Restore AUTH_INTR support, it is still needed.

We still need AUTH_INTR to know when to break out of the password
prompt loop.

plugins/sudoers/auth/API

@@ -63,6 +63,10 @@ The member functions can return the following values:
 			receives AUTH_ERROR from an auth function it stops
 			authenticating and returns an error.
 
+    AUTH_INTR		An attempt to read the password read was interrupted.
+			Usually this means the user entered ^C at the
+			password prompt.
+
     AUTH_NONINTERACTIVE	Function failed because user interaction was
 			required but sudo was run in non-interactive
 			mode.

plugins/sudoers/auth/aix_auth.c

@@ -257,7 +257,7 @@ sudo_aix_verify(const struct sudoers_context *ctx, struct passwd *pw,
 	if (sudo_aix_valid_message(message))
 	    sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
 		"%s", message);
-	ret = AUTH_FAILURE;
+	ret = pass ? AUTH_FAILURE : AUTH_INTR;
     }
     free(message);
     message = NULL;

plugins/sudoers/auth/bsdauth.c

@@ -171,10 +171,11 @@ bsdauth_verify(const struct sudoers_context *ctx, struct passwd *pw,
     if (authok)
 	debug_return_int(AUTH_SUCCESS);
 
-    if (pass != NULL) {
-	if ((s = auth_getvalue(as, (char *)"errormsg")) != NULL)
-	    log_warningx(ctx, 0, "%s", s);
-    }
+    if (pass == NULL)
+	debug_return_int(AUTH_INTR);
+
+    if ((s = auth_getvalue(as, (char *)"errormsg")) != NULL)
+	log_warningx(ctx, 0, "%s", s);
     debug_return_int(AUTH_FAILURE);
 }
 

plugins/sudoers/auth/fwtk.c

@@ -121,8 +121,8 @@ restart:
 	sudo_warnx("%s", resp);
 	debug_return_int(AUTH_ERROR);
     }
-    if (pass == NULL) {		/* ^C or error */
-	debug_return_int(AUTH_FAILURE);
+    if (pass == NULL) {			/* ^C or error */
+	debug_return_int(AUTH_INTR);
     }
 
     /* Send the user's response to the server */

plugins/sudoers/auth/pam.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1999-2005, 2007-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 1999-2005, 2007-2020 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -332,7 +332,7 @@ sudo_pam_verify(const struct sudoers_context *ctx, struct passwd *pw,
 
     if (getpass_error) {
 	/* error or ^C from tgetpass() or running non-interactive */
-	debug_return_int(noninteractive ? AUTH_NONINTERACTIVE : AUTH_FAILURE);
+	debug_return_int(noninteractive ? AUTH_NONINTERACTIVE : AUTH_INTR);
     }
     switch (*pam_status) {
 	case PAM_SUCCESS:

plugins/sudoers/auth/sia.c

@@ -89,10 +89,10 @@ sudo_sia_verify(const struct sudoers_context *ctx, struct passwd *pw,
     if (IS_NONINTERACTIVE(auth))
         debug_return_int(AUTH_NONINTERACTIVE);
 
-    /* Get password, return AUTH_FAILURE if we got ^C */
+    /* Get password, return AUTH_INTR if we got ^C */
     pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
     if (pass == NULL)
-	debug_return_int(AUTH_FAILURE);
+	debug_return_int(AUTH_INTR);
 
     /* Check password and zero out plaintext copy. */
     rc = sia_ses_authent(NULL, pass, siah);

plugins/sudoers/auth/sudo_auth.c

@@ -355,6 +355,7 @@ done:
 	case AUTH_SUCCESS:
 	    ret = true;
 	    break;
+	case AUTH_INTR:
 	case AUTH_FAILURE:
 	    if (ntries != 0)
 		SET(validated, FLAG_BAD_PASSWORD);

plugins/sudoers/auth/sudo_auth.h

@@ -22,8 +22,9 @@
 /* Auth function return values.  */
 #define AUTH_SUCCESS		0
 #define AUTH_FAILURE		1
-#define AUTH_ERROR		2
-#define AUTH_NONINTERACTIVE	3
+#define AUTH_INTR		2
+#define AUTH_ERROR		3
+#define AUTH_NONINTERACTIVE	4
 
 typedef struct sudo_auth {
     unsigned int flags;		/* various flags, see below */