From 07ed5b86f23c246ecc6b9bd171242f26c001fb08 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 26 May 2019 16:29:08 -0600 Subject: [PATCH] When using AIX auth, don't display the AIX password incorrect message. Avoids a "3004-300 You entered an invalid login name or password" message in addition to sudo's own "Sorry, try again" message. --- plugins/sudoers/auth/aix_auth.c | 34 +++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/plugins/sudoers/auth/aix_auth.c b/plugins/sudoers/auth/aix_auth.c index 0c85ebbe8..41d40941e 100644 --- a/plugins/sudoers/auth/aix_auth.c +++ b/plugins/sudoers/auth/aix_auth.c @@ -147,6 +147,28 @@ sudo_aix_init(struct passwd *pw, sudo_auth *auth) debug_return_int(AUTH_SUCCESS); } +/* Ignore AIX password incorrect message */ +static bool +sudo_aix_valid_message(const char *message) +{ + const char *cp; + const char badpass_msgid[] = "3004-300"; + debug_decl(sudo_aix_valid_message, SUDOERS_DEBUG_AUTH) + + if (message == NULL || message[0] == '\0') + debug_return_bool(false); + + /* Match "3004-300: You entered an invalid login name or password" */ + for (cp = message; *cp != '\0'; cp++) { + if (isdigit((unsigned char)*cp)) { + if (strncmp(cp, badpass_msgid, strlen(badpass_msgid)) == 0) + debug_return_bool(false); + break; + } + } + debug_return_bool(true); +} + int sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) { @@ -169,16 +191,8 @@ sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co if (result != 0) { /* Display error message, if any. */ - if (message != NULL) { - struct sudo_conv_message msg; - struct sudo_conv_reply repl; - - memset(&msg, 0, sizeof(msg)); - msg.msg_type = SUDO_CONV_ERROR_MSG; - msg.msg = message; - memset(&repl, 0, sizeof(repl)); - sudo_conv(1, &msg, &repl, NULL); - } + if (sudo_aix_valid_message(message)) + sudo_printf(SUDO_CONV_ERROR_MSG, "%s", message); ret = pass ? AUTH_FAILURE : AUTH_INTR; } free(message); -- 2.40.0