* http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm
*/
-#define AIX_AUTH_UNKNOWN 0
-#define AIX_AUTH_STD 1
-#define AIX_AUTH_PAM 2
+#ifdef HAVE_PAM
+# define AIX_AUTH_UNKNOWN 0
+# define AIX_AUTH_STD 1
+# define AIX_AUTH_PAM 2
static int
sudo_aix_authtype(void)
debug_return_int(authtype);
}
+#endif /* HAVE_PAM */
int
sudo_aix_init(struct passwd *pw, sudo_auth *auth)
{
debug_decl(sudo_aix_init, SUDOERS_DEBUG_AUTH)
+#ifdef HAVE_PAM
/* Check auth_type in /etc/security/login.cfg. */
- if (sudo_aix_authtype() == AIX_AUTH_PAM)
- debug_return_int(AUTH_FAILURE);
+ if (sudo_aix_authtype() == AIX_AUTH_PAM) {
+ if (sudo_pam_init_quiet(pw, auth) == AUTH_SUCCESS) {
+ /* Fail AIX authentication so we can use PAM instead. */
+ debug_return_int(AUTH_FAILURE);
+ }
+ }
+#endif
debug_return_int(AUTH_SUCCESS);
}
static bool getpass_error;
static pam_handle_t *pamh;
-int
-sudo_pam_init(struct passwd *pw, sudo_auth *auth)
+static int
+sudo_pam_init2(struct passwd *pw, sudo_auth *auth, bool quiet)
{
- static int pam_status;
+ static int pam_status = PAM_SUCCESS;
int rc;
debug_decl(sudo_pam_init, SUDOERS_DEBUG_AUTH)
+ /* Stash pointer to last pam status. */
+ auth->data = &pam_status;
+
+#ifdef _AIX
+ if (pamh != NULL) {
+ /* Already initialized (may happen with AIX). */
+ debug_return_int(AUTH_SUCCESS);
+ }
+#endif /* _AIX */
+
/* Initial PAM setup */
- auth->data = (void *) &pam_status;
pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh);
if (pam_status != PAM_SUCCESS) {
- log_warning(0, N_("unable to initialize PAM"));
+ if (!quiet)
+ log_warning(0, N_("unable to initialize PAM"));
debug_return_int(AUTH_FATAL);
}
debug_return_int(AUTH_SUCCESS);
}
+int
+sudo_pam_init(struct passwd *pw, sudo_auth *auth)
+{
+ return sudo_pam_init2(pw, auth, false);
+}
+
+#ifdef _AIX
+int
+sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth)
+{
+ return sudo_pam_init2(pw, auth, true);
+}
+#endif /* _AIX */
+
int
sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
{
int sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth);
int sudo_pam_init(struct passwd *pw, sudo_auth *auth);
+int sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth);
int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth);
int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth);
projects / sudo / commitdiff