isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move list_pw global into struct runas_context.

Browse Source
This commit is contained in:
Todd C. Miller
2023-08-13 09:34:57 -06:00
parent a321e6cedf
commit 217b7b46f3
11 changed files with 24 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/sudoers/cvtsudoers.c
View File

@@ -63,7 +63,6 @@
struct cvtsudoers_filter *filters;
struct sudoers_user_context user_ctx;
struct sudoers_runas_context runas_ctx;
struct passwd *list_pw;
static FILE *logfp;
static const char short_opts[] = "b:c:d:ef:hi:I:l:m:Mo:O:pP:s:V";
static struct option long_opts[] = {

3
plugins/sudoers/fmtsudoers.c
View File

@@ -52,7 +52,8 @@ sudoers_format_member_int(struct sudo_lbuf *lbuf,
switch (type) {
case MYSELF:
sudo_lbuf_append(lbuf, "%s%s", negated ? "!" : "",
list_pw ? list_pw->pw_name : (user_ctx.name ? user_ctx.name : ""));
runas_ctx.list_pw ? runas_ctx.list_pw->pw_name :
(user_ctx.name ? user_ctx.name : ""));
break;
case ALL:
if (name == NULL) {

8
plugins/sudoers/logging.c
View File

@@ -321,7 +321,8 @@ log_denial(unsigned int status, bool inform_user)
sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s may not run "
"sudo on %s.\n"), user_ctx.name, runas_ctx.shost);
} else {
const struct passwd *runas_pw = list_pw ? list_pw : runas_ctx.pw;
const struct passwd *runas_pw =
runas_ctx.list_pw ? runas_ctx.list_pw : runas_ctx.pw;
const char *cmnd1 = user_ctx.cmnd;
const char *cmnd2 = "";
@@ -358,8 +359,9 @@ log_failure(unsigned int status, int cmnd_status)
debug_decl(log_failure, SUDOERS_DEBUG_LOGGING);
/* The user doesn't always get to see the log message (path info). */
if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && list_pw == NULL &&
def_path_info && (cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND))
if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) &&
runas_ctx.list_pw == NULL && def_path_info &&
(cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND))
inform_user = false;
ret = log_denial(status, inform_user);

8
plugins/sudoers/lookup.c
View File

@@ -72,7 +72,7 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw, time_t now,
pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
nopass = (pwcheck == never || pwcheck == all) ? true : false;
if (list_pw != NULL) {
if (runas_ctx.list_pw != NULL) {
root_pw = sudo_getpwuid(ROOT_UID);
if (root_pw == NULL)
sudo_warnx(U_("unknown uid %u"), ROOT_UID);
@@ -144,8 +144,8 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw, time_t now,
* Root can list any user's privileges.
* A user may always list their own privileges.
*/
if (user_ctx.uid == 0 || list_pw == NULL ||
user_ctx.uid == list_pw->pw_uid) {
if (user_ctx.uid == 0 || runas_ctx.list_pw == NULL ||
user_ctx.uid == runas_ctx.list_pw->pw_uid) {
cmnd_match = ALLOW;
runas_match = ALLOW;
} else if (date_match != DENY) {
@@ -154,7 +154,7 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw, time_t now,
* user must match the list user or root.
*/
runas_match = runas_matches_pw(nss->parse_tree, cs,
list_pw);
runas_ctx.list_pw);
switch (runas_match) {
case DENY:
break;

1
plugins/sudoers/regress/fuzz/fuzz_sudoers.c
View File

@@ -51,7 +51,6 @@ static const char *orig_cmnd;
/* Required to link with parser. */
struct sudoers_user_context user_ctx;
struct sudoers_runas_context runas_ctx;
struct passwd *list_pw;
sudo_conv_t sudo_conv = fuzz_conversation;
sudo_printf_t sudo_printf = fuzz_printf;
unsigned int sudo_mode;

1
plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c
View File

@@ -34,7 +34,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
/* Required to link with parser. */
struct sudoers_user_context user_ctx;
struct sudoers_runas_context runas_ctx;
struct passwd *list_pw;
sudo_printf_t sudo_printf = fuzz_printf;
FILE *

1
plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c
View File

@@ -38,7 +38,6 @@ extern struct io_plugin sudoers_io;
struct sudoers_user_context user_ctx;
struct sudoers_runas_context runas_ctx;
struct passwd *list_pw;
sudo_printf_t sudo_printf;
sudo_conv_t sudo_conv;
struct sudo_plugin_event * (*plugin_event_alloc)(void);

20
plugins/sudoers/sudoers.c
View File

@@ -81,7 +81,6 @@ static bool tty_present(void);
*/
struct sudoers_user_context user_ctx;
struct sudoers_runas_context runas_ctx;
struct passwd *list_pw;
unsigned int sudo_mode;
static char *prev_user;
@@ -911,6 +910,7 @@ done:
int
sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose)
{
struct passwd *pw;
int ret = -1;
debug_decl(sudoers_list, SUDOERS_DEBUG_PLUGIN);
@@ -922,8 +922,10 @@ sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose)
goto done;
if (list_user) {
list_pw = sudo_getpwnam(list_user);
if (list_pw == NULL) {
if (runas_ctx.list_pw != NULL)
sudo_pw_delref(runas_ctx.list_pw);
runas_ctx.list_pw = sudo_getpwnam(list_user);
if (runas_ctx.list_pw == NULL) {
sudo_warnx(U_("unknown user %s"), list_user);
goto done;
}
@@ -945,18 +947,15 @@ sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose)
if (ret != true)
goto done;
pw = runas_ctx.list_pw ? runas_ctx.list_pw : user_ctx.pw;
if (ISSET(sudo_mode, MODE_CHECK))
ret = display_cmnd(snl, list_pw ? list_pw : user_ctx.pw, verbose);
ret = display_cmnd(snl, pw, verbose);
else
ret = display_privs(snl, list_pw ? list_pw : user_ctx.pw, verbose);
ret = display_privs(snl, pw, verbose);
done:
mail_parse_errors();
if (list_pw != NULL) {
sudo_pw_delref(list_pw);
list_pw = NULL;
}
if (def_group_plugin)
group_plugin_unload();
reset_parser();
@@ -1543,6 +1542,8 @@ sudoers_runas_ctx_free(void)
sudo_pw_delref(runas_ctx.pw);
if (runas_ctx.gr != NULL)
sudo_gr_delref(runas_ctx.gr);
if (runas_ctx.list_pw != NULL)
sudo_pw_delref(runas_ctx.list_pw);
/* Free dynamic contents of runas_ctx. */
free(runas_ctx.cmnd);
@@ -1605,7 +1606,6 @@ sudoers_cleanup(void)
sudoers_gc_run();
/* Clear globals */
list_pw = NULL;
saved_argv = NULL;
NewArgv = NULL;
NewArgc = 0;

2
plugins/sudoers/sudoers.h
View File

@@ -122,6 +122,7 @@ struct sudoers_user_context {
struct sudoers_runas_context {
struct passwd *pw;
struct group *gr;
struct passwd *list_pw;
char *chroot;
char *class;
char *cmnd;
@@ -380,7 +381,6 @@ void sudoers_cleanup(void);
bool sudoers_override_umask(void);
extern struct sudoers_user_context user_ctx;
extern struct sudoers_runas_context runas_ctx;
extern struct passwd *list_pw;
extern unsigned int sudo_mode;
extern int sudoedit_nfiles;
extern sudo_conv_t sudo_conv;

5
plugins/sudoers/testsudoers.c
View File

@@ -81,7 +81,6 @@ static int testsudoers_query(const struct sudo_nss *nss, struct passwd *pw);
*/
struct sudoers_user_context user_ctx;
struct sudoers_runas_context runas_ctx;
struct passwd *list_pw;
static const char *orig_cmnd;
static char *runas_group, *runas_user;
unsigned int sudo_mode = MODE_RUN;
@@ -166,8 +165,8 @@ main(int argc, char *argv[])
}
break;
case 'L':
list_pw = sudo_getpwnam(optarg);
if (list_pw == NULL) {
runas_ctx.list_pw = sudo_getpwnam(optarg);
if (runas_ctx.list_pw == NULL) {
sudo_warnx(U_("unknown user %s"), optarg);
usage();
}

1
plugins/sudoers/visudo.c
View File

@@ -110,7 +110,6 @@ extern void get_hostname(void);
*/
struct sudoers_user_context user_ctx;
struct sudoers_runas_context runas_ctx;
struct passwd *list_pw;
static const char *path_sudoers = _PATH_SUDOERS;
static struct sudoersfile_list sudoerslist = TAILQ_HEAD_INITIALIZER(sudoerslist);
static struct sudoers_parser_config sudoers_conf = SUDOERS_PARSER_CONFIG_INITIALIZER;