Wrap valid_shell and add to sudo_pwutil_set_backend().

This will make it possible to support a different getusershell() implementation for testsudoers in the future.
2023-09-09 14:48:25 -06:00
parent d18ee8e0e7
commit 2fdb4db339
7 changed files with 19 additions and 8 deletions
--- a/plugins/sudoers/cvtsudoers.c
+++ b/plugins/sudoers/cvtsudoers.c
@@ -343,7 +343,7 @@ main(int argc, char *argv[])
    /* Set pwutil backend to use the filter data. */
    if (conf->filter != NULL && !match_local) {
 	sudo_pwutil_set_backend(cvtsudoers_make_pwitem, cvtsudoers_make_gritem,
-	    cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item);
+	    cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item, NULL);
    } else {
 	if (grfile != NULL)
 	    testsudoers_setgrfile(grfile);
@@ -353,7 +353,8 @@ main(int argc, char *argv[])
 	    pwfile ? testsudoers_make_pwitem : NULL,
 	    grfile ? testsudoers_make_gritem : NULL,
 	    grfile ? testsudoers_make_gidlist_item : NULL,
-	    grfile ? testsudoers_make_grlist_item : NULL);
+	    grfile ? testsudoers_make_grlist_item : NULL,
 	    NULL);
    }
    /* We may need the hostname to resolve %h escapes in include files. */
--- a/plugins/sudoers/pwutil.c
+++ b/plugins/sudoers/pwutil.c
@@ -67,6 +67,7 @@ static sudo_make_pwitem_t make_pwitem = sudo_make_pwitem;
 static sudo_make_gritem_t make_gritem = sudo_make_gritem;
 static sudo_make_gidlist_item_t make_gidlist_item = sudo_make_gidlist_item;
 static sudo_make_grlist_item_t make_grlist_item = sudo_make_grlist_item;
 static sudo_valid_shell_t valid_shell = sudo_valid_shell;
 #define cmp_grnam	cmp_pwnam
@@ -88,7 +89,8 @@ static sudo_make_grlist_item_t make_grlist_item = sudo_make_grlist_item;
 */
 void
 sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
-    sudo_make_gidlist_item_t gidlist_item, sudo_make_grlist_item_t grlist_item)
+    sudo_make_gidlist_item_t gidlist_item, sudo_make_grlist_item_t grlist_item,
    sudo_valid_shell_t check_shell)
 {
    debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS);
@@ -100,6 +102,8 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
 	make_gidlist_item = gidlist_item;
    if (grlist_item != NULL)
 	make_grlist_item = grlist_item;
    if (check_shell != NULL)
 	valid_shell = check_shell;
    debug_return;
 }
--- a/plugins/sudoers/pwutil.h
+++ b/plugins/sudoers/pwutil.h
@@ -73,6 +73,6 @@ struct cache_item *sudo_make_gritem(gid_t gid, const char *group);
 struct cache_item *sudo_make_grlist_item(const struct passwd *pw, char * const *groups);
 struct cache_item *sudo_make_gidlist_item(const struct passwd *pw, int ngids, GETGROUPS_T *gids, char * const *gidstrs, unsigned int type);
 struct cache_item *sudo_make_pwitem(uid_t uid, const char *user);
-bool valid_shell(const char *shell);
+bool sudo_valid_shell(const char *shell);
 #endif /* SUDOERS_PWUTIL_H */
--- a/plugins/sudoers/pwutil_impl.c
+++ b/plugins/sudoers/pwutil_impl.c
@@ -454,7 +454,7 @@ again:
 * Returns true if the specified shell is allowed by /etc/shells, else false.
 */
 bool
-valid_shell(const char *shell)
+PREFIX(valid_shell)(const char *shell)
 {
    const char *entry;
    debug_decl(valid_shell, SUDOERS_DEBUG_NSS);
@@ -471,4 +471,3 @@ valid_shell(const char *shell)
    debug_return_bool(false);
 }
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -344,6 +344,7 @@ typedef struct cache_item * (*sudo_make_pwitem_t)(uid_t uid, const char *user);
 typedef struct cache_item * (*sudo_make_gritem_t)(gid_t gid, const char *group);
 typedef struct cache_item * (*sudo_make_gidlist_item_t)(const struct passwd *pw, int ngids, GETGROUPS_T *gids, char * const *gidstrs, unsigned int type);
 typedef struct cache_item * (*sudo_make_grlist_item_t)(const struct passwd *pw, char * const *groups);
 typedef bool (*sudo_valid_shell_t)(const char *shell);
 sudo_dso_public struct group *sudo_getgrgid(gid_t);
 sudo_dso_public struct group *sudo_getgrnam(const char *);
 sudo_dso_public void sudo_gr_addref(struct group *);
@@ -370,7 +371,7 @@ int  sudo_set_gidlist(struct passwd *pw, int ngids, GETGROUPS_T *gids, char * co
 int  sudo_set_grlist(struct passwd *pw, char * const *groups);
 int  sudo_pwutil_get_max_groups(void);
 void sudo_pwutil_set_max_groups(int);
-void sudo_pwutil_set_backend(sudo_make_pwitem_t, sudo_make_gritem_t, sudo_make_gidlist_item_t, sudo_make_grlist_item_t);
+void sudo_pwutil_set_backend(sudo_make_pwitem_t, sudo_make_gritem_t, sudo_make_gidlist_item_t, sudo_make_grlist_item_t, sudo_valid_shell_t);
 void sudo_setspent(void);
 bool user_shell_valid(const struct passwd *pw);
--- a/plugins/sudoers/testsudoers.c
+++ b/plugins/sudoers/testsudoers.c
@@ -235,7 +235,7 @@ main(int argc, char *argv[])
 	/* Use custom passwd/group backend. */
 	sudo_pwutil_set_backend(testsudoers_make_pwitem,
 	    testsudoers_make_gritem, testsudoers_make_gidlist_item,
-	    testsudoers_make_grlist_item);
+	    testsudoers_make_grlist_item, testsudoers_valid_shell);
    }
    if (argc < 2) {
--- a/plugins/sudoers/testsudoers_pwutil.h
+++ b/plugins/sudoers/testsudoers_pwutil.h
@@ -21,6 +21,11 @@
 #include <config.h>
 #ifdef HAVE_STDBOOL_H
 # include <stdbool.h>
 #else
 # include "compat/stdbool.h"
 #endif /* HAVE_STDBOOL_H */
 #include <grp.h>
 #include <pwd.h>
@@ -28,5 +33,6 @@ struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group);
 struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups);
 struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, int ngids, GETGROUPS_T *gids, char * const *gidstrs, unsigned int type);
 struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user);
 bool testsudoers_valid_shell(const char *shell);
 #endif /* TESTSUDOERS_PWUTIL_H */