Bug 777 – sudo_auth.h wrong prototype if !HAVE_KRB5_VERIFY_USER

Bug 777 - sudo_auth.h wrong prototype if !HAVE_KRB5_VERIFY_USER


Summary:	sudo_auth.h wrong prototype if !HAVE_KRB5_VERIFY_USER

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.19
Hardware:	PC All

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-03-10 11:43 MST by Philip Brown
Modified:	2017-03-10 12:19 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philip Brown 2017-03-10 11:43:13 MST

auth/kerb5.c
has

#ifdef HAVE_KRB5_VERIFY_USER
int
sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_con
v_callback *callback)

 ...
#else
sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth)
...
#endif

The prototypes in sudo_auth.h need a similar #ifdef.
Breaks compilation.

Comment 1 Todd C. Miller 2017-03-10 11:53:16 MST

Fixed by https://www.sudo.ws/repos/sudo/rev/eafd4e2d7c7f

Comment 2 Philip Brown 2017-03-10 12:07:34 MST

Errr...
thats a bogus fix.

well, i guess technically it WORKS.. but it's horrible coding practice :(
Its putting lies in the code :(

You just added an unused parameter.
The proper way would be to fix the prototype def in sudo_auth.h

Comment 3 Todd C. Miller 2017-03-10 12:10:57 MST

The fix is correct, your analysis is wrong.  All the auth verify functions now take a callback parameter which may or may not be used by the particular authentication method.  The function is called like this:

success = auth->status = (auth->verify)(pw, standalone ? prompt : pass, auth, callback);

I just missed adding it to the other declaration of sudo_krb5_verify() when the callback parameter was added.

Comment 4 Philip Brown 2017-03-10 12:19:11 MST

oh. fair enough then :)