diff --git a/plugins/sudoers/auth/sudo_auth.h b/plugins/sudoers/auth/sudo_auth.h index e9a1763de..59b8f2159 100644 --- a/plugins/sudoers/auth/sudo_auth.h +++ b/plugins/sudoers/auth/sudo_auth.h @@ -19,12 +19,9 @@ #ifndef SUDO_AUTH_H #define SUDO_AUTH_H -/* Auth function return values (rowhammer resistent). */ -#define AUTH_SUCCESS 0x52a2925 /* 0101001010100010100100100101 */ -#define AUTH_FAILURE 0xad5d6da /* 1010110101011101011011011010 */ +/* Private auth function return values (rowhammer resistent). */ #define AUTH_INTR 0x69d61fc8 /* 1101001110101100001111111001000 */ -#define AUTH_ERROR 0x1629e037 /* 0010110001010011110000000110111 */ -#define AUTH_NONINTERACTIVE 0x1fc8d3ac /* 11111110010001101001110101100 */ +#define AUTH_NONINTERACTIVE 0x1629e037 /* 0010110001010011110000000110111 */ struct sudoers_context; typedef struct sudo_auth { diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c index 453932706..8880de5d8 100644 --- a/plugins/sudoers/check.c +++ b/plugins/sudoers/check.c @@ -87,8 +87,8 @@ get_authpw(struct sudoers_context *ctx, unsigned int mode) } /* - * Returns true if the user successfully authenticates, false if not - * or -1 on error. + * Returns AUTH_SUCCESS if the user successfully authenticates, + * AUTH_FAILURE if not or AUTH_ERROR on error. */ int check_user(struct sudoers_context *ctx, unsigned int validated, @@ -225,15 +225,7 @@ done: if (closure.auth_pw != NULL) sudo_pw_delref(closure.auth_pw); - /* TODO: return AUTH_* directly */ - switch (ret) { - case AUTH_SUCCESS: - debug_return_int(true); - case AUTH_FAILURE: - debug_return_int(false); - default: - debug_return_int(-1); - } + debug_return_int(ret); } /* diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.c b/plugins/sudoers/regress/fuzz/fuzz_policy.c index 6d5cde976..d0e978e06 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_policy.c +++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c @@ -711,7 +711,7 @@ int check_user(struct sudoers_context *ctx, unsigned int validated, unsigned int mode) { - return true; + return AUTH_SUCCESS; } /* STUB */ diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index d7ace58ef..d4515f903 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -466,10 +466,10 @@ sudoers_check_common(struct sudoers_context *ctx, int pwflag) /* Require a password if sudoers says so. */ switch (check_user(ctx, validated, ctx->mode)) { - case true: + case AUTH_SUCCESS: /* user authenticated successfully. */ break; - case false: + case AUTH_FAILURE: /* Note: log_denial() calls audit for us. */ if (!ISSET(validated, VALIDATE_SUCCESS)) { /* Only display a denial message if no password was read. */ diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 8a53593b1..a1244072c 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -229,6 +229,13 @@ struct sudoers_context { #define FLAG_NO_USER_INPUT 0x100U #define FLAG_BAD_PASSWORD 0x200U +/* + * Return values for check_user() (rowhammer resistent). + */ +#define AUTH_SUCCESS 0x52a2925 /* 0101001010100010100100100101 */ +#define AUTH_FAILURE 0xad5d6da /* 1010110101011101011011011010 */ +#define AUTH_ERROR 0x1fc8d3ac /* 11111110010001101001110101100 */ + /* * find_path()/set_cmnd() return values */ diff --git a/plugins/sudoers/timestamp.h b/plugins/sudoers/timestamp.h index 7e384c8b1..4ce5ad1d5 100644 --- a/plugins/sudoers/timestamp.h +++ b/plugins/sudoers/timestamp.h @@ -24,8 +24,6 @@ #ifndef SUDOERS_TIMESTAMP_H #define SUDOERS_TIMESTAMP_H -#include "auth/sudo_auth.h" - struct passwd; struct sudoers_context; struct getpass_closure {