Remove unused FLAG_USER auth flag. We have no auth methods that

require that authentication be run as the invoking user.

diff --git a/plugins/sudoers/auth/API b/plugins/sudoers/auth/API
index 2ccbc55016f068a035c2235a75244cbd7e293d09..55d2dfc0c0b81a7c2a7293068e36e1c97a243b75 100644 (file)
--- a/plugins/sudoers/auth/API
+++ b/plugins/sudoers/auth/API
@@ -33,9 +33,6 @@ The variables in the struct are as follows:
                initialized in the "init" or "setup" routines.
 
 Possible values of sudo_auth.flags:
-    FLAG_USER          Whether or not the auth functions should run with
-                       the euid of the invoking user instead of 0.
-
     FLAG_DISABLED      Set if an "init" or "setup" function fails.
 
     FLAG_STANDALONE    If set, this indicates that the method must

diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c
index d73a5e26587f5fb82ca17084ae650c2f46593bee..94d17779ade65d4080c6d90ef197cb97822c3e53 100644 (file)
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -129,15 +129,8 @@ sudo_auth_init(struct passwd *pw)
     /* Initialize auth methods and unconfigure the method if necessary. */
     for (auth = auth_switch; auth->name; auth++) {
        if (auth->init && !IS_DISABLED(auth)) {
-           if (NEEDS_USER(auth))
-               set_perms(PERM_USER);
-
-           status = (auth->init)(pw, auth);
-
-           if (NEEDS_USER(auth))
-               restore_perms();
-
            /* Disable if it failed to init unless there was a fatal error. */
+           status = (auth->init)(pw, auth);
            if (status == AUTH_FAILURE)
                SET(auth->flags, FLAG_DISABLED);
            else if (status == AUTH_FATAL)
@@ -161,14 +154,7 @@ sudo_auth_cleanup(struct passwd *pw)
     /* Call cleanup routines. */
     for (auth = auth_switch; auth->name; auth++) {
        if (auth->cleanup && !IS_DISABLED(auth)) {
-           if (NEEDS_USER(auth))
-               set_perms(PERM_USER);
-
            status = (auth->cleanup)(pw, auth);
-
-           if (NEEDS_USER(auth))
-               restore_perms();
-
            if (status == AUTH_FATAL)
                break;          /* assume error msg already printed */
        }
@@ -212,14 +198,7 @@ verify_user(struct passwd *pw, char *prompt, int validated)
        /* Do any per-method setup and unconfigure the method if needed */
        for (auth = auth_switch; auth->name; auth++) {
            if (auth->setup && !IS_DISABLED(auth)) {
-               if (NEEDS_USER(auth))
-                   set_perms(PERM_USER);
-
                status = (auth->setup)(pw, &prompt, auth);
-
-               if (NEEDS_USER(auth))
-                   restore_perms();
-
                if (status == AUTH_FAILURE)
                    SET(auth->flags, FLAG_DISABLED);
                else if (status == AUTH_FATAL)
@@ -242,14 +221,7 @@ verify_user(struct passwd *pw, char *prompt, int validated)
            if (IS_DISABLED(auth))
                continue;
 
-           if (NEEDS_USER(auth))
-               set_perms(PERM_USER);
-
            success = auth->status = (auth->verify)(pw, p, auth);
-
-           if (NEEDS_USER(auth))
-               restore_perms();
-
            if (auth->status != AUTH_FAILURE)
                goto done;
        }

diff --git a/plugins/sudoers/auth/sudo_auth.h b/plugins/sudoers/auth/sudo_auth.h
index ea2fb8ad10299089b2ce3d8cc0f6b6c7b6bdaf33..aabf5976cc398b319d11d26c7671273af78f413e 100644 (file)
--- a/plugins/sudoers/auth/sudo_auth.h
+++ b/plugins/sudoers/auth/sudo_auth.h
@@ -37,13 +37,11 @@ typedef struct sudo_auth {
 } sudo_auth;
 
 /* Values for sudo_auth.flags.  */
-#define FLAG_USER      0x01    /* functions must run as the user, not root */
 #define FLAG_DISABLED  0x02    /* method disabled */
 #define FLAG_STANDALONE        0x04    /* standalone auth method */
 #define FLAG_ONEANDONLY        0x08    /* one and only auth method */
 
 /* Shortcuts for using the flags above. */
-#define NEEDS_USER(x)          ((x)->flags & FLAG_USER)
 #define IS_DISABLED(x)         ((x)->flags & FLAG_DISABLED)
 #define IS_STANDALONE(x)       ((x)->flags & FLAG_STANDALONE)
 #define IS_ONEANDONLY(x)       ((x)->flags & FLAG_ONEANDONLY)