Do not redefine system group and passwd functions for testsudoers.
Instead, prefix the replacements with "testsudoers_" and use a custom pwutil backend so they get used.
This commit is contained in:
Todd C. Miller
1
MANIFEST
1
MANIFEST
@@ -991,6 +991,7 @@ plugins/sudoers/sudoers_hooks.c
|
||||
plugins/sudoers/sudoers_version.h
|
||||
plugins/sudoers/sudoreplay.c
|
||||
plugins/sudoers/testsudoers.c
|
||||
plugins/sudoers/testsudoers_pwutil.c
|
||||
plugins/sudoers/timeout.c
|
||||
plugins/sudoers/timestamp.c
|
||||
plugins/sudoers/timestr.c
|
||||
|
||||
@@ -206,7 +206,7 @@ REPLAY_IOBJS = $(REPLAY_OBJS:.o=.i)
|
||||
|
||||
TEST_OBJS = fmtsudoers.lo fmtsudoers_cvt.lo group_plugin.lo interfaces.lo \
|
||||
ldap_util.lo locale.lo net_ifs.o parse_ldif.o sudo_printf.o \
|
||||
testsudoers.o tsgetgrpw.o
|
||||
testsudoers.o testsudoers_pwutil.o tsgetgrpw.o
|
||||
|
||||
IOBJS = $(LIBPARSESUDOERS_IOBJS) $(SUDOERS_IOBJS) $(VISUDO_IOBJS) \
|
||||
$(CVTSUDOERS_IOBJS) $(REPLAY_IOBJS)
|
||||
@@ -2944,6 +2944,34 @@ testsudoers.i: $(srcdir)/testsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \
|
||||
$(CC) -E -o $@ $(CPPFLAGS) $<
|
||||
testsudoers.plog: testsudoers.i
|
||||
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/testsudoers.c --i-file $< --output-file $@
|
||||
testsudoers_pwutil.o: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \
|
||||
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
|
||||
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
|
||||
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
|
||||
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
|
||||
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
|
||||
$(srcdir)/defaults.h $(srcdir)/logging.h \
|
||||
$(srcdir)/parse.h $(srcdir)/pwutil.h \
|
||||
$(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \
|
||||
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
|
||||
$(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \
|
||||
$(top_builddir)/pathnames.h
|
||||
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/testsudoers_pwutil.c
|
||||
testsudoers_pwutil.i: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \
|
||||
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
|
||||
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
|
||||
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
|
||||
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
|
||||
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
|
||||
$(srcdir)/defaults.h $(srcdir)/logging.h \
|
||||
$(srcdir)/parse.h $(srcdir)/pwutil.h \
|
||||
$(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \
|
||||
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
|
||||
$(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \
|
||||
$(top_builddir)/pathnames.h
|
||||
$(CC) -E -o $@ $(CPPFLAGS) $<
|
||||
testsudoers_pwutil.plog: testsudoers_pwutil.i
|
||||
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/testsudoers_pwutil.c --i-file $< --output-file $@
|
||||
timeout.lo: $(srcdir)/timeout.c $(incdir)/compat/stdbool.h \
|
||||
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
|
||||
$(incdir)/sudo_queue.h $(srcdir)/parse.h $(srcdir)/sudoers_debug.h \
|
||||
|
||||
@@ -68,19 +68,11 @@ static bool cb_runas_default(const union sudo_defs_val *);
|
||||
static int testsudoers_error(const char *msg);
|
||||
static int testsudoers_output(const char *buf);
|
||||
|
||||
/* tsgetgrpw.c */
|
||||
extern void setgrfile(const char *);
|
||||
extern void setgrent(void);
|
||||
extern void endgrent(void);
|
||||
extern struct group *getgrent(void);
|
||||
extern struct group *getgrnam(const char *);
|
||||
extern struct group *getgrgid(gid_t);
|
||||
extern void setpwfile(const char *);
|
||||
extern void setpwent(void);
|
||||
extern void endpwent(void);
|
||||
extern struct passwd *getpwent(void);
|
||||
extern struct passwd *getpwnam(const char *);
|
||||
extern struct passwd *getpwuid(uid_t);
|
||||
/* testsudoers_pwutil.c */
|
||||
extern struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group);
|
||||
extern struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups);
|
||||
extern struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, char * const *gids, unsigned int type);
|
||||
extern struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user);
|
||||
|
||||
/* gram.y */
|
||||
extern int (*trace_print)(const char *msg);
|
||||
@@ -194,11 +186,18 @@ main(int argc, char *argv[])
|
||||
argc -= optind;
|
||||
argv += optind;
|
||||
|
||||
/* Set group/passwd file and init the cache. */
|
||||
if (grfile)
|
||||
setgrfile(grfile);
|
||||
if (pwfile)
|
||||
setpwfile(pwfile);
|
||||
if (grfile != NULL || pwfile != NULL) {
|
||||
/* Set group/passwd file and init the cache. */
|
||||
if (grfile)
|
||||
testsudoers_setgrfile(grfile);
|
||||
if (pwfile)
|
||||
testsudoers_setpwfile(pwfile);
|
||||
|
||||
/* Use custom passwd/group backend. */
|
||||
sudo_pwutil_set_backend(testsudoers_make_pwitem,
|
||||
testsudoers_make_gritem, testsudoers_make_gidlist_item,
|
||||
testsudoers_make_grlist_item);
|
||||
}
|
||||
|
||||
if (argc < 2) {
|
||||
if (!dflag)
|
||||
|
||||
14
plugins/sudoers/testsudoers_pwutil.c
Normal file
14
plugins/sudoers/testsudoers_pwutil.c
Normal file
@@ -0,0 +1,14 @@
|
||||
/* Use custom passwd/group functions with the normal pwutil_impl.c */
|
||||
#define sudo_make_pwitem testsudoers_make_pwitem
|
||||
#define sudo_make_gritem testsudoers_make_gritem
|
||||
#define sudo_make_gidlist_item testsudoers_make_gidlist_item
|
||||
#define sudo_make_grlist_item testsudoers_make_grlist_item
|
||||
|
||||
#define getpwnam testsudoers_getpwnam
|
||||
#define getpwuid testsudoers_getpwuid
|
||||
#define getgrnam testsudoers_getgrnam
|
||||
#define getgrgid testsudoers_getgrgid
|
||||
#define sudo_getgrouplist2_v1 testsudoers_getgrouplist2_v1
|
||||
|
||||
#include "tsgetgrpw.h"
|
||||
#include "pwutil_impl.c"
|
||||
@@ -59,30 +59,16 @@ static FILE *grf;
|
||||
static const char *grfile = "/etc/group";
|
||||
static int gr_stayopen;
|
||||
|
||||
void setgrfile(const char *);
|
||||
void setgrent(void);
|
||||
void endgrent(void);
|
||||
struct group *getgrent(void);
|
||||
struct group *getgrnam(const char *);
|
||||
struct group *getgrgid(gid_t);
|
||||
|
||||
void setpwfile(const char *);
|
||||
void setpwent(void);
|
||||
void endpwent(void);
|
||||
struct passwd *getpwent(void);
|
||||
struct passwd *getpwnam(const char *);
|
||||
struct passwd *getpwuid(uid_t);
|
||||
|
||||
void
|
||||
setpwfile(const char *file)
|
||||
testsudoers_setpwfile(const char *file)
|
||||
{
|
||||
pwfile = file;
|
||||
if (pwf != NULL)
|
||||
endpwent();
|
||||
testsudoers_endpwent();
|
||||
}
|
||||
|
||||
void
|
||||
setpwent(void)
|
||||
testsudoers_setpwent(void)
|
||||
{
|
||||
if (pwf == NULL) {
|
||||
pwf = fopen(pwfile, "r");
|
||||
@@ -99,7 +85,7 @@ setpwent(void)
|
||||
}
|
||||
|
||||
void
|
||||
endpwent(void)
|
||||
testsudoers_endpwent(void)
|
||||
{
|
||||
if (pwf != NULL) {
|
||||
fclose(pwf);
|
||||
@@ -109,7 +95,7 @@ endpwent(void)
|
||||
}
|
||||
|
||||
struct passwd *
|
||||
getpwent(void)
|
||||
testsudoers_getpwent(void)
|
||||
{
|
||||
static struct passwd pw;
|
||||
static char pwbuf[LINE_MAX];
|
||||
@@ -161,7 +147,7 @@ next_entry:
|
||||
}
|
||||
|
||||
struct passwd *
|
||||
getpwnam(const char *name)
|
||||
testsudoers_getpwnam(const char *name)
|
||||
{
|
||||
struct passwd *pw;
|
||||
|
||||
@@ -175,7 +161,7 @@ getpwnam(const char *name)
|
||||
} else {
|
||||
rewind(pwf);
|
||||
}
|
||||
while ((pw = getpwent()) != NULL) {
|
||||
while ((pw = testsudoers_getpwent()) != NULL) {
|
||||
if (strcmp(pw->pw_name, name) == 0)
|
||||
break;
|
||||
}
|
||||
@@ -187,7 +173,7 @@ getpwnam(const char *name)
|
||||
}
|
||||
|
||||
struct passwd *
|
||||
getpwuid(uid_t uid)
|
||||
testsudoers_getpwuid(uid_t uid)
|
||||
{
|
||||
struct passwd *pw;
|
||||
|
||||
@@ -201,7 +187,7 @@ getpwuid(uid_t uid)
|
||||
} else {
|
||||
rewind(pwf);
|
||||
}
|
||||
while ((pw = getpwent()) != NULL) {
|
||||
while ((pw = testsudoers_getpwent()) != NULL) {
|
||||
if (pw->pw_uid == uid)
|
||||
break;
|
||||
}
|
||||
@@ -213,7 +199,7 @@ getpwuid(uid_t uid)
|
||||
}
|
||||
|
||||
void
|
||||
setgrfile(const char *file)
|
||||
testsudoers_setgrfile(const char *file)
|
||||
{
|
||||
grfile = file;
|
||||
if (grf != NULL)
|
||||
@@ -221,7 +207,7 @@ setgrfile(const char *file)
|
||||
}
|
||||
|
||||
void
|
||||
setgrent(void)
|
||||
testsudoers_setgrent(void)
|
||||
{
|
||||
if (grf == NULL) {
|
||||
grf = fopen(grfile, "r");
|
||||
@@ -238,7 +224,7 @@ setgrent(void)
|
||||
}
|
||||
|
||||
void
|
||||
endgrent(void)
|
||||
testsudoers_endgrent(void)
|
||||
{
|
||||
if (grf != NULL) {
|
||||
fclose(grf);
|
||||
@@ -248,7 +234,7 @@ endgrent(void)
|
||||
}
|
||||
|
||||
struct group *
|
||||
getgrent(void)
|
||||
testsudoers_getgrent(void)
|
||||
{
|
||||
static struct group gr;
|
||||
static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1];
|
||||
@@ -297,7 +283,7 @@ next_entry:
|
||||
}
|
||||
|
||||
struct group *
|
||||
getgrnam(const char *name)
|
||||
testsudoers_getgrnam(const char *name)
|
||||
{
|
||||
struct group *gr;
|
||||
|
||||
@@ -311,7 +297,7 @@ getgrnam(const char *name)
|
||||
} else {
|
||||
rewind(grf);
|
||||
}
|
||||
while ((gr = getgrent()) != NULL) {
|
||||
while ((gr = testsudoers_getgrent()) != NULL) {
|
||||
if (strcmp(gr->gr_name, name) == 0)
|
||||
break;
|
||||
}
|
||||
@@ -323,7 +309,7 @@ getgrnam(const char *name)
|
||||
}
|
||||
|
||||
struct group *
|
||||
getgrgid(gid_t gid)
|
||||
testsudoers_getgrgid(gid_t gid)
|
||||
{
|
||||
struct group *gr;
|
||||
|
||||
@@ -337,7 +323,7 @@ getgrgid(gid_t gid)
|
||||
} else {
|
||||
rewind(grf);
|
||||
}
|
||||
while ((gr = getgrent()) != NULL) {
|
||||
while ((gr = testsudoers_getgrent()) != NULL) {
|
||||
if (gr->gr_gid == gid)
|
||||
break;
|
||||
}
|
||||
@@ -352,7 +338,7 @@ getgrgid(gid_t gid)
|
||||
* Copied from getgrouplist.c
|
||||
*/
|
||||
int
|
||||
sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
||||
testsudoers_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
||||
GETGROUPS_T **groupsp, int *ngroupsp)
|
||||
{
|
||||
GETGROUPS_T *groups = *groupsp;
|
||||
@@ -378,8 +364,8 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
||||
/* We support BSD semantics where the first element is the base gid */
|
||||
groups[0] = basegid;
|
||||
|
||||
setgrent();
|
||||
while ((grp = getgrent()) != NULL) {
|
||||
testsudoers_setgrent();
|
||||
while ((grp = testsudoers_getgrent()) != NULL) {
|
||||
if (grp->gr_gid == basegid || grp->gr_mem == NULL)
|
||||
continue;
|
||||
|
||||
@@ -419,7 +405,7 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
||||
ret = 0;
|
||||
|
||||
done:
|
||||
endgrent();
|
||||
testsudoers_endgrent();
|
||||
*groupsp = groups;
|
||||
*ngroupsp = ngroups;
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
* SPDX-License-Identifier: ISC
|
||||
*
|
||||
* Copyright (c) 2010 Todd C. Miller <Todd.Miller@sudo.ws>
|
||||
* Copyright (c) 2010, 2021 Todd C. Miller <Todd.Miller@sudo.ws>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@@ -24,51 +24,19 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
/*
|
||||
* Define away the system prototypes so we don't have any conflicts.
|
||||
*/
|
||||
|
||||
#define setgrfile sys_setgrfile
|
||||
#define setgrent sys_setgrent
|
||||
#define endgrent sys_endgrent
|
||||
#define getgrent sys_getgrent
|
||||
#define getgrnam sys_getgrnam
|
||||
#define getgrgid sys_getgrgid
|
||||
|
||||
#define setpwfile sys_setpwfile
|
||||
#define setpwent sys_setpwent
|
||||
#define endpwent sys_endpwent
|
||||
#define getpwent sys_getpwent
|
||||
#define getpwnam sys_getpwnam
|
||||
#define getpwuid sys_getpwuid
|
||||
|
||||
#include <pwd.h>
|
||||
#include <grp.h>
|
||||
|
||||
#undef setgrfile
|
||||
#undef setgrent
|
||||
#undef endgrent
|
||||
#undef getgrent
|
||||
#undef getgrnam
|
||||
#undef getgrgid
|
||||
void testsudoers_setgrfile(const char *);
|
||||
void testsudoers_setgrent(void);
|
||||
void testsudoers_endgrent(void);
|
||||
struct group *testsudoers_getgrent(void);
|
||||
struct group *testsudoers_getgrnam(const char *);
|
||||
struct group *testsudoers_getgrgid(gid_t);
|
||||
|
||||
void setgrfile(const char *);
|
||||
void setgrent(void);
|
||||
void endgrent(void);
|
||||
struct group *getgrent(void);
|
||||
struct group *getgrnam(const char *);
|
||||
struct group *getgrgid(gid_t);
|
||||
|
||||
#undef setpwfile
|
||||
#undef setpwent
|
||||
#undef endpwent
|
||||
#undef getpwent
|
||||
#undef getpwnam
|
||||
#undef getpwuid
|
||||
|
||||
void setpwfile(const char *);
|
||||
void setpwent(void);
|
||||
void endpwent(void);
|
||||
struct passwd *getpwent(void);
|
||||
struct passwd *getpwnam(const char *);
|
||||
struct passwd *getpwuid(uid_t);
|
||||
void testsudoers_setpwfile(const char *);
|
||||
void testsudoers_setpwent(void);
|
||||
void testsudoers_endpwent(void);
|
||||
struct passwd *testsudoers_getpwent(void);
|
||||
struct passwd *testsudoers_getpwnam(const char *);
|
||||
struct passwd *testsudoers_getpwuid(uid_t);
|
||||
|
||||
Reference in New Issue
Block a user