isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If the invoking user cannot be resolved by uid fake the struct

Browse Source 
passwd and store it in the cache so we can delref it on exit.
This commit is contained in:
Todd C. Miller
2011-09-25 06:35:40 -04:00
parent 842526d71f
commit 05bfd66693
3 changed files with 22 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
plugins/sudoers/pwutil.c
View File

@@ -312,10 +312,10 @@ done:
} }
/* /*
* Take a uid in string form "#123" and return a faked up passwd struct. * Take a user, uid and gid and return a faked up passwd struct.
*/ */
struct passwd * struct passwd *
sudo_fakepwnam(const char *user, gid_t gid) sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid)
{ {
struct cache_item *item; struct cache_item *item;
struct passwd *pw; struct passwd *pw;
@@ -332,7 +332,7 @@ sudo_fakepwnam(const char *user, gid_t gid)
item = emalloc(len); item = emalloc(len);
zero_bytes(item, sizeof(*item) + sizeof(*pw)); zero_bytes(item, sizeof(*item) + sizeof(*pw));
pw = (struct passwd *) ((char *)item + sizeof(*item)); pw = (struct passwd *) ((char *)item + sizeof(*item));
pw->pw_uid = (uid_t) atoi(user + 1); pw->pw_uid = uid;
pw->pw_gid = gid; pw->pw_gid = gid;
pw->pw_name = (char *)pw + sizeof(struct passwd); pw->pw_name = (char *)pw + sizeof(struct passwd);
memcpy(pw->pw_name, user, namelen + 1); memcpy(pw->pw_name, user, namelen + 1);
@@ -367,6 +367,18 @@ sudo_fakepwnam(const char *user, gid_t gid)
return pw; return pw;
} }
/*
* Take a uid in string form "#123" and return a faked up passwd struct.
*/
struct passwd *
sudo_fakepwnam(const char *user, gid_t gid)
{
uid_t uid;
uid = (uid_t) atoi(user + 1);
return sudo_fakepwnamid(user, uid, gid);
}
void void
sudo_setpwent(void) sudo_setpwent(void)
{ {

17
plugins/sudoers/sudoers.c
View File

@@ -792,23 +792,18 @@ init_vars(char * const envp[])
* if necessary. It is assumed that euid is 0 at this point so we * if necessary. It is assumed that euid is 0 at this point so we
* can read the shadow passwd file if necessary. * can read the shadow passwd file if necessary.
*/ */
if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) { if ((sudo_user.pw = sudo_getpwuid(user_uid)) == NULL) {
static struct passwd pw;
/* Create a fake struct passwd for log_error(). */
memset(&pw, 0, sizeof(pw));
pw.pw_uid = getuid();
pw.pw_name = user_name;
sudo_user.pw = &pw;
/* /*
* It is not unusual for users to place "sudo -k" in a .logout * It is not unusual for users to place "sudo -k" in a .logout
* file which can cause sudo to be run during reboot after the * file which can cause sudo to be run during reboot after the
* YP/NIS/NIS+/LDAP/etc daemon has died. * YP/NIS/NIS+/LDAP/etc daemon has died.
*/ */
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE)
errorx(1, _("unknown user: %s"), user_name); errorx(1, _("unknown uid: %u"), (unsigned int) user_uid);
log_error(0, _("unknown user: %s"), user_name);
/* Need to make a fake struct passwd for the call to log_error(). */
sudo_user.pw = sudo_fakepwnamid(user_name, user_uid, user_gid);
log_error(0, _("unknown uid: %u"), (unsigned int) user_uid);
/* NOTREACHED */ /* NOTREACHED */
} }

1
plugins/sudoers/sudoers.h
View File

@@ -268,6 +268,7 @@ void sudo_endspent(void);
struct group_list *get_group_list(struct passwd *pw); struct group_list *get_group_list(struct passwd *pw);
void set_group_list(const char *, GETGROUPS_T *gids, int ngids); void set_group_list(const char *, GETGROUPS_T *gids, int ngids);
struct passwd *sudo_getpwnam(const char *); struct passwd *sudo_getpwnam(const char *);
struct passwd *sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid);
struct passwd *sudo_fakepwnam(const char *, gid_t); struct passwd *sudo_fakepwnam(const char *, gid_t);
struct passwd *sudo_getpwuid(uid_t); struct passwd *sudo_getpwuid(uid_t);
struct group *sudo_getgrnam(const char *); struct group *sudo_getgrnam(const char *);