From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 7 Nov 2008 17:45:52 +0000 (+0000)
Subject: No longer treat an empty password at the prompt as special.  To
X-Git-Tag: SUDO_1_7_0~46
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ff175f7f0af1012a1724e4774090edc97c5b3bbc;p=sudo

No longer treat an empty password at the prompt as special.  To
quit out of sudo you now need to hit ^C at the password prompt.
---

diff --git a/auth/bsdauth.c b/auth/bsdauth.c
index d6573aa2b..96b5a03aa 100644
--- a/auth/bsdauth.c
+++ b/auth/bsdauth.c
@@ -104,7 +104,6 @@ bsdauth_verify(pw, prompt, auth)
     int authok = 0;
     sigaction_t sa, osa;
     auth_session_t *as = (auth_session_t *) auth->data;
-    extern int nil_pw;
 
     /* save old signal handler */
     sigemptyset(&sa.sa_mask);
@@ -142,9 +141,6 @@ bsdauth_verify(pw, prompt, auth)
 	}
     }
 
-    if (!pass || *pass == '\0')		/* ^C or empty password */
-	nil_pw = 1;
-
     if (pass) {
 	authok = auth_userresponse(as, pass, 1);
 	zero_bytes(pass, strlen(pass));
@@ -156,6 +152,9 @@ bsdauth_verify(pw, prompt, auth)
     if (authok)
 	return(AUTH_SUCCESS);
 
+    if (!pass)
+	return(AUTH_INTR);
+
     if ((s = auth_getvalue(as, "errormsg")) != NULL)
 	log_error(NO_EXIT|NO_MAIL, "%s", s);
     return(AUTH_FAILURE);
diff --git a/auth/fwtk.c b/auth/fwtk.c
index 2d0d9d975..f3f4cc552 100644
--- a/auth/fwtk.c
+++ b/auth/fwtk.c
@@ -95,7 +95,6 @@ fwtk_verify(pw, prompt, auth)
     char buf[SUDO_PASS_MAX + 12];	/* General prupose buffer */
     char resp[128];			/* Response from the server */
     int error;
-    extern int nil_pw;
 
     /* Send username to authentication server. */
     (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name);
@@ -127,10 +126,8 @@ restart:
 	return(AUTH_FATAL);
     }
     if (!pass) {			/* ^C or error */
-	nil_pw = 1;
-	return(AUTH_FAILURE);
-    } else if (*pass == '\0')		/* empty password */
-	nil_pw = 1;
+	return(AUTH_INTR);
+    }
 
     /* Send the user's response to the server */
     (void) snprintf(buf, sizeof(buf), "response '%s'", pass);
diff --git a/auth/pam.c b/auth/pam.c
index 8ab231961..a13168c6d 100644
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -78,6 +78,7 @@ __unused static const char rcsid[] = "$Sudo$";
 static int sudo_conv __P((int, PAM_CONST struct pam_message **,
 			  struct pam_response **, void *));
 static char *def_prompt;
+static int gotintr;
 
 #ifndef PAM_DATA_SILENT
 #define PAM_DATA_SILENT	0
@@ -162,6 +163,10 @@ pam_verify(pw, prompt, auth)
 	    }
 	    /* FALLTHROUGH */
 	case PAM_AUTH_ERR:
+	    if (gotintr) {
+		/* error or ^C from tgetpass() */
+		return(AUTH_INTR);
+	    }
 	case PAM_MAXTRIES:
 	case PAM_PERM_DENIED:
 	    return(AUTH_FAILURE);
@@ -251,7 +256,6 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
     const char *prompt;
     char *pass;
     int n, flags, std_prompt;
-    extern int nil_pw;
 
     if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
 	return(PAM_CONV_ERR);
@@ -286,14 +290,11 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
 		pass = tgetpass(prompt, def_passwd_timeout * 60, flags);
 		if (pass == NULL) {
 		    /* We got ^C instead of a password; abort quickly. */
-		    nil_pw = 1;
+		    gotintr = 1;
 		    goto err;
 		}
 		pr->resp = estrdup(pass);
-		if (*pr->resp == '\0')
-		    nil_pw = 1;		/* empty password */
-		else
-		    zero_bytes(pass, strlen(pass));
+		zero_bytes(pass, strlen(pass));
 		break;
 	    case PAM_TEXT_INFO:
 		if (pm->msg)
diff --git a/auth/sudo_auth.c b/auth/sudo_auth.c
index 4ee39c1d1..834924cc1 100644
--- a/auth/sudo_auth.c
+++ b/auth/sudo_auth.c
@@ -88,8 +88,6 @@ sudo_auth auth_switch[] = {
     AUTH_ENTRY(0, NULL, NULL, NULL, NULL, NULL)
 };
 
-int nil_pw;		/* I hate resorting to globals like this... */
-
 void
 verify_user(pw, prompt)
     struct passwd *pw;
@@ -156,14 +154,11 @@ verify_user(pw, prompt)
 	}
 
 	/* Get the password unless the auth function will do it for us */
-	nil_pw = 0;
 #ifdef AUTH_STANDALONE
 	p = prompt;
 #else
 	p = (char *) tgetpass(prompt, def_passwd_timeout * 60,
 	    tgetpass_flags);
-	if (!p || *p == '\0')
-	    nil_pw = 1;
 #endif /* AUTH_STANDALONE */
 
 	/* Call authentication functions. */
@@ -186,15 +181,6 @@ verify_user(pw, prompt)
 	if (p)
 	    zero_bytes(p, strlen(p));
 #endif
-
-	/* Exit loop on nil password, but give it a chance to match first. */
-	if (nil_pw) {
-	    if (counter == def_passwd_tries)
-		exit(1);
-	    else
-		break;
-	}
-
 	if (!ISSET(tgetpass_flags, TGP_ASKPASS))
 	    pass_warn(stderr);
     }
@@ -219,14 +205,18 @@ cleanup:
 	case AUTH_SUCCESS:
 	    (void) sigaction(SIGTSTP, &osa, NULL);
 	    return;
+	case AUTH_INTR:
 	case AUTH_FAILURE:
-	    if (def_mail_badpass || def_mail_always)
-		flags = 0;
-	    else
-		flags = NO_MAIL;
-	    log_error(flags, "%d incorrect password attempt%s",
-		def_passwd_tries - counter,
-		(def_passwd_tries - counter == 1) ? "" : "s");
+	    if (counter != def_passwd_tries) {
+		if (def_mail_badpass || def_mail_always)
+		    flags = 0;
+		else
+		    flags = NO_MAIL;
+		log_error(flags, "%d incorrect password attempt%s",
+		    def_passwd_tries - counter,
+		    (def_passwd_tries - counter == 1) ? "" : "s");
+	    }
+	    /* FALLTHROUGH */
 	case AUTH_FATAL:
 	    exit(1);
     }
diff --git a/auth/sudo_auth.h b/auth/sudo_auth.h
index 2783744b2..d45474a7e 100644
--- a/auth/sudo_auth.h
+++ b/auth/sudo_auth.h
@@ -22,7 +22,8 @@
 /* Auth function return values.  */
 #define AUTH_SUCCESS	0
 #define AUTH_FAILURE	1
-#define AUTH_FATAL	2
+#define AUTH_INTR	2
+#define AUTH_FATAL	3
 
 typedef struct sudo_auth {
     short flags;		/* various flags, see below */