isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If passwd_tries is less than 1, check_user() will always return

Browse Source 
false (since the user didn't authenticate).  The normal reason for
this is an authentication error but in this case no authentication
was tries so no warning message has been displayed to the user.  If
the user wasn't given a chance to authenticate, set inform_user to
true when calling log_denial() from sudoers_policy_main().

An alternate approach would be for check_user() to return true
in this case but seems more confusing.
This commit is contained in:
Todd C. Miller
2017-11-14 13:58:35 -07:00
parent 4e8c037f22
commit a62cd4b4fe
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/sudoers/sudoers.c
View File

@@ -427,7 +427,8 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
case false:
/* Note: log_denial() calls audit for us. */
if (!ISSET(validated, VALIDATE_SUCCESS)) {
if (!log_denial(validated, false))
/* Only display a denial message if no password was read. */
if (!log_denial(validated, def_passwd_tries <= 0))
goto done;
}
goto bad;