From 2b6085760cab794cbfd480ca9d81c04865d46a4d Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 10 Aug 2015 20:17:02 -0600 Subject: [PATCH] In sudo_pam_begin_session() and sudo_pam_end_session() return AUTH_FATAL on error, not AUTH_FAILURE. In sudo_auth_begin_session() treat anything other than AUTH_SUCCESS as a fatal error. --- plugins/sudoers/auth/pam.c | 6 +++--- plugins/sudoers/auth/sudo_auth.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c index 4cfbca909..ccd0d1ebc 100644 --- a/plugins/sudoers/auth/pam.c +++ b/plugins/sudoers/auth/pam.c @@ -279,7 +279,7 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth) "pam_end: %s", errstr ? errstr : "unknown error"); } pamh = NULL; - status = AUTH_FAILURE; + status = AUTH_FATAL; goto done; } } @@ -295,7 +295,7 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth) if (pam_envp != NULL) { /* Merge pam env with user env. */ if (!env_init(*user_envp) || !env_merge(pam_envp)) - status = AUTH_FAILURE; + status = AUTH_FATAL; *user_envp = env_get(); (void)env_init(NULL); free(pam_envp); @@ -348,7 +348,7 @@ sudo_pam_end_session(struct passwd *pw, sudo_auth *auth) const char *errstr = pam_strerror(pamh, rc); sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "pam_end: %s", errstr ? errstr : "unknown error"); - status = AUTH_FAILURE; + status = AUTH_FATAL; } pamh = NULL; } diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c index 83bd08588..9b86f3855 100644 --- a/plugins/sudoers/auth/sudo_auth.c +++ b/plugins/sudoers/auth/sudo_auth.c @@ -342,11 +342,11 @@ sudo_auth_begin_session(struct passwd *pw, char **user_env[]) for (auth = auth_switch; auth->name; auth++) { if (auth->begin_session && !IS_DISABLED(auth)) { status = (auth->begin_session)(pw, user_env, auth); - if (status == AUTH_FATAL) + if (status != AUTH_SUCCESS) break; /* assume error msg already printed */ } } - debug_return_int(status == AUTH_FATAL ? -1 : 1); + debug_return_int(status == AUTH_SUCCESS ? 1 : -1); } bool -- 2.49.0