PAM version needs testing.
Set SIGTSTP to SIG_DFL during password entry so user can suspend us.
int reenter = 1;
pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
- if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
+ if (pass && authenticate(pw->pw_name, pass, &reenter, &message) == 0)
return(AUTH_SUCCESS);
else
return(AUTH_FAILURE);
pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
} else {
pass = tgetpass(s, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
- if (!pass || *pass == '\0') {
+ if (pass && *pass == '\0') {
if ((prompt = strrchr(s, '\n')))
prompt++;
else
}
}
- if (!pass || *pass == '\0')
- nil_pw = 1; /* empty password */
+ if (!pass || *pass == '\0') /* ^C or empty password */
+ nil_pw = 1;
- authok = auth_userresponse(as, pass, 1);
+ authok = pass ? auth_userresponse(as, pass, 1) : 0;
/* restore old signal handler */
(void)signal(SIGCHLD, childkiller);
if (strncmp(resp, "challenge ", 10) == 0) {
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
pass = tgetpass(buf, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
- if (!pass || *pass == '\0') {
+ if (pass && *pass == '\0') {
pass = tgetpass("Response [echo on]: ",
def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags | TGP_ECHO);
}
(void) fprintf(stderr, "%s: %s\n", Argv[0], resp);
return(AUTH_FATAL);
}
- if (!pass || *pass == '\0')
- nil_pw = 1; /* empty password */
+ if (!pass) { /* ^C or error */
+ nil_pw = 1;
+ return(AUTH_FAILURE);
+ } else if (*pass == '\0') /* empty password */
+ nil_pw = 1;
/* Send the user's response to the server */
(void) snprintf(buf, sizeof(buf), "response '%s'", pass);
/* Read the password. */
pr->resp = estrdup((char *) tgetpass(p,
def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags));
- if (*pr->resp == '\0')
+ /* XXX - is a NULL resp OK? */
+ if (pr->resp == NULL || *pr->resp == '\0')
nil_pw = 1; /* empty password */
break;
case PAM_TEXT_INFO:
#include "config.h"
+#include <sys/param.h>
+#include <sys/types.h>
+
#include <stdio.h>
#ifdef STDC_HEADERS
#include <stdlib.h>
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif /* HAVE_STRINGS_H */
-#include <sys/param.h>
-#include <sys/types.h>
#include <pwd.h>
#include <time.h>
+#include <signal.h>
#include "sudo.h"
#include "sudo_auth.h"
int flags;
char *p;
sudo_auth *auth;
+ sigaction_t sa, osa;
+
+ /* Enable suspend during password entry. */
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = SIG_DFL;
+ (void) sigaction(SIGTSTP, &sa, &osa);
/* Make sure we have at least one auth method. */
if (auth_switch[0].name == NULL)
#endif /* AUTH_STANDALONE */
/* Call authentication functions. */
- for (auth = auth_switch; auth->name; auth++) {
+ for (auth = auth_switch; p && auth->name; auth++) {
if (!IS_CONFIGURED(auth))
continue;
goto cleanup;
}
#ifndef AUTH_STANDALONE
- (void) memset(p, 0, strlen(p));
+ if (p)
+ (void) memset(p, 0, strlen(p));
#endif
/* Exit loop on nil password, but give it a chance to match first. */
switch (success) {
case AUTH_SUCCESS:
+ (void) sigaction(SIGTSTP, &osa, NULL);
return;
case AUTH_FAILURE:
if (def_flag(I_MAIL_BADPASS) || def_flag(I_MAIL_ALWAYS))
case AUTH_FATAL:
exit(1);
}
+ /* NOTREACHED */
}
void