isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If the auth_type setting in /etc/security/login.cfg is set to

Browse Source 
PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
Skip the auth_type check if sudo is not compiled with PAM support.
This commit is contained in:
Todd C. Miller
2016-03-22 16:31:28 -06:00
parent 7cd6d4ec79
commit b2d1c457ce
3 changed files with 43 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
plugins/sudoers/auth/aix_auth.c
View File

@@ -44,9 +44,10 @@
* http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm
*/
#define AIX_AUTH_UNKNOWN 0
#define AIX_AUTH_STD 1
#define AIX_AUTH_PAM 2
#ifdef HAVE_PAM
# define AIX_AUTH_UNKNOWN 0
# define AIX_AUTH_STD 1
# define AIX_AUTH_PAM 2
static int
sudo_aix_authtype(void)
@@ -115,15 +116,22 @@ sudo_aix_authtype(void)
debug_return_int(authtype);
}
#endif /* HAVE_PAM */
int
sudo_aix_init(struct passwd *pw, sudo_auth *auth)
{
debug_decl(sudo_aix_init, SUDOERS_DEBUG_AUTH)
#ifdef HAVE_PAM
/* Check auth_type in /etc/security/login.cfg. */
if (sudo_aix_authtype() == AIX_AUTH_PAM)
debug_return_int(AUTH_FAILURE);
if (sudo_aix_authtype() == AIX_AUTH_PAM) {
if (sudo_pam_init_quiet(pw, auth) == AUTH_SUCCESS) {
/* Fail AIX authentication so we can use PAM instead. */
debug_return_int(AUTH_FAILURE);
}
}
#endif
debug_return_int(AUTH_SUCCESS);
}