isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix root, runas, and target authentication for non-passwd file auth

Browse Source 
methods.
This commit is contained in:
Todd C. Miller
2000-05-09 15:42:38 +00:00
parent 30daa83259
commit 165bd7fafb
5 changed files with 64 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
auth/sudo_auth.c
View File

@@ -95,7 +95,8 @@ sudo_auth auth_switch[] = {
int nil_pw; /* I hate resorting to globals like this... */ int nil_pw; /* I hate resorting to globals like this... */
void void
verify_user(prompt) verify_user(pw, prompt)
struct passwd *pw;
char *prompt; char *prompt;
{ {
short counter = def_ival(I_PW_TRIES) + 1; short counter = def_ival(I_PW_TRIES) + 1;
@@ -121,7 +122,7 @@ verify_user(prompt)
if (NEEDS_USER(auth)) if (NEEDS_USER(auth))
set_perms(PERM_USER, 0); set_perms(PERM_USER, 0);
status = (auth->init)(sudo_user.pw, &prompt, auth); status = (auth->init)(pw, &prompt, auth);
if (status == AUTH_FAILURE) if (status == AUTH_FAILURE)
auth->flags &= ~FLAG_CONFIGURED; auth->flags &= ~FLAG_CONFIGURED;
else if (status == AUTH_FATAL) /* XXX log */ else if (status == AUTH_FATAL) /* XXX log */
@@ -139,7 +140,7 @@ verify_user(prompt)
if (NEEDS_USER(auth)) if (NEEDS_USER(auth))
set_perms(PERM_USER, 0); set_perms(PERM_USER, 0);
status = (auth->setup)(sudo_user.pw, &prompt, auth); status = (auth->setup)(pw, &prompt, auth);
if (status == AUTH_FAILURE) if (status == AUTH_FAILURE)
auth->flags &= ~FLAG_CONFIGURED; auth->flags &= ~FLAG_CONFIGURED;
else if (status == AUTH_FATAL) /* XXX log */ else if (status == AUTH_FATAL) /* XXX log */
@@ -169,7 +170,7 @@ verify_user(prompt)
if (NEEDS_USER(auth)) if (NEEDS_USER(auth))
set_perms(PERM_USER, 0); set_perms(PERM_USER, 0);
success = auth->status = (auth->verify)(sudo_user.pw, p, auth); success = auth->status = (auth->verify)(pw, p, auth);
if (NEEDS_USER(auth)) if (NEEDS_USER(auth))
set_perms(PERM_ROOT, 0); set_perms(PERM_ROOT, 0);
@@ -199,7 +200,7 @@ cleanup:
if (NEEDS_USER(auth)) if (NEEDS_USER(auth))
set_perms(PERM_USER, 0); set_perms(PERM_USER, 0);
status = (auth->cleanup)(sudo_user.pw, auth); status = (auth->cleanup)(pw, auth);
if (status == AUTH_FATAL) /* XXX log */ if (status == AUTH_FATAL) /* XXX log */
exit(1); /* assume error msg already printed */ exit(1); /* assume error msg already printed */

2
check.c
View File

@@ -102,7 +102,7 @@ check_user()
prompt = expand_prompt(user_prompt ? user_prompt : def_str(I_PASSPROMPT), prompt = expand_prompt(user_prompt ? user_prompt : def_str(I_PASSPROMPT),
user_name, user_shost); user_name, user_shost);
verify_user(prompt); verify_user(auth_pw, prompt);
} }
if (status != TS_ERROR) if (status != TS_ERROR)
update_timestamp(timestampdir, timestampfile); update_timestamp(timestampdir, timestampfile);

44
getspwuid.c
View File

@@ -94,6 +94,7 @@ int crypt_type = INT_MAX;
* Local functions not visible outside getspwuid.c * Local functions not visible outside getspwuid.c
*/ */
static char *sudo_getshell __P((struct passwd *)); static char *sudo_getshell __P((struct passwd *));
static struct passwd *sudo_pwdup __P((struct passwd *));
/* /*
@@ -191,14 +192,11 @@ sudo_getepw(pw)
* Dynamically allocate space for a struct password and the constituent parts * Dynamically allocate space for a struct password and the constituent parts
* that we care about. Fills in pw_passwd from shadow file if necessary. * that we care about. Fills in pw_passwd from shadow file if necessary.
*/ */
struct passwd * static struct passwd *
sudo_getpwuid(uid) sudo_pwdup(pw)
uid_t uid; struct passwd *pw;
{ {
struct passwd *pw, *local_pw; struct passwd *local_pw;
if ((pw = getpwuid(uid)) == NULL)
return(NULL);
/* Allocate space for a local copy of pw. */ /* Allocate space for a local copy of pw. */
local_pw = (struct passwd *) emalloc(sizeof(struct passwd)); local_pw = (struct passwd *) emalloc(sizeof(struct passwd));
@@ -218,3 +216,35 @@ sudo_getpwuid(uid)
return(local_pw); return(local_pw);
} }
/*
* Get a password entry by uid and allocate space for it.
* Fills in pw_passwd from shadow file if necessary.
*/
struct passwd *
sudo_getpwuid(uid)
uid_t uid;
{
struct passwd *pw;
if ((pw = getpwuid(uid)) == NULL)
return(NULL);
else
return(sudo_pwdup(pw));
}
/*
* Get a password entry by name and allocate space for it.
* Fills in pw_passwd from shadow file if necessary.
*/
struct passwd *
sudo_getpwnam(name)
const char *name;
{
struct passwd *pw;
if ((pw = getpwnam(name)) == NULL)
return(NULL);
else
return(sudo_pwdup(pw));
}

36
sudo.c
View File

@@ -115,8 +115,9 @@ static int set_loginclass __P((struct passwd *));
static void add_env __P((int)); static void add_env __P((int));
static void clean_env __P((char **, struct env_table *)); static void clean_env __P((char **, struct env_table *));
static void initial_setup __P((void)); static void initial_setup __P((void));
static void update_epasswd __P((void)); static struct passwd *get_authpw __P((void));
extern struct passwd *sudo_getpwuid __P((uid_t)); extern struct passwd *sudo_getpwuid __P((uid_t));
extern struct passwd *sudo_getpwnam __P((const char *));
extern void list_matches __P((void)); extern void list_matches __P((void));
/* /*
@@ -127,6 +128,7 @@ char **Argv;
int NewArgc = 0; int NewArgc = 0;
char **NewArgv = NULL; char **NewArgv = NULL;
struct sudo_user sudo_user; struct sudo_user sudo_user;
struct passwd *auth_pw;
FILE *sudoers_fp = NULL; FILE *sudoers_fp = NULL;
struct interface *interfaces; struct interface *interfaces;
int num_interfaces; int num_interfaces;
@@ -316,8 +318,8 @@ main(argc, argv)
(void) close(fd); (void) close(fd);
} }
/* Update encrypted password in user_password if sudoers said to. */ /* Fill in passwd struct based on user we are authenticating as. */
update_epasswd(); auth_pw = get_authpw();
/* Require a password unless the NOPASS tag was set. */ /* Require a password unless the NOPASS tag was set. */
if (!(validated & FLAG_NOPASS)) if (!(validated & FLAG_NOPASS))
@@ -1164,39 +1166,35 @@ set_fqdn()
} }
/* /*
* If the sudoers file says to prompt for a different user's password, * Get passwd entry for the user we are going to authenticate as.
* update the encrypted password in user_passwd accordingly. * By default, this is the user invoking sudo...
*/ */
static void static struct passwd *
update_epasswd() get_authpw()
{ {
struct passwd *pw; struct passwd *pw;
/* We may be configured to prompt for a password other than the user's */
if (def_ival(I_ROOTPW)) { if (def_ival(I_ROOTPW)) {
if ((pw = getpwuid(0)) == NULL) if ((pw = sudo_getpwuid(0)) == NULL)
log_error(0, "uid 0 does not exist in the passwd file!"); log_error(0, "uid 0 does not exist in the passwd file!");
free(user_passwd);
user_passwd = estrdup(sudo_getepw(pw));
} else if (def_ival(I_RUNASPW)) { } else if (def_ival(I_RUNASPW)) {
if ((pw = getpwnam(def_str(I_RUNAS_DEF))) == NULL) if ((pw = sudo_getpwnam(def_str(I_RUNAS_DEF))) == NULL)
log_error(0, "user %s does not exist in the passwd file!", log_error(0, "user %s does not exist in the passwd file!",
def_str(I_RUNAS_DEF)); def_str(I_RUNAS_DEF));
free(user_passwd);
user_passwd = estrdup(sudo_getepw(pw));
} else if (def_ival(I_TARGETPW)) { } else if (def_ival(I_TARGETPW)) {
if (**user_runas == '#') { if (**user_runas == '#') {
if ((pw = getpwuid(atoi(*user_runas + 1))) == NULL) if ((pw = sudo_getpwuid(atoi(*user_runas + 1))) == NULL)
log_error(0, "uid %s does not exist in the passwd file!", log_error(0, "uid %s does not exist in the passwd file!",
user_runas); user_runas);
} else { } else {
if ((pw = getpwnam(*user_runas)) == NULL) if ((pw = sudo_getpwnam(*user_runas)) == NULL)
log_error(0, "user %s does not exist in the passwd file!", log_error(0, "user %s does not exist in the passwd file!",
user_runas); user_runas);
} }
free(user_passwd); } else
user_passwd = estrdup(sudo_getepw(pw)); pw = sudo_user.pw;
}
return(pw);
} }
/* /*

3
sudo.h
View File

@@ -196,7 +196,7 @@ int sudo_setenv __P((char *, char *));
char *tgetpass __P((const char *, int, int)); char *tgetpass __P((const char *, int, int));
int find_path __P((char *, char **)); int find_path __P((char *, char **));
void check_user __P((void)); void check_user __P((void));
void verify_user __P((char *)); void verify_user __P((struct passwd *, char *));
int sudoers_lookup __P((int)); int sudoers_lookup __P((int));
void set_perms __P((int, int)); void set_perms __P((int, int));
void remove_timestamp __P((int)); void remove_timestamp __P((int));
@@ -222,6 +222,7 @@ YY_DECL;
/* Only provide extern declarations outside of sudo.c. */ /* Only provide extern declarations outside of sudo.c. */
#ifndef _SUDO_SUDO_C #ifndef _SUDO_SUDO_C
extern struct sudo_user sudo_user; extern struct sudo_user sudo_user;
extern struct passwd *auth_pw;
extern int Argc; extern int Argc;
extern char **Argv; extern char **Argv;