isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

audit_failure() now calls gettext itself using the sudoers locale.

Browse Source
This commit is contained in:
Todd C. Miller
2012-11-08 15:37:43 -05:00
parent 3f82a3407e
commit f454a852cb
4 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/audit.c
View File

@@ -65,12 +65,16 @@ void
audit_failure(char *exec_args[], char const *const fmt, ...) audit_failure(char *exec_args[], char const *const fmt, ...)
{ {
va_list ap; va_list ap;
int oldlocale;
debug_decl(audit_success, SUDO_DEBUG_AUDIT) debug_decl(audit_success, SUDO_DEBUG_AUDIT)
/* Audit error messages should be in the sudoers locale. */
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
if (exec_args != NULL) { if (exec_args != NULL) {
va_start(ap, fmt); va_start(ap, fmt);
#ifdef HAVE_BSM_AUDIT #ifdef HAVE_BSM_AUDIT
bsm_audit_failure(exec_args, fmt, ap); bsm_audit_failure(exec_args, _(fmt), ap);
#endif #endif
#ifdef HAVE_LINUX_AUDIT #ifdef HAVE_LINUX_AUDIT
linux_audit_command(exec_args, 0); linux_audit_command(exec_args, 0);
@@ -78,5 +82,7 @@ audit_failure(char *exec_args[], char const *const fmt, ...)
va_end(ap); va_end(ap);
} }
sudoers_setlocale(oldlocale, NULL);
debug_return; debug_return;
} }

4
plugins/sudoers/auth/sudo_auth.c
View File

@@ -117,7 +117,7 @@ sudo_auth_init(struct passwd *pw)
/* Make sure we haven't mixed standalone and shared auth methods. */ /* Make sure we haven't mixed standalone and shared auth methods. */
standalone = IS_STANDALONE(&auth_switch[0]); standalone = IS_STANDALONE(&auth_switch[0]);
if (standalone && auth_switch[1].name != NULL) { if (standalone && auth_switch[1].name != NULL) {
audit_failure(NewArgv, "invalid authentication methods"); audit_failure(NewArgv, N_("invalid authentication methods"));
log_fatal(0, _("Invalid authentication methods compiled into sudo! " log_fatal(0, _("Invalid authentication methods compiled into sudo! "
"You may mix standalone and non-standalone authentication.")); "You may mix standalone and non-standalone authentication."));
debug_return_int(-1); debug_return_int(-1);
@@ -201,7 +201,7 @@ verify_user(struct passwd *pw, char *prompt, int validated)
/* Make sure we have at least one auth method. */ /* Make sure we have at least one auth method. */
/* XXX - check FLAG_DISABLED too */ /* XXX - check FLAG_DISABLED too */
if (auth_switch[0].name == NULL) { if (auth_switch[0].name == NULL) {
audit_failure(NewArgv, "no authentication methods"); audit_failure(NewArgv, N_("no authentication methods"));
log_error(0, log_error(0,
_("There are no authentication methods compiled into sudo! " _("There are no authentication methods compiled into sudo! "
"If you want to turn off authentication, use the " "If you want to turn off authentication, use the "

6
plugins/sudoers/logging.c
View File

@@ -240,9 +240,9 @@ log_denial(int status, bool inform_user)
/* Handle auditing first. */ /* Handle auditing first. */
if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST)) if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
audit_failure(NewArgv, _("No user or host")); audit_failure(NewArgv, N_("No user or host"));
else else
audit_failure(NewArgv, _("validation failure")); audit_failure(NewArgv, N_("validation failure"));
/* Set error message. */ /* Set error message. */
if (ISSET(status, FLAG_NO_USER)) if (ISSET(status, FLAG_NO_USER))
@@ -334,7 +334,7 @@ log_auth_failure(int status, int tries)
debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING) debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING)
/* Handle auditing first. */ /* Handle auditing first. */
audit_failure(NewArgv, _("authentication failure")); audit_failure(NewArgv, N_("authentication failure"));
/* /*
* Do we need to send mail? * Do we need to send mail?

8
plugins/sudoers/sudoers.c
View File

@@ -349,7 +349,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
if (def_requiretty) { if (def_requiretty) {
int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY); int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY);
if (fd == -1) { if (fd == -1) {
audit_failure(NewArgv, _("no tty")); audit_failure(NewArgv, N_("no tty"));
warningx(_("sorry, you must have a tty to run sudo")); warningx(_("sorry, you must have a tty to run sudo"));
goto bad; goto bad;
} else } else
@@ -400,11 +400,11 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
/* Finally tell the user if the command did not exist. */ /* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) { if (cmnd_status == NOT_FOUND_DOT) {
audit_failure(NewArgv, _("command in current directory")); audit_failure(NewArgv, N_("command in current directory"));
warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
goto bad; goto bad;
} else if (cmnd_status == NOT_FOUND) { } else if (cmnd_status == NOT_FOUND) {
audit_failure(NewArgv, _("%s: command not found"), user_cmnd); audit_failure(NewArgv, N_("%s: command not found"), user_cmnd);
warningx(_("%s: command not found"), user_cmnd); warningx(_("%s: command not found"), user_cmnd);
goto bad; goto bad;
} }
@@ -1013,7 +1013,7 @@ find_editor(int nfiles, char **files, char ***argv_out)
} while (ep != NULL && editor_path == NULL); } while (ep != NULL && editor_path == NULL);
} }
if (!editor_path) { if (!editor_path) {
audit_failure(NewArgv, _("%s: command not found"), editor); audit_failure(NewArgv, N_("%s: command not found"), editor);
warningx(_("%s: command not found"), editor); warningx(_("%s: command not found"), editor);
} }
debug_return_str(editor_path); debug_return_str(editor_path);