isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

display_privs() and display_cmnd() may need to return -1 on error.

Browse Source
This commit is contained in:
Todd C. Miller
2015-06-26 10:33:28 -06:00
parent d3bc17a611
commit 2751413464
4 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/sudoers/parse.c
View File

@@ -583,6 +583,9 @@ sudo_file_display_priv_long(struct passwd *pw, struct userspec *us,
debug_return_int(nfound); debug_return_int(nfound);
} }
/*
* Returns the number of matching privileges or -1 on error.
*/
int int
sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw, sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw,
struct sudo_lbuf *lbuf) struct sudo_lbuf *lbuf)
@@ -738,6 +741,9 @@ display_bound_defaults(int dtype, struct sudo_lbuf *lbuf)
debug_return_int(nfound); debug_return_int(nfound);
} }
/*
* Returns 0 if the command is allowed, 1 if not or -1 on error.
*/
int int
sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw) sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
{ {

16
plugins/sudoers/sudo_nss.c
View File

@@ -270,9 +270,10 @@ output(const char *buf)
/* /*
* Print out privileges for the specified user. * Print out privileges for the specified user.
* We only get here if the user is allowed to run something. * Returns true if the user is allowed to run commands, false if not
* or -1 on error.
*/ */
bool int
display_privs(struct sudo_nss_list *snl, struct passwd *pw) display_privs(struct sudo_nss_list *snl, struct passwd *pw)
{ {
struct sudo_nss *nss; struct sudo_nss *nss;
@@ -332,23 +333,24 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw)
sudo_lbuf_destroy(&defs); sudo_lbuf_destroy(&defs);
sudo_lbuf_destroy(&privs); sudo_lbuf_destroy(&privs);
debug_return_bool(true); /* XXX */ debug_return_int(count > 0);
} }
/* /*
* Check user_cmnd against sudoers and print the matching entry if the * Check user_cmnd against sudoers and print the matching entry if the
* command is allowed. * command is allowed.
* Returns true if the command is allowed, else false. * Returns true if the command is allowed, false if not or -1 on error.
*/ */
bool int
display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) display_cmnd(struct sudo_nss_list *snl, struct passwd *pw)
{ {
struct sudo_nss *nss; struct sudo_nss *nss;
debug_decl(display_cmnd, SUDOERS_DEBUG_NSS) debug_decl(display_cmnd, SUDOERS_DEBUG_NSS)
/* XXX - display_cmnd return value is backwards */
TAILQ_FOREACH(nss, snl, entries) { TAILQ_FOREACH(nss, snl, entries) {
if (nss->display_cmnd(nss, pw) == 0) if (nss->display_cmnd(nss, pw) == 0)
debug_return_bool(true); debug_return_int(true);
} }
debug_return_bool(false); debug_return_int(false);
} }

2
plugins/sudoers/sudo_nss.h
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com> * Copyright (c) 2007-2011, 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
* *
* Permission to use, copy, modify, and distribute this software for any * Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above * purpose with or without fee is hereby granted, provided that the above

4
plugins/sudoers/sudoers.h
View File

@@ -282,8 +282,8 @@ void dump_auth_methods(void);
char *sudo_getepw(const struct passwd *); char *sudo_getepw(const struct passwd *);
/* sudo_nss.c */ /* sudo_nss.c */
bool display_privs(struct sudo_nss_list *, struct passwd *); int display_privs(struct sudo_nss_list *, struct passwd *);
bool display_cmnd(struct sudo_nss_list *, struct passwd *); int display_cmnd(struct sudo_nss_list *, struct passwd *);
/* pwutil.c */ /* pwutil.c */
__dso_public struct group *sudo_getgrgid(gid_t); __dso_public struct group *sudo_getgrgid(gid_t);