Make login_style private to bsdauth.c
Add a setter for policy.c to handle auth_type from the front-end.
This commit is contained in:
Todd C. Miller
@@ -54,6 +54,8 @@ struct bsdauth_state {
|
||||
login_cap_t *lc;
|
||||
};
|
||||
|
||||
static char *login_style; /* user may set style via -a option */
|
||||
|
||||
int
|
||||
bsdauth_init(struct passwd *pw, sudo_auth *auth)
|
||||
{
|
||||
@@ -65,42 +67,42 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
|
||||
/* Get login class based on auth user, which may not be invoking user. */
|
||||
if (pw->pw_class && *pw->pw_class)
|
||||
if (pw->pw_class && *pw->pw_class) {
|
||||
state.lc = login_getclass(pw->pw_class);
|
||||
else
|
||||
state.lc = login_getclass(pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS);
|
||||
} else {
|
||||
state.lc = login_getclass(
|
||||
pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS);
|
||||
}
|
||||
if (state.lc == NULL) {
|
||||
log_warning(0,
|
||||
N_("unable to get login class for user %s"), pw->pw_name);
|
||||
debug_return_int(AUTH_FATAL);
|
||||
log_warning(0, N_("unable to get login class for user %s"),
|
||||
pw->pw_name);
|
||||
goto bad;
|
||||
}
|
||||
|
||||
if ((state.as = auth_open()) == NULL) {
|
||||
log_warning(0, N_("unable to begin bsd authentication"));
|
||||
login_close(state.lc);
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
|
||||
/* XXX - maybe check the auth style earlier? */
|
||||
login_style = login_getstyle(state.lc, login_style, (char *)"auth-sudo");
|
||||
if (login_style == NULL) {
|
||||
log_warningx(0, N_("invalid authentication type"));
|
||||
auth_close(state.as);
|
||||
login_close(state.lc);
|
||||
debug_return_int(AUTH_FATAL);
|
||||
goto bad;
|
||||
}
|
||||
|
||||
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
|
||||
if ((state.as = auth_open()) == NULL) {
|
||||
log_warning(0, N_("unable to begin BSD authentication"));
|
||||
goto bad;
|
||||
}
|
||||
|
||||
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
|
||||
auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 ||
|
||||
auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) {
|
||||
log_warningx(0, N_("unable to initialize BSD authentication"));
|
||||
auth_close(state.as);
|
||||
login_close(state.lc);
|
||||
debug_return_int(AUTH_FATAL);
|
||||
goto bad;
|
||||
}
|
||||
|
||||
auth->data = (void *) &state;
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
bad:
|
||||
auth_close(state.as);
|
||||
login_close(state.lc);
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
|
||||
int
|
||||
@@ -209,4 +211,10 @@ bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
}
|
||||
|
||||
void
|
||||
bsdauth_set_style(const char *style)
|
||||
{
|
||||
login_style = (char *)style;
|
||||
}
|
||||
|
||||
#endif /* HAVE_BSD_AUTH_H */
|
||||
|
||||
@@ -63,6 +63,7 @@ int bsdauth_init(struct passwd *pw, sudo_auth *auth);
|
||||
int bsdauth_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
|
||||
int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
void bsdauth_set_style(const char *style);
|
||||
int sudo_aix_init(struct passwd *pw, sudo_auth *auth);
|
||||
int sudo_aix_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||
int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||
|
||||
@@ -37,6 +37,7 @@
|
||||
#include "sudoers.h"
|
||||
#include "sudoers_version.h"
|
||||
#include "interfaces.h"
|
||||
#include "auth/sudo_auth.h"
|
||||
|
||||
static char **command_info;
|
||||
|
||||
@@ -62,10 +63,6 @@ int sudoedit_nfiles;
|
||||
|
||||
extern sudo_dso_public struct policy_plugin sudoers_policy;
|
||||
|
||||
#ifdef HAVE_BSD_AUTH_H
|
||||
char *login_style;
|
||||
#endif /* HAVE_BSD_AUTH_H */
|
||||
|
||||
static int
|
||||
parse_bool(const char *line, int varlen, int *flags, int fval)
|
||||
{
|
||||
@@ -349,7 +346,8 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
|
||||
#ifdef HAVE_BSD_AUTH_H
|
||||
if (MATCHES(*cur, "bsdauth_type=")) {
|
||||
CHECK(*cur, "bsdauth_type=");
|
||||
login_style = *cur + sizeof("bsdauth_type=") - 1;
|
||||
p = *cur + sizeof("bsdauth_type=") - 1;
|
||||
bsdauth_set_style(p);
|
||||
continue;
|
||||
}
|
||||
#endif /* HAVE_BSD_AUTH_H */
|
||||
|
||||
@@ -42,6 +42,7 @@
|
||||
#include "sudo_iolog.h"
|
||||
#include "interfaces.h"
|
||||
#include "check.h"
|
||||
#include "auth/sudo_auth.h"
|
||||
|
||||
extern char **environ;
|
||||
extern sudo_dso_public struct policy_plugin sudoers_policy;
|
||||
@@ -889,3 +890,11 @@ cb_group_plugin(const char *file, int line, int column,
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/* STUB */
|
||||
void
|
||||
bsdauth_set_style(const char *style)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -324,7 +324,6 @@ int pam_prep_user(struct passwd *);
|
||||
|
||||
/* gram.y */
|
||||
int sudoersparse(void);
|
||||
extern char *login_style;
|
||||
extern bool parse_error;
|
||||
extern bool sudoers_recovery;
|
||||
extern bool sudoers_strict;
|
||||
|
||||
Reference in New Issue
Block a user