isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix matching of uids and gids broken in sudo 1.8.9.

Browse Source
This commit is contained in:
Todd C. Miller
2014-04-09 10:22:09 -06:00
parent ecae6b4f9a
commit 27aff732f1
6 changed files with 48 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
MANIFEST
View File

@@ -364,6 +364,10 @@ plugins/sudoers/regress/testsudoers/test4.out.ok
plugins/sudoers/regress/testsudoers/test4.sh plugins/sudoers/regress/testsudoers/test4.sh
plugins/sudoers/regress/testsudoers/test5.out.ok plugins/sudoers/regress/testsudoers/test5.out.ok
plugins/sudoers/regress/testsudoers/test5.sh plugins/sudoers/regress/testsudoers/test5.sh
plugins/sudoers/regress/testsudoers/test6.out.ok
plugins/sudoers/regress/testsudoers/test6.sh
plugins/sudoers/regress/testsudoers/test7.out.ok
plugins/sudoers/regress/testsudoers/test7.sh
plugins/sudoers/regress/visudo/test1.out.ok plugins/sudoers/regress/visudo/test1.out.ok
plugins/sudoers/regress/visudo/test1.sh plugins/sudoers/regress/visudo/test1.sh
plugins/sudoers/regress/visudo/test2.err.ok plugins/sudoers/regress/visudo/test2.err.ok

4
plugins/sudoers/match.c
View File

@@ -802,7 +802,7 @@ userpw_matches(const char *sudoers_user, const char *user, const struct passwd *
if (pw != NULL && *sudoers_user == '#') { if (pw != NULL && *sudoers_user == '#') {
uid = (uid_t) atoid(sudoers_user + 1, NULL, NULL, &errstr); uid = (uid_t) atoid(sudoers_user + 1, NULL, NULL, &errstr);
if (errstr != NULL && uid == pw->pw_uid) { if (errstr == NULL && uid == pw->pw_uid) {
rc = true; rc = true;
goto done; goto done;
} }
@@ -829,7 +829,7 @@ group_matches(const char *sudoers_group, const struct group *gr)
if (*sudoers_group == '#') { if (*sudoers_group == '#') {
gid = (gid_t) atoid(sudoers_group + 1, NULL, NULL, &errstr); gid = (gid_t) atoid(sudoers_group + 1, NULL, NULL, &errstr);
if (errstr != NULL && gid == gr->gr_gid) { if (errstr == NULL && gid == gr->gr_gid) {
rc = true; rc = true;
goto done; goto done;
} }

10
plugins/sudoers/regress/testsudoers/test6.out.ok Normal file
View File

@@ -0,0 +1,10 @@
Parses OK.
Entries for user root:
ALL = ALL
host matched
runas matched
cmnd allowed
Command allowed

11
plugins/sudoers/regress/testsudoers/test6.sh Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
#
# Verify sudoers matching by uid.
#
exec 2>&1
./testsudoers root id <<EOF
#0 ALL = ALL
EOF
exit 0

10
plugins/sudoers/regress/testsudoers/test7.out.ok Normal file
View File

@@ -0,0 +1,10 @@
Parses OK.
Entries for user root:
ALL = ALL
host matched
runas matched
cmnd allowed
Command allowed

11
plugins/sudoers/regress/testsudoers/test7.sh Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
#
# Verify sudoers matching by gid.
#
exec 2>&1
./testsudoers root id <<EOF
%#0 ALL = ALL
EOF
exit 0