Bug 777

Summary: sudo_auth.h wrong prototype if !HAVE_KRB5_VERIFY_USER
Product: Sudo Reporter: Philip Brown <phil>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.19   
Hardware: PC   
OS: All   

Description Philip Brown 2017-03-10 11:43:13 MST 
auth/kerb5.c
has

#ifdef HAVE_KRB5_VERIFY_USER
int
sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_con
v_callback *callback)

 ...
#else
sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth)
...
#endif

The prototypes in sudo_auth.h need a similar #ifdef.
Breaks compilation.
Comment 1 Todd C. Miller 2017-03-10 11:53:16 MST 
Fixed by https://www.sudo.ws/repos/sudo/rev/eafd4e2d7c7f
Comment 2 Philip Brown 2017-03-10 12:07:34 MST 
Errr...
thats a bogus fix.

well, i guess technically it WORKS.. but it's horrible coding practice :(
Its putting lies in the code :(

You just added an unused parameter.
The proper way would be to fix the prototype def in sudo_auth.h
Comment 3 Todd C. Miller 2017-03-10 12:10:57 MST 
The fix is correct, your analysis is wrong.  All the auth verify functions now take a callback parameter which may or may not be used by the particular authentication method.  The function is called like this:

success = auth->status = (auth->verify)(pw, standalone ? prompt : pass, auth, callback);

I just missed adding it to the other declaration of sudo_krb5_verify() when the callback parameter was added.
Comment 4 Philip Brown 2017-03-10 12:19:11 MST 
oh. fair enough then :)