version 1.1.1.3, 2012/10/09 09:29:52
|
version 1.1.1.5, 2013/10/14 07:56:35
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 1999-2005, 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 1999-2005, 2008-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
* purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
Line 21
|
Line 21
|
#include <config.h> |
#include <config.h> |
|
|
#include <sys/types.h> |
#include <sys/types.h> |
#include <sys/param.h> |
|
#include <stdio.h> |
#include <stdio.h> |
#ifdef STDC_HEADERS |
#ifdef STDC_HEADERS |
# include <stdlib.h> |
# include <stdlib.h> |
Line 117 sudo_auth_init(struct passwd *pw)
|
Line 116 sudo_auth_init(struct passwd *pw)
|
/* Make sure we haven't mixed standalone and shared auth methods. */ |
/* Make sure we haven't mixed standalone and shared auth methods. */ |
standalone = IS_STANDALONE(&auth_switch[0]); |
standalone = IS_STANDALONE(&auth_switch[0]); |
if (standalone && auth_switch[1].name != NULL) { |
if (standalone && auth_switch[1].name != NULL) { |
audit_failure(NewArgv, "invalid authentication methods"); | audit_failure(NewArgv, N_("invalid authentication methods")); |
log_fatal(0, _("Invalid authentication methods compiled into sudo! " | log_fatal(0, N_("Invalid authentication methods compiled into sudo! " |
"You may mix standalone and non-standalone authentication.")); | "You may not mix standalone and non-standalone authentication.")); |
debug_return_int(-1); |
debug_return_int(-1); |
} |
} |
|
|
Line 201 verify_user(struct passwd *pw, char *prompt, int valid
|
Line 200 verify_user(struct passwd *pw, char *prompt, int valid
|
/* Make sure we have at least one auth method. */ |
/* Make sure we have at least one auth method. */ |
/* XXX - check FLAG_DISABLED too */ |
/* XXX - check FLAG_DISABLED too */ |
if (auth_switch[0].name == NULL) { |
if (auth_switch[0].name == NULL) { |
audit_failure(NewArgv, "no authentication methods"); | audit_failure(NewArgv, N_("no authentication methods")); |
log_error(0, | log_warning(0, |
_("There are no authentication methods compiled into sudo! " | N_("There are no authentication methods compiled into sudo! " |
"If you want to turn off authentication, use the " |
"If you want to turn off authentication, use the " |
"--disable-authentication configure option.")); |
"--disable-authentication configure option.")); |
debug_return_int(-1); |
debug_return_int(-1); |
Line 255 verify_user(struct passwd *pw, char *prompt, int valid
|
Line 254 verify_user(struct passwd *pw, char *prompt, int valid
|
goto done; |
goto done; |
} |
} |
if (!standalone) |
if (!standalone) |
zero_bytes(p, strlen(p)); | memset_s(p, SUDO_CONV_REPL_MAX, 0, strlen(p)); |
pass_warn(); |
pass_warn(); |
} |
} |
|
|
Line 291 sudo_auth_begin_session(struct passwd *pw, char **user
|
Line 290 sudo_auth_begin_session(struct passwd *pw, char **user
|
{ |
{ |
sudo_auth *auth; |
sudo_auth *auth; |
int status = AUTH_SUCCESS; |
int status = AUTH_SUCCESS; |
debug_decl(auth_begin_session, SUDO_DEBUG_AUTH) | debug_decl(sudo_auth_begin_session, SUDO_DEBUG_AUTH) |
|
|
for (auth = auth_switch; auth->name; auth++) { |
for (auth = auth_switch; auth->name; auth++) { |
if (auth->begin_session && !IS_DISABLED(auth)) { |
if (auth->begin_session && !IS_DISABLED(auth)) { |
Line 303 sudo_auth_begin_session(struct passwd *pw, char **user
|
Line 302 sudo_auth_begin_session(struct passwd *pw, char **user
|
debug_return_int(status == AUTH_FATAL ? -1 : 1); |
debug_return_int(status == AUTH_FATAL ? -1 : 1); |
} |
} |
|
|
|
bool |
|
sudo_auth_needs_end_session(void) |
|
{ |
|
sudo_auth *auth; |
|
bool needed = false; |
|
debug_decl(sudo_auth_needs_end_session, SUDO_DEBUG_AUTH) |
|
|
|
for (auth = auth_switch; auth->name; auth++) { |
|
if (auth->end_session && !IS_DISABLED(auth)) { |
|
needed = true; |
|
break; |
|
} |
|
} |
|
debug_return_bool(needed); |
|
} |
|
|
/* |
/* |
* Call authentication method end session hooks. |
* Call authentication method end session hooks. |
* Returns 1 on success and -1 on error. |
* Returns 1 on success and -1 on error. |
Line 312 sudo_auth_end_session(struct passwd *pw)
|
Line 327 sudo_auth_end_session(struct passwd *pw)
|
{ |
{ |
sudo_auth *auth; |
sudo_auth *auth; |
int status = AUTH_SUCCESS; |
int status = AUTH_SUCCESS; |
debug_decl(auth_end_session, SUDO_DEBUG_AUTH) | debug_decl(sudo_auth_end_session, SUDO_DEBUG_AUTH) |
|
|
for (auth = auth_switch; auth->name; auth++) { |
for (auth = auth_switch; auth->name; auth++) { |
if (auth->end_session && !IS_DISABLED(auth)) { |
if (auth->end_session && !IS_DISABLED(auth)) { |