diff --git a/MANIFEST b/MANIFEST index 2d3c0bc43..b8d70130a 100644 --- a/MANIFEST +++ b/MANIFEST @@ -991,6 +991,7 @@ plugins/sudoers/sudoers_hooks.c plugins/sudoers/sudoers_version.h plugins/sudoers/sudoreplay.c plugins/sudoers/testsudoers.c +plugins/sudoers/testsudoers_pwutil.c plugins/sudoers/timeout.c plugins/sudoers/timestamp.c plugins/sudoers/timestr.c diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 2fcb7ed1d..eaeb12362 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -206,7 +206,7 @@ REPLAY_IOBJS = $(REPLAY_OBJS:.o=.i) TEST_OBJS = fmtsudoers.lo fmtsudoers_cvt.lo group_plugin.lo interfaces.lo \ ldap_util.lo locale.lo net_ifs.o parse_ldif.o sudo_printf.o \ - testsudoers.o tsgetgrpw.o + testsudoers.o testsudoers_pwutil.o tsgetgrpw.o IOBJS = $(LIBPARSESUDOERS_IOBJS) $(SUDOERS_IOBJS) $(VISUDO_IOBJS) \ $(CVTSUDOERS_IOBJS) $(REPLAY_IOBJS) @@ -2944,6 +2944,34 @@ testsudoers.i: $(srcdir)/testsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(CC) -E -o $@ $(CPPFLAGS) $< testsudoers.plog: testsudoers.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/testsudoers.c --i-file $< --output-file $@ +testsudoers_pwutil.o: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/pwutil.h \ + $(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/testsudoers_pwutil.c +testsudoers_pwutil.i: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/pwutil.h \ + $(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +testsudoers_pwutil.plog: testsudoers_pwutil.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/testsudoers_pwutil.c --i-file $< --output-file $@ timeout.lo: $(srcdir)/timeout.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_queue.h $(srcdir)/parse.h $(srcdir)/sudoers_debug.h \ diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index a5342edb8..4b0a87f80 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -68,19 +68,11 @@ static bool cb_runas_default(const union sudo_defs_val *); static int testsudoers_error(const char *msg); static int testsudoers_output(const char *buf); -/* tsgetgrpw.c */ -extern void setgrfile(const char *); -extern void setgrent(void); -extern void endgrent(void); -extern struct group *getgrent(void); -extern struct group *getgrnam(const char *); -extern struct group *getgrgid(gid_t); -extern void setpwfile(const char *); -extern void setpwent(void); -extern void endpwent(void); -extern struct passwd *getpwent(void); -extern struct passwd *getpwnam(const char *); -extern struct passwd *getpwuid(uid_t); +/* testsudoers_pwutil.c */ +extern struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group); +extern struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups); +extern struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, char * const *gids, unsigned int type); +extern struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user); /* gram.y */ extern int (*trace_print)(const char *msg); @@ -194,11 +186,18 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; - /* Set group/passwd file and init the cache. */ - if (grfile) - setgrfile(grfile); - if (pwfile) - setpwfile(pwfile); + if (grfile != NULL || pwfile != NULL) { + /* Set group/passwd file and init the cache. */ + if (grfile) + testsudoers_setgrfile(grfile); + if (pwfile) + testsudoers_setpwfile(pwfile); + + /* Use custom passwd/group backend. */ + sudo_pwutil_set_backend(testsudoers_make_pwitem, + testsudoers_make_gritem, testsudoers_make_gidlist_item, + testsudoers_make_grlist_item); + } if (argc < 2) { if (!dflag) diff --git a/plugins/sudoers/testsudoers_pwutil.c b/plugins/sudoers/testsudoers_pwutil.c new file mode 100644 index 000000000..759b23f22 --- /dev/null +++ b/plugins/sudoers/testsudoers_pwutil.c @@ -0,0 +1,14 @@ +/* Use custom passwd/group functions with the normal pwutil_impl.c */ +#define sudo_make_pwitem testsudoers_make_pwitem +#define sudo_make_gritem testsudoers_make_gritem +#define sudo_make_gidlist_item testsudoers_make_gidlist_item +#define sudo_make_grlist_item testsudoers_make_grlist_item + +#define getpwnam testsudoers_getpwnam +#define getpwuid testsudoers_getpwuid +#define getgrnam testsudoers_getgrnam +#define getgrgid testsudoers_getgrgid +#define sudo_getgrouplist2_v1 testsudoers_getgrouplist2_v1 + +#include "tsgetgrpw.h" +#include "pwutil_impl.c" diff --git a/plugins/sudoers/tsgetgrpw.c b/plugins/sudoers/tsgetgrpw.c index 2b6d3cbf0..27439e97b 100644 --- a/plugins/sudoers/tsgetgrpw.c +++ b/plugins/sudoers/tsgetgrpw.c @@ -59,30 +59,16 @@ static FILE *grf; static const char *grfile = "/etc/group"; static int gr_stayopen; -void setgrfile(const char *); -void setgrent(void); -void endgrent(void); -struct group *getgrent(void); -struct group *getgrnam(const char *); -struct group *getgrgid(gid_t); - -void setpwfile(const char *); -void setpwent(void); -void endpwent(void); -struct passwd *getpwent(void); -struct passwd *getpwnam(const char *); -struct passwd *getpwuid(uid_t); - void -setpwfile(const char *file) +testsudoers_setpwfile(const char *file) { pwfile = file; if (pwf != NULL) - endpwent(); + testsudoers_endpwent(); } void -setpwent(void) +testsudoers_setpwent(void) { if (pwf == NULL) { pwf = fopen(pwfile, "r"); @@ -99,7 +85,7 @@ setpwent(void) } void -endpwent(void) +testsudoers_endpwent(void) { if (pwf != NULL) { fclose(pwf); @@ -109,7 +95,7 @@ endpwent(void) } struct passwd * -getpwent(void) +testsudoers_getpwent(void) { static struct passwd pw; static char pwbuf[LINE_MAX]; @@ -161,7 +147,7 @@ next_entry: } struct passwd * -getpwnam(const char *name) +testsudoers_getpwnam(const char *name) { struct passwd *pw; @@ -175,7 +161,7 @@ getpwnam(const char *name) } else { rewind(pwf); } - while ((pw = getpwent()) != NULL) { + while ((pw = testsudoers_getpwent()) != NULL) { if (strcmp(pw->pw_name, name) == 0) break; } @@ -187,7 +173,7 @@ getpwnam(const char *name) } struct passwd * -getpwuid(uid_t uid) +testsudoers_getpwuid(uid_t uid) { struct passwd *pw; @@ -201,7 +187,7 @@ getpwuid(uid_t uid) } else { rewind(pwf); } - while ((pw = getpwent()) != NULL) { + while ((pw = testsudoers_getpwent()) != NULL) { if (pw->pw_uid == uid) break; } @@ -213,7 +199,7 @@ getpwuid(uid_t uid) } void -setgrfile(const char *file) +testsudoers_setgrfile(const char *file) { grfile = file; if (grf != NULL) @@ -221,7 +207,7 @@ setgrfile(const char *file) } void -setgrent(void) +testsudoers_setgrent(void) { if (grf == NULL) { grf = fopen(grfile, "r"); @@ -238,7 +224,7 @@ setgrent(void) } void -endgrent(void) +testsudoers_endgrent(void) { if (grf != NULL) { fclose(grf); @@ -248,7 +234,7 @@ endgrent(void) } struct group * -getgrent(void) +testsudoers_getgrent(void) { static struct group gr; static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1]; @@ -297,7 +283,7 @@ next_entry: } struct group * -getgrnam(const char *name) +testsudoers_getgrnam(const char *name) { struct group *gr; @@ -311,7 +297,7 @@ getgrnam(const char *name) } else { rewind(grf); } - while ((gr = getgrent()) != NULL) { + while ((gr = testsudoers_getgrent()) != NULL) { if (strcmp(gr->gr_name, name) == 0) break; } @@ -323,7 +309,7 @@ getgrnam(const char *name) } struct group * -getgrgid(gid_t gid) +testsudoers_getgrgid(gid_t gid) { struct group *gr; @@ -337,7 +323,7 @@ getgrgid(gid_t gid) } else { rewind(grf); } - while ((gr = getgrent()) != NULL) { + while ((gr = testsudoers_getgrent()) != NULL) { if (gr->gr_gid == gid) break; } @@ -352,7 +338,7 @@ getgrgid(gid_t gid) * Copied from getgrouplist.c */ int -sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid, +testsudoers_getgrouplist2_v1(const char *name, GETGROUPS_T basegid, GETGROUPS_T **groupsp, int *ngroupsp) { GETGROUPS_T *groups = *groupsp; @@ -378,8 +364,8 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid, /* We support BSD semantics where the first element is the base gid */ groups[0] = basegid; - setgrent(); - while ((grp = getgrent()) != NULL) { + testsudoers_setgrent(); + while ((grp = testsudoers_getgrent()) != NULL) { if (grp->gr_gid == basegid || grp->gr_mem == NULL) continue; @@ -419,7 +405,7 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid, ret = 0; done: - endgrent(); + testsudoers_endgrent(); *groupsp = groups; *ngroupsp = ngroups; diff --git a/plugins/sudoers/tsgetgrpw.h b/plugins/sudoers/tsgetgrpw.h index a2d6e1042..a893cbac3 100644 --- a/plugins/sudoers/tsgetgrpw.h +++ b/plugins/sudoers/tsgetgrpw.h @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010, 2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -24,51 +24,19 @@ #include -/* - * Define away the system prototypes so we don't have any conflicts. - */ - -#define setgrfile sys_setgrfile -#define setgrent sys_setgrent -#define endgrent sys_endgrent -#define getgrent sys_getgrent -#define getgrnam sys_getgrnam -#define getgrgid sys_getgrgid - -#define setpwfile sys_setpwfile -#define setpwent sys_setpwent -#define endpwent sys_endpwent -#define getpwent sys_getpwent -#define getpwnam sys_getpwnam -#define getpwuid sys_getpwuid - #include #include -#undef setgrfile -#undef setgrent -#undef endgrent -#undef getgrent -#undef getgrnam -#undef getgrgid +void testsudoers_setgrfile(const char *); +void testsudoers_setgrent(void); +void testsudoers_endgrent(void); +struct group *testsudoers_getgrent(void); +struct group *testsudoers_getgrnam(const char *); +struct group *testsudoers_getgrgid(gid_t); -void setgrfile(const char *); -void setgrent(void); -void endgrent(void); -struct group *getgrent(void); -struct group *getgrnam(const char *); -struct group *getgrgid(gid_t); - -#undef setpwfile -#undef setpwent -#undef endpwent -#undef getpwent -#undef getpwnam -#undef getpwuid - -void setpwfile(const char *); -void setpwent(void); -void endpwent(void); -struct passwd *getpwent(void); -struct passwd *getpwnam(const char *); -struct passwd *getpwuid(uid_t); +void testsudoers_setpwfile(const char *); +void testsudoers_setpwent(void); +void testsudoers_endpwent(void); +struct passwd *testsudoers_getpwent(void); +struct passwd *testsudoers_getpwnam(const char *); +struct passwd *testsudoers_getpwuid(uid_t);