Make login_style private to bsdauth.c
Add a setter for policy.c to handle auth_type from the front-end.
This commit is contained in:
Todd C. Miller
@@ -54,6 +54,8 @@ struct bsdauth_state {
|
|||||||
login_cap_t *lc;
|
login_cap_t *lc;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static char *login_style; /* user may set style via -a option */
|
||||||
|
|
||||||
int
|
int
|
||||||
bsdauth_init(struct passwd *pw, sudo_auth *auth)
|
bsdauth_init(struct passwd *pw, sudo_auth *auth)
|
||||||
{
|
{
|
||||||
@@ -65,42 +67,42 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
|
|||||||
debug_return_int(AUTH_SUCCESS);
|
debug_return_int(AUTH_SUCCESS);
|
||||||
|
|
||||||
/* Get login class based on auth user, which may not be invoking user. */
|
/* Get login class based on auth user, which may not be invoking user. */
|
||||||
if (pw->pw_class && *pw->pw_class)
|
if (pw->pw_class && *pw->pw_class) {
|
||||||
state.lc = login_getclass(pw->pw_class);
|
state.lc = login_getclass(pw->pw_class);
|
||||||
else
|
} else {
|
||||||
state.lc = login_getclass(pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS);
|
state.lc = login_getclass(
|
||||||
|
pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS);
|
||||||
|
}
|
||||||
if (state.lc == NULL) {
|
if (state.lc == NULL) {
|
||||||
log_warning(0,
|
log_warning(0, N_("unable to get login class for user %s"),
|
||||||
N_("unable to get login class for user %s"), pw->pw_name);
|
pw->pw_name);
|
||||||
debug_return_int(AUTH_FATAL);
|
goto bad;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((state.as = auth_open()) == NULL) {
|
|
||||||
log_warning(0, N_("unable to begin bsd authentication"));
|
|
||||||
login_close(state.lc);
|
|
||||||
debug_return_int(AUTH_FATAL);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* XXX - maybe check the auth style earlier? */
|
|
||||||
login_style = login_getstyle(state.lc, login_style, (char *)"auth-sudo");
|
login_style = login_getstyle(state.lc, login_style, (char *)"auth-sudo");
|
||||||
if (login_style == NULL) {
|
if (login_style == NULL) {
|
||||||
log_warningx(0, N_("invalid authentication type"));
|
log_warningx(0, N_("invalid authentication type"));
|
||||||
auth_close(state.as);
|
goto bad;
|
||||||
login_close(state.lc);
|
|
||||||
debug_return_int(AUTH_FATAL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
|
if ((state.as = auth_open()) == NULL) {
|
||||||
|
log_warning(0, N_("unable to begin BSD authentication"));
|
||||||
|
goto bad;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
|
||||||
auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 ||
|
auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 ||
|
||||||
auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) {
|
auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) {
|
||||||
log_warningx(0, N_("unable to initialize BSD authentication"));
|
log_warningx(0, N_("unable to initialize BSD authentication"));
|
||||||
auth_close(state.as);
|
goto bad;
|
||||||
login_close(state.lc);
|
|
||||||
debug_return_int(AUTH_FATAL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
auth->data = (void *) &state;
|
auth->data = (void *) &state;
|
||||||
debug_return_int(AUTH_SUCCESS);
|
debug_return_int(AUTH_SUCCESS);
|
||||||
|
bad:
|
||||||
|
auth_close(state.as);
|
||||||
|
login_close(state.lc);
|
||||||
|
debug_return_int(AUTH_FATAL);
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@@ -209,4 +211,10 @@ bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
|
|||||||
debug_return_int(AUTH_SUCCESS);
|
debug_return_int(AUTH_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
bsdauth_set_style(const char *style)
|
||||||
|
{
|
||||||
|
login_style = (char *)style;
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* HAVE_BSD_AUTH_H */
|
#endif /* HAVE_BSD_AUTH_H */
|
||||||
|
|||||||
@@ -63,6 +63,7 @@ int bsdauth_init(struct passwd *pw, sudo_auth *auth);
|
|||||||
int bsdauth_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
int bsdauth_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||||
int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
|
int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
|
||||||
int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||||
|
void bsdauth_set_style(const char *style);
|
||||||
int sudo_aix_init(struct passwd *pw, sudo_auth *auth);
|
int sudo_aix_init(struct passwd *pw, sudo_auth *auth);
|
||||||
int sudo_aix_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
int sudo_aix_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
|
||||||
int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
|
||||||
|
|||||||
@@ -37,6 +37,7 @@
|
|||||||
#include "sudoers.h"
|
#include "sudoers.h"
|
||||||
#include "sudoers_version.h"
|
#include "sudoers_version.h"
|
||||||
#include "interfaces.h"
|
#include "interfaces.h"
|
||||||
|
#include "auth/sudo_auth.h"
|
||||||
|
|
||||||
static char **command_info;
|
static char **command_info;
|
||||||
|
|
||||||
@@ -62,10 +63,6 @@ int sudoedit_nfiles;
|
|||||||
|
|
||||||
extern sudo_dso_public struct policy_plugin sudoers_policy;
|
extern sudo_dso_public struct policy_plugin sudoers_policy;
|
||||||
|
|
||||||
#ifdef HAVE_BSD_AUTH_H
|
|
||||||
char *login_style;
|
|
||||||
#endif /* HAVE_BSD_AUTH_H */
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
parse_bool(const char *line, int varlen, int *flags, int fval)
|
parse_bool(const char *line, int varlen, int *flags, int fval)
|
||||||
{
|
{
|
||||||
@@ -349,7 +346,8 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
|
|||||||
#ifdef HAVE_BSD_AUTH_H
|
#ifdef HAVE_BSD_AUTH_H
|
||||||
if (MATCHES(*cur, "bsdauth_type=")) {
|
if (MATCHES(*cur, "bsdauth_type=")) {
|
||||||
CHECK(*cur, "bsdauth_type=");
|
CHECK(*cur, "bsdauth_type=");
|
||||||
login_style = *cur + sizeof("bsdauth_type=") - 1;
|
p = *cur + sizeof("bsdauth_type=") - 1;
|
||||||
|
bsdauth_set_style(p);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
#endif /* HAVE_BSD_AUTH_H */
|
#endif /* HAVE_BSD_AUTH_H */
|
||||||
|
|||||||
@@ -42,6 +42,7 @@
|
|||||||
#include "sudo_iolog.h"
|
#include "sudo_iolog.h"
|
||||||
#include "interfaces.h"
|
#include "interfaces.h"
|
||||||
#include "check.h"
|
#include "check.h"
|
||||||
|
#include "auth/sudo_auth.h"
|
||||||
|
|
||||||
extern char **environ;
|
extern char **environ;
|
||||||
extern sudo_dso_public struct policy_plugin sudoers_policy;
|
extern sudo_dso_public struct policy_plugin sudoers_policy;
|
||||||
@@ -889,3 +890,11 @@ cb_group_plugin(const char *file, int line, int column,
|
|||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* STUB */
|
||||||
|
void
|
||||||
|
bsdauth_set_style(const char *style)
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -324,7 +324,6 @@ int pam_prep_user(struct passwd *);
|
|||||||
|
|
||||||
/* gram.y */
|
/* gram.y */
|
||||||
int sudoersparse(void);
|
int sudoersparse(void);
|
||||||
extern char *login_style;
|
|
||||||
extern bool parse_error;
|
extern bool parse_error;
|
||||||
extern bool sudoers_recovery;
|
extern bool sudoers_recovery;
|
||||||
extern bool sudoers_strict;
|
extern bool sudoers_strict;
|
||||||
|
|||||||
Reference in New Issue
Block a user