1 files changed, 28 insertions, 20 deletions

diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c
index 2d972887d..f887a07d0 100644
--- a/plugins/sudoers/auth/bsdauth.c
+++ b/plugins/sudoers/auth/bsdauth.c
@@ -54,6 +54,8 @@ struct bsdauth_state {
     login_cap_t *lc;
 };
 
+static char *login_style;	/* user may set style via -a option */
+
 int
 bsdauth_init(struct passwd *pw, sudo_auth *auth)
 {
@@ -65,42 +67,42 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
 	debug_return_int(AUTH_SUCCESS);
 
     /* Get login class based on auth user, which may not be invoking user. */
-    if (pw->pw_class && *pw->pw_class)
+    if (pw->pw_class && *pw->pw_class) {
 	state.lc = login_getclass(pw->pw_class);
-    else
-	state.lc = login_getclass(pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS);
-    if (state.lc == NULL) {
-	log_warning(0,
-	    N_("unable to get login class for user %s"), pw->pw_name);
-	debug_return_int(AUTH_FATAL);
+    } else {
+	state.lc = login_getclass(
+	    pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS);
     }
-
-    if ((state.as = auth_open()) == NULL) {
-	log_warning(0, N_("unable to begin bsd authentication"));
-	login_close(state.lc);
-	debug_return_int(AUTH_FATAL);
+    if (state.lc == NULL) {
+	log_warning(0, N_("unable to get login class for user %s"),
+	    pw->pw_name);
+	goto bad;
     }
 
-    /* XXX - maybe check the auth style earlier? */
     login_style = login_getstyle(state.lc, login_style, (char *)"auth-sudo");
     if (login_style == NULL) {
 	log_warningx(0, N_("invalid authentication type"));
-	auth_close(state.as);
-	login_close(state.lc);
-	debug_return_int(AUTH_FATAL);
+	goto bad;
     }
 
-     if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
+    if ((state.as = auth_open()) == NULL) {
+	log_warning(0, N_("unable to begin BSD authentication"));
+	goto bad;
+    }
+
+    if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
 	auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 ||
 	auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) {
 	log_warningx(0, N_("unable to initialize BSD authentication"));
-	auth_close(state.as);
-	login_close(state.lc);
-	debug_return_int(AUTH_FATAL);
+	goto bad;
     }
 
     auth->data = (void *) &state;
     debug_return_int(AUTH_SUCCESS);
+bad:
+    auth_close(state.as);
+    login_close(state.lc);
+    debug_return_int(AUTH_FATAL);
 }
 
 int
@@ -209,4 +211,10 @@ bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
     debug_return_int(AUTH_SUCCESS);
 }
 
+void
+bsdauth_set_style(const char *style)
+{
+    login_style = (char *)style;
+}
+
 #endif /* HAVE_BSD_AUTH_H */