diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-05-04 13:06:09 -0600 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-05-04 13:06:09 -0600 |
commit | eb96cfe459a08537811631911688148915b61fff (patch) | |
tree | 57e51fb4b2f979d3331d5f990f822df776939929 /plugins/sudoers/auth/bsdauth.c | |
parent | edde95eb4272efa35f20389442342255a4823296 (diff) | |
download | sudo-eb96cfe459a08537811631911688148915b61fff.tar.gz |
Make login_style private to bsdauth.c
Add a setter for policy.c to handle auth_type from the front-end.
Diffstat (limited to 'plugins/sudoers/auth/bsdauth.c')
-rw-r--r-- | plugins/sudoers/auth/bsdauth.c | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c index 2d972887d..f887a07d0 100644 --- a/plugins/sudoers/auth/bsdauth.c +++ b/plugins/sudoers/auth/bsdauth.c @@ -54,6 +54,8 @@ struct bsdauth_state { login_cap_t *lc; }; +static char *login_style; /* user may set style via -a option */ + int bsdauth_init(struct passwd *pw, sudo_auth *auth) { @@ -65,42 +67,42 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) debug_return_int(AUTH_SUCCESS); /* Get login class based on auth user, which may not be invoking user. */ - if (pw->pw_class && *pw->pw_class) + if (pw->pw_class && *pw->pw_class) { state.lc = login_getclass(pw->pw_class); - else - state.lc = login_getclass(pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS); - if (state.lc == NULL) { - log_warning(0, - N_("unable to get login class for user %s"), pw->pw_name); - debug_return_int(AUTH_FATAL); + } else { + state.lc = login_getclass( + pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS); } - - if ((state.as = auth_open()) == NULL) { - log_warning(0, N_("unable to begin bsd authentication")); - login_close(state.lc); - debug_return_int(AUTH_FATAL); + if (state.lc == NULL) { + log_warning(0, N_("unable to get login class for user %s"), + pw->pw_name); + goto bad; } - /* XXX - maybe check the auth style earlier? */ login_style = login_getstyle(state.lc, login_style, (char *)"auth-sudo"); if (login_style == NULL) { log_warningx(0, N_("invalid authentication type")); - auth_close(state.as); - login_close(state.lc); - debug_return_int(AUTH_FATAL); + goto bad; } - if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 || + if ((state.as = auth_open()) == NULL) { + log_warning(0, N_("unable to begin BSD authentication")); + goto bad; + } + + if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 || auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 || auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) { log_warningx(0, N_("unable to initialize BSD authentication")); - auth_close(state.as); - login_close(state.lc); - debug_return_int(AUTH_FATAL); + goto bad; } auth->data = (void *) &state; debug_return_int(AUTH_SUCCESS); +bad: + auth_close(state.as); + login_close(state.lc); + debug_return_int(AUTH_FATAL); } int @@ -209,4 +211,10 @@ bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force) debug_return_int(AUTH_SUCCESS); } +void +bsdauth_set_style(const char *style) +{ + login_style = (char *)style; +} + #endif /* HAVE_BSD_AUTH_H */ |