version 1.1.1.4, 2013/07/22 10:46:12
|
version 1.1.1.6, 2014/06/15 16:12:54
|
Line 41
|
Line 41
|
#ifdef HAVE_UNISTD_H |
#ifdef HAVE_UNISTD_H |
# include <unistd.h> |
# include <unistd.h> |
#endif /* HAVE_UNISTD_H */ |
#endif /* HAVE_UNISTD_H */ |
#if TIME_WITH_SYS_TIME | #ifdef TIME_WITH_SYS_TIME |
# include <time.h> |
# include <time.h> |
#endif |
#endif |
#include <errno.h> |
#include <errno.h> |
Line 53
|
Line 53
|
#include "check.h" |
#include "check.h" |
|
|
static bool display_lecture(int); |
static bool display_lecture(int); |
static struct passwd *get_authpw(void); | static struct passwd *get_authpw(int); |
|
|
/* |
/* |
* Returns true if the user successfully authenticates, false if not |
* Returns true if the user successfully authenticates, false if not |
Line 93 check_user_interactive(int validated, int mode, struct
|
Line 93 check_user_interactive(int validated, int mode, struct
|
|
|
/* Expand any escapes in the prompt. */ |
/* Expand any escapes in the prompt. */ |
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt, |
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt, |
user_name, user_shost); | auth_pw->pw_name); |
|
|
rval = verify_user(auth_pw, prompt, validated); |
rval = verify_user(auth_pw, prompt, validated); |
if (rval == true && lectured) |
if (rval == true && lectured) |
Line 123 check_user(int validated, int mode)
|
Line 123 check_user(int validated, int mode)
|
* Init authentication system regardless of whether we need a password. |
* Init authentication system regardless of whether we need a password. |
* Required for proper PAM session support. |
* Required for proper PAM session support. |
*/ |
*/ |
auth_pw = get_authpw(); | auth_pw = get_authpw(mode); |
if (sudo_auth_init(auth_pw) == -1) { |
if (sudo_auth_init(auth_pw) == -1) { |
rval = -1; |
rval = -1; |
goto done; |
goto done; |
Line 133 check_user(int validated, int mode)
|
Line 133 check_user(int validated, int mode)
|
* Don't prompt for the root passwd or if the user is exempt. |
* Don't prompt for the root passwd or if the user is exempt. |
* If the user is not changing uid/gid, no need for a password. |
* If the user is not changing uid/gid, no need for a password. |
*/ |
*/ |
if (!def_authenticate || user_uid == 0 || user_is_exempt()) | if (!def_authenticate || user_is_exempt()) |
goto done; |
goto done; |
if (user_uid == runas_pw->pw_uid && | if (user_uid == 0 || (user_uid == runas_pw->pw_uid && |
(!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) { | (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name)))) { |
#ifdef HAVE_SELINUX |
#ifdef HAVE_SELINUX |
if (user_role == NULL && user_type == NULL) |
if (user_role == NULL && user_type == NULL) |
#endif |
#endif |
Line 217 user_is_exempt(void)
|
Line 217 user_is_exempt(void)
|
* case, this matches sudo_user.pw or runas_pw. |
* case, this matches sudo_user.pw or runas_pw. |
*/ |
*/ |
static struct passwd * |
static struct passwd * |
get_authpw(void) | get_authpw(int mode) |
{ |
{ |
struct passwd *pw; |
struct passwd *pw; |
debug_decl(get_authpw, SUDO_DEBUG_AUTH) |
debug_decl(get_authpw, SUDO_DEBUG_AUTH) |
|
|
if (def_rootpw) { | if (ISSET(mode, (MODE_CHECK|MODE_LIST))) { |
if ((pw = sudo_getpwuid(ROOT_UID)) == NULL) | /* In list mode we always prompt for the user's password. */ |
log_fatal(0, N_("unknown uid: %u"), ROOT_UID); | |
} else if (def_runaspw) { | |
if ((pw = sudo_getpwnam(def_runas_default)) == NULL) | |
log_fatal(0, N_("unknown user: %s"), def_runas_default); | |
} else if (def_targetpw) { | |
if (runas_pw->pw_name == NULL) | |
log_fatal(NO_MAIL|MSG_ONLY, N_("unknown uid: %u"), | |
(unsigned int) runas_pw->pw_uid); | |
sudo_pw_addref(runas_pw); | |
pw = runas_pw; | |
} else { | |
sudo_pw_addref(sudo_user.pw); |
sudo_pw_addref(sudo_user.pw); |
pw = sudo_user.pw; |
pw = sudo_user.pw; |
|
} else { |
|
if (def_rootpw) { |
|
if ((pw = sudo_getpwuid(ROOT_UID)) == NULL) |
|
log_fatal(0, N_("unknown uid: %u"), ROOT_UID); |
|
} else if (def_runaspw) { |
|
if ((pw = sudo_getpwnam(def_runas_default)) == NULL) |
|
log_fatal(0, N_("unknown user: %s"), def_runas_default); |
|
} else if (def_targetpw) { |
|
if (runas_pw->pw_name == NULL) |
|
log_fatal(NO_MAIL|MSG_ONLY, N_("unknown uid: %u"), |
|
(unsigned int) runas_pw->pw_uid); |
|
sudo_pw_addref(runas_pw); |
|
pw = runas_pw; |
|
} else { |
|
sudo_pw_addref(sudo_user.pw); |
|
pw = sudo_user.pw; |
|
} |
} |
} |
|
|
debug_return_ptr(pw); |
debug_return_ptr(pw); |