isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move get_auth() into check.c where it is actually used.

Browse Source
This commit is contained in:
Todd C. Miller
2010-08-21 08:48:35 -04:00
parent a68c31306c
commit 256ee25ab5
2 changed files with 36 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
plugins/sudoers/check.c
View File

@@ -90,6 +90,7 @@ static char *expand_prompt(char *, char *, char *);
static void lecture(int); static void lecture(int);
static void update_timestamp(char *, char *); static void update_timestamp(char *, char *);
static int tty_is_devpts(const char *); static int tty_is_devpts(const char *);
static struct passwd *get_authpw(void);
/* /*
* Returns TRUE if the user successfully authenticates, else FALSE. * Returns TRUE if the user successfully authenticates, else FALSE.
@@ -127,6 +128,8 @@ check_user(int validated, int mode)
TS_MAKE_DIRS); TS_MAKE_DIRS);
if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) { if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
struct passwd *auth_pw;
/* Bail out if we are non-interactive and a password is required */ /* Bail out if we are non-interactive and a password is required */
if (ISSET(mode, MODE_NONINTERACTIVE)) { if (ISSET(mode, MODE_NONINTERACTIVE)) {
warningx("sorry, a password is required to run %s", getprogname()); warningx("sorry, a password is required to run %s", getprogname());
@@ -140,7 +143,9 @@ check_user(int validated, int mode)
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt, prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
user_name, user_shost); user_name, user_shost);
auth_pw = get_authpw();
rval = verify_user(auth_pw, prompt); rval = verify_user(auth_pw, prompt);
pw_delref(auth_pw);
} }
/* Only update timestamp if user was validated. */ /* Only update timestamp if user was validated. */
if (rval == TRUE && ISSET(validated, VALIDATE_OK) && if (rval == TRUE && ISSET(validated, VALIDATE_OK) &&
@@ -148,10 +153,6 @@ check_user(int validated, int mode)
update_timestamp(timestampdir, timestampfile); update_timestamp(timestampdir, timestampfile);
efree(timestampdir); efree(timestampdir);
efree(timestampfile); efree(timestampfile);
if (auth_pw) {
pw_delref(auth_pw);
auth_pw = NULL;
}
return rval; return rval;
} }
@@ -688,3 +689,33 @@ tty_is_devpts(const char *tty)
#endif /* __linux__ */ #endif /* __linux__ */
return retval; return retval;
} }
/*
* Get passwd entry for the user we are going to authenticate as.
* By default, this is the user invoking sudo. In the most common
* case, this matches sudo_user.pw or runas_pw.
*/
static struct passwd *
get_authpw(void)
{
struct passwd *pw;
if (def_rootpw) {
if ((pw = sudo_getpwuid(0)) == NULL)
log_error(0, "unknown uid: 0");
} else if (def_runaspw) {
if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
log_error(0, "unknown user: %s", def_runas_default);
} else if (def_targetpw) {
if (runas_pw->pw_name == NULL)
log_error(NO_MAIL|MSG_ONLY, "unknown uid: %lu",
(unsigned long) runas_pw->pw_uid);
pw_addref(runas_pw);
pw = runas_pw;
} else {
pw_addref(sudo_user.pw);
pw = sudo_user.pw;
}
return(pw);
}

36
plugins/sudoers/sudoers.c
View File

@@ -108,7 +108,6 @@ static void set_project(struct passwd *);
static void set_runasgr(char *); static void set_runasgr(char *);
static void set_runaspw(char *); static void set_runaspw(char *);
static int sudoers_policy_version(int verbose); static int sudoers_policy_version(int verbose);
static struct passwd *get_authpw(void);
static int deserialize_info(char * const settings[], char * const user_info[]); static int deserialize_info(char * const settings[], char * const user_info[]);
static char *find_editor(int nfiles, char **files, char ***argv_out); static char *find_editor(int nfiles, char **files, char ***argv_out);
static void create_admin_success_flag(void); static void create_admin_success_flag(void);
@@ -122,7 +121,7 @@ extern GETGROUPS_T *runas_groups;
*/ */
char *prev_user; char *prev_user;
struct sudo_user sudo_user; struct sudo_user sudo_user;
struct passwd *auth_pw, *list_pw; struct passwd *list_pw;
struct interface *interfaces; struct interface *interfaces;
int num_interfaces; int num_interfaces;
int long_list; int long_list;
@@ -440,9 +439,6 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
/* Build a new environment that avoids any nasty bits. */ /* Build a new environment that avoids any nasty bits. */
rebuild_env(def_noexec); rebuild_env(def_noexec);
/* Fill in passwd struct based on user we are authenticating as. */
auth_pw = get_authpw();
/* Require a password if sudoers says so. */ /* Require a password if sudoers says so. */
if (def_authenticate) { if (def_authenticate) {
int rc = check_user(validated, sudo_mode); int rc = check_user(validated, sudo_mode);
@@ -1112,36 +1108,6 @@ set_runasgr(char *group)
} }
} }
/*
* Get passwd entry for the user we are going to authenticate as.
* By default, this is the user invoking sudo. In the most common
* case, this matches sudo_user.pw or runas_pw.
*/
static struct passwd *
get_authpw(void)
{
struct passwd *pw;
if (def_rootpw) {
if ((pw = sudo_getpwuid(0)) == NULL)
log_error(0, "unknown uid: 0");
} else if (def_runaspw) {
if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
log_error(0, "unknown user: %s", def_runas_default);
} else if (def_targetpw) {
if (runas_pw->pw_name == NULL)
log_error(NO_MAIL|MSG_ONLY, "unknown uid: %lu",
(unsigned long) runas_pw->pw_uid);
pw_addref(runas_pw);
pw = runas_pw;
} else {
pw_addref(sudo_user.pw);
pw = sudo_user.pw;
}
return(pw);
}
/* /*
* Cleanup hook for error()/errorx() * Cleanup hook for error()/errorx()
*/ */