Merge check_user() and check_user_interactive(), move getpass callbacks.

The getpass callbacks are now defined in sudo_auth.c, which implements auth_getpass(). As a result, struct getpass_closure is now public and defined in timestamp.h.
2025-09-01 06:45:10 +00:00 · 2023-09-09 14:07:11 -06:00
parent 0495afac57
commit 28a13501d8
3 changed files with 131 additions and 150 deletions
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -247,6 +247,35 @@ user_interrupted(void)
 	(sigismember(&mask, SIGINT) || sigismember(&mask, SIGQUIT)));
 }

+/*
+ * Called when getpass is suspended so we can drop the lock.
+ */
+static int
+getpass_suspend(int signo, void *vclosure)
+{
+    struct getpass_closure *closure = vclosure;
+
+    timestamp_close(closure->cookie);
+    closure->cookie = NULL;
+    return 0;
+}
+
+/*
+ * Called when getpass is resumed so we can reacquire the lock.
+ */
+static int
+getpass_resume(int signo, void *vclosure)
+{
+    struct getpass_closure *closure = vclosure;
+
+    closure->cookie = timestamp_open(closure->ctx);
+    if (closure->cookie == NULL)
+	return -1;
+    if (!timestamp_lock(closure->cookie, closure->auth_pw))
+	return -1;
+    return 0;
+}
+
 /*
 * Verify the specified user.
 * Returns AUTH_SUCCESS, AUTH_FAILURE or AUTH_ERROR.
@@ -273,6 +302,8 @@ verify_user(const struct sudoers_context *ctx, struct passwd *pw, char *prompt,
    }

    /* Enable suspend during password entry. */
+    callback->on_suspend = getpass_suspend;
+    callback->on_resume = getpass_resume;
    sigemptyset(&sa.sa_mask);
    sa.sa_flags = SA_RESTART;
    sa.sa_handler = SIG_DFL;