quit out of sudo you now need to hit ^C at the password prompt.
int authok = 0;
sigaction_t sa, osa;
auth_session_t *as = (auth_session_t *) auth->data;
- extern int nil_pw;
/* save old signal handler */
sigemptyset(&sa.sa_mask);
}
}
- if (!pass || *pass == '\0') /* ^C or empty password */
- nil_pw = 1;
-
if (pass) {
authok = auth_userresponse(as, pass, 1);
zero_bytes(pass, strlen(pass));
if (authok)
return(AUTH_SUCCESS);
+ if (!pass)
+ return(AUTH_INTR);
+
if ((s = auth_getvalue(as, "errormsg")) != NULL)
log_error(NO_EXIT|NO_MAIL, "%s", s);
return(AUTH_FAILURE);
char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */
char resp[128]; /* Response from the server */
int error;
- extern int nil_pw;
/* Send username to authentication server. */
(void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name);
return(AUTH_FATAL);
}
if (!pass) { /* ^C or error */
- nil_pw = 1;
- return(AUTH_FAILURE);
- } else if (*pass == '\0') /* empty password */
- nil_pw = 1;
+ return(AUTH_INTR);
+ }
/* Send the user's response to the server */
(void) snprintf(buf, sizeof(buf), "response '%s'", pass);
static int sudo_conv __P((int, PAM_CONST struct pam_message **,
struct pam_response **, void *));
static char *def_prompt;
+static int gotintr;
#ifndef PAM_DATA_SILENT
#define PAM_DATA_SILENT 0
}
/* FALLTHROUGH */
case PAM_AUTH_ERR:
+ if (gotintr) {
+ /* error or ^C from tgetpass() */
+ return(AUTH_INTR);
+ }
case PAM_MAXTRIES:
case PAM_PERM_DENIED:
return(AUTH_FAILURE);
const char *prompt;
char *pass;
int n, flags, std_prompt;
- extern int nil_pw;
if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
return(PAM_CONV_ERR);
pass = tgetpass(prompt, def_passwd_timeout * 60, flags);
if (pass == NULL) {
/* We got ^C instead of a password; abort quickly. */
- nil_pw = 1;
+ gotintr = 1;
goto err;
}
pr->resp = estrdup(pass);
- if (*pr->resp == '\0')
- nil_pw = 1; /* empty password */
- else
- zero_bytes(pass, strlen(pass));
+ zero_bytes(pass, strlen(pass));
break;
case PAM_TEXT_INFO:
if (pm->msg)
AUTH_ENTRY(0, NULL, NULL, NULL, NULL, NULL)
};
-int nil_pw; /* I hate resorting to globals like this... */
-
void
verify_user(pw, prompt)
struct passwd *pw;
}
/* Get the password unless the auth function will do it for us */
- nil_pw = 0;
#ifdef AUTH_STANDALONE
p = prompt;
#else
p = (char *) tgetpass(prompt, def_passwd_timeout * 60,
tgetpass_flags);
- if (!p || *p == '\0')
- nil_pw = 1;
#endif /* AUTH_STANDALONE */
/* Call authentication functions. */
if (p)
zero_bytes(p, strlen(p));
#endif
-
- /* Exit loop on nil password, but give it a chance to match first. */
- if (nil_pw) {
- if (counter == def_passwd_tries)
- exit(1);
- else
- break;
- }
-
if (!ISSET(tgetpass_flags, TGP_ASKPASS))
pass_warn(stderr);
}
case AUTH_SUCCESS:
(void) sigaction(SIGTSTP, &osa, NULL);
return;
+ case AUTH_INTR:
case AUTH_FAILURE:
- if (def_mail_badpass || def_mail_always)
- flags = 0;
- else
- flags = NO_MAIL;
- log_error(flags, "%d incorrect password attempt%s",
- def_passwd_tries - counter,
- (def_passwd_tries - counter == 1) ? "" : "s");
+ if (counter != def_passwd_tries) {
+ if (def_mail_badpass || def_mail_always)
+ flags = 0;
+ else
+ flags = NO_MAIL;
+ log_error(flags, "%d incorrect password attempt%s",
+ def_passwd_tries - counter,
+ (def_passwd_tries - counter == 1) ? "" : "s");
+ }
+ /* FALLTHROUGH */
case AUTH_FATAL:
exit(1);
}
/* Auth function return values. */
#define AUTH_SUCCESS 0
#define AUTH_FAILURE 1
-#define AUTH_FATAL 2
+#define AUTH_INTR 2
+#define AUTH_FATAL 3
typedef struct sudo_auth {
short flags; /* various flags, see below */
projects / sudo / commitdiff