isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If all authentication methods fail init/setup, fail with an error.

Browse Source
This commit is contained in:
Todd C. Miller
2014-09-26 20:55:19 -06:00
parent 4105734743
commit d28c525ede
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/sudoers/auth/sudo_auth.c
View File

@@ -196,7 +196,6 @@ verify_user(struct passwd *pw, char *prompt, int validated)
(void) sigaction(SIGTSTP, &sa, &osa);
/* Make sure we have at least one auth method. */
/* XXX - check FLAG_DISABLED too */
if (auth_switch[0].name == NULL) {
audit_failure(NewArgc, NewArgv, N_("no authentication methods"));
log_warningx(SLOG_SEND_MAIL,
@@ -207,9 +206,14 @@ verify_user(struct passwd *pw, char *prompt, int validated)
}
while (--counter) {
int num_methods = 0;
/* Do any per-method setup and unconfigure the method if needed */
for (auth = auth_switch; auth->name; auth++) {
if (auth->setup && !IS_DISABLED(auth)) {
if (IS_DISABLED(auth))
continue;
num_methods++;
if (auth->setup != NULL) {
status = (auth->setup)(pw, &prompt, auth);
if (status == AUTH_FAILURE)
SET(auth->flags, FLAG_DISABLED);
@@ -217,6 +221,12 @@ verify_user(struct passwd *pw, char *prompt, int validated)
goto done; /* assume error msg already printed */
}
}
if (num_methods == 0) {
audit_failure(NewArgc, NewArgv, N_("no authentication methods"));
log_warningx(SLOG_SEND_MAIL,
N_("Unable to initialize authentication methods."));
debug_return_int(-1);
}
/* Get the password unless the auth function will do it for us */
if (standalone) {