Unset AUTHSTATE after calling authenticate() as it may not be correct for

the user we are running the command as.

diff --git a/auth/aix_auth.c b/auth/aix_auth.c
index 05bc369d1752952d1a5293766f8374c1ae4eb57b..38f80c380437cb7c79adea9e753a6c4f7a8f55d3 100644 (file)
--- a/auth/aix_auth.c
+++ b/auth/aix_auth.c
@@ -70,6 +70,8 @@ aixauth_verify(pw, prompt, auth)
        /* XXX - should probably print message on failure. */
        if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
            rval = AUTH_SUCCESS;
+       /* Unset AUTHSTATE as it may not be correct for the runas user. */
+       sudo_unsetenv("AUTHSTATE");
        free(message);
        zero_bytes(pass, strlen(pass));
     }

diff --git a/env.c b/env.c
index 27434e7be8ce65615f2a1c0311e942d2e6c46a6c..03ec79fa1d7eac1dfc73ebc739e977bf64561028 100644 (file)
--- a/env.c
+++ b/env.c
@@ -133,6 +133,7 @@ static const char *initial_badenv_table[] = {
 #ifdef _AIX
     "LDR_*",
     "LIBPATH",
+    "AUTHSTATE",
 #endif
 #ifdef __APPLE__
     "DYLD_*",
@@ -292,7 +293,9 @@ sudo_setenv(var, val, dupcheck)
     }
     insert_env(estring, dupcheck, TRUE);
 }
+#endif /* HAVE_LDAP */
 
+#if defined(HAVE_LDAP) || defined(HAVE_AIXAUTH)
 /*
  * Similar to unsetenv(3) but operates on sudo's private copy of the
  * environment.
@@ -319,7 +322,7 @@ sudo_unsetenv(var)
        }
     }
 }
-#endif /* HAVE_LDAP */
+#endif /* HAVE_LDAP || HAVE_AIXAUTH */
 
 /*
  * Insert str into env.envp, assumes str has an '=' in it.