static pam_handle_t *pamh;
int
-pam_init(struct passwd *pw, sudo_auth *auth)
+sudo_pam_init(struct passwd *pw, sudo_auth *auth)
{
static struct pam_conv pam_conv;
static int pam_status;
+ debug_decl(sudo_pam_init, SUDO_DEBUG_AUTH)
/* Initial PAM setup */
if (auth != NULL)
pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
if (pam_status != PAM_SUCCESS) {
log_error(USE_ERRNO|NO_EXIT|NO_MAIL, _("unable to initialize PAM"));
- return AUTH_FATAL;
+ debug_return_int(AUTH_FATAL);
}
/*
else
(void) pam_set_item(pamh, PAM_TTY, user_ttypath);
- return AUTH_SUCCESS;
+ debug_return_int(AUTH_SUCCESS);
}
int
-pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
+sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
{
const char *s;
int *pam_status = (int *) auth->data;
+ debug_decl(sudo_pam_verify, SUDO_DEBUG_AUTH)
def_prompt = prompt; /* for converse */
*pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
- return AUTH_SUCCESS;
+ debug_return_int(AUTH_SUCCESS);
case PAM_AUTH_ERR:
log_error(NO_EXIT|NO_MAIL, _("account validation failure, "
"is your account locked?"));
- return AUTH_FATAL;
+ debug_return_int(AUTH_FATAL);
case PAM_NEW_AUTHTOK_REQD:
log_error(NO_EXIT|NO_MAIL, _("Account or password is "
"expired, reset your password and try again"));
*pam_status = pam_chauthtok(pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
if (*pam_status == PAM_SUCCESS)
- return AUTH_SUCCESS;
+ debug_return_int(AUTH_SUCCESS);
if ((s = pam_strerror(pamh, *pam_status)))
log_error(NO_EXIT|NO_MAIL, _("pam_chauthtok: %s"), s);
- return AUTH_FAILURE;
+ debug_return_int(AUTH_FAILURE);
case PAM_AUTHTOK_EXPIRED:
log_error(NO_EXIT|NO_MAIL,
_("Password expired, contact your system administrator"));
- return AUTH_FATAL;
+ debug_return_int(AUTH_FATAL);
case PAM_ACCT_EXPIRED:
log_error(NO_EXIT|NO_MAIL,
_("Account expired or PAM config lacks an \"account\" "
"section for sudo, contact your system administrator"));
- return AUTH_FATAL;
+ debug_return_int(AUTH_FATAL);
}
/* FALLTHROUGH */
case PAM_AUTH_ERR:
if (gotintr) {
/* error or ^C from tgetpass() */
- return AUTH_INTR;
+ debug_return_int(AUTH_INTR);
}
case PAM_MAXTRIES:
case PAM_PERM_DENIED:
- return AUTH_FAILURE;
+ debug_return_int(AUTH_FAILURE);
default:
if ((s = pam_strerror(pamh, *pam_status)))
log_error(NO_EXIT|NO_MAIL, _("pam_authenticate: %s"), s);
- return AUTH_FATAL;
+ debug_return_int(AUTH_FATAL);
}
}
int
-pam_cleanup(struct passwd *pw, sudo_auth *auth)
+sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth)
{
int *pam_status = (int *) auth->data;
+ debug_decl(sudo_pam_cleanup, SUDO_DEBUG_AUTH)
/* If successful, we can't close the session until pam_end_session() */
if (*pam_status == AUTH_SUCCESS)
- return AUTH_SUCCESS;
+ debug_return_int(AUTH_SUCCESS);
*pam_status = pam_end(pamh, *pam_status | PAM_DATA_SILENT);
pamh = NULL;
- return *pam_status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE;
+ debug_return_int(*pam_status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
}
int
-pam_begin_session(struct passwd *pw, sudo_auth *auth)
+sudo_pam_begin_session(struct passwd *pw, sudo_auth *auth)
{
int status = PAM_SUCCESS;
+ debug_decl(sudo_pam_begin_session, SUDO_DEBUG_AUTH)
/*
* If there is no valid user we cannot open a PAM session.
#endif
done:
- return status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE;
+ debug_return_int(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
}
int
-pam_end_session(struct passwd *pw, sudo_auth *auth)
+sudo_pam_end_session(struct passwd *pw, sudo_auth *auth)
{
int status = PAM_SUCCESS;
+ debug_decl(sudo_pam_end_session, SUDO_DEBUG_AUTH)
if (pamh != NULL) {
#ifndef NO_PAM_SESSION
pamh = NULL;
}
- return status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE;
+ debug_return_int(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
}
/*
const char *prompt;
char *pass;
int n, type, std_prompt;
+ debug_decl(converse, SUDO_DEBUG_AUTH)
if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
- return PAM_SYSTEM_ERR;
+ debug_return_int(PAM_SYSTEM_ERR);
zero_bytes(*response, num_msg * sizeof(struct pam_response));
for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) {
}
}
- return PAM_SUCCESS;
+ debug_return_int(PAM_SUCCESS);
err:
/* Zero and free allocated memory and return an error. */
zero_bytes(*response, num_msg * sizeof(struct pam_response));
free(*response);
*response = NULL;
- return gotintr ? PAM_AUTH_ERR : PAM_CONV_ERR;
+ debug_return_int(gotintr ? PAM_AUTH_ERR : PAM_CONV_ERR);
}