From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 16 May 2011 16:17:49 +0000 (-0400)
Subject: For AIX, keep calling authenticate() until reenter reaches 0.
X-Git-Tag: SUDO_1_8_2~157^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7708d5ce846348b9370ad86201273cdd259e268e;p=sudo

For AIX, keep calling authenticate() until reenter reaches 0.
---

diff --git a/plugins/sudoers/auth/aix_auth.c b/plugins/sudoers/auth/aix_auth.c
index 9f54f9108..1be5fcbfe 100644
--- a/plugins/sudoers/auth/aix_auth.c
+++ b/plugins/sudoers/auth/aix_auth.c
@@ -54,16 +54,23 @@ aixauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
 {
     char *pass;
     char *message = NULL;
-    int reenter = 1;
+    int result, reenter = 0;
     int rval = AUTH_FAILURE;
 
-    pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
     if (pass) {
+	/* XXX - should verify that S_AUTH1 is "NONE" or "SYSTEM" */
+	do {
+	    pass = auth_getpass(prompt, def_passwd_timeout * 60,
+		SUDO_CONV_PROMPT_ECHO_OFF);
+	    efree(message);
+	    result = authenticate(pw->pw_name, pass, &reenter, &message);
+	    zero_bytes(pass, strlen(pass));
+	    prompt = message;
+	} while (reenter);
 	/* XXX - should probably print message on failure. */
-	if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
+	efree(message);
+	if (result == 0)
 	    rval = AUTH_SUCCESS;
-	free(message);
-	zero_bytes(pass, strlen(pass));
     }
     return rval;
 }