display_privs() and display_cmnd() may need to return -1 on error.

2015-06-26 10:33:28 -06:00
parent d3bc17a611
commit 2751413464
4 changed files with 18 additions and 10 deletions
--- a/plugins/sudoers/parse.c
+++ b/plugins/sudoers/parse.c
@@ -583,6 +583,9 @@ sudo_file_display_priv_long(struct passwd *pw, struct userspec *us,
    debug_return_int(nfound);
 }

+/*
+ * Returns the number of matching privileges or -1 on error.
+ */
 int
 sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw,
    struct sudo_lbuf *lbuf)
@@ -738,6 +741,9 @@ display_bound_defaults(int dtype, struct sudo_lbuf *lbuf)
    debug_return_int(nfound);
 }

+/*
+ * Returns 0 if the command is allowed, 1 if not or -1 on error.
+ */
 int
 sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
 {
--- a/plugins/sudoers/sudo_nss.c
+++ b/plugins/sudoers/sudo_nss.c
@@ -270,9 +270,10 @@ output(const char *buf)

 /*
 * Print out privileges for the specified user.
- * We only get here if the user is allowed to run something.
+ * Returns true if the user is allowed to run commands, false if not
+ * or -1 on error.
 */
-bool
+int
 display_privs(struct sudo_nss_list *snl, struct passwd *pw)
 {
    struct sudo_nss *nss;
@@ -332,23 +333,24 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw)
    sudo_lbuf_destroy(&defs);
    sudo_lbuf_destroy(&privs);

-    debug_return_bool(true);	/* XXX */
+    debug_return_int(count > 0);
 }

 /*
 * Check user_cmnd against sudoers and print the matching entry if the
 * command is allowed.
- * Returns true if the command is allowed, else false.
+ * Returns true if the command is allowed, false if not or -1 on error.
 */
-bool
+int
 display_cmnd(struct sudo_nss_list *snl, struct passwd *pw)
 {
    struct sudo_nss *nss;
    debug_decl(display_cmnd, SUDOERS_DEBUG_NSS)

+    /* XXX - display_cmnd return value is backwards */
    TAILQ_FOREACH(nss, snl, entries) {
 	if (nss->display_cmnd(nss, pw) == 0)
-	    debug_return_bool(true);
+	    debug_return_int(true);
    }
-    debug_return_bool(false);
+    debug_return_int(false);
 }
--- a/plugins/sudoers/sudo_nss.h
+++ b/plugins/sudoers/sudo_nss.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007-2011, 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -282,8 +282,8 @@ void dump_auth_methods(void);
 char *sudo_getepw(const struct passwd *);

 /* sudo_nss.c */
-bool display_privs(struct sudo_nss_list *, struct passwd *);
-bool display_cmnd(struct sudo_nss_list *, struct passwd *);
+int display_privs(struct sudo_nss_list *, struct passwd *);
+int display_cmnd(struct sudo_nss_list *, struct passwd *);

 /* pwutil.c */
 __dso_public struct group *sudo_getgrgid(gid_t);