Rename AUTH_FATAL -> AUTH_ERROR.
This commit is contained in:
Todd C. Miller
@@ -57,11 +57,11 @@ The member functions can return the following values:
|
|||||||
``setup'' routine, the auth method will be
|
``setup'' routine, the auth method will be
|
||||||
marked as !configured.
|
marked as !configured.
|
||||||
|
|
||||||
AUTH_FATAL A fatal error occurred. The routine should have
|
AUTH_ERROR A fatal error occurred. The routine should have
|
||||||
written an error message to stderr and optionally
|
written an error message to stderr and optionally
|
||||||
sent mail to the administrator.
|
sent mail to the administrator. When verify_user()
|
||||||
When verify_user() gets AUTH_FATAL from an auth
|
receives AUTH_ERROR from an auth function it stops
|
||||||
function it does an exit(1).
|
authenticating and returns an error.
|
||||||
|
|
||||||
AUTH_NONINTERACTIVE Function failed because user interaction was
|
AUTH_NONINTERACTIVE Function failed because user interaction was
|
||||||
required but sudo was run in non-interactive
|
required but sudo was run in non-interactive
|
||||||
|
|||||||
@@ -280,17 +280,17 @@ sudo_aix_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
/* password expired, user must change it */
|
/* password expired, user must change it */
|
||||||
if (!sudo_aix_change_password(ctx, pw->pw_name)) {
|
if (!sudo_aix_change_password(ctx, pw->pw_name)) {
|
||||||
sudo_warnx(U_("unable to change password for %s"), pw->pw_name);
|
sudo_warnx(U_("unable to change password for %s"), pw->pw_name);
|
||||||
ret = AUTH_FATAL;
|
ret = AUTH_ERROR;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
/* password expired, only admin can change it */
|
/* password expired, only admin can change it */
|
||||||
ret = AUTH_FATAL;
|
ret = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
/* error (-1) */
|
/* error (-1) */
|
||||||
sudo_warn("passwdexpired");
|
sudo_warn("passwdexpired");
|
||||||
ret = AUTH_FATAL;
|
ret = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -103,7 +103,7 @@ bsdauth_init(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
bad:
|
bad:
|
||||||
auth_close(state.as);
|
auth_close(state.as);
|
||||||
login_close(state.lc);
|
login_close(state.lc);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@@ -152,7 +152,7 @@ bsdauth_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
len--;
|
len--;
|
||||||
if (asprintf(&s, "%.*s [echo on]: ", (int)len, prompt) == -1) {
|
if (asprintf(&s, "%.*s [echo on]: ", (int)len, prompt) == -1) {
|
||||||
log_warningx(ctx, 0, N_("unable to allocate memory"));
|
log_warningx(ctx, 0, N_("unable to allocate memory"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
free(pass);
|
free(pass);
|
||||||
pass = auth_getpass(s, SUDO_CONV_PROMPT_ECHO_ON, callback);
|
pass = auth_getpass(s, SUDO_CONV_PROMPT_ECHO_ON, callback);
|
||||||
|
|||||||
@@ -60,22 +60,22 @@ sudo_fwtk_init(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
|
|
||||||
if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
|
if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
|
||||||
sudo_warnx("%s", U_("unable to read fwtk config"));
|
sudo_warnx("%s", U_("unable to read fwtk config"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (auth_open(confp)) {
|
if (auth_open(confp)) {
|
||||||
sudo_warnx("%s", U_("unable to connect to authentication server"));
|
sudo_warnx("%s", U_("unable to connect to authentication server"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get welcome message from auth server */
|
/* Get welcome message from auth server */
|
||||||
if (auth_recv(resp, sizeof(resp))) {
|
if (auth_recv(resp, sizeof(resp))) {
|
||||||
sudo_warnx("%s", U_("lost connection to authentication server"));
|
sudo_warnx("%s", U_("lost connection to authentication server"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
if (strncmp(resp, "Authsrv ready", 13) != 0) {
|
if (strncmp(resp, "Authsrv ready", 13) != 0) {
|
||||||
sudo_warnx(U_("authentication server error:\n%s"), resp);
|
sudo_warnx(U_("authentication server error:\n%s"), resp);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
auth->data = (void *) confp;
|
auth->data = (void *) confp;
|
||||||
|
|
||||||
@@ -97,7 +97,7 @@ sudo_fwtk_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
restart:
|
restart:
|
||||||
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
|
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
|
||||||
sudo_warnx("%s", U_("lost connection to authentication server"));
|
sudo_warnx("%s", U_("lost connection to authentication server"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get the password/response from the user. */
|
/* Get the password/response from the user. */
|
||||||
@@ -119,7 +119,7 @@ restart:
|
|||||||
goto restart;
|
goto restart;
|
||||||
} else {
|
} else {
|
||||||
sudo_warnx("%s", resp);
|
sudo_warnx("%s", resp);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
if (pass == NULL) { /* ^C or error */
|
if (pass == NULL) { /* ^C or error */
|
||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_FAILURE);
|
||||||
@@ -129,7 +129,7 @@ restart:
|
|||||||
(void) snprintf(buf, sizeof(buf), "response '%s'", pass);
|
(void) snprintf(buf, sizeof(buf), "response '%s'", pass);
|
||||||
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
|
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
|
||||||
sudo_warnx("%s", U_("lost connection to authentication server"));
|
sudo_warnx("%s", U_("lost connection to authentication server"));
|
||||||
error = AUTH_FATAL;
|
error = AUTH_ERROR;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ sudo_krb5_setup(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
if (asprintf(&krb5_prompt, "Password for %s: ", pname) == -1) {
|
if (asprintf(&krb5_prompt, "Password for %s: ", pname) == -1) {
|
||||||
log_warningx(ctx, 0, N_("unable to allocate memory"));
|
log_warningx(ctx, 0, N_("unable to allocate memory"));
|
||||||
free(pname);
|
free(pname);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
free(pname);
|
free(pname);
|
||||||
}
|
}
|
||||||
@@ -148,7 +148,7 @@ sudo_krb5_init(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
sudo_krb5_instance[0] != '/' ? "/" : "", sudo_krb5_instance);
|
sudo_krb5_instance[0] != '/' ? "/" : "", sudo_krb5_instance);
|
||||||
if (len == -1) {
|
if (len == -1) {
|
||||||
log_warningx(ctx, 0, N_("unable to allocate memory"));
|
log_warningx(ctx, 0, N_("unable to allocate memory"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -231,7 +231,7 @@ sudo_pam_init2(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
&pam_conv, &pamh, errstr);
|
&pam_conv, &pamh, errstr);
|
||||||
if (!quiet)
|
if (!quiet)
|
||||||
log_warningx(ctx, 0, N_("unable to initialize PAM: %s"), errstr);
|
log_warningx(ctx, 0, N_("unable to initialize PAM: %s"), errstr);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Initialize conversation function message filter. */
|
/* Initialize conversation function message filter. */
|
||||||
@@ -347,7 +347,7 @@ sudo_pam_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
default:
|
default:
|
||||||
s = sudo_pam_strerror(pamh, *pam_status);
|
s = sudo_pam_strerror(pamh, *pam_status);
|
||||||
log_warningx(ctx, 0, N_("PAM authentication error: %s"), s);
|
log_warningx(ctx, 0, N_("PAM authentication error: %s"), s);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -368,7 +368,7 @@ sudo_pam_approval(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
case PAM_AUTH_ERR:
|
case PAM_AUTH_ERR:
|
||||||
log_warningx(ctx, 0, N_("account validation failure, "
|
log_warningx(ctx, 0, N_("account validation failure, "
|
||||||
"is your account locked?"));
|
"is your account locked?"));
|
||||||
status = AUTH_FATAL;
|
status = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
case PAM_NEW_AUTHTOK_REQD:
|
case PAM_NEW_AUTHTOK_REQD:
|
||||||
/* Ignore if user is exempt from password restrictions. */
|
/* Ignore if user is exempt from password restrictions. */
|
||||||
@@ -396,13 +396,13 @@ sudo_pam_approval(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
/* Password expired, cannot be updated by user. */
|
/* Password expired, cannot be updated by user. */
|
||||||
log_warningx(ctx, 0,
|
log_warningx(ctx, 0,
|
||||||
N_("Password expired, contact your system administrator"));
|
N_("Password expired, contact your system administrator"));
|
||||||
status = AUTH_FATAL;
|
status = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
case PAM_ACCT_EXPIRED:
|
case PAM_ACCT_EXPIRED:
|
||||||
log_warningx(ctx, 0,
|
log_warningx(ctx, 0,
|
||||||
N_("Account expired or PAM config lacks an \"account\" "
|
N_("Account expired or PAM config lacks an \"account\" "
|
||||||
"section for sudo, contact your system administrator"));
|
"section for sudo, contact your system administrator"));
|
||||||
status = AUTH_FATAL;
|
status = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
case PAM_AUTHINFO_UNAVAIL:
|
case PAM_AUTHINFO_UNAVAIL:
|
||||||
case PAM_MAXTRIES:
|
case PAM_MAXTRIES:
|
||||||
@@ -414,7 +414,7 @@ sudo_pam_approval(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
default:
|
default:
|
||||||
s = sudo_pam_strerror(pamh, rc);
|
s = sudo_pam_strerror(pamh, rc);
|
||||||
log_warningx(ctx, 0, N_("PAM account management error: %s"), s);
|
log_warningx(ctx, 0, N_("PAM account management error: %s"), s);
|
||||||
status = AUTH_FATAL;
|
status = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
*pam_status = rc;
|
*pam_status = rc;
|
||||||
@@ -523,7 +523,7 @@ sudo_pam_begin_session(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
"pam_end: %s", errstr);
|
"pam_end: %s", errstr);
|
||||||
}
|
}
|
||||||
pamh = NULL;
|
pamh = NULL;
|
||||||
status = AUTH_FATAL;
|
status = AUTH_ERROR;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -539,7 +539,7 @@ sudo_pam_begin_session(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
if (pam_envp != NULL) {
|
if (pam_envp != NULL) {
|
||||||
/* Merge pam env with user env. */
|
/* Merge pam env with user env. */
|
||||||
if (!env_init(*user_envp) || !env_merge(ctx, pam_envp))
|
if (!env_init(*user_envp) || !env_merge(ctx, pam_envp))
|
||||||
status = AUTH_FATAL;
|
status = AUTH_ERROR;
|
||||||
*user_envp = env_get();
|
*user_envp = env_get();
|
||||||
free(pam_envp);
|
free(pam_envp);
|
||||||
/* XXX - we leak any duplicates that were in pam_envp */
|
/* XXX - we leak any duplicates that were in pam_envp */
|
||||||
@@ -580,7 +580,7 @@ sudo_pam_end_session(sudo_auth *auth)
|
|||||||
errstr = sudo_pam_strerror(pamh, rc);
|
errstr = sudo_pam_strerror(pamh, rc);
|
||||||
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
|
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
|
||||||
"pam_end: %s", errstr);
|
"pam_end: %s", errstr);
|
||||||
status = AUTH_FATAL;
|
status = AUTH_ERROR;
|
||||||
}
|
}
|
||||||
pamh = NULL;
|
pamh = NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ sudo_passwd_init(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
sudo_setspent();
|
sudo_setspent();
|
||||||
auth->data = sudo_getepw(pw);
|
auth->data = sudo_getepw(pw);
|
||||||
sudo_endspent();
|
sudo_endspent();
|
||||||
debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_FATAL);
|
debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_CRYPT
|
#ifdef HAVE_CRYPT
|
||||||
|
|||||||
@@ -98,7 +98,7 @@ sudo_rfc1938_setup(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) {
|
if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) {
|
||||||
if (IS_ONEANDONLY(auth)) {
|
if (IS_ONEANDONLY(auth)) {
|
||||||
sudo_warnx(U_("you do not exist in the %s database"), auth->name);
|
sudo_warnx(U_("you do not exist in the %s database"), auth->name);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
} else {
|
} else {
|
||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_FAILURE);
|
||||||
}
|
}
|
||||||
@@ -110,7 +110,7 @@ sudo_rfc1938_setup(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
char *p = realloc(new_prompt, op_len + challenge_len + 7);
|
char *p = realloc(new_prompt, op_len + challenge_len + 7);
|
||||||
if (p == NULL) {
|
if (p == NULL) {
|
||||||
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
np_size = op_len + challenge_len + 7;
|
np_size = op_len + challenge_len + 7;
|
||||||
new_prompt = p;
|
new_prompt = p;
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ sudo_secureware_init(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
sudo_setspent();
|
sudo_setspent();
|
||||||
auth->data = sudo_getepw(pw);
|
auth->data = sudo_getepw(pw);
|
||||||
sudo_endspent();
|
sudo_endspent();
|
||||||
debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_FATAL);
|
debug_return_int(auth->data ? AUTH_SUCCESS : AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|||||||
@@ -74,7 +74,7 @@ sudo_securid_init(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
/* Start communications */
|
/* Start communications */
|
||||||
if (AceInitialize() == SD_FALSE) {
|
if (AceInitialize() == SD_FALSE) {
|
||||||
sudo_warnx("%s", U_("failed to initialise the ACE API library"));
|
sudo_warnx("%s", U_("failed to initialise the ACE API library"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
auth->data = (void *) &sd_dat; /* For method-specific data */
|
auth->data = (void *) &sd_dat; /* For method-specific data */
|
||||||
@@ -106,7 +106,7 @@ sudo_securid_setup(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
/* Re-initialize SecurID every time. */
|
/* Re-initialize SecurID every time. */
|
||||||
if (SD_Init(sd) != ACM_OK) {
|
if (SD_Init(sd) != ACM_OK) {
|
||||||
sudo_warnx("%s", U_("unable to contact the SecurID server"));
|
sudo_warnx("%s", U_("unable to contact the SecurID server"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Lock new PIN code */
|
/* Lock new PIN code */
|
||||||
@@ -119,19 +119,19 @@ sudo_securid_setup(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
|
|
||||||
case ACE_UNDEFINED_USERNAME:
|
case ACE_UNDEFINED_USERNAME:
|
||||||
sudo_warnx("%s", U_("invalid username length for SecurID"));
|
sudo_warnx("%s", U_("invalid username length for SecurID"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
|
|
||||||
case ACE_ERR_INVALID_HANDLE:
|
case ACE_ERR_INVALID_HANDLE:
|
||||||
sudo_warnx("%s", U_("invalid Authentication Handle for SecurID"));
|
sudo_warnx("%s", U_("invalid Authentication Handle for SecurID"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
|
|
||||||
case ACM_ACCESS_DENIED:
|
case ACM_ACCESS_DENIED:
|
||||||
sudo_warnx("%s", U_("SecurID communication failed"));
|
sudo_warnx("%s", U_("SecurID communication failed"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
|
|
||||||
default:
|
default:
|
||||||
sudo_warnx("%s", U_("unknown SecurID error"));
|
sudo_warnx("%s", U_("unknown SecurID error"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -167,17 +167,17 @@ sudo_securid_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
|
|
||||||
case ACE_UNDEFINED_PASSCODE:
|
case ACE_UNDEFINED_PASSCODE:
|
||||||
sudo_warnx("%s", U_("invalid passcode length for SecurID"));
|
sudo_warnx("%s", U_("invalid passcode length for SecurID"));
|
||||||
ret = AUTH_FATAL;
|
ret = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ACE_UNDEFINED_USERNAME:
|
case ACE_UNDEFINED_USERNAME:
|
||||||
sudo_warnx("%s", U_("invalid username length for SecurID"));
|
sudo_warnx("%s", U_("invalid username length for SecurID"));
|
||||||
ret = AUTH_FATAL;
|
ret = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ACE_ERR_INVALID_HANDLE:
|
case ACE_ERR_INVALID_HANDLE:
|
||||||
sudo_warnx("%s", U_("invalid Authentication Handle for SecurID"));
|
sudo_warnx("%s", U_("invalid Authentication Handle for SecurID"));
|
||||||
ret = AUTH_FATAL;
|
ret = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ACM_ACCESS_DENIED:
|
case ACM_ACCESS_DENIED:
|
||||||
@@ -215,12 +215,12 @@ then enter the new token code.\n", \
|
|||||||
"Your SecurID access has not yet been set up.\n");
|
"Your SecurID access has not yet been set up.\n");
|
||||||
sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
|
sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
|
||||||
"Please set up a PIN before you try to authenticate.\n");
|
"Please set up a PIN before you try to authenticate.\n");
|
||||||
ret = AUTH_FATAL;
|
ret = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
sudo_warnx("%s", U_("unknown SecurID error"));
|
sudo_warnx("%s", U_("unknown SecurID error"));
|
||||||
ret = AUTH_FATAL;
|
ret = AUTH_ERROR;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ sudo_sia_setup(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
sudo_argv = reallocarray(NULL, sudo_argc + 1, sizeof(char *));
|
sudo_argv = reallocarray(NULL, sudo_argc + 1, sizeof(char *));
|
||||||
if (sudo_argv == NULL) {
|
if (sudo_argv == NULL) {
|
||||||
log_warningx(ctx, 0, N_("unable to allocate memory"));
|
log_warningx(ctx, 0, N_("unable to allocate memory"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
sudo_argv[0] = "sudo";
|
sudo_argv[0] = "sudo";
|
||||||
for (i = 0; i < ctx->runas.argc; i++)
|
for (i = 0; i < ctx->runas.argc; i++)
|
||||||
@@ -70,7 +70,7 @@ sudo_sia_setup(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
sudo_tty = ctx->user.ttypath;
|
sudo_tty = ctx->user.ttypath;
|
||||||
if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, sudo_tty, 0, NULL) != SIASUCCESS) {
|
if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, sudo_tty, 0, NULL) != SIASUCCESS) {
|
||||||
log_warning(ctx, 0, N_("unable to initialize SIA session"));
|
log_warning(ctx, 0, N_("unable to initialize SIA session"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
auth->data = siah;
|
auth->data = siah;
|
||||||
@@ -101,7 +101,7 @@ sudo_sia_verify(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
if (rc == SIASUCCESS)
|
if (rc == SIASUCCESS)
|
||||||
debug_return_int(AUTH_SUCCESS);
|
debug_return_int(AUTH_SUCCESS);
|
||||||
if (ISSET(rc, SIASTOP))
|
if (ISSET(rc, SIASTOP))
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_ERROR);
|
||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -122,7 +122,7 @@ int
|
|||||||
sudo_sia_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
|
sudo_sia_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
|
||||||
{
|
{
|
||||||
SIAENTITY *siah;
|
SIAENTITY *siah;
|
||||||
int status = AUTH_FATAL;
|
int status = AUTH_ERROR;
|
||||||
debug_decl(sudo_sia_begin_session, SUDOERS_DEBUG_AUTH);
|
debug_decl(sudo_sia_begin_session, SUDOERS_DEBUG_AUTH);
|
||||||
|
|
||||||
/* Re-init sia for the target user's session. */
|
/* Re-init sia for the target user's session. */
|
||||||
|
|||||||
@@ -118,7 +118,7 @@ sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
status = (auth->init)(ctx, pw, auth);
|
status = (auth->init)(ctx, pw, auth);
|
||||||
if (status == AUTH_FAILURE)
|
if (status == AUTH_FAILURE)
|
||||||
SET(auth->flags, FLAG_DISABLED);
|
SET(auth->flags, FLAG_DISABLED);
|
||||||
else if (status == AUTH_FATAL)
|
else if (status == AUTH_ERROR)
|
||||||
break; /* assume error msg already printed */
|
break; /* assume error msg already printed */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -166,7 +166,7 @@ sudo_auth_init(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
debug_return_int(status == AUTH_FATAL ? -1 : 0);
|
debug_return_int(status == AUTH_ERROR ? -1 : 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -209,7 +209,7 @@ sudo_auth_cleanup(const struct sudoers_context *ctx, struct passwd *pw,
|
|||||||
for (auth = auth_switch; auth->name; auth++) {
|
for (auth = auth_switch; auth->name; auth++) {
|
||||||
if (auth->cleanup && !IS_DISABLED(auth)) {
|
if (auth->cleanup && !IS_DISABLED(auth)) {
|
||||||
int status = (auth->cleanup)(ctx, pw, auth, force);
|
int status = (auth->cleanup)(ctx, pw, auth, force);
|
||||||
if (status == AUTH_FATAL) {
|
if (status == AUTH_ERROR) {
|
||||||
/* Assume error msg already printed. */
|
/* Assume error msg already printed. */
|
||||||
debug_return_int(-1);
|
debug_return_int(-1);
|
||||||
}
|
}
|
||||||
@@ -306,7 +306,7 @@ verify_user(const struct sudoers_context *ctx, struct passwd *pw, char *prompt,
|
|||||||
SET(auth->flags, FLAG_DISABLED);
|
SET(auth->flags, FLAG_DISABLED);
|
||||||
else if (status == AUTH_NONINTERACTIVE)
|
else if (status == AUTH_NONINTERACTIVE)
|
||||||
goto done;
|
goto done;
|
||||||
else if (status == AUTH_FATAL || user_interrupted())
|
else if (status == AUTH_ERROR || user_interrupted())
|
||||||
goto done; /* assume error msg already printed */
|
goto done; /* assume error msg already printed */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -364,7 +364,7 @@ done:
|
|||||||
case AUTH_NONINTERACTIVE:
|
case AUTH_NONINTERACTIVE:
|
||||||
SET(validated, FLAG_NO_USER_INPUT);
|
SET(validated, FLAG_NO_USER_INPUT);
|
||||||
FALLTHROUGH;
|
FALLTHROUGH;
|
||||||
case AUTH_FATAL:
|
case AUTH_ERROR:
|
||||||
default:
|
default:
|
||||||
log_auth_failure(ctx, validated, 0);
|
log_auth_failure(ctx, validated, 0);
|
||||||
ret = -1;
|
ret = -1;
|
||||||
@@ -427,7 +427,7 @@ sudo_auth_end_session(void)
|
|||||||
for (auth = auth_switch; auth->name; auth++) {
|
for (auth = auth_switch; auth->name; auth++) {
|
||||||
if (auth->end_session && !IS_DISABLED(auth)) {
|
if (auth->end_session && !IS_DISABLED(auth)) {
|
||||||
status = (auth->end_session)(auth);
|
status = (auth->end_session)(auth);
|
||||||
if (status == AUTH_FATAL) {
|
if (status == AUTH_ERROR) {
|
||||||
/* Assume error msg already printed. */
|
/* Assume error msg already printed. */
|
||||||
debug_return_int(-1);
|
debug_return_int(-1);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -22,7 +22,7 @@
|
|||||||
/* Auth function return values. */
|
/* Auth function return values. */
|
||||||
#define AUTH_SUCCESS 0
|
#define AUTH_SUCCESS 0
|
||||||
#define AUTH_FAILURE 1
|
#define AUTH_FAILURE 1
|
||||||
#define AUTH_FATAL 2
|
#define AUTH_ERROR 2
|
||||||
#define AUTH_NONINTERACTIVE 3
|
#define AUTH_NONINTERACTIVE 3
|
||||||
|
|
||||||
typedef struct sudo_auth {
|
typedef struct sudo_auth {
|
||||||
|
|||||||
Reference in New Issue
Block a user