Wrap valid_shell and add to sudo_pwutil_set_backend().

This will make it possible to support a different getusershell()
implementation for testsudoers in the future.

plugins/sudoers/cvtsudoers.c

@@ -343,7 +343,7 @@ main(int argc, char *argv[])
     /* Set pwutil backend to use the filter data. */
     if (conf->filter != NULL && !match_local) {
 	sudo_pwutil_set_backend(cvtsudoers_make_pwitem, cvtsudoers_make_gritem,
-	    cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item);
+	    cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item, NULL);
     } else {
 	if (grfile != NULL)
 	    testsudoers_setgrfile(grfile);
@@ -353,7 +353,8 @@ main(int argc, char *argv[])
 	    pwfile ? testsudoers_make_pwitem : NULL,
 	    grfile ? testsudoers_make_gritem : NULL,
 	    grfile ? testsudoers_make_gidlist_item : NULL,
-	    grfile ? testsudoers_make_grlist_item : NULL);
+	    grfile ? testsudoers_make_grlist_item : NULL,
+	    NULL);
     }
 
     /* We may need the hostname to resolve %h escapes in include files. */

plugins/sudoers/pwutil.c

@@ -67,6 +67,7 @@ static sudo_make_pwitem_t make_pwitem = sudo_make_pwitem;
 static sudo_make_gritem_t make_gritem = sudo_make_gritem;
 static sudo_make_gidlist_item_t make_gidlist_item = sudo_make_gidlist_item;
 static sudo_make_grlist_item_t make_grlist_item = sudo_make_grlist_item;
+static sudo_valid_shell_t valid_shell = sudo_valid_shell;
 
 #define cmp_grnam	cmp_pwnam
 
@@ -88,7 +89,8 @@ static sudo_make_grlist_item_t make_grlist_item = sudo_make_grlist_item;
  */
 void
 sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
-    sudo_make_gidlist_item_t gidlist_item, sudo_make_grlist_item_t grlist_item)
+    sudo_make_gidlist_item_t gidlist_item, sudo_make_grlist_item_t grlist_item,
+    sudo_valid_shell_t check_shell)
 {
     debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS);
 
@@ -100,6 +102,8 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
 	make_gidlist_item = gidlist_item;
     if (grlist_item != NULL)
 	make_grlist_item = grlist_item;
+    if (check_shell != NULL)
+	valid_shell = check_shell;
 
     debug_return;
 }

plugins/sudoers/pwutil.h

@@ -73,6 +73,6 @@ struct cache_item *sudo_make_gritem(gid_t gid, const char *group);
 struct cache_item *sudo_make_grlist_item(const struct passwd *pw, char * const *groups);
 struct cache_item *sudo_make_gidlist_item(const struct passwd *pw, int ngids, GETGROUPS_T *gids, char * const *gidstrs, unsigned int type);
 struct cache_item *sudo_make_pwitem(uid_t uid, const char *user);
-bool valid_shell(const char *shell);
+bool sudo_valid_shell(const char *shell);
 
 #endif /* SUDOERS_PWUTIL_H */

plugins/sudoers/pwutil_impl.c

@@ -454,7 +454,7 @@ again:
  * Returns true if the specified shell is allowed by /etc/shells, else false.
  */
 bool
-valid_shell(const char *shell)
+PREFIX(valid_shell)(const char *shell)
 {
     const char *entry;
     debug_decl(valid_shell, SUDOERS_DEBUG_NSS);
@@ -471,4 +471,3 @@ valid_shell(const char *shell)
 
     debug_return_bool(false);
 }
-

plugins/sudoers/sudoers.h

@@ -344,6 +344,7 @@ typedef struct cache_item * (*sudo_make_pwitem_t)(uid_t uid, const char *user);
 typedef struct cache_item * (*sudo_make_gritem_t)(gid_t gid, const char *group);
 typedef struct cache_item * (*sudo_make_gidlist_item_t)(const struct passwd *pw, int ngids, GETGROUPS_T *gids, char * const *gidstrs, unsigned int type);
 typedef struct cache_item * (*sudo_make_grlist_item_t)(const struct passwd *pw, char * const *groups);
+typedef bool (*sudo_valid_shell_t)(const char *shell);
 sudo_dso_public struct group *sudo_getgrgid(gid_t);
 sudo_dso_public struct group *sudo_getgrnam(const char *);
 sudo_dso_public void sudo_gr_addref(struct group *);
@@ -370,7 +371,7 @@ int  sudo_set_gidlist(struct passwd *pw, int ngids, GETGROUPS_T *gids, char * co
 int  sudo_set_grlist(struct passwd *pw, char * const *groups);
 int  sudo_pwutil_get_max_groups(void);
 void sudo_pwutil_set_max_groups(int);
-void sudo_pwutil_set_backend(sudo_make_pwitem_t, sudo_make_gritem_t, sudo_make_gidlist_item_t, sudo_make_grlist_item_t);
+void sudo_pwutil_set_backend(sudo_make_pwitem_t, sudo_make_gritem_t, sudo_make_gidlist_item_t, sudo_make_grlist_item_t, sudo_valid_shell_t);
 void sudo_setspent(void);
 bool user_shell_valid(const struct passwd *pw);
 

plugins/sudoers/testsudoers.c

@@ -235,7 +235,7 @@ main(int argc, char *argv[])
 	/* Use custom passwd/group backend. */
 	sudo_pwutil_set_backend(testsudoers_make_pwitem,
 	    testsudoers_make_gritem, testsudoers_make_gidlist_item,
-	    testsudoers_make_grlist_item);
+	    testsudoers_make_grlist_item, testsudoers_valid_shell);
     }
 
     if (argc < 2) {

plugins/sudoers/testsudoers_pwutil.h

@@ -21,6 +21,11 @@
 
 #include <config.h>
 
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif /* HAVE_STDBOOL_H */
 #include <grp.h>
 #include <pwd.h>
 
@@ -28,5 +33,6 @@ struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group);
 struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups);
 struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, int ngids, GETGROUPS_T *gids, char * const *gidstrs, unsigned int type);
 struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user);
+bool testsudoers_valid_shell(const char *shell);
 
 #endif /* TESTSUDOERS_PWUTIL_H */