# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <pwd.h>
+#include <usersec.h>
#include "sudoers.h"
#include "sudo_auth.h"
int
aixauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
{
- char *pass;
- char *message = NULL;
- int reenter = 1;
- int rval = AUTH_FAILURE;
+ char *pass, *message = NULL;
+ int result = 1, reenter = 0;
+ int rval = AUTH_SUCCESS;
- pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
- if (pass) {
- /* XXX - should probably print message on failure. */
- if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
- rval = AUTH_SUCCESS;
- free(message);
+ do {
+ pass = auth_getpass(prompt, def_passwd_timeout * 60,
+ SUDO_CONV_PROMPT_ECHO_OFF);
+ if (pass == NULL)
+ break;
+ efree(message);
+ message = NULL;
+ result = authenticate(pw->pw_name, pass, &reenter, &message);
zero_bytes(pass, strlen(pass));
+ prompt = message;
+ } while (reenter);
+
+ if (result != 0) {
+ /* Display error message, if any. */
+ if (message != NULL) {
+ struct sudo_conv_message msg;
+ struct sudo_conv_reply repl;
+
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_type = SUDO_CONV_ERROR_MSG;
+ msg.msg = message;
+ memset(&repl, 0, sizeof(repl));
+ sudo_conv(1, &msg, &repl);
+ }
+ rval = pass ? AUTH_FAILURE : AUTH_INTR;
}
+ efree(message);
return rval;
}
projects / debian / sudo / blobdiff