Do not write directly to stdout/stderr, use sudo_printf which calls

author Todd C. Miller <Todd.Miller@courtesan.com>

Sun, 15 May 2016 01:33:28 +0000 (19:33 -0600)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sun, 15 May 2016 01:33:28 +0000 (19:33 -0600)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sun, 15 May 2016 01:33:28 +0000 (19:33 -0600)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sun, 15 May 2016 01:33:28 +0000 (19:33 -0600)
diff --git a/plugins/sudoers/auth/dce.c b/plugins/sudoers/auth/dce.c

index 262b4ef14b6ca0e204196ea98006d7782ccb60b2..68ce4e02fe72da51896733fcf5c1aa493e3e4f98 100644 (file)
--- a/plugins/sudoers/auth/dce.c
+++ b/plugins/sudoers/auth/dce.c
@@ -99,7 +99,8 @@ sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth, struct sudo_
              * sure that we didn't get spoofed by another DCE server.
              */
             if (!sec_login_certify_identity(login_context, &status)) {
-               (void) fprintf(stderr, "Whoa! Bogus authentication server!\n");
+               sudo_printf(SUDO_CONV_ERROR_MSG,
+                   "Whoa! Bogus authentication server!\n");
                 (void) check_dce_status(status,"sec_login_certify_identity(1):");
                 debug_return_int(AUTH_FAILURE);
             }
@@ -120,13 +121,13 @@ sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth, struct sudo_
              * DCE client and DCE security server...
              */
             if (auth_src != sec_login_auth_src_network) {
-                   (void) fprintf(stderr,
+                   sudo_printf(SUDO_CONV_ERROR_MSG,
                         "You have no network credentials.\n");
                     debug_return_int(AUTH_FAILURE);
             }
             /* Check if the password has aged and is thus no good */
             if (reset_passwd) {
-                   (void) fprintf(stderr,
+                   sudo_printf(SUDO_CONV_ERROR_MSG,
                         "Your DCE password needs resetting.\n");
                     debug_return_int(AUTH_FAILURE);
             }
@@ -186,7 +187,7 @@ check_dce_status(error_status_t input_status, char *comment)
      if (input_status == rpc_s_ok)
         debug_return_int(0);
      dce_error_inq_text(input_status, error_string, &error_stat);
-    (void) fprintf(stderr, "%s %s\n", comment, error_string);
+    sudo_printf(SUDO_CONV_ERROR_MSG, "%s %s\n", comment, error_string);
      debug_return_int(1);
  }
  
diff --git a/plugins/sudoers/auth/fwtk.c b/plugins/sudoers/auth/fwtk.c

index eddd51a35b0278812a366d920d1ac55c1e1c052d..fb0d7a48da0654270d1e624744f9ebe0252a32c3 100644 (file)
--- a/plugins/sudoers/auth/fwtk.c
+++ b/plugins/sudoers/auth/fwtk.c
@@ -104,7 +104,7 @@ restart:
         pass = auth_getpass(prompt, def_passwd_timeout * 60,
             SUDO_CONV_PROMPT_ECHO_OFF, callback);
      } else if (strncmp(resp, "display ", 8) == 0) {
-       fprintf(stderr, "%s\n", &resp[8]);
+       sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", &resp[8]);
         strlcpy(buf, "response dummy", sizeof(buf));
         goto restart;
      } else {
diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c

index 740c76ece1dea628a4c064501cf419ac311aaa56..7886d65d83348fd64152c9a41b350431b9749922 100644 (file)
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -483,14 +483,12 @@ converse(int num_msg, PAM_CONST struct pam_message **msg,
                 reply[n].resp = pass;   /* auth_getpass() malloc's a copy */
                 break;
             case PAM_TEXT_INFO:
-               if (pm->msg)
-                   (void) puts(pm->msg);
+               if (pm->msg != NULL)
+                   sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", pm->msg);
                 break;
             case PAM_ERROR_MSG:
-               if (pm->msg) {
-                   (void) fputs(pm->msg, stderr);
-                   (void) fputc('\n', stderr);
-               }
+               if (pm->msg != NULL)
+                   sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", pm->msg);
                 break;
             default:
                 sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
diff --git a/plugins/sudoers/auth/securid5.c b/plugins/sudoers/auth/securid5.c

index a822addc1ac15de5e9b537ddec43064f4c989150..468eef23ff916db278a1c9b18dfaef0ca6e58f93 100644 (file)
--- a/plugins/sudoers/auth/securid5.c
+++ b/plugins/sudoers/auth/securid5.c
@@ -202,8 +202,10 @@ then enter the new token code.\n", \
                  */
                 /* XXX - Is setting up a new PIN within sudo's scope? */
                 SD_Pin(*sd, "");
-               fprintf(stderr, "Your SecurID access has not yet been set up.\n");
-               fprintf(stderr, "Please set up a PIN before you try to authenticate.\n");
+               sudo_printf(SUDO_CONV_ERROR_MSG, 
+                   "Your SecurID access has not yet been set up.\n");
+               sudo_printf(SUDO_CONV_ERROR_MSG, 
+                   "Please set up a PIN before you try to authenticate.\n");
                 rval = AUTH_FATAL;
                 break;
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sun, 15 May 2016 01:33:28 +0000 (19:33 -0600)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sun, 15 May 2016 01:33:28 +0000 (19:33 -0600)
plugins/sudoers/auth/dce.c		patch \| blob \| history
plugins/sudoers/auth/fwtk.c		patch \| blob \| history
plugins/sudoers/auth/pam.c		patch \| blob \| history
plugins/sudoers/auth/securid5.c		patch \| blob \| history