From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 27 Sep 2011 19:41:22 +0000 (-0400)
Subject: Make sudo_auth_{init,cleanup} return TRUE on success and check for
X-Git-Tag: SUDO_1_8_3~15^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1e93d1fbb6b934dbb8551475e222118112072115;p=sudo

Make sudo_auth_{init,cleanup} return TRUE on success and check for
sudo_auth_init() return value in check_user().
---

diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c
index 7f49322d5..cd0408394 100644
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -107,10 +107,10 @@ int
 sudo_auth_init(struct passwd *pw)
 {
     sudo_auth *auth;
-    int status;
+    int status = AUTH_SUCCESS;
 
     if (auth_switch[0].name == NULL)
-	return AUTH_SUCCESS;
+	return TRUE;
 
     /* Make sure we haven't mixed standalone and shared auth methods. */
     standalone = IS_STANDALONE(&auth_switch[0]);
@@ -141,18 +141,18 @@ sudo_auth_init(struct passwd *pw)
 	    else if (status == AUTH_FATAL) {
 		/* XXX log */
 		audit_failure(NewArgv, "authentication failure");
-		return -1;		/* assume error msg already printed */
+		break;		/* assume error msg already printed */
 	    }
 	}
     }
-    return AUTH_SUCCESS;
+    return status == AUTH_FATAL ? -1 : TRUE;
 }
 
 int
 sudo_auth_cleanup(struct passwd *pw)
 {
     sudo_auth *auth;
-    int status;
+    int status = AUTH_SUCCESS;
 
     /* Call cleanup routines. */
     for (auth = auth_switch; auth->name; auth++) {
@@ -168,11 +168,11 @@ sudo_auth_cleanup(struct passwd *pw)
 	    if (status == AUTH_FATAL) {
 		/* XXX log */
 		audit_failure(NewArgv, "authentication failure");
-		return -1;		/* assume error msg already printed */
+		break;		/* assume error msg already printed */
 	    }
 	}
     }
-    return AUTH_SUCCESS;
+    return status == AUTH_FATAL ? -1 : TRUE;
 }
 
 int
diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c
index 96d3c1e76..f263c441f 100644
--- a/plugins/sudoers/check.c
+++ b/plugins/sudoers/check.c
@@ -116,7 +116,11 @@ check_user(int validated, int mode)
 
     /* Init authentication system regardless of whether we need a password. */
     auth_pw = get_authpw();
-    sudo_auth_init(auth_pw);
+    if (sudo_auth_init(auth_pw) == -1) {
+	pw_delref(auth_pw);
+	rval = -1;
+	goto done;
+    }
     pw_delref(auth_pw);
 
     /* Always prompt for a password when -k was specified with the command. */