Don't call fatal/fatalx in common/*.c
This commit is contained in:
Todd C. Miller
65
common/aix.c
65
common/aix.c
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2008, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
|
* Copyright (c) 2008, 2010-2014 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||||
*
|
*
|
||||||
* Permission to use, copy, modify, and distribute this software for any
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
* purpose with or without fee is hereby granted, provided that the above
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
@@ -71,27 +71,27 @@ static struct aix_limit aix_limits[] = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
static int
|
static int
|
||||||
aix_getlimit(char *user, char *lim, rlim64_t *valp)
|
aix_getlimit(char *user, char *lim, int *valp)
|
||||||
{
|
{
|
||||||
int val;
|
|
||||||
debug_decl(aix_getlimit, SUDO_DEBUG_UTIL)
|
debug_decl(aix_getlimit, SUDO_DEBUG_UTIL)
|
||||||
|
|
||||||
if (getuserattr(user, lim, &val, SEC_INT) != 0)
|
if (getuserattr(user, lim, valp, SEC_INT) != 0)
|
||||||
debug_return_int(-1);
|
debug_return_int(-1);
|
||||||
*valp = val;
|
|
||||||
debug_return_int(0);
|
debug_return_int(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static int
|
||||||
aix_setlimits(char *user)
|
aix_setlimits(char *user)
|
||||||
{
|
{
|
||||||
struct rlimit64 rlim;
|
struct rlimit64 rlim;
|
||||||
rlim64_t val;
|
int val;
|
||||||
int n;
|
size_t n;
|
||||||
debug_decl(aix_setlimits, SUDO_DEBUG_UTIL)
|
debug_decl(aix_setlimits, SUDO_DEBUG_UTIL)
|
||||||
|
|
||||||
if (setuserdb(S_READ) != 0)
|
if (setuserdb(S_READ) != 0) {
|
||||||
fatal(U_("unable to open userdb"));
|
warning(U_("unable to open userdb"));
|
||||||
|
debug_return_int(-1);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* For each resource limit, get the soft/hard values for the user
|
* For each resource limit, get the soft/hard values for the user
|
||||||
@@ -103,16 +103,16 @@ aix_setlimits(char *user)
|
|||||||
* hard limit has been defined.
|
* hard limit has been defined.
|
||||||
*/
|
*/
|
||||||
if (aix_getlimit(user, aix_limits[n].hard, &val) == 0) {
|
if (aix_getlimit(user, aix_limits[n].hard, &val) == 0) {
|
||||||
rlim.rlim_max = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor;
|
rlim.rlim_max = val == -1 ? RLIM64_INFINITY : (rlim64_t)val * aix_limits[n].factor;
|
||||||
if (aix_getlimit(user, aix_limits[n].soft, &val) == 0)
|
if (aix_getlimit(user, aix_limits[n].soft, &val) == 0)
|
||||||
rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor;
|
rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : (rlim64_t)val * aix_limits[n].factor;
|
||||||
else
|
else
|
||||||
rlim.rlim_cur = rlim.rlim_max; /* soft not specd, use hard */
|
rlim.rlim_cur = rlim.rlim_max; /* soft not specd, use hard */
|
||||||
} else {
|
} else {
|
||||||
/* No hard limit set, try soft limit, if it exists. */
|
/* No hard limit set, try soft limit, if it exists. */
|
||||||
if (aix_getlimit(user, aix_limits[n].soft, &val) == -1)
|
if (aix_getlimit(user, aix_limits[n].soft, &val) == -1)
|
||||||
continue;
|
continue;
|
||||||
rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor;
|
rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : (rlim64_t)val * aix_limits[n].factor;
|
||||||
|
|
||||||
/* Set hard limit per AIX /etc/security/limits documentation. */
|
/* Set hard limit per AIX /etc/security/limits documentation. */
|
||||||
switch (aix_limits[n].resource) {
|
switch (aix_limits[n].resource) {
|
||||||
@@ -131,7 +131,7 @@ aix_setlimits(char *user)
|
|||||||
(void)setrlimit64(aix_limits[n].resource, &rlim);
|
(void)setrlimit64(aix_limits[n].resource, &rlim);
|
||||||
}
|
}
|
||||||
enduserdb();
|
enduserdb();
|
||||||
debug_return;
|
debug_return_int(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_SETAUTHDB
|
#ifdef HAVE_SETAUTHDB
|
||||||
@@ -140,41 +140,46 @@ aix_setlimits(char *user)
|
|||||||
* set it as the default for the process. This ensures that password and
|
* set it as the default for the process. This ensures that password and
|
||||||
* group lookups are made against the correct source (files, NIS, LDAP, etc).
|
* group lookups are made against the correct source (files, NIS, LDAP, etc).
|
||||||
*/
|
*/
|
||||||
void
|
int
|
||||||
aix_setauthdb(char *user)
|
aix_setauthdb(char *user)
|
||||||
{
|
{
|
||||||
char *registry;
|
char *registry;
|
||||||
debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL)
|
debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL)
|
||||||
|
|
||||||
if (user != NULL) {
|
if (user != NULL) {
|
||||||
if (setuserdb(S_READ) != 0)
|
if (setuserdb(S_READ) != 0) {
|
||||||
fatal(U_("unable to open userdb"));
|
warning(U_("unable to open userdb"));
|
||||||
|
debug_return_int(-1);
|
||||||
|
}
|
||||||
if (getuserattr(user, S_REGISTRY, ®istry, SEC_CHAR) == 0) {
|
if (getuserattr(user, S_REGISTRY, ®istry, SEC_CHAR) == 0) {
|
||||||
if (setauthdb(registry, NULL) != 0)
|
if (setauthdb(registry, NULL) != 0) {
|
||||||
fatal(U_("unable to switch to registry \"%s\" for %s"),
|
warning(U_("unable to switch to registry \"%s\" for %s"),
|
||||||
registry, user);
|
registry, user);
|
||||||
|
debug_return_int(-1);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
enduserdb();
|
enduserdb();
|
||||||
}
|
}
|
||||||
debug_return;
|
debug_return_int(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Restore the saved administrative domain, if any.
|
* Restore the saved administrative domain, if any.
|
||||||
*/
|
*/
|
||||||
void
|
int
|
||||||
aix_restoreauthdb(void)
|
aix_restoreauthdb(void)
|
||||||
{
|
{
|
||||||
debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL)
|
debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL)
|
||||||
|
|
||||||
if (setauthdb(NULL, NULL) != 0)
|
if (setauthdb(NULL, NULL) != 0) {
|
||||||
fatal(U_("unable to restore registry"));
|
warning(U_("unable to restore registry"));
|
||||||
|
debug_return_int(-1);
|
||||||
debug_return;
|
}
|
||||||
|
debug_return_int(0);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void
|
int
|
||||||
aix_prep_user(char *user, const char *tty)
|
aix_prep_user(char *user, const char *tty)
|
||||||
{
|
{
|
||||||
char *info;
|
char *info;
|
||||||
@@ -189,12 +194,14 @@ aix_prep_user(char *user, const char *tty)
|
|||||||
|
|
||||||
#ifdef HAVE_SETAUTHDB
|
#ifdef HAVE_SETAUTHDB
|
||||||
/* set administrative domain */
|
/* set administrative domain */
|
||||||
aix_setauthdb(user);
|
if (aix_setauthdb(user) != 0)
|
||||||
|
debug_return_int(-1);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* set resource limits */
|
/* set resource limits */
|
||||||
aix_setlimits(user);
|
if (aix_setlimits(user) != 0)
|
||||||
|
debug_return_int(-1);
|
||||||
|
|
||||||
debug_return;
|
debug_return_int(0);
|
||||||
}
|
}
|
||||||
#endif /* HAVE_GETUSERATTR */
|
#endif /* HAVE_GETUSERATTR */
|
||||||
|
|||||||
@@ -43,7 +43,6 @@
|
|||||||
* If a pointer to the base gid is specified, it is stored as the first element
|
* If a pointer to the base gid is specified, it is stored as the first element
|
||||||
* in the array.
|
* in the array.
|
||||||
* Returns the number of gids in the allocated array.
|
* Returns the number of gids in the allocated array.
|
||||||
* Calls fatalx() on error.
|
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
parse_gid_list(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp)
|
parse_gid_list(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp)
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2010, 2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
|
* Copyright (c) 2010, 2011, 2013, 2014
|
||||||
|
* Todd C. Miller <Todd.Miller@courtesan.com>
|
||||||
*
|
*
|
||||||
* Permission to use, copy, modify, and distribute this software for any
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
* purpose with or without fee is hereby granted, provided that the above
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
@@ -46,16 +47,17 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "missing.h"
|
#include "missing.h"
|
||||||
|
#include "sudo_util.h"
|
||||||
|
|
||||||
#if defined(HAVE_GETGRSET)
|
#if defined(HAVE_GETGRSET)
|
||||||
/*
|
/*
|
||||||
* BSD-compatible getgrouplist(3) using getgrset(3)
|
* BSD-compatible getgrouplist(3) using AIX getgrset(3)
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp)
|
getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp)
|
||||||
{
|
{
|
||||||
char *cp, *grset = NULL;
|
char *cp, *grset = NULL;
|
||||||
int i, ngroups = 1;
|
int ngroups = 1;
|
||||||
int grpsize = *ngroupsp;
|
int grpsize = *ngroupsp;
|
||||||
int rval = -1;
|
int rval = -1;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
|
|||||||
@@ -137,9 +137,9 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* aix.c */
|
/* aix.c */
|
||||||
void aix_prep_user(char *user, const char *tty);
|
int aix_prep_user(char *user, const char *tty);
|
||||||
void aix_restoreauthdb(void);
|
int aix_restoreauthdb(void);
|
||||||
void aix_setauthdb(char *user);
|
int aix_setauthdb(char *user);
|
||||||
|
|
||||||
/* atobool.c */
|
/* atobool.c */
|
||||||
int atobool(const char *str);
|
int atobool(const char *str);
|
||||||
|
|||||||
@@ -887,7 +887,10 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
|||||||
#endif /* HAVE_PRIV_SET */
|
#endif /* HAVE_PRIV_SET */
|
||||||
|
|
||||||
#ifdef HAVE_GETUSERATTR
|
#ifdef HAVE_GETUSERATTR
|
||||||
aix_prep_user(details->pw->pw_name, ptyname ? ptyname : user_details.tty);
|
if (aix_prep_user(details->pw->pw_name, ptyname ? ptyname : user_details.tty) != 0) {
|
||||||
|
/* error message displayed by aix_prep_user */
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_LOGIN_CAP_H
|
#ifdef HAVE_LOGIN_CAP_H
|
||||||
if (details->login_class) {
|
if (details->login_class) {
|
||||||
|
|||||||
Reference in New Issue
Block a user