isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Go back to using a callback for runas_default to keep runas_pw in

Browse Source 
sync.  This is needed to make per-entry runas_default settings work
with LDAP-based sudoers.  Instead of declaring it a callback in
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is
a bit naughty, but avoids requiring stub functions in visudo and
the tests.
This commit is contained in:
Todd C. Miller
2011-08-09 14:54:42 -04:00
parent 53656020f7
commit 01ae3d4771
3 changed files with 27 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/sudoers/defaults.h
View File

@@ -48,7 +48,7 @@ struct sudo_defs_types {
int type; int type;
char *desc; char *desc;
struct def_values *values; struct def_values *values;
int (*callback)(char *); int (*callback)(const char *);
union { union {
int flag; int flag;
int ival; int ival;

20
plugins/sudoers/sudoers.c
View File

@@ -88,8 +88,8 @@
static void init_vars(char * const *); static void init_vars(char * const *);
static int set_cmnd(void); static int set_cmnd(void);
static void set_loginclass(struct passwd *); static void set_loginclass(struct passwd *);
static void set_runasgr(char *); static int set_runaspw(const char *);
static void set_runaspw(char *); static int set_runasgr(const char *);
static int sudoers_policy_version(int verbose); static int sudoers_policy_version(int verbose);
static int deserialize_info(char * const settings[], char * const user_info[]); static int deserialize_info(char * const settings[], char * const user_info[]);
static char *find_editor(int nfiles, char **files, char ***argv_out); static char *find_editor(int nfiles, char **files, char ***argv_out);
@@ -821,6 +821,9 @@ init_vars(char * const envp[])
if (user_group_list == NULL) if (user_group_list == NULL)
user_group_list = get_group_list(sudo_user.pw); user_group_list = get_group_list(sudo_user.pw);
/* Set runas callback. */
sudo_defs_table[I_RUNAS_DEFAULT].callback = set_runaspw;
/* It is now safe to use log_error() and set_perms() */ /* It is now safe to use log_error() and set_perms() */
} }
@@ -906,9 +909,6 @@ set_cmnd(void)
if (!update_defaults(SETDEF_CMND)) if (!update_defaults(SETDEF_CMND))
log_error(NO_STDERR|NO_EXIT, _("problem with defaults entries")); log_error(NO_STDERR|NO_EXIT, _("problem with defaults entries"));
if (!runas_user && !runas_group)
set_runaspw(def_runas_default); /* may have been updated above */
return rval; return rval;
} }
@@ -1074,8 +1074,8 @@ set_fqdn(void)
* Get passwd entry for the user we are going to run commands as * Get passwd entry for the user we are going to run commands as
* and store it in runas_pw. By default, commands run as "root". * and store it in runas_pw. By default, commands run as "root".
*/ */
static void int
set_runaspw(char *user) set_runaspw(const char *user)
{ {
if (runas_pw != NULL) if (runas_pw != NULL)
pw_delref(runas_pw); pw_delref(runas_pw);
@@ -1086,14 +1086,15 @@ set_runaspw(char *user)
if ((runas_pw = sudo_getpwnam(user)) == NULL) if ((runas_pw = sudo_getpwnam(user)) == NULL)
log_error(NO_MAIL|MSG_ONLY, _("unknown user: %s"), user); log_error(NO_MAIL|MSG_ONLY, _("unknown user: %s"), user);
} }
return TRUE;
} }
/* /*
* Get group entry for the group we are going to run commands as * Get group entry for the group we are going to run commands as
* and store it in runas_gr. * and store it in runas_gr.
*/ */
static void static int
set_runasgr(char *group) set_runasgr(const char *group)
{ {
if (runas_gr != NULL) if (runas_gr != NULL)
gr_delref(runas_gr); gr_delref(runas_gr);
@@ -1104,6 +1105,7 @@ set_runasgr(char *group)
if ((runas_gr = sudo_getgrnam(group)) == NULL) if ((runas_gr = sudo_getgrnam(group)) == NULL)
log_error(NO_MAIL|MSG_ONLY, _("unknown group: %s"), group); log_error(NO_MAIL|MSG_ONLY, _("unknown group: %s"), group);
} }
return TRUE;
} }
/* /*

21
plugins/sudoers/testsudoers.c
View File

@@ -78,9 +78,9 @@ void print_defaults(void);
void print_privilege(struct privilege *); void print_privilege(struct privilege *);
void print_userspecs(void); void print_userspecs(void);
void usage(void) __attribute__((__noreturn__)); void usage(void) __attribute__((__noreturn__));
void set_runasgr(char *);
void set_runaspw(char *);
void cleanup(int); void cleanup(int);
static int set_runaspw(const char *);
static int set_runasgr(const char *);
static int testsudoers_printf(int msg_type, const char *fmt, ...); static int testsudoers_printf(int msg_type, const char *fmt, ...);
static int testsudoers_print(const char *msg); static int testsudoers_print(const char *msg);
@@ -235,6 +235,9 @@ main(int argc, char *argv[])
/* Initialize default values. */ /* Initialize default values. */
init_defaults(); init_defaults();
/* Set runas callback. */
sudo_defs_table[I_RUNAS_DEFAULT].callback = set_runaspw;
/* Load ip addr/mask for each interface. */ /* Load ip addr/mask for each interface. */
if (get_net_ifs(&p) > 0) if (get_net_ifs(&p) > 0)
set_interfaces(p); set_interfaces(p);
@@ -319,9 +322,11 @@ main(int argc, char *argv[])
exit(match == ALLOW ? 0 : match + 3); exit(match == ALLOW ? 0 : match + 3);
} }
void static int
set_runaspw(char *user) set_runaspw(const char *user)
{ {
if (runas_pw != NULL)
pw_delref(runas_pw);
if (*user == '#') { if (*user == '#') {
if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL)
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
@@ -329,11 +334,14 @@ set_runaspw(char *user)
if ((runas_pw = sudo_getpwnam(user)) == NULL) if ((runas_pw = sudo_getpwnam(user)) == NULL)
errorx(1, _("unknown user: %s"), user); errorx(1, _("unknown user: %s"), user);
} }
return TRUE;
} }
void static int
set_runasgr(char *group) set_runasgr(const char *group)
{ {
if (runas_gr != NULL)
gr_delref(runas_gr);
if (*group == '#') { if (*group == '#') {
if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL) if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL)
runas_gr = sudo_fakegrnam(group); runas_gr = sudo_fakegrnam(group);
@@ -341,6 +349,7 @@ set_runasgr(char *group)
if ((runas_gr = sudo_getgrnam(group)) == NULL) if ((runas_gr = sudo_getgrnam(group)) == NULL)
errorx(1, _("unknown group: %s"), group); errorx(1, _("unknown group: %s"), group);
} }
return TRUE;
} }
void void