Return AUTH_* flags from check_user() instead of 1/0/-1.
This commit is contained in:
@@ -19,12 +19,9 @@
|
|||||||
#ifndef SUDO_AUTH_H
|
#ifndef SUDO_AUTH_H
|
||||||
#define SUDO_AUTH_H
|
#define SUDO_AUTH_H
|
||||||
|
|
||||||
/* Auth function return values (rowhammer resistent). */
|
/* Private auth function return values (rowhammer resistent). */
|
||||||
#define AUTH_SUCCESS 0x52a2925 /* 0101001010100010100100100101 */
|
|
||||||
#define AUTH_FAILURE 0xad5d6da /* 1010110101011101011011011010 */
|
|
||||||
#define AUTH_INTR 0x69d61fc8 /* 1101001110101100001111111001000 */
|
#define AUTH_INTR 0x69d61fc8 /* 1101001110101100001111111001000 */
|
||||||
#define AUTH_ERROR 0x1629e037 /* 0010110001010011110000000110111 */
|
#define AUTH_NONINTERACTIVE 0x1629e037 /* 0010110001010011110000000110111 */
|
||||||
#define AUTH_NONINTERACTIVE 0x1fc8d3ac /* 11111110010001101001110101100 */
|
|
||||||
|
|
||||||
struct sudoers_context;
|
struct sudoers_context;
|
||||||
typedef struct sudo_auth {
|
typedef struct sudo_auth {
|
||||||
|
@@ -87,8 +87,8 @@ get_authpw(struct sudoers_context *ctx, unsigned int mode)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Returns true if the user successfully authenticates, false if not
|
* Returns AUTH_SUCCESS if the user successfully authenticates,
|
||||||
* or -1 on error.
|
* AUTH_FAILURE if not or AUTH_ERROR on error.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
check_user(struct sudoers_context *ctx, unsigned int validated,
|
check_user(struct sudoers_context *ctx, unsigned int validated,
|
||||||
@@ -225,15 +225,7 @@ done:
|
|||||||
if (closure.auth_pw != NULL)
|
if (closure.auth_pw != NULL)
|
||||||
sudo_pw_delref(closure.auth_pw);
|
sudo_pw_delref(closure.auth_pw);
|
||||||
|
|
||||||
/* TODO: return AUTH_* directly */
|
debug_return_int(ret);
|
||||||
switch (ret) {
|
|
||||||
case AUTH_SUCCESS:
|
|
||||||
debug_return_int(true);
|
|
||||||
case AUTH_FAILURE:
|
|
||||||
debug_return_int(false);
|
|
||||||
default:
|
|
||||||
debug_return_int(-1);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@@ -711,7 +711,7 @@ int
|
|||||||
check_user(struct sudoers_context *ctx, unsigned int validated,
|
check_user(struct sudoers_context *ctx, unsigned int validated,
|
||||||
unsigned int mode)
|
unsigned int mode)
|
||||||
{
|
{
|
||||||
return true;
|
return AUTH_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* STUB */
|
/* STUB */
|
||||||
|
@@ -466,10 +466,10 @@ sudoers_check_common(struct sudoers_context *ctx, int pwflag)
|
|||||||
|
|
||||||
/* Require a password if sudoers says so. */
|
/* Require a password if sudoers says so. */
|
||||||
switch (check_user(ctx, validated, ctx->mode)) {
|
switch (check_user(ctx, validated, ctx->mode)) {
|
||||||
case true:
|
case AUTH_SUCCESS:
|
||||||
/* user authenticated successfully. */
|
/* user authenticated successfully. */
|
||||||
break;
|
break;
|
||||||
case false:
|
case AUTH_FAILURE:
|
||||||
/* Note: log_denial() calls audit for us. */
|
/* Note: log_denial() calls audit for us. */
|
||||||
if (!ISSET(validated, VALIDATE_SUCCESS)) {
|
if (!ISSET(validated, VALIDATE_SUCCESS)) {
|
||||||
/* Only display a denial message if no password was read. */
|
/* Only display a denial message if no password was read. */
|
||||||
|
@@ -229,6 +229,13 @@ struct sudoers_context {
|
|||||||
#define FLAG_NO_USER_INPUT 0x100U
|
#define FLAG_NO_USER_INPUT 0x100U
|
||||||
#define FLAG_BAD_PASSWORD 0x200U
|
#define FLAG_BAD_PASSWORD 0x200U
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Return values for check_user() (rowhammer resistent).
|
||||||
|
*/
|
||||||
|
#define AUTH_SUCCESS 0x52a2925 /* 0101001010100010100100100101 */
|
||||||
|
#define AUTH_FAILURE 0xad5d6da /* 1010110101011101011011011010 */
|
||||||
|
#define AUTH_ERROR 0x1fc8d3ac /* 11111110010001101001110101100 */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* find_path()/set_cmnd() return values
|
* find_path()/set_cmnd() return values
|
||||||
*/
|
*/
|
||||||
|
@@ -24,8 +24,6 @@
|
|||||||
#ifndef SUDOERS_TIMESTAMP_H
|
#ifndef SUDOERS_TIMESTAMP_H
|
||||||
#define SUDOERS_TIMESTAMP_H
|
#define SUDOERS_TIMESTAMP_H
|
||||||
|
|
||||||
#include "auth/sudo_auth.h"
|
|
||||||
|
|
||||||
struct passwd;
|
struct passwd;
|
||||||
struct sudoers_context;
|
struct sudoers_context;
|
||||||
struct getpass_closure {
|
struct getpass_closure {
|
||||||
|
Reference in New Issue
Block a user