Ignore empty entries in command_info list
This commit is contained in:
Todd C. Miller
85
src/sudo.c
85
src/sudo.c
@@ -118,7 +118,7 @@ main(int argc, char *argv[], char *envp[])
|
|||||||
int nargc, sudo_mode;
|
int nargc, sudo_mode;
|
||||||
char **nargv, **settings, **env_add;
|
char **nargv, **settings, **env_add;
|
||||||
char **user_info, **command_info, **argv_out, **user_env_out;
|
char **user_info, **command_info, **argv_out, **user_env_out;
|
||||||
struct plugin_container *plugin;
|
struct plugin_container *plugin, *next;
|
||||||
struct command_details command_details;
|
struct command_details command_details;
|
||||||
int ok;
|
int ok;
|
||||||
#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
|
#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
|
||||||
@@ -136,14 +136,6 @@ main(int argc, char *argv[], char *envp[])
|
|||||||
if (geteuid() != 0)
|
if (geteuid() != 0)
|
||||||
errorx(1, "must be setuid root");
|
errorx(1, "must be setuid root");
|
||||||
|
|
||||||
/* XXX - Must be done before shadow file lookups... */
|
|
||||||
#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS)
|
|
||||||
(void) set_auth_parameters(Argc, Argv);
|
|
||||||
# ifdef HAVE_INITPRIVS
|
|
||||||
initprivs();
|
|
||||||
# endif
|
|
||||||
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Signal setup:
|
* Signal setup:
|
||||||
* Ignore keyboard-generated signals so the user cannot interrupt
|
* Ignore keyboard-generated signals so the user cannot interrupt
|
||||||
@@ -172,13 +164,21 @@ main(int argc, char *argv[], char *envp[])
|
|||||||
memset(&user_details, 0, sizeof(user_details));
|
memset(&user_details, 0, sizeof(user_details));
|
||||||
user_info = get_user_info(&user_details);
|
user_info = get_user_info(&user_details);
|
||||||
|
|
||||||
/* Open each plugin (XXX - check for errors). */
|
/* Open each plugin. */
|
||||||
policy_plugin.u.policy->open(SUDO_API_VERSION, sudo_conversation,
|
ok = policy_plugin.u.policy->open(SUDO_API_VERSION, sudo_conversation,
|
||||||
settings, user_info, envp);
|
settings, user_info, envp);
|
||||||
tq_foreach_fwd(&io_plugins, plugin) {
|
if (ok != TRUE)
|
||||||
/* XXX - remove from list if open returns 0 */
|
errorx(1, "unable to initialize policy plugin");
|
||||||
plugin->u.io->open(SUDO_API_VERSION, sudo_conversation, settings,
|
for (plugin = io_plugins.first; plugin != NULL; plugin = next) {
|
||||||
|
next = plugin->next;
|
||||||
|
ok = plugin->u.io->open(SUDO_API_VERSION, sudo_conversation, settings,
|
||||||
user_info, envp);
|
user_info, envp);
|
||||||
|
if (ok == -1)
|
||||||
|
errorx(1, "error initializing I/O plugin %s", plugin->name);
|
||||||
|
if (!ok) {
|
||||||
|
/* Disable I/O plugin by removing it from the list. */
|
||||||
|
tq_remove(&io_plugins, plugin);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sudo_debug(9, "sudo_mode %d", sudo_mode);
|
sudo_debug(9, "sudo_mode %d", sudo_mode);
|
||||||
@@ -374,33 +374,28 @@ command_info_to_details(char * const info[], struct command_details *details)
|
|||||||
|
|
||||||
memset(details, 0, sizeof(*details));
|
memset(details, 0, sizeof(*details));
|
||||||
|
|
||||||
|
#define SET_STRING(s, n) \
|
||||||
|
if (strncmp(s, info[i], sizeof(s) - 1) == 0 && info[i][sizeof(s) - 1]) { \
|
||||||
|
details->n = info[i] + sizeof(s) - 1; \
|
||||||
|
break; \
|
||||||
|
}
|
||||||
|
|
||||||
for (i = 0; info[i] != NULL; i++) {
|
for (i = 0; info[i] != NULL; i++) {
|
||||||
/* XXX - should ignore empty entries */
|
|
||||||
switch (info[i][0]) {
|
switch (info[i][0]) {
|
||||||
case 'c':
|
case 'c':
|
||||||
if (strncmp("chroot=", info[i], sizeof("chroot=") - 1) == 0) {
|
SET_STRING("chroot=", chroot)
|
||||||
details->chroot = info[i] + sizeof("chroot=") - 1;
|
SET_STRING("command=", command)
|
||||||
break;
|
SET_STRING("cwd=", cwd)
|
||||||
}
|
|
||||||
if (strncmp("command=", info[i], sizeof("command=") - 1) == 0) {
|
|
||||||
details->command = info[i] + sizeof("command=") - 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (strncmp("cwd=", info[i], sizeof("cwd=") - 1) == 0) {
|
|
||||||
details->cwd = info[i] + sizeof("cwd=") - 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
case 'l':
|
case 'l':
|
||||||
if (strncmp("login_class=", info[i], sizeof("login_class=") - 1) == 0) {
|
SET_STRING("login_class=", login_class)
|
||||||
details->login_class = info[i] + sizeof("login_class=") - 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
case 'n':
|
case 'n':
|
||||||
/* XXX - bounds check -NZERO to NZERO (inclusive). */
|
/* XXX - bounds check -NZERO to NZERO (inclusive). */
|
||||||
if (strncmp("nice=", info[i], sizeof("nice=") - 1) == 0) {
|
if (strncmp("nice=", info[i], sizeof("nice=") - 1) == 0) {
|
||||||
cp = info[i] + sizeof("nice=") - 1;
|
cp = info[i] + sizeof("nice=") - 1;
|
||||||
|
if (*cp == '\0')
|
||||||
|
break;
|
||||||
errno = 0;
|
errno = 0;
|
||||||
lval = strtol(cp, &ep, 0);
|
lval = strtol(cp, &ep, 0);
|
||||||
if (*cp != '\0' && *ep == '\0' &&
|
if (*cp != '\0' && *ep == '\0' &&
|
||||||
@@ -413,14 +408,14 @@ command_info_to_details(char * const info[], struct command_details *details)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (strncmp("noexec=", info[i], sizeof("noexec=") - 1) == 0) {
|
if (strncmp("noexec=", info[i], sizeof("noexec=") - 1) == 0) {
|
||||||
if (atobool(info[i] + sizeof("noexec=") - 1))
|
if (atobool(info[i] + sizeof("noexec=") - 1) == TRUE)
|
||||||
SET(details->flags, CD_NOEXEC);
|
SET(details->flags, CD_NOEXEC);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'p':
|
case 'p':
|
||||||
if (strncmp("preserve_groups=", info[i], sizeof("preserve_groups=") - 1) == 0) {
|
if (strncmp("preserve_groups=", info[i], sizeof("preserve_groups=") - 1) == 0) {
|
||||||
if (atobool(info[i] + sizeof("preserve_groups=") - 1))
|
if (atobool(info[i] + sizeof("preserve_groups=") - 1) == TRUE)
|
||||||
SET(details->flags, CD_PRESERVE_GROUPS);
|
SET(details->flags, CD_PRESERVE_GROUPS);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -428,6 +423,8 @@ command_info_to_details(char * const info[], struct command_details *details)
|
|||||||
case 'r':
|
case 'r':
|
||||||
if (strncmp("runas_egid=", info[i], sizeof("runas_egid=") - 1) == 0) {
|
if (strncmp("runas_egid=", info[i], sizeof("runas_egid=") - 1) == 0) {
|
||||||
cp = info[i] + sizeof("runas_egid=") - 1;
|
cp = info[i] + sizeof("runas_egid=") - 1;
|
||||||
|
if (*cp == '\0')
|
||||||
|
break;
|
||||||
errno = 0;
|
errno = 0;
|
||||||
ulval = strtoul(cp, &ep, 0);
|
ulval = strtoul(cp, &ep, 0);
|
||||||
if (*cp != '\0' && *ep == '\0' &&
|
if (*cp != '\0' && *ep == '\0' &&
|
||||||
@@ -439,6 +436,8 @@ command_info_to_details(char * const info[], struct command_details *details)
|
|||||||
}
|
}
|
||||||
if (strncmp("runas_euid=", info[i], sizeof("runas_euid=") - 1) == 0) {
|
if (strncmp("runas_euid=", info[i], sizeof("runas_euid=") - 1) == 0) {
|
||||||
cp = info[i] + sizeof("runas_euid=") - 1;
|
cp = info[i] + sizeof("runas_euid=") - 1;
|
||||||
|
if (*cp == '\0')
|
||||||
|
break;
|
||||||
errno = 0;
|
errno = 0;
|
||||||
ulval = strtoul(cp, &ep, 0);
|
ulval = strtoul(cp, &ep, 0);
|
||||||
if (*cp != '\0' && *ep == '\0' &&
|
if (*cp != '\0' && *ep == '\0' &&
|
||||||
@@ -450,6 +449,8 @@ command_info_to_details(char * const info[], struct command_details *details)
|
|||||||
}
|
}
|
||||||
if (strncmp("runas_gid=", info[i], sizeof("runas_gid=") - 1) == 0) {
|
if (strncmp("runas_gid=", info[i], sizeof("runas_gid=") - 1) == 0) {
|
||||||
cp = info[i] + sizeof("runas_gid=") - 1;
|
cp = info[i] + sizeof("runas_gid=") - 1;
|
||||||
|
if (*cp == '\0')
|
||||||
|
break;
|
||||||
errno = 0;
|
errno = 0;
|
||||||
ulval = strtoul(cp, &ep, 0);
|
ulval = strtoul(cp, &ep, 0);
|
||||||
if (*cp != '\0' && *ep == '\0' &&
|
if (*cp != '\0' && *ep == '\0' &&
|
||||||
@@ -464,6 +465,8 @@ command_info_to_details(char * const info[], struct command_details *details)
|
|||||||
|
|
||||||
/* count groups, alloc and fill in */
|
/* count groups, alloc and fill in */
|
||||||
cp = info[i] + sizeof("runas_groups=") - 1;
|
cp = info[i] + sizeof("runas_groups=") - 1;
|
||||||
|
if (*cp == '\0')
|
||||||
|
break;
|
||||||
for (;;) {
|
for (;;) {
|
||||||
details->ngroups++;
|
details->ngroups++;
|
||||||
if ((cp = strchr(cp, ',')) == NULL)
|
if ((cp = strchr(cp, ',')) == NULL)
|
||||||
@@ -485,6 +488,8 @@ command_info_to_details(char * const info[], struct command_details *details)
|
|||||||
}
|
}
|
||||||
if (strncmp("runas_uid=", info[i], sizeof("runas_uid=") - 1) == 0) {
|
if (strncmp("runas_uid=", info[i], sizeof("runas_uid=") - 1) == 0) {
|
||||||
cp = info[i] + sizeof("runas_uid=") - 1;
|
cp = info[i] + sizeof("runas_uid=") - 1;
|
||||||
|
if (*cp == '\0')
|
||||||
|
break;
|
||||||
errno = 0;
|
errno = 0;
|
||||||
ulval = strtoul(cp, &ep, 0);
|
ulval = strtoul(cp, &ep, 0);
|
||||||
if (*cp != '\0' && *ep == '\0' &&
|
if (*cp != '\0' && *ep == '\0' &&
|
||||||
@@ -496,18 +501,14 @@ command_info_to_details(char * const info[], struct command_details *details)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 's':
|
case 's':
|
||||||
if (strncmp("selinux_role=", info[i], sizeof("selinux_role=") - 1) == 0) {
|
SET_STRING("selinux_role=", selinux_role)
|
||||||
details->selinux_role = info[i] + sizeof("selinux_role=") - 1;
|
SET_STRING("selinux_type=", selinux_type)
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (strncmp("selinux_type=", info[i], sizeof("selinux_type=") - 1) == 0) {
|
|
||||||
details->selinux_type = info[i] + sizeof("selinux_type=") - 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
case 't':
|
case 't':
|
||||||
if (strncmp("timeout=", info[i], sizeof("timeout=") - 1) == 0) {
|
if (strncmp("timeout=", info[i], sizeof("timeout=") - 1) == 0) {
|
||||||
cp = info[i] + sizeof("timeout=") - 1;
|
cp = info[i] + sizeof("timeout=") - 1;
|
||||||
|
if (*cp == '\0')
|
||||||
|
break;
|
||||||
errno = 0;
|
errno = 0;
|
||||||
lval = strtol(cp, &ep, 0);
|
lval = strtol(cp, &ep, 0);
|
||||||
if (*cp != '\0' && *ep == '\0' &&
|
if (*cp != '\0' && *ep == '\0' &&
|
||||||
@@ -523,6 +524,8 @@ command_info_to_details(char * const info[], struct command_details *details)
|
|||||||
case 'u':
|
case 'u':
|
||||||
if (strncmp("umask=", info[i], sizeof("umask=") - 1) == 0) {
|
if (strncmp("umask=", info[i], sizeof("umask=") - 1) == 0) {
|
||||||
cp = info[i] + sizeof("umask=") - 1;
|
cp = info[i] + sizeof("umask=") - 1;
|
||||||
|
if (*cp == '\0')
|
||||||
|
break;
|
||||||
errno = 0;
|
errno = 0;
|
||||||
ulval = strtoul(cp, &ep, 8);
|
ulval = strtoul(cp, &ep, 8);
|
||||||
if (*cp != '\0' && *ep == '\0' &&
|
if (*cp != '\0' && *ep == '\0' &&
|
||||||
|
|||||||
Reference in New Issue
Block a user