int
check_user(int validated, int mode)
{
+ struct passwd *auth_pw;
char *timestampdir = NULL;
char *timestampfile = NULL;
char *prompt;
ctim_get(&sb, &tty_info.ctime);
}
+ /* Init authentication system regardless of whether we need a password. */
+ auth_pw = get_authpw();
+ if (sudo_auth_init(auth_pw) == -1) {
+ rval = -1;
+ goto done;
+ }
+
/* Always prompt for a password when -k was specified with the command. */
if (ISSET(mode, MODE_IGNORE_TICKET)) {
SET(validated, FLAG_CHECK_USER);
if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
(!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
user_is_exempt())
- return TRUE;
+ goto done;
}
- if (build_timestamp(×tampdir, ×tampfile) == -1)
- return -1;
+ if (build_timestamp(×tampdir, ×tampfile) == -1) {
+ rval = -1;
+ goto done;
+ }
status = timestamp_status(timestampdir, timestampfile, user_name,
TS_MAKE_DIRS);
if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
- struct passwd *auth_pw;
-
/* Bail out if we are non-interactive and a password is required */
if (ISSET(mode, MODE_NONINTERACTIVE)) {
warningx(_("sorry, a password is required to run %s"), getprogname());
- return -1;
+ rval = -1;
+ goto done;
}
/* XXX - should not lecture if askpass helper is being used. */
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
user_name, user_shost);
- auth_pw = get_authpw();
rval = verify_user(auth_pw, prompt);
- pw_delref(auth_pw);
}
/* Only update timestamp if user was validated. */
if (rval == TRUE && ISSET(validated, VALIDATE_OK) &&
efree(timestampdir);
efree(timestampfile);
+done:
+ sudo_auth_cleanup(auth_pw);
+ pw_delref(auth_pw);
+
return rval;
}