From: Todd C. Miller Date: Sun, 15 May 2016 01:33:28 +0000 (-0600) Subject: Do not write directly to stdout/stderr, use sudo_printf which calls X-Git-Tag: SUDO_1_8_17^2~60 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=90fdb6a316f3795ee6f195146a21d97412de13ee;p=sudo Do not write directly to stdout/stderr, use sudo_printf which calls the conversation function. --- diff --git a/plugins/sudoers/auth/dce.c b/plugins/sudoers/auth/dce.c index 262b4ef14..68ce4e02f 100644 --- a/plugins/sudoers/auth/dce.c +++ b/plugins/sudoers/auth/dce.c @@ -99,7 +99,8 @@ sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth, struct sudo_ * sure that we didn't get spoofed by another DCE server. */ if (!sec_login_certify_identity(login_context, &status)) { - (void) fprintf(stderr, "Whoa! Bogus authentication server!\n"); + sudo_printf(SUDO_CONV_ERROR_MSG, + "Whoa! Bogus authentication server!\n"); (void) check_dce_status(status,"sec_login_certify_identity(1):"); debug_return_int(AUTH_FAILURE); } @@ -120,13 +121,13 @@ sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth, struct sudo_ * DCE client and DCE security server... */ if (auth_src != sec_login_auth_src_network) { - (void) fprintf(stderr, + sudo_printf(SUDO_CONV_ERROR_MSG, "You have no network credentials.\n"); debug_return_int(AUTH_FAILURE); } /* Check if the password has aged and is thus no good */ if (reset_passwd) { - (void) fprintf(stderr, + sudo_printf(SUDO_CONV_ERROR_MSG, "Your DCE password needs resetting.\n"); debug_return_int(AUTH_FAILURE); } @@ -186,7 +187,7 @@ check_dce_status(error_status_t input_status, char *comment) if (input_status == rpc_s_ok) debug_return_int(0); dce_error_inq_text(input_status, error_string, &error_stat); - (void) fprintf(stderr, "%s %s\n", comment, error_string); + sudo_printf(SUDO_CONV_ERROR_MSG, "%s %s\n", comment, error_string); debug_return_int(1); } diff --git a/plugins/sudoers/auth/fwtk.c b/plugins/sudoers/auth/fwtk.c index eddd51a35..fb0d7a48d 100644 --- a/plugins/sudoers/auth/fwtk.c +++ b/plugins/sudoers/auth/fwtk.c @@ -104,7 +104,7 @@ restart: pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback); } else if (strncmp(resp, "display ", 8) == 0) { - fprintf(stderr, "%s\n", &resp[8]); + sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", &resp[8]); strlcpy(buf, "response dummy", sizeof(buf)); goto restart; } else { diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c index 740c76ece..7886d65d8 100644 --- a/plugins/sudoers/auth/pam.c +++ b/plugins/sudoers/auth/pam.c @@ -483,14 +483,12 @@ converse(int num_msg, PAM_CONST struct pam_message **msg, reply[n].resp = pass; /* auth_getpass() malloc's a copy */ break; case PAM_TEXT_INFO: - if (pm->msg) - (void) puts(pm->msg); + if (pm->msg != NULL) + sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", pm->msg); break; case PAM_ERROR_MSG: - if (pm->msg) { - (void) fputs(pm->msg, stderr); - (void) fputc('\n', stderr); - } + if (pm->msg != NULL) + sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", pm->msg); break; default: sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, diff --git a/plugins/sudoers/auth/securid5.c b/plugins/sudoers/auth/securid5.c index a822addc1..468eef23f 100644 --- a/plugins/sudoers/auth/securid5.c +++ b/plugins/sudoers/auth/securid5.c @@ -202,8 +202,10 @@ then enter the new token code.\n", \ */ /* XXX - Is setting up a new PIN within sudo's scope? */ SD_Pin(*sd, ""); - fprintf(stderr, "Your SecurID access has not yet been set up.\n"); - fprintf(stderr, "Please set up a PIN before you try to authenticate.\n"); + sudo_printf(SUDO_CONV_ERROR_MSG, + "Your SecurID access has not yet been set up.\n"); + sudo_printf(SUDO_CONV_ERROR_MSG, + "Please set up a PIN before you try to authenticate.\n"); rval = AUTH_FATAL; break;