]> granicus.if.org Git - sudo/commitdiff
projects / sudo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 13869d3)
In sudo_pam_begin_session() and sudo_pam_end_session() return
authorTodd C. Miller <Todd.Miller@courtesan.com>
Tue, 11 Aug 2015 02:17:02 +0000 (20:17 -0600)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Tue, 11 Aug 2015 02:17:02 +0000 (20:17 -0600)
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.

plugins/sudoers/auth/pam.c patch | blob | history
plugins/sudoers/auth/sudo_auth.c patch | blob | history

diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c
index 4cfbca9092c4a01758fd1523f7de1a019efb777c..ccd0d1ebc1053573699eeb23cb8719795137cefb 100644 (file)
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -279,7 +279,7 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
                    "pam_end: %s", errstr ? errstr : "unknown error");
            }
            pamh = NULL;
-           status = AUTH_FAILURE;
+           status = AUTH_FATAL;
            goto done;
        }
     }
@@ -295,7 +295,7 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
        if (pam_envp != NULL) {
            /* Merge pam env with user env. */
            if (!env_init(*user_envp) || !env_merge(pam_envp))
-               status = AUTH_FAILURE;
+               status = AUTH_FATAL;
            *user_envp = env_get();
            (void)env_init(NULL);
            free(pam_envp);
@@ -348,7 +348,7 @@ sudo_pam_end_session(struct passwd *pw, sudo_auth *auth)
            const char *errstr = pam_strerror(pamh, rc);
            sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
                "pam_end: %s", errstr ? errstr : "unknown error");
-           status = AUTH_FAILURE;
+           status = AUTH_FATAL;
        }
        pamh = NULL;
     }
diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c
index 83bd0858863cfd4511357ea4b0a761875394d033..9b86f3855d50679ac09b5ba9836036fa2a653873 100644 (file)
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -342,11 +342,11 @@ sudo_auth_begin_session(struct passwd *pw, char **user_env[])
     for (auth = auth_switch; auth->name; auth++) {
        if (auth->begin_session && !IS_DISABLED(auth)) {
            status = (auth->begin_session)(pw, user_env, auth);
-           if (status == AUTH_FATAL)
+           if (status != AUTH_SUCCESS)
                break;          /* assume error msg already printed */
        }
     }
-    debug_return_int(status == AUTH_FATAL ? -1 : 1);
+    debug_return_int(status == AUTH_SUCCESS ? 1 : -1);
 }
 
 bool
Unnamed repository; edit this file 'description' to name the repository.