Return AUTH_* flags from check_user() instead of 1/0/-1.

This commit is contained in:
Todd C. Miller
2023-09-09 14:59:46 -06:00
parent 2fdb4db339
commit c54bdd799b
6 changed files with 15 additions and 21 deletions

View File

@@ -19,12 +19,9 @@
#ifndef SUDO_AUTH_H
#define SUDO_AUTH_H
/* Auth function return values (rowhammer resistent). */
#define AUTH_SUCCESS 0x52a2925 /* 0101001010100010100100100101 */
#define AUTH_FAILURE 0xad5d6da /* 1010110101011101011011011010 */
/* Private auth function return values (rowhammer resistent). */
#define AUTH_INTR 0x69d61fc8 /* 1101001110101100001111111001000 */
#define AUTH_ERROR 0x1629e037 /* 0010110001010011110000000110111 */
#define AUTH_NONINTERACTIVE 0x1fc8d3ac /* 11111110010001101001110101100 */
#define AUTH_NONINTERACTIVE 0x1629e037 /* 0010110001010011110000000110111 */
struct sudoers_context;
typedef struct sudo_auth {

View File

@@ -87,8 +87,8 @@ get_authpw(struct sudoers_context *ctx, unsigned int mode)
}
/*
* Returns true if the user successfully authenticates, false if not
* or -1 on error.
* Returns AUTH_SUCCESS if the user successfully authenticates,
* AUTH_FAILURE if not or AUTH_ERROR on error.
*/
int
check_user(struct sudoers_context *ctx, unsigned int validated,
@@ -225,15 +225,7 @@ done:
if (closure.auth_pw != NULL)
sudo_pw_delref(closure.auth_pw);
/* TODO: return AUTH_* directly */
switch (ret) {
case AUTH_SUCCESS:
debug_return_int(true);
case AUTH_FAILURE:
debug_return_int(false);
default:
debug_return_int(-1);
}
debug_return_int(ret);
}
/*

View File

@@ -711,7 +711,7 @@ int
check_user(struct sudoers_context *ctx, unsigned int validated,
unsigned int mode)
{
return true;
return AUTH_SUCCESS;
}
/* STUB */

View File

@@ -466,10 +466,10 @@ sudoers_check_common(struct sudoers_context *ctx, int pwflag)
/* Require a password if sudoers says so. */
switch (check_user(ctx, validated, ctx->mode)) {
case true:
case AUTH_SUCCESS:
/* user authenticated successfully. */
break;
case false:
case AUTH_FAILURE:
/* Note: log_denial() calls audit for us. */
if (!ISSET(validated, VALIDATE_SUCCESS)) {
/* Only display a denial message if no password was read. */

View File

@@ -229,6 +229,13 @@ struct sudoers_context {
#define FLAG_NO_USER_INPUT 0x100U
#define FLAG_BAD_PASSWORD 0x200U
/*
* Return values for check_user() (rowhammer resistent).
*/
#define AUTH_SUCCESS 0x52a2925 /* 0101001010100010100100100101 */
#define AUTH_FAILURE 0xad5d6da /* 1010110101011101011011011010 */
#define AUTH_ERROR 0x1fc8d3ac /* 11111110010001101001110101100 */
/*
* find_path()/set_cmnd() return values
*/

View File

@@ -24,8 +24,6 @@
#ifndef SUDOERS_TIMESTAMP_H
#define SUDOERS_TIMESTAMP_H
#include "auth/sudo_auth.h"
struct passwd;
struct sudoers_context;
struct getpass_closure {