Restore AUTH_INTR support, it is still needed.
We still need AUTH_INTR to know when to break out of the password prompt loop.
This commit is contained in:
@@ -63,6 +63,10 @@ The member functions can return the following values:
|
|||||||
receives AUTH_ERROR from an auth function it stops
|
receives AUTH_ERROR from an auth function it stops
|
||||||
authenticating and returns an error.
|
authenticating and returns an error.
|
||||||
|
|
||||||
|
AUTH_INTR An attempt to read the password read was interrupted.
|
||||||
|
Usually this means the user entered ^C at the
|
||||||
|
password prompt.
|
||||||
|
|
||||||
AUTH_NONINTERACTIVE Function failed because user interaction was
|
AUTH_NONINTERACTIVE Function failed because user interaction was
|
||||||
required but sudo was run in non-interactive
|
required but sudo was run in non-interactive
|
||||||
mode.
|
mode.
|
||||||
|
@@ -257,7 +257,7 @@ sudo_aix_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
if (sudo_aix_valid_message(message))
|
if (sudo_aix_valid_message(message))
|
||||||
sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
|
sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
|
||||||
"%s", message);
|
"%s", message);
|
||||||
ret = AUTH_FAILURE;
|
ret = pass ? AUTH_FAILURE : AUTH_INTR;
|
||||||
}
|
}
|
||||||
free(message);
|
free(message);
|
||||||
message = NULL;
|
message = NULL;
|
||||||
|
@@ -171,10 +171,11 @@ bsdauth_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
if (authok)
|
if (authok)
|
||||||
debug_return_int(AUTH_SUCCESS);
|
debug_return_int(AUTH_SUCCESS);
|
||||||
|
|
||||||
if (pass != NULL) {
|
if (pass == NULL)
|
||||||
if ((s = auth_getvalue(as, (char *)"errormsg")) != NULL)
|
debug_return_int(AUTH_INTR);
|
||||||
log_warningx(ctx, 0, "%s", s);
|
|
||||||
}
|
if ((s = auth_getvalue(as, (char *)"errormsg")) != NULL)
|
||||||
|
log_warningx(ctx, 0, "%s", s);
|
||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -121,8 +121,8 @@ restart:
|
|||||||
sudo_warnx("%s", resp);
|
sudo_warnx("%s", resp);
|
||||||
debug_return_int(AUTH_ERROR);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
if (pass == NULL) { /* ^C or error */
|
if (pass == NULL) { /* ^C or error */
|
||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_INTR);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Send the user's response to the server */
|
/* Send the user's response to the server */
|
||||||
|
@@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-License-Identifier: ISC
|
* SPDX-License-Identifier: ISC
|
||||||
*
|
*
|
||||||
* Copyright (c) 1999-2005, 2007-2023 Todd C. Miller <Todd.Miller@sudo.ws>
|
* Copyright (c) 1999-2005, 2007-2020 Todd C. Miller <Todd.Miller@sudo.ws>
|
||||||
*
|
*
|
||||||
* Permission to use, copy, modify, and distribute this software for any
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
* purpose with or without fee is hereby granted, provided that the above
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
@@ -332,7 +332,7 @@ sudo_pam_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
|
|
||||||
if (getpass_error) {
|
if (getpass_error) {
|
||||||
/* error or ^C from tgetpass() or running non-interactive */
|
/* error or ^C from tgetpass() or running non-interactive */
|
||||||
debug_return_int(noninteractive ? AUTH_NONINTERACTIVE : AUTH_FAILURE);
|
debug_return_int(noninteractive ? AUTH_NONINTERACTIVE : AUTH_INTR);
|
||||||
}
|
}
|
||||||
switch (*pam_status) {
|
switch (*pam_status) {
|
||||||
case PAM_SUCCESS:
|
case PAM_SUCCESS:
|
||||||
|
@@ -89,10 +89,10 @@ sudo_sia_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
if (IS_NONINTERACTIVE(auth))
|
if (IS_NONINTERACTIVE(auth))
|
||||||
debug_return_int(AUTH_NONINTERACTIVE);
|
debug_return_int(AUTH_NONINTERACTIVE);
|
||||||
|
|
||||||
/* Get password, return AUTH_FAILURE if we got ^C */
|
/* Get password, return AUTH_INTR if we got ^C */
|
||||||
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
if (pass == NULL)
|
if (pass == NULL)
|
||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_INTR);
|
||||||
|
|
||||||
/* Check password and zero out plaintext copy. */
|
/* Check password and zero out plaintext copy. */
|
||||||
rc = sia_ses_authent(NULL, pass, siah);
|
rc = sia_ses_authent(NULL, pass, siah);
|
||||||
|
@@ -355,6 +355,7 @@ done:
|
|||||||
case AUTH_SUCCESS:
|
case AUTH_SUCCESS:
|
||||||
ret = true;
|
ret = true;
|
||||||
break;
|
break;
|
||||||
|
case AUTH_INTR:
|
||||||
case AUTH_FAILURE:
|
case AUTH_FAILURE:
|
||||||
if (ntries != 0)
|
if (ntries != 0)
|
||||||
SET(validated, FLAG_BAD_PASSWORD);
|
SET(validated, FLAG_BAD_PASSWORD);
|
||||||
|
@@ -22,8 +22,9 @@
|
|||||||
/* Auth function return values. */
|
/* Auth function return values. */
|
||||||
#define AUTH_SUCCESS 0
|
#define AUTH_SUCCESS 0
|
||||||
#define AUTH_FAILURE 1
|
#define AUTH_FAILURE 1
|
||||||
#define AUTH_ERROR 2
|
#define AUTH_INTR 2
|
||||||
#define AUTH_NONINTERACTIVE 3
|
#define AUTH_ERROR 3
|
||||||
|
#define AUTH_NONINTERACTIVE 4
|
||||||
|
|
||||||
typedef struct sudo_auth {
|
typedef struct sudo_auth {
|
||||||
unsigned int flags; /* various flags, see below */
|
unsigned int flags; /* various flags, see below */
|
||||||
|
Reference in New Issue
Block a user