If all authentication methods fail init/setup, fail with an error.

diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c
index adae8a76b3dbcb6f76d75822312de736b656053c..3e8062352e5ef47817f57dfd4cdbeb819e726c36 100644 (file)
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -196,7 +196,6 @@ verify_user(struct passwd *pw, char *prompt, int validated)
     (void) sigaction(SIGTSTP, &sa, &osa);
 
     /* Make sure we have at least one auth method. */
-    /* XXX - check FLAG_DISABLED too */
     if (auth_switch[0].name == NULL) {
        audit_failure(NewArgc, NewArgv, N_("no authentication methods"));
        log_warningx(SLOG_SEND_MAIL,
@@ -207,9 +206,14 @@ verify_user(struct passwd *pw, char *prompt, int validated)
     }
 
     while (--counter) {
+       int num_methods = 0;
+
        /* Do any per-method setup and unconfigure the method if needed */
        for (auth = auth_switch; auth->name; auth++) {
-           if (auth->setup && !IS_DISABLED(auth)) {
+           if (IS_DISABLED(auth))
+               continue;
+           num_methods++;
+           if (auth->setup != NULL) {
                status = (auth->setup)(pw, &prompt, auth);
                if (status == AUTH_FAILURE)
                    SET(auth->flags, FLAG_DISABLED);
@@ -217,6 +221,12 @@ verify_user(struct passwd *pw, char *prompt, int validated)
                    goto done;          /* assume error msg already printed */
            }
        }
+       if (num_methods == 0) {
+           audit_failure(NewArgc, NewArgv, N_("no authentication methods"));
+           log_warningx(SLOG_SEND_MAIL,
+               N_("Unable to initialize authentication methods."));
+           debug_return_int(-1);
+       }
 
        /* Get the password unless the auth function will do it for us */
        if (standalone) {