diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c index 8a31cf422..733180e8e 100644 --- a/plugins/sudoers/match_command.c +++ b/plugins/sudoers/match_command.c @@ -806,7 +806,7 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, const struct command_digest_list *digests) { const bool intercepted = info ? info->intercepted : false; - sudoers_pivot_t pivot_state = SUDOERS_PIVOT_INITIALIZER; + struct sudoers_pivot pivot_state = SUDOERS_PIVOT_INITIALIZER; char *saved_user_cmnd = NULL; struct stat saved_user_stat; bool reset_cmnd = false; @@ -832,7 +832,7 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, /* Pivot root. */ if (runchroot != NULL) { - if (!pivot_root(runchroot, pivot_state)) + if (!pivot_root(runchroot, &pivot_state)) goto done; } @@ -856,7 +856,7 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, if (sudoers_cmnd == NULL) { sudoers_cmnd = "ALL"; - ret = command_matches_all(ctx, pivot_get_root(pivot_state), + ret = command_matches_all(ctx, pivot_get_root(&pivot_state), intercepted, digests); goto done; } @@ -864,7 +864,7 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, /* Check for regular expressions first. */ if (sudoers_cmnd[0] == '^') { ret = command_matches_regex(ctx, sudoers_cmnd, sudoers_args, - pivot_get_root(pivot_state), intercepted, digests); + pivot_get_root(&pivot_state), intercepted, digests); goto done; } @@ -894,19 +894,19 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, */ if (def_fast_glob) { ret = command_matches_fnmatch(ctx, sudoers_cmnd, sudoers_args, - pivot_get_root(pivot_state), intercepted, digests); + pivot_get_root(&pivot_state), intercepted, digests); } else { ret = command_matches_glob(ctx, sudoers_cmnd, sudoers_args, - pivot_get_root(pivot_state), intercepted, digests); + pivot_get_root(&pivot_state), intercepted, digests); } } else { ret = command_matches_normal(ctx, sudoers_cmnd, sudoers_args, - pivot_get_root(pivot_state), intercepted, digests); + pivot_get_root(&pivot_state), intercepted, digests); } done: /* Restore root. */ if (runchroot != NULL) - (void)unpivot_root(pivot_state); + (void)unpivot_root(&pivot_state); /* Restore ctx->user.cmnd and ctx->user.cmnd_stat. */ if (saved_user_cmnd != NULL) { diff --git a/plugins/sudoers/pivot.c b/plugins/sudoers/pivot.c index 28bb2d6e2..db67ad4b8 100644 --- a/plugins/sudoers/pivot.c +++ b/plugins/sudoers/pivot.c @@ -35,20 +35,20 @@ * Returns true on success, else false. */ bool -pivot_root(const char *new_root, sudoers_pivot_t state) +pivot_root(const char *new_root, struct sudoers_pivot *state) { debug_decl(pivot_root, SUDOERS_DEBUG_UTIL); - state.saved_root = open("/", O_RDONLY); - state.saved_cwd = open(".", O_RDONLY); - if (state.saved_root == -1 || state.saved_cwd == -1 || chroot(new_root) == -1) { - if (state.saved_root != -1) { - close(state.saved_root); - state.saved_root = -1; + state->saved_root = open("/", O_RDONLY); + state->saved_cwd = open(".", O_RDONLY); + if (state->saved_root == -1 || state->saved_cwd == -1 || chroot(new_root) == -1) { + if (state->saved_root != -1) { + close(state->saved_root); + state->saved_root = -1; } - if (state.saved_cwd != -1) { - close(state.saved_cwd); - state.saved_cwd = -1; + if (state->saved_cwd != -1) { + close(state->saved_cwd); + state->saved_cwd = -1; } debug_return_bool(false); } @@ -60,40 +60,40 @@ pivot_root(const char *new_root, sudoers_pivot_t state) * Returns true on success, else false. */ bool -unpivot_root(sudoers_pivot_t state) +unpivot_root(struct sudoers_pivot *state) { bool ret = true; debug_decl(unpivot_root, SUDOERS_DEBUG_UTIL); /* Order is important: restore old root, *then* change cwd. */ - if (state.saved_root != -1) { - if (fchdir(state.saved_root) == -1 || chroot(".") == -1) { + if (state->saved_root != -1) { + if (fchdir(state->saved_root) == -1 || chroot(".") == -1) { sudo_warn("%s", U_("unable to restore root directory")); ret = false; } - close(state.saved_root); - state.saved_root = -1; + close(state->saved_root); + state->saved_root = -1; } - if (state.saved_cwd != -1) { - if (fchdir(state.saved_cwd) == -1) { + if (state->saved_cwd != -1) { + if (fchdir(state->saved_cwd) == -1) { sudo_warn("%s", U_("unable to restore current working directory")); ret = false; } - close(state.saved_cwd); - state.saved_cwd = -1; + close(state->saved_cwd); + state->saved_cwd = -1; } debug_return_bool(ret); } int -pivot_get_root(sudoers_pivot_t state) +pivot_get_root(struct sudoers_pivot *state) { - return state.saved_root; + return state->saved_root; } int -pivot_get_cwd(sudoers_pivot_t state) +pivot_get_cwd(struct sudoers_pivot *state) { - return state.saved_cwd; + return state->saved_cwd; } diff --git a/plugins/sudoers/pivot.h b/plugins/sudoers/pivot.h index 7336d3ab6..c6b205cb9 100644 --- a/plugins/sudoers/pivot.h +++ b/plugins/sudoers/pivot.h @@ -25,11 +25,10 @@ struct sudoers_pivot { int saved_root; int saved_cwd; }; -typedef struct sudoers_pivot sudoers_pivot_t; -bool pivot_root(const char *new_root, sudoers_pivot_t cookie); -bool unpivot_root(sudoers_pivot_t cookie); -int pivot_get_root(sudoers_pivot_t cookie); -int pivot_get_cwd(sudoers_pivot_t cookie); +bool pivot_root(const char *new_root, struct sudoers_pivot *state); +bool unpivot_root(struct sudoers_pivot *state); +int pivot_get_root(struct sudoers_pivot *state); +int pivot_get_cwd(struct sudoers_pivot *state); #endif /* SUDOERS_PIVOT_H */ diff --git a/plugins/sudoers/regress/fuzz/fuzz_stubs.c b/plugins/sudoers/regress/fuzz/fuzz_stubs.c index 14805476c..858ed3b67 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_stubs.c +++ b/plugins/sudoers/regress/fuzz/fuzz_stubs.c @@ -58,25 +58,25 @@ init_eventlog_config(void) } bool -pivot_root(const char *new_root, sudoers_pivot_t state) +pivot_root(const char *new_root, struct sudoers_pivot *state) { return true; } bool -unpivot_root(sudoers_pivot_t state) +unpivot_root(struct sudoers_pivot *state) { return true; } int -pivot_get_root(sudoers_pivot_t state) +pivot_get_root(struct sudoers_pivot *state) { return -1; } int -pivot_get_cwd(sudoers_pivot_t state) +pivot_get_cwd(struct sudoers_pivot *state) { return -1; } diff --git a/plugins/sudoers/stubs.c b/plugins/sudoers/stubs.c index 8dff27dd4..ff4d0dc2f 100644 --- a/plugins/sudoers/stubs.c +++ b/plugins/sudoers/stubs.c @@ -98,28 +98,28 @@ init_eventlog_config(void) /* STUB */ bool -pivot_root(const char *new_root, sudoers_pivot_t state) +pivot_root(const char *new_root, struct sudoers_pivot *state) { return true; } /* STUB */ bool -unpivot_root(sudoers_pivot_t state) +unpivot_root(struct sudoers_pivot *state) { return true; } /* STUB */ int -pivot_get_root(sudoers_pivot_t state) +pivot_get_root(struct sudoers_pivot *state) { return -1; } /* STUB */ int -pivot_get_cwd(sudoers_pivot_t state) +pivot_get_cwd(struct sudoers_pivot *state) { return -1; } diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index ac3e96f79..b9ff13deb 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -1062,7 +1062,7 @@ init_vars(struct sudoers_context *ctx, char * const envp[]) int set_cmnd_path(struct sudoers_context *ctx, const char *runchroot) { - sudoers_pivot_t pivot_state = SUDOERS_PIVOT_INITIALIZER; + struct sudoers_pivot pivot_state = SUDOERS_PIVOT_INITIALIZER; const char *cmnd_in; char *cmnd_out = NULL; char *path = ctx->user.path; @@ -1083,7 +1083,7 @@ set_cmnd_path(struct sudoers_context *ctx, const char *runchroot) /* Pivot root. */ if (runchroot != NULL) { - if (!pivot_root(runchroot, pivot_state)) + if (!pivot_root(runchroot, &pivot_state)) goto error; } @@ -1121,12 +1121,12 @@ set_cmnd_path(struct sudoers_context *ctx, const char *runchroot) /* Restore root. */ if (runchroot != NULL) - (void)unpivot_root(pivot_state); + (void)unpivot_root(&pivot_state); debug_return_int(ret); error: if (runchroot != NULL) - (void)unpivot_root(pivot_state); + (void)unpivot_root(&pivot_state); free(cmnd_out); debug_return_int(NOT_FOUND_ERROR); } diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index d7bf218c2..90f458a51 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -605,25 +605,25 @@ init_eventlog_config(void) } bool -pivot_root(const char *new_root, sudoers_pivot_t state) +pivot_root(const char *new_root, struct sudoers_pivot *state) { return true; } bool -unpivot_root(sudoers_pivot_t state) +unpivot_root(struct sudoers_pivot *state) { return true; } int -pivot_get_root(sudoers_pivot_t state) +pivot_get_root(struct sudoers_pivot *state) { return -1; } int -pivot_get_cwd(sudoers_pivot_t state) +pivot_get_cwd(struct sudoers_pivot *state) { return -1; }