--- embedaddon/sudo/plugins/sudoers/auth/sudo_auth.c	2012/02/21 16:23:02	1.1.1.1
+++ embedaddon/sudo/plugins/sudoers/auth/sudo_auth.c	2012/05/29 12:26:49	1.1.1.2
@@ -51,19 +51,19 @@
 static sudo_auth auth_switch[] = {
 /* Standalone entries first */
 #ifdef HAVE_PAM
-    AUTH_ENTRY("pam", FLAG_STANDALONE, pam_init, NULL, pam_verify, pam_cleanup, pam_begin_session, pam_end_session)
+    AUTH_ENTRY("pam", FLAG_STANDALONE, sudo_pam_init, NULL, sudo_pam_verify, sudo_pam_cleanup, sudo_pam_begin_session, sudo_pam_end_session)
 #endif
 #ifdef HAVE_SECURID
-    AUTH_ENTRY("SecurId", FLAG_STANDALONE, securid_init, securid_setup, securid_verify, NULL, NULL, NULL)
+    AUTH_ENTRY("SecurId", FLAG_STANDALONE, sudo_securid_init, sudo_securid_setup, sudo_securid_verify, NULL, NULL, NULL)
 #endif
 #ifdef HAVE_SIA_SES_INIT
-    AUTH_ENTRY("sia", FLAG_STANDALONE, NULL, sia_setup, sia_verify, sia_cleanup, NULL, NULL)
+    AUTH_ENTRY("sia", FLAG_STANDALONE, NULL, sudo_sia_setup, sudo_sia_verify, sudo_sia_cleanup, NULL, NULL)
 #endif
 #ifdef HAVE_AIXAUTH
-    AUTH_ENTRY("aixauth", FLAG_STANDALONE, NULL, NULL, aixauth_verify, aixauth_cleanup, NULL, NULL)
+    AUTH_ENTRY("aixauth", FLAG_STANDALONE, NULL, NULL, sudo_aix_verify, sudo_aix_cleanup, NULL, NULL)
 #endif
 #ifdef HAVE_FWTK
-    AUTH_ENTRY("fwtk", FLAG_STANDALONE, fwtk_init, NULL, fwtk_verify, fwtk_cleanup, NULL, NULL)
+    AUTH_ENTRY("fwtk", FLAG_STANDALONE, sudo_fwtk_init, NULL, sudo_fwtk_verify, sudo_fwtk_cleanup, NULL, NULL)
 #endif
 #ifdef HAVE_BSD_AUTH_H
     AUTH_ENTRY("bsdauth", FLAG_STANDALONE, bsdauth_init, NULL, bsdauth_verify, bsdauth_cleanup, NULL, NULL)
@@ -71,28 +71,25 @@ static sudo_auth auth_switch[] = {
 
 /* Non-standalone entries */
 #ifndef WITHOUT_PASSWD
-    AUTH_ENTRY("passwd", 0, passwd_init, NULL, passwd_verify, passwd_cleanup, NULL, NULL)
+    AUTH_ENTRY("passwd", 0, sudo_passwd_init, NULL, sudo_passwd_verify, sudo_passwd_cleanup, NULL, NULL)
 #endif
 #if defined(HAVE_GETPRPWNAM) && !defined(WITHOUT_PASSWD)
-    AUTH_ENTRY("secureware", 0, secureware_init, NULL, secureware_verify, secureware_cleanup, NULL, NULL)
+    AUTH_ENTRY("secureware", 0, sudo_secureware_init, NULL, sudo_secureware_verify, sudo_secureware_cleanup, NULL, NULL)
 #endif
 #ifdef HAVE_AFS
-    AUTH_ENTRY("afs", 0, NULL, NULL, afs_verify, NULL, NULL, NULL)
+    AUTH_ENTRY("afs", 0, NULL, NULL, sudo_afs_verify, NULL, NULL, NULL)
 #endif
 #ifdef HAVE_DCE
-    AUTH_ENTRY("dce", 0, NULL, NULL, dce_verify, NULL, NULL, NULL)
+    AUTH_ENTRY("dce", 0, NULL, NULL, sudo_dce_verify, NULL, NULL, NULL)
 #endif
-#ifdef HAVE_KERB4
-    AUTH_ENTRY("kerb4", 0, kerb4_init, NULL, kerb4_verify, NULL, NULL, NULL)
-#endif
 #ifdef HAVE_KERB5
-    AUTH_ENTRY("kerb5", 0, kerb5_init, kerb5_setup, kerb5_verify, kerb5_cleanup, NULL, NULL)
+    AUTH_ENTRY("kerb5", 0, sudo_krb5_init, sudo_krb5_setup, sudo_krb5_verify, sudo_krb5_cleanup, NULL, NULL)
 #endif
 #ifdef HAVE_SKEY
-    AUTH_ENTRY("S/Key", 0, NULL, rfc1938_setup, rfc1938_verify, NULL, NULL, NULL)
+    AUTH_ENTRY("S/Key", 0, NULL, sudo_rfc1938_setup, sudo_rfc1938_verify, NULL, NULL, NULL)
 #endif
 #ifdef HAVE_OPIE
-    AUTH_ENTRY("OPIE", 0, NULL, rfc1938_setup, rfc1938_verify, NULL, NULL, NULL)
+    AUTH_ENTRY("OPIE", 0, NULL, sudo_rfc1938_setup, sudo_rfc1938_verify, NULL, NULL, NULL)
 #endif
     AUTH_ENTRY(NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL)
 };
@@ -108,17 +105,18 @@ sudo_auth_init(struct passwd *pw)
 {
     sudo_auth *auth;
     int status = AUTH_SUCCESS;
+    debug_decl(sudo_auth_init, SUDO_DEBUG_AUTH)
 
     if (auth_switch[0].name == NULL)
-	return TRUE;
+	debug_return_int(true);
 
     /* Make sure we haven't mixed standalone and shared auth methods. */
     standalone = IS_STANDALONE(&auth_switch[0]);
     if (standalone && auth_switch[1].name != NULL) {
 	audit_failure(NewArgv, "invalid authentication methods");
-    	log_error(0, _("Invalid authentication methods compiled into sudo!  "
+    	log_fatal(0, _("Invalid authentication methods compiled into sudo!  "
 	    "You may mix standalone and non-standalone authentication."));
-	return -1;
+	debug_return_int(-1);
     }
 
     /* Set FLAG_ONEANDONLY if there is only one auth method. */
@@ -145,7 +143,7 @@ sudo_auth_init(struct passwd *pw)
 	    }
 	}
     }
-    return status == AUTH_FATAL ? -1 : TRUE;
+    debug_return_int(status == AUTH_FATAL ? -1 : true);
 }
 
 int
@@ -153,6 +151,7 @@ sudo_auth_cleanup(struct passwd *pw)
 {
     sudo_auth *auth;
     int status = AUTH_SUCCESS;
+    debug_decl(sudo_auth_cleanup, SUDO_DEBUG_AUTH)
 
     /* Call cleanup routines. */
     for (auth = auth_switch; auth->name; auth++) {
@@ -172,7 +171,7 @@ sudo_auth_cleanup(struct passwd *pw)
 	    }
 	}
     }
-    return status == AUTH_FATAL ? -1 : TRUE;
+    debug_return_int(status == AUTH_FATAL ? -1 : true);
 }
 
 int
@@ -184,6 +183,7 @@ verify_user(struct passwd *pw, char *prompt)
     char *p;
     sudo_auth *auth;
     sigaction_t sa, osa;
+    debug_decl(verify_user, SUDO_DEBUG_AUTH)
 
     /* Enable suspend during password entry. */
     sigemptyset(&sa.sa_mask);
@@ -195,11 +195,11 @@ verify_user(struct passwd *pw, char *prompt)
     /* XXX - check FLAG_DISABLED too */
     if (auth_switch[0].name == NULL) {
 	audit_failure(NewArgv, "no authentication methods");
-    	log_error(0,
+    	log_fatal(0,
 	    _("There are no authentication methods compiled into sudo!  "
 	    "If you want to turn off authentication, use the "
 	    "--disable-authentication configure option."));
-	return -1;
+	debug_return_int(-1);
     }
 
     while (--counter) {
@@ -219,7 +219,7 @@ verify_user(struct passwd *pw, char *prompt)
 		else if (status == AUTH_FATAL) {
 		    /* XXX log */
 		    audit_failure(NewArgv, "authentication failure");
-		    return -1;		/* assume error msg already printed */
+		    debug_return_int(-1);/* assume error msg already printed */
 		}
 	    }
 	}
@@ -259,7 +259,7 @@ done:
     switch (success) {
 	case AUTH_SUCCESS:
 	    (void) sigaction(SIGTSTP, &osa, NULL);
-	    rval = TRUE;
+	    rval = true;
 	    break;
 	case AUTH_INTR:
 	case AUTH_FAILURE:
@@ -268,12 +268,12 @@ done:
 		    flags = 0;
 		else
 		    flags = NO_MAIL;
-		log_error(flags, ngettext("%d incorrect password attempt",
+		log_fatal(flags, ngettext("%d incorrect password attempt",
 		    "%d incorrect password attempts",
 		    def_passwd_tries - counter), def_passwd_tries - counter);
 	    }
 	    audit_failure(NewArgv, "authentication failure");
-	    rval = FALSE;
+	    rval = false;
 	    break;
 	case AUTH_FATAL:
 	default:
@@ -282,26 +282,27 @@ done:
 	    break;
     }
 
-    return rval;
+    debug_return_int(rval);
 }
 
 int
-sudo_auth_begin_session(struct passwd *pw)
+sudo_auth_begin_session(struct passwd *pw, char **user_env[])
 {
     sudo_auth *auth;
     int status;
+    debug_decl(auth_begin_session, SUDO_DEBUG_AUTH)
 
     for (auth = auth_switch; auth->name; auth++) {
 	if (auth->begin_session && !IS_DISABLED(auth)) {
-	    status = (auth->begin_session)(pw, auth);
+	    status = (auth->begin_session)(pw, user_env, auth);
 	    if (status == AUTH_FATAL) {
 		/* XXX log */
 		audit_failure(NewArgv, "authentication failure");
-		return -1;		/* assume error msg already printed */
+		debug_return_bool(-1);	/* assume error msg already printed */
 	    }
 	}
     }
-    return TRUE;
+    debug_return_bool(true);
 }
 
 int
@@ -309,29 +310,33 @@ sudo_auth_end_session(struct passwd *pw)
 {
     sudo_auth *auth;
     int status;
+    debug_decl(auth_end_session, SUDO_DEBUG_AUTH)
 
     for (auth = auth_switch; auth->name; auth++) {
 	if (auth->end_session && !IS_DISABLED(auth)) {
 	    status = (auth->end_session)(pw, auth);
 	    if (status == AUTH_FATAL) {
 		/* XXX log */
-		return -1;		/* assume error msg already printed */
+		debug_return_bool(-1);	/* assume error msg already printed */
 	    }
 	}
     }
-    return TRUE;
+    debug_return_bool(true);
 }
 
 static void
 pass_warn(void)
 {
     const char *warning = def_badpass_message;
+    debug_decl(pass_warn, SUDO_DEBUG_AUTH)
 
 #ifdef INSULT
     if (def_insults)
 	warning = INSULT;
 #endif
     sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", warning);
+
+    debug_return;
 }
 
 char *
@@ -339,6 +344,7 @@ auth_getpass(const char *prompt, int timeout, int type
 {
     struct sudo_conv_message msg;
     struct sudo_conv_reply repl;
+    debug_decl(auth_getpass, SUDO_DEBUG_AUTH)
 
     /* Mask user input if pwfeedback set and echo is off. */
     if (type == SUDO_CONV_PROMPT_ECHO_OFF && def_pwfeedback)
@@ -356,16 +362,19 @@ auth_getpass(const char *prompt, int timeout, int type
     memset(&repl, 0, sizeof(repl));
     sudo_conv(1, &msg, &repl);
     /* XXX - check for ENOTTY? */
-    return repl.reply;
+    debug_return_str_masked(repl.reply);
 }
 
 void
 dump_auth_methods(void)
 {
     sudo_auth *auth;
+    debug_decl(dump_auth_methods, SUDO_DEBUG_AUTH)
 
     sudo_printf(SUDO_CONV_INFO_MSG, _("Authentication methods:"));
     for (auth = auth_switch; auth->name; auth++)
 	sudo_printf(SUDO_CONV_INFO_MSG, " '%s'", auth->name);
     sudo_printf(SUDO_CONV_INFO_MSG, "\n");
+
+    debug_return;
 }