Add a sudoers_context struct that embeds the user and runas structs.
This commit is contained in:
Todd C. Miller
@@ -459,14 +459,14 @@ display_privs(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose)
|
||||
struct stat sb;
|
||||
debug_decl(display_privs, SUDOERS_DEBUG_PARSER);
|
||||
|
||||
cols = user_ctx.cols;
|
||||
cols = ctx.user.cols;
|
||||
if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode))
|
||||
cols = 0;
|
||||
sudo_lbuf_init(&def_buf, output, 4, NULL, cols);
|
||||
sudo_lbuf_init(&priv_buf, output, 8, NULL, cols);
|
||||
|
||||
sudo_lbuf_append(&def_buf, _("Matching Defaults entries for %s on %s:\n"),
|
||||
pw->pw_name, runas_ctx.shost);
|
||||
pw->pw_name, ctx.runas.shost);
|
||||
count = 0;
|
||||
TAILQ_FOREACH(nss, snl, entries) {
|
||||
n = display_defaults(nss->parse_tree, pw, &def_buf);
|
||||
@@ -502,7 +502,7 @@ display_privs(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose)
|
||||
/* Display privileges from all sources. */
|
||||
sudo_lbuf_append(&priv_buf,
|
||||
_("User %s may run the following commands on %s:\n"),
|
||||
pw->pw_name, runas_ctx.shost);
|
||||
pw->pw_name, ctx.runas.shost);
|
||||
count = 0;
|
||||
TAILQ_FOREACH(nss, snl, entries) {
|
||||
if (nss->query(nss, pw) != -1) {
|
||||
@@ -517,7 +517,7 @@ display_privs(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose)
|
||||
priv_buf.len = 0;
|
||||
sudo_lbuf_append(&priv_buf,
|
||||
_("User %s is not allowed to run sudo on %s.\n"),
|
||||
pw->pw_name, runas_ctx.shost);
|
||||
pw->pw_name, ctx.runas.shost);
|
||||
}
|
||||
if (sudo_lbuf_error(&def_buf) || sudo_lbuf_error(&priv_buf))
|
||||
goto bad;
|
||||
@@ -548,13 +548,13 @@ display_cmnd_check(const struct sudoers_parse_tree *parse_tree,
|
||||
debug_decl(display_cmnd_check, SUDOERS_DEBUG_PARSER);
|
||||
|
||||
/*
|
||||
* For "sudo -l command", user_ctx.cmnd is "list" and the actual
|
||||
* command we are checking is in user_ctx.cmnd_list.
|
||||
* For "sudo -l command", ctx.user.cmnd is "list" and the actual
|
||||
* command we are checking is in ctx.user.cmnd_list.
|
||||
*/
|
||||
saved_user_cmnd = user_ctx.cmnd;
|
||||
saved_user_base = user_ctx.cmnd_base;
|
||||
user_ctx.cmnd = user_ctx.cmnd_list;
|
||||
user_ctx.cmnd_base = sudo_basename(user_ctx.cmnd);
|
||||
saved_user_cmnd = ctx.user.cmnd;
|
||||
saved_user_base = ctx.user.cmnd_base;
|
||||
ctx.user.cmnd = ctx.user.cmnd_list;
|
||||
ctx.user.cmnd_base = sudo_basename(ctx.user.cmnd);
|
||||
|
||||
TAILQ_FOREACH_REVERSE(us, &parse_tree->userspecs, userspec_list, entries) {
|
||||
if (userlist_matches(parse_tree, pw, &us->users) != ALLOW)
|
||||
@@ -589,13 +589,13 @@ display_cmnd_check(const struct sudoers_parse_tree *parse_tree,
|
||||
}
|
||||
}
|
||||
done:
|
||||
user_ctx.cmnd = saved_user_cmnd;
|
||||
user_ctx.cmnd_base = saved_user_base;
|
||||
ctx.user.cmnd = saved_user_cmnd;
|
||||
ctx.user.cmnd_base = saved_user_base;
|
||||
debug_return_int(cmnd_match);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check user_ctx.cmnd against sudoers and print the matching entry if the
|
||||
* Check ctx.user.cmnd against sudoers and print the matching entry if the
|
||||
* command is allowed.
|
||||
* Returns true if the command is allowed, false if not or -1 on error.
|
||||
*/
|
||||
@@ -633,9 +633,9 @@ display_cmnd(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose)
|
||||
match_info.priv, match_info.cs, NULL, &lbuf);
|
||||
sudo_lbuf_append(&lbuf, " Matched: ");
|
||||
}
|
||||
sudo_lbuf_append(&lbuf, "%s%s%s\n", user_ctx.cmnd_list,
|
||||
user_ctx.cmnd_args ? " " : "",
|
||||
user_ctx.cmnd_args ? user_ctx.cmnd_args : "");
|
||||
sudo_lbuf_append(&lbuf, "%s%s%s\n", ctx.user.cmnd_list,
|
||||
ctx.user.cmnd_args ? " " : "",
|
||||
ctx.user.cmnd_args ? ctx.user.cmnd_args : "");
|
||||
sudo_lbuf_print(&lbuf);
|
||||
ret = sudo_lbuf_error(&lbuf) ? -1 : true;
|
||||
sudo_lbuf_destroy(&lbuf);
|
||||
|
||||
Reference in New Issue
Block a user