isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename AUTH_FATAL -> AUTH_ERROR.

Browse Source
This commit is contained in:
Todd C. Miller
2023-08-26 10:45:29 -06:00
parent cf00568d88
commit c858acc481
13 changed files with 53 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/auth/API
View File

@@ -57,11 +57,11 @@ The member functions can return the following values:
``setup'' routine, the auth method will be
marked as !configured.
AUTH_FATAL A fatal error occurred. The routine should have
AUTH_ERROR A fatal error occurred. The routine should have
written an error message to stderr and optionally
sent mail to the administrator.
When verify_user() gets AUTH_FATAL from an auth
function it does an exit(1).
sent mail to the administrator. When verify_user()
receives AUTH_ERROR from an auth function it stops
authenticating and returns an error.
AUTH_NONINTERACTIVE Function failed because user interaction was
required but sudo was run in non-interactive

6
plugins/sudoers/auth/aix_auth.c
View File

@@ -280,17 +280,17 @@ sudo_aix_verify(const struct sudoers_context *ctx, struct passwd *pw,
/* password expired, user must change it */
if (!sudo_aix_change_password(ctx, pw->pw_name)) {
sudo_warnx(U_("unable to change password for %s"), pw->pw_name);
ret = AUTH_FATAL;
ret = AUTH_ERROR;
}
break;
case 2:
/* password expired, only admin can change it */
ret = AUTH_FATAL;
ret = AUTH_ERROR;
break;
default:
/* error (-1) */
sudo_warn("passwdexpired");
ret = AUTH_FATAL;
ret = AUTH_ERROR;
break;
}
}

4
plugins/sudoers/auth/bsdauth.c
View File

@@ -103,7 +103,7 @@ bsdauth_init(const struct sudoers_context *ctx, struct passwd *pw,
bad:
auth_close(state.as);
login_close(state.lc);
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
int
@@ -152,7 +152,7 @@ bsdauth_verify(const struct sudoers_context *ctx, struct passwd *pw,
len--;
if (asprintf(&s, "%.*s [echo on]: ", (int)len, prompt) == -1) {
log_warningx(ctx, 0, N_("unable to allocate memory"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
free(pass);
pass = auth_getpass(s, SUDO_CONV_PROMPT_ECHO_ON, callback);

14
plugins/sudoers/auth/fwtk.c
View File

@@ -60,22 +60,22 @@ sudo_fwtk_init(const struct sudoers_context *ctx, struct passwd *pw,
if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
sudo_warnx("%s", U_("unable to read fwtk config"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
if (auth_open(confp)) {
sudo_warnx("%s", U_("unable to connect to authentication server"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
/* Get welcome message from auth server */
if (auth_recv(resp, sizeof(resp))) {
sudo_warnx("%s", U_("lost connection to authentication server"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
if (strncmp(resp, "Authsrv ready", 13) != 0) {
sudo_warnx(U_("authentication server error:\n%s"), resp);
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
auth->data = (void *) confp;
@@ -97,7 +97,7 @@ sudo_fwtk_verify(const struct sudoers_context *ctx, struct passwd *pw,
restart:
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
sudo_warnx("%s", U_("lost connection to authentication server"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
/* Get the password/response from the user. */
@@ -119,7 +119,7 @@ restart:
goto restart;
} else {
sudo_warnx("%s", resp);
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
if (pass == NULL) { /* ^C or error */
debug_return_int(AUTH_FAILURE);
@@ -129,7 +129,7 @@ restart:
(void) snprintf(buf, sizeof(buf), "response '%s'", pass);
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
sudo_warnx("%s", U_("lost connection to authentication server"));
error = AUTH_FATAL;
error = AUTH_ERROR;
goto done;
}

4
plugins/sudoers/auth/kerb5.c
View File

@@ -121,7 +121,7 @@ sudo_krb5_setup(const struct sudoers_context *ctx, struct passwd *pw,
if (asprintf(&krb5_prompt, "Password for %s: ", pname) == -1) {
log_warningx(ctx, 0, N_("unable to allocate memory"));
free(pname);
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
free(pname);
}
@@ -148,7 +148,7 @@ sudo_krb5_init(const struct sudoers_context *ctx, struct passwd *pw,
sudo_krb5_instance[0] != '/' ? "/" : "", sudo_krb5_instance);
if (len == -1) {
log_warningx(ctx, 0, N_("unable to allocate memory"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
}

18
plugins/sudoers/auth/pam.c
View File

@@ -231,7 +231,7 @@ sudo_pam_init2(const struct sudoers_context *ctx, struct passwd *pw,
&pam_conv, &pamh, errstr);
if (!quiet)
log_warningx(ctx, 0, N_("unable to initialize PAM: %s"), errstr);
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
/* Initialize conversation function message filter. */
@@ -347,7 +347,7 @@ sudo_pam_verify(const struct sudoers_context *ctx, struct passwd *pw,
default:
s = sudo_pam_strerror(pamh, *pam_status);
log_warningx(ctx, 0, N_("PAM authentication error: %s"), s);
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
}
@@ -368,7 +368,7 @@ sudo_pam_approval(const struct sudoers_context *ctx, struct passwd *pw,
case PAM_AUTH_ERR:
log_warningx(ctx, 0, N_("account validation failure, "
"is your account locked?"));
status = AUTH_FATAL;
status = AUTH_ERROR;
break;
case PAM_NEW_AUTHTOK_REQD:
/* Ignore if user is exempt from password restrictions. */
@@ -396,13 +396,13 @@ sudo_pam_approval(const struct sudoers_context *ctx, struct passwd *pw,
/* Password expired, cannot be updated by user. */
log_warningx(ctx, 0,
N_("Password expired, contact your system administrator"));
status = AUTH_FATAL;
status = AUTH_ERROR;
break;
case PAM_ACCT_EXPIRED:
log_warningx(ctx, 0,
N_("Account expired or PAM config lacks an \"account\" "
"section for sudo, contact your system administrator"));
status = AUTH_FATAL;
status = AUTH_ERROR;
break;
case PAM_AUTHINFO_UNAVAIL:
case PAM_MAXTRIES:
@@ -414,7 +414,7 @@ sudo_pam_approval(const struct sudoers_context *ctx, struct passwd *pw,
default:
s = sudo_pam_strerror(pamh, rc);
log_warningx(ctx, 0, N_("PAM account management error: %s"), s);
status = AUTH_FATAL;
status = AUTH_ERROR;
break;
}
*pam_status = rc;
@@ -523,7 +523,7 @@ sudo_pam_begin_session(const struct sudoers_context *ctx, struct passwd *pw,
"pam_end: %s", errstr);
}
pamh = NULL;
status = AUTH_FATAL;
status = AUTH_ERROR;
goto done;
}
}
@@ -539,7 +539,7 @@ sudo_pam_begin_session(const struct sudoers_context *ctx, struct passwd *pw,
if (pam_envp != NULL) {
/* Merge pam env with user env. */
if (!env_init(*user_envp) || !env_merge(ctx, pam_envp))
status = AUTH_FATAL;
status = AUTH_ERROR;
*user_envp = env_get();
free(pam_envp);
/* XXX - we leak any duplicates that were in pam_envp */
@@ -580,7 +580,7 @@ sudo_pam_end_session(sudo_auth *auth)
errstr = sudo_pam_strerror(pamh, rc);
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"pam_end: %s", errstr);
status = AUTH_FATAL;
status = AUTH_ERROR;
}
pamh = NULL;
}

2
plugins/sudoers/auth/passwd.c
View File

@@ -57,7 +57,7 @@ sudo_passwd_init(const struct sudoers_context *ctx, struct passwd *pw,
sudo_setspent();
auth->data = sudo_getepw(pw);
sudo_endspent();
debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_FATAL);
debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_ERROR);
}
#ifdef HAVE_CRYPT

4
plugins/sudoers/auth/rfc1938.c
View File

@@ -98,7 +98,7 @@ sudo_rfc1938_setup(const struct sudoers_context *ctx, struct passwd *pw,
if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) {
if (IS_ONEANDONLY(auth)) {
sudo_warnx(U_("you do not exist in the %s database"), auth->name);
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
} else {
debug_return_int(AUTH_FAILURE);
}
@@ -110,7 +110,7 @@ sudo_rfc1938_setup(const struct sudoers_context *ctx, struct passwd *pw,
char *p = realloc(new_prompt, op_len + challenge_len + 7);
if (p == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
np_size = op_len + challenge_len + 7;
new_prompt = p;

2
plugins/sudoers/auth/secureware.c
View File

@@ -68,7 +68,7 @@ sudo_secureware_init(const struct sudoers_context *ctx, struct passwd *pw,
sudo_setspent();
auth->data = sudo_getepw(pw);
sudo_endspent();
debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_FATAL);
debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_ERROR);
}
int

22
plugins/sudoers/auth/securid5.c
View File

@@ -74,7 +74,7 @@ sudo_securid_init(const struct sudoers_context *ctx, struct passwd *pw,
/* Start communications */
if (AceInitialize() == SD_FALSE) {
sudo_warnx("%s", U_("failed to initialise the ACE API library"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
auth->data = (void *) &sd_dat; /* For method-specific data */
@@ -106,7 +106,7 @@ sudo_securid_setup(const struct sudoers_context *ctx, struct passwd *pw,
/* Re-initialize SecurID every time. */
if (SD_Init(sd) != ACM_OK) {
sudo_warnx("%s", U_("unable to contact the SecurID server"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
/* Lock new PIN code */
@@ -119,19 +119,19 @@ sudo_securid_setup(const struct sudoers_context *ctx, struct passwd *pw,
case ACE_UNDEFINED_USERNAME:
sudo_warnx("%s", U_("invalid username length for SecurID"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
case ACE_ERR_INVALID_HANDLE:
sudo_warnx("%s", U_("invalid Authentication Handle for SecurID"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
case ACM_ACCESS_DENIED:
sudo_warnx("%s", U_("SecurID communication failed"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
default:
sudo_warnx("%s", U_("unknown SecurID error"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
}
@@ -167,17 +167,17 @@ sudo_securid_verify(const struct sudoers_context *ctx, struct passwd *pw,
case ACE_UNDEFINED_PASSCODE:
sudo_warnx("%s", U_("invalid passcode length for SecurID"));
ret = AUTH_FATAL;
ret = AUTH_ERROR;
break;
case ACE_UNDEFINED_USERNAME:
sudo_warnx("%s", U_("invalid username length for SecurID"));
ret = AUTH_FATAL;
ret = AUTH_ERROR;
break;
case ACE_ERR_INVALID_HANDLE:
sudo_warnx("%s", U_("invalid Authentication Handle for SecurID"));
ret = AUTH_FATAL;
ret = AUTH_ERROR;
break;
case ACM_ACCESS_DENIED:
@@ -215,12 +215,12 @@ then enter the new token code.\n", \
"Your SecurID access has not yet been set up.\n");
sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"Please set up a PIN before you try to authenticate.\n");
ret = AUTH_FATAL;
ret = AUTH_ERROR;
break;
default:
sudo_warnx("%s", U_("unknown SecurID error"));
ret = AUTH_FATAL;
ret = AUTH_ERROR;
break;
}

8
plugins/sudoers/auth/sia.c
View File

@@ -59,7 +59,7 @@ sudo_sia_setup(const struct sudoers_context *ctx, struct passwd *pw,
sudo_argv = reallocarray(NULL, sudo_argc + 1, sizeof(char *));
if (sudo_argv == NULL) {
log_warningx(ctx, 0, N_("unable to allocate memory"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
sudo_argv[0] = "sudo";
for (i = 0; i < ctx->runas.argc; i++)
@@ -70,7 +70,7 @@ sudo_sia_setup(const struct sudoers_context *ctx, struct passwd *pw,
sudo_tty = ctx->user.ttypath;
if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, sudo_tty, 0, NULL) != SIASUCCESS) {
log_warning(ctx, 0, N_("unable to initialize SIA session"));
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
}
auth->data = siah;
@@ -101,7 +101,7 @@ sudo_sia_verify(const struct sudoers_context *ctx, struct passwd *pw,
if (rc == SIASUCCESS)
debug_return_int(AUTH_SUCCESS);
if (ISSET(rc, SIASTOP))
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_ERROR);
debug_return_int(AUTH_FAILURE);
}
@@ -122,7 +122,7 @@ int
sudo_sia_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
{
SIAENTITY *siah;
int status = AUTH_FATAL;
int status = AUTH_ERROR;
debug_decl(sudo_sia_begin_session, SUDOERS_DEBUG_AUTH);
/* Re-init sia for the target user's session. */

12
plugins/sudoers/auth/sudo_auth.c
View File

@@ -118,7 +118,7 @@ sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw,
status = (auth->init)(ctx, pw, auth);
if (status == AUTH_FAILURE)
SET(auth->flags, FLAG_DISABLED);
else if (status == AUTH_FATAL)
else if (status == AUTH_ERROR)
break; /* assume error msg already printed */
}
}
@@ -166,7 +166,7 @@ sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw,
}
}
debug_return_int(status == AUTH_FATAL ? -1 : 0);
debug_return_int(status == AUTH_ERROR ? -1 : 0);
}
/*
@@ -209,7 +209,7 @@ sudo_auth_cleanup(const struct sudoers_context *ctx, struct passwd *pw,
for (auth = auth_switch; auth->name; auth++) {
if (auth->cleanup && !IS_DISABLED(auth)) {
int status = (auth->cleanup)(ctx, pw, auth, force);
if (status == AUTH_FATAL) {
if (status == AUTH_ERROR) {
/* Assume error msg already printed. */
debug_return_int(-1);
}
@@ -306,7 +306,7 @@ verify_user(const struct sudoers_context *ctx, struct passwd *pw, char *prompt,
SET(auth->flags, FLAG_DISABLED);
else if (status == AUTH_NONINTERACTIVE)
goto done;
else if (status == AUTH_FATAL || user_interrupted())
else if (status == AUTH_ERROR || user_interrupted())
goto done; /* assume error msg already printed */
}
}
@@ -364,7 +364,7 @@ done:
case AUTH_NONINTERACTIVE:
SET(validated, FLAG_NO_USER_INPUT);
FALLTHROUGH;
case AUTH_FATAL:
case AUTH_ERROR:
default:
log_auth_failure(ctx, validated, 0);
ret = -1;
@@ -427,7 +427,7 @@ sudo_auth_end_session(void)
for (auth = auth_switch; auth->name; auth++) {
if (auth->end_session && !IS_DISABLED(auth)) {
status = (auth->end_session)(auth);
if (status == AUTH_FATAL) {
if (status == AUTH_ERROR) {
/* Assume error msg already printed. */
debug_return_int(-1);
}

2
plugins/sudoers/auth/sudo_auth.h
View File

@@ -22,7 +22,7 @@
/* Auth function return values. */
#define AUTH_SUCCESS 0
#define AUTH_FAILURE 1
#define AUTH_FATAL 2
#define AUTH_ERROR 2
#define AUTH_NONINTERACTIVE 3
typedef struct sudo_auth {