x002
|
|
||||||
#define FLAG_CHECK_USER 0x010
|
#define FLAG_CHECK_USER 0x010
|
||||||
#define FLAG_NO_USER 0x020
|
#define FLAG_NO_USER 0x020
|
||||||
#define FLAG_NO_HOST 0x040
|
#define FLAG_NO_HOST 0x040
|
||||||
|
|||||||
Reference in New Issue
Block a user