isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use the SUDO_CONV_PREFER_TTY flag during authentication.

Browse Source 
This prevents the password and PAM prompts from being redirected.
Bug #895
This commit is contained in:
Todd C. Miller
2019-08-26 19:30:11 -06:00
parent 5a22865131
commit 972670bfca
9 changed files with 51 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/sudoers/auth/dce.c
View File

@@ -103,7 +103,7 @@ sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth, struct sudo_
* sure that we didn't get spoofed by another DCE server.
*/
if (!sec_login_certify_identity(login_context, &status)) {
sudo_printf(SUDO_CONV_ERROR_MSG,
sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"Whoa! Bogus authentication server!\n");
(void) check_dce_status(status,"sec_login_certify_identity(1):");
debug_return_int(AUTH_FAILURE);
@@ -125,13 +125,13 @@ sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth, struct sudo_
* DCE client and DCE security server...
*/
if (auth_src != sec_login_auth_src_network) {
sudo_printf(SUDO_CONV_ERROR_MSG,
sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"You have no network credentials.\n");
debug_return_int(AUTH_FAILURE);
}
/* Check if the password has aged and is thus no good */
if (reset_passwd) {
sudo_printf(SUDO_CONV_ERROR_MSG,
sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"Your DCE password needs resetting.\n");
debug_return_int(AUTH_FAILURE);
}
@@ -191,7 +191,8 @@ check_dce_status(error_status_t input_status, char *comment)
if (input_status == rpc_s_ok)
debug_return_int(0);
dce_error_inq_text(input_status, error_string, &error_stat);
sudo_printf(SUDO_CONV_ERROR_MSG, "%s %s\n", comment, error_string);
sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"%s %s\n", comment, error_string);
debug_return_int(1);
}