isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make login_style private to bsdauth.c

Browse Source 
Add a setter for policy.c to handle auth_type from the front-end.
This commit is contained in:
Todd C. Miller
2023-05-04 13:06:09 -06:00
parent cda03ed13f
commit d5de5890f5
5 changed files with 41 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
plugins/sudoers/auth/bsdauth.c
View File

@@ -54,6 +54,8 @@ struct bsdauth_state {
login_cap_t *lc;
};
static char *login_style; /* user may set style via -a option */
int
bsdauth_init(struct passwd *pw, sudo_auth *auth)
{
@@ -65,42 +67,42 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
debug_return_int(AUTH_SUCCESS);
/* Get login class based on auth user, which may not be invoking user. */
if (pw->pw_class && *pw->pw_class)
if (pw->pw_class && *pw->pw_class) {
state.lc = login_getclass(pw->pw_class);
else
state.lc = login_getclass(pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS);
} else {
state.lc = login_getclass(
pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS);
}
if (state.lc == NULL) {
log_warning(0,
N_("unable to get login class for user %s"), pw->pw_name);
debug_return_int(AUTH_FATAL);
log_warning(0, N_("unable to get login class for user %s"),
pw->pw_name);
goto bad;
}
if ((state.as = auth_open()) == NULL) {
log_warning(0, N_("unable to begin bsd authentication"));
login_close(state.lc);
debug_return_int(AUTH_FATAL);
}
/* XXX - maybe check the auth style earlier? */
login_style = login_getstyle(state.lc, login_style, (char *)"auth-sudo");
if (login_style == NULL) {
log_warningx(0, N_("invalid authentication type"));
auth_close(state.as);
login_close(state.lc);
debug_return_int(AUTH_FATAL);
goto bad;
}
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
if ((state.as = auth_open()) == NULL) {
log_warning(0, N_("unable to begin BSD authentication"));
goto bad;
}
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 ||
auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) {
log_warningx(0, N_("unable to initialize BSD authentication"));
auth_close(state.as);
login_close(state.lc);
debug_return_int(AUTH_FATAL);
goto bad;
}
auth->data = (void *) &state;
debug_return_int(AUTH_SUCCESS);
bad:
auth_close(state.as);
login_close(state.lc);
debug_return_int(AUTH_FATAL);
}
int
@@ -209,4 +211,10 @@ bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
debug_return_int(AUTH_SUCCESS);
}
void
bsdauth_set_style(const char *style)
{
login_style = (char *)style;
}
#endif /* HAVE_BSD_AUTH_H */