From: Todd C. Miller Date: Sun, 26 May 2019 22:29:08 +0000 (-0600) Subject: When using AIX auth, don't display the AIX password incorrect message. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=07ed5b86f23c246ecc6b9bd171242f26c001fb08;p=sudo When using AIX auth, don't display the AIX password incorrect message. Avoids a "3004-300 You entered an invalid login name or password" message in addition to sudo's own "Sorry, try again" message. --- diff --git a/plugins/sudoers/auth/aix_auth.c b/plugins/sudoers/auth/aix_auth.c index 0c85ebbe8..41d40941e 100644 --- a/plugins/sudoers/auth/aix_auth.c +++ b/plugins/sudoers/auth/aix_auth.c @@ -147,6 +147,28 @@ sudo_aix_init(struct passwd *pw, sudo_auth *auth) debug_return_int(AUTH_SUCCESS); } +/* Ignore AIX password incorrect message */ +static bool +sudo_aix_valid_message(const char *message) +{ + const char *cp; + const char badpass_msgid[] = "3004-300"; + debug_decl(sudo_aix_valid_message, SUDOERS_DEBUG_AUTH) + + if (message == NULL || message[0] == '\0') + debug_return_bool(false); + + /* Match "3004-300: You entered an invalid login name or password" */ + for (cp = message; *cp != '\0'; cp++) { + if (isdigit((unsigned char)*cp)) { + if (strncmp(cp, badpass_msgid, strlen(badpass_msgid)) == 0) + debug_return_bool(false); + break; + } + } + debug_return_bool(true); +} + int sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) { @@ -169,16 +191,8 @@ sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co if (result != 0) { /* Display error message, if any. */ - if (message != NULL) { - struct sudo_conv_message msg; - struct sudo_conv_reply repl; - - memset(&msg, 0, sizeof(msg)); - msg.msg_type = SUDO_CONV_ERROR_MSG; - msg.msg = message; - memset(&repl, 0, sizeof(repl)); - sudo_conv(1, &msg, &repl, NULL); - } + if (sudo_aix_valid_message(message)) + sudo_printf(SUDO_CONV_ERROR_MSG, "%s", message); ret = pass ? AUTH_FAILURE : AUTH_INTR; } free(message);