diff --git a/plugins/sudoers/defaults.h b/plugins/sudoers/defaults.h index 13291240c..711a7ad4a 100644 --- a/plugins/sudoers/defaults.h +++ b/plugins/sudoers/defaults.h @@ -48,7 +48,7 @@ struct sudo_defs_types { int type; char *desc; struct def_values *values; - int (*callback)(char *); + int (*callback)(const char *); union { int flag; int ival; diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 8a8d1ad55..38d1a5e6a 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -88,8 +88,8 @@ static void init_vars(char * const *); static int set_cmnd(void); static void set_loginclass(struct passwd *); -static void set_runasgr(char *); -static void set_runaspw(char *); +static int set_runaspw(const char *); +static int set_runasgr(const char *); static int sudoers_policy_version(int verbose); static int deserialize_info(char * const settings[], char * const user_info[]); static char *find_editor(int nfiles, char **files, char ***argv_out); @@ -821,6 +821,9 @@ init_vars(char * const envp[]) if (user_group_list == NULL) user_group_list = get_group_list(sudo_user.pw); + /* Set runas callback. */ + sudo_defs_table[I_RUNAS_DEFAULT].callback = set_runaspw; + /* It is now safe to use log_error() and set_perms() */ } @@ -906,9 +909,6 @@ set_cmnd(void) if (!update_defaults(SETDEF_CMND)) log_error(NO_STDERR|NO_EXIT, _("problem with defaults entries")); - if (!runas_user && !runas_group) - set_runaspw(def_runas_default); /* may have been updated above */ - return rval; } @@ -1074,8 +1074,8 @@ set_fqdn(void) * Get passwd entry for the user we are going to run commands as * and store it in runas_pw. By default, commands run as "root". */ -static void -set_runaspw(char *user) +int +set_runaspw(const char *user) { if (runas_pw != NULL) pw_delref(runas_pw); @@ -1086,14 +1086,15 @@ set_runaspw(char *user) if ((runas_pw = sudo_getpwnam(user)) == NULL) log_error(NO_MAIL|MSG_ONLY, _("unknown user: %s"), user); } + return TRUE; } /* * Get group entry for the group we are going to run commands as * and store it in runas_gr. */ -static void -set_runasgr(char *group) +static int +set_runasgr(const char *group) { if (runas_gr != NULL) gr_delref(runas_gr); @@ -1104,6 +1105,7 @@ set_runasgr(char *group) if ((runas_gr = sudo_getgrnam(group)) == NULL) log_error(NO_MAIL|MSG_ONLY, _("unknown group: %s"), group); } + return TRUE; } /* diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index 28a433113..7e1bd1d1f 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -78,9 +78,9 @@ void print_defaults(void); void print_privilege(struct privilege *); void print_userspecs(void); void usage(void) __attribute__((__noreturn__)); -void set_runasgr(char *); -void set_runaspw(char *); void cleanup(int); +static int set_runaspw(const char *); +static int set_runasgr(const char *); static int testsudoers_printf(int msg_type, const char *fmt, ...); static int testsudoers_print(const char *msg); @@ -235,6 +235,9 @@ main(int argc, char *argv[]) /* Initialize default values. */ init_defaults(); + /* Set runas callback. */ + sudo_defs_table[I_RUNAS_DEFAULT].callback = set_runaspw; + /* Load ip addr/mask for each interface. */ if (get_net_ifs(&p) > 0) set_interfaces(p); @@ -319,9 +322,11 @@ main(int argc, char *argv[]) exit(match == ALLOW ? 0 : match + 3); } -void -set_runaspw(char *user) +static int +set_runaspw(const char *user) { + if (runas_pw != NULL) + pw_delref(runas_pw); if (*user == '#') { if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); @@ -329,11 +334,14 @@ set_runaspw(char *user) if ((runas_pw = sudo_getpwnam(user)) == NULL) errorx(1, _("unknown user: %s"), user); } + return TRUE; } -void -set_runasgr(char *group) +static int +set_runasgr(const char *group) { + if (runas_gr != NULL) + gr_delref(runas_gr); if (*group == '#') { if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL) runas_gr = sudo_fakegrnam(group); @@ -341,6 +349,7 @@ set_runasgr(char *group) if ((runas_gr = sudo_getgrnam(group)) == NULL) errorx(1, _("unknown group: %s"), group); } + return TRUE; } void