isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Do not redefine system group and passwd functions for testsudoers.

Browse Source 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
This commit is contained in:
Todd C. Miller
2021-03-18 11:39:54 -06:00
parent 4c182c90f1
commit 3e5cf7baa3
6 changed files with 95 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
MANIFEST
View File

@@ -991,6 +991,7 @@ plugins/sudoers/sudoers_hooks.c
plugins/sudoers/sudoers_version.h plugins/sudoers/sudoers_version.h
plugins/sudoers/sudoreplay.c plugins/sudoers/sudoreplay.c
plugins/sudoers/testsudoers.c plugins/sudoers/testsudoers.c
plugins/sudoers/testsudoers_pwutil.c
plugins/sudoers/timeout.c plugins/sudoers/timeout.c
plugins/sudoers/timestamp.c plugins/sudoers/timestamp.c
plugins/sudoers/timestr.c plugins/sudoers/timestr.c

30
plugins/sudoers/Makefile.in
View File

@@ -206,7 +206,7 @@ REPLAY_IOBJS = $(REPLAY_OBJS:.o=.i)
TEST_OBJS = fmtsudoers.lo fmtsudoers_cvt.lo group_plugin.lo interfaces.lo \ TEST_OBJS = fmtsudoers.lo fmtsudoers_cvt.lo group_plugin.lo interfaces.lo \
ldap_util.lo locale.lo net_ifs.o parse_ldif.o sudo_printf.o \ ldap_util.lo locale.lo net_ifs.o parse_ldif.o sudo_printf.o \
testsudoers.o tsgetgrpw.o testsudoers.o testsudoers_pwutil.o tsgetgrpw.o
IOBJS = $(LIBPARSESUDOERS_IOBJS) $(SUDOERS_IOBJS) $(VISUDO_IOBJS) \ IOBJS = $(LIBPARSESUDOERS_IOBJS) $(SUDOERS_IOBJS) $(VISUDO_IOBJS) \
$(CVTSUDOERS_IOBJS) $(REPLAY_IOBJS) $(CVTSUDOERS_IOBJS) $(REPLAY_IOBJS)
@@ -2944,6 +2944,34 @@ testsudoers.i: $(srcdir)/testsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
testsudoers.plog: testsudoers.i testsudoers.plog: testsudoers.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/testsudoers.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/testsudoers.c --i-file $< --output-file $@
testsudoers_pwutil.o: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/parse.h $(srcdir)/pwutil.h \
$(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/testsudoers_pwutil.c
testsudoers_pwutil.i: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h \
$(srcdir)/parse.h $(srcdir)/pwutil.h \
$(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
testsudoers_pwutil.plog: testsudoers_pwutil.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/testsudoers_pwutil.c --i-file $< --output-file $@
timeout.lo: $(srcdir)/timeout.c $(incdir)/compat/stdbool.h \ timeout.lo: $(srcdir)/timeout.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_queue.h $(srcdir)/parse.h $(srcdir)/sudoers_debug.h \ $(incdir)/sudo_queue.h $(srcdir)/parse.h $(srcdir)/sudoers_debug.h \

29
plugins/sudoers/testsudoers.c
View File

@@ -68,19 +68,11 @@ static bool cb_runas_default(const union sudo_defs_val *);
static int testsudoers_error(const char *msg); static int testsudoers_error(const char *msg);
static int testsudoers_output(const char *buf); static int testsudoers_output(const char *buf);
/* tsgetgrpw.c */ /* testsudoers_pwutil.c */
extern void setgrfile(const char *); extern struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group);
extern void setgrent(void); extern struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups);
extern void endgrent(void); extern struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, char * const *gids, unsigned int type);
extern struct group *getgrent(void); extern struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user);
extern struct group *getgrnam(const char *);
extern struct group *getgrgid(gid_t);
extern void setpwfile(const char *);
extern void setpwent(void);
extern void endpwent(void);
extern struct passwd *getpwent(void);
extern struct passwd *getpwnam(const char *);
extern struct passwd *getpwuid(uid_t);
/* gram.y */ /* gram.y */
extern int (*trace_print)(const char *msg); extern int (*trace_print)(const char *msg);
@@ -194,11 +186,18 @@ main(int argc, char *argv[])
argc -= optind; argc -= optind;
argv += optind; argv += optind;
if (grfile != NULL || pwfile != NULL) {
/* Set group/passwd file and init the cache. */ /* Set group/passwd file and init the cache. */
if (grfile) if (grfile)
setgrfile(grfile); testsudoers_setgrfile(grfile);
if (pwfile) if (pwfile)
setpwfile(pwfile); testsudoers_setpwfile(pwfile);
/* Use custom passwd/group backend. */
sudo_pwutil_set_backend(testsudoers_make_pwitem,
testsudoers_make_gritem, testsudoers_make_gidlist_item,
testsudoers_make_grlist_item);
}
if (argc < 2) { if (argc < 2) {
if (!dflag) if (!dflag)

14
plugins/sudoers/testsudoers_pwutil.c Normal file
View File

@@ -0,0 +1,14 @@
/* Use custom passwd/group functions with the normal pwutil_impl.c */
#define sudo_make_pwitem testsudoers_make_pwitem
#define sudo_make_gritem testsudoers_make_gritem
#define sudo_make_gidlist_item testsudoers_make_gidlist_item
#define sudo_make_grlist_item testsudoers_make_grlist_item
#define getpwnam testsudoers_getpwnam
#define getpwuid testsudoers_getpwuid
#define getgrnam testsudoers_getgrnam
#define getgrgid testsudoers_getgrgid
#define sudo_getgrouplist2_v1 testsudoers_getgrouplist2_v1
#include "tsgetgrpw.h"
#include "pwutil_impl.c"

56
plugins/sudoers/tsgetgrpw.c
View File

@@ -59,30 +59,16 @@ static FILE *grf;
static const char *grfile = "/etc/group"; static const char *grfile = "/etc/group";
static int gr_stayopen; static int gr_stayopen;
void setgrfile(const char *);
void setgrent(void);
void endgrent(void);
struct group *getgrent(void);
struct group *getgrnam(const char *);
struct group *getgrgid(gid_t);
void setpwfile(const char *);
void setpwent(void);
void endpwent(void);
struct passwd *getpwent(void);
struct passwd *getpwnam(const char *);
struct passwd *getpwuid(uid_t);
void void
setpwfile(const char *file) testsudoers_setpwfile(const char *file)
{ {
pwfile = file; pwfile = file;
if (pwf != NULL) if (pwf != NULL)
endpwent(); testsudoers_endpwent();
} }
void void
setpwent(void) testsudoers_setpwent(void)
{ {
if (pwf == NULL) { if (pwf == NULL) {
pwf = fopen(pwfile, "r"); pwf = fopen(pwfile, "r");
@@ -99,7 +85,7 @@ setpwent(void)
} }
void void
endpwent(void) testsudoers_endpwent(void)
{ {
if (pwf != NULL) { if (pwf != NULL) {
fclose(pwf); fclose(pwf);
@@ -109,7 +95,7 @@ endpwent(void)
} }
struct passwd * struct passwd *
getpwent(void) testsudoers_getpwent(void)
{ {
static struct passwd pw; static struct passwd pw;
static char pwbuf[LINE_MAX]; static char pwbuf[LINE_MAX];
@@ -161,7 +147,7 @@ next_entry:
} }
struct passwd * struct passwd *
getpwnam(const char *name) testsudoers_getpwnam(const char *name)
{ {
struct passwd *pw; struct passwd *pw;
@@ -175,7 +161,7 @@ getpwnam(const char *name)
} else { } else {
rewind(pwf); rewind(pwf);
} }
while ((pw = getpwent()) != NULL) { while ((pw = testsudoers_getpwent()) != NULL) {
if (strcmp(pw->pw_name, name) == 0) if (strcmp(pw->pw_name, name) == 0)
break; break;
} }
@@ -187,7 +173,7 @@ getpwnam(const char *name)
} }
struct passwd * struct passwd *
getpwuid(uid_t uid) testsudoers_getpwuid(uid_t uid)
{ {
struct passwd *pw; struct passwd *pw;
@@ -201,7 +187,7 @@ getpwuid(uid_t uid)
} else { } else {
rewind(pwf); rewind(pwf);
} }
while ((pw = getpwent()) != NULL) { while ((pw = testsudoers_getpwent()) != NULL) {
if (pw->pw_uid == uid) if (pw->pw_uid == uid)
break; break;
} }
@@ -213,7 +199,7 @@ getpwuid(uid_t uid)
} }
void void
setgrfile(const char *file) testsudoers_setgrfile(const char *file)
{ {
grfile = file; grfile = file;
if (grf != NULL) if (grf != NULL)
@@ -221,7 +207,7 @@ setgrfile(const char *file)
} }
void void
setgrent(void) testsudoers_setgrent(void)
{ {
if (grf == NULL) { if (grf == NULL) {
grf = fopen(grfile, "r"); grf = fopen(grfile, "r");
@@ -238,7 +224,7 @@ setgrent(void)
} }
void void
endgrent(void) testsudoers_endgrent(void)
{ {
if (grf != NULL) { if (grf != NULL) {
fclose(grf); fclose(grf);
@@ -248,7 +234,7 @@ endgrent(void)
} }
struct group * struct group *
getgrent(void) testsudoers_getgrent(void)
{ {
static struct group gr; static struct group gr;
static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1]; static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1];
@@ -297,7 +283,7 @@ next_entry:
} }
struct group * struct group *
getgrnam(const char *name) testsudoers_getgrnam(const char *name)
{ {
struct group *gr; struct group *gr;
@@ -311,7 +297,7 @@ getgrnam(const char *name)
} else { } else {
rewind(grf); rewind(grf);
} }
while ((gr = getgrent()) != NULL) { while ((gr = testsudoers_getgrent()) != NULL) {
if (strcmp(gr->gr_name, name) == 0) if (strcmp(gr->gr_name, name) == 0)
break; break;
} }
@@ -323,7 +309,7 @@ getgrnam(const char *name)
} }
struct group * struct group *
getgrgid(gid_t gid) testsudoers_getgrgid(gid_t gid)
{ {
struct group *gr; struct group *gr;
@@ -337,7 +323,7 @@ getgrgid(gid_t gid)
} else { } else {
rewind(grf); rewind(grf);
} }
while ((gr = getgrent()) != NULL) { while ((gr = testsudoers_getgrent()) != NULL) {
if (gr->gr_gid == gid) if (gr->gr_gid == gid)
break; break;
} }
@@ -352,7 +338,7 @@ getgrgid(gid_t gid)
* Copied from getgrouplist.c * Copied from getgrouplist.c
*/ */
int int
sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid, testsudoers_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
GETGROUPS_T **groupsp, int *ngroupsp) GETGROUPS_T **groupsp, int *ngroupsp)
{ {
GETGROUPS_T *groups = *groupsp; GETGROUPS_T *groups = *groupsp;
@@ -378,8 +364,8 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
/* We support BSD semantics where the first element is the base gid */ /* We support BSD semantics where the first element is the base gid */
groups[0] = basegid; groups[0] = basegid;
setgrent(); testsudoers_setgrent();
while ((grp = getgrent()) != NULL) { while ((grp = testsudoers_getgrent()) != NULL) {
if (grp->gr_gid == basegid || grp->gr_mem == NULL) if (grp->gr_gid == basegid || grp->gr_mem == NULL)
continue; continue;
@@ -419,7 +405,7 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
ret = 0; ret = 0;
done: done:
endgrent(); testsudoers_endgrent();
*groupsp = groups; *groupsp = groups;
*ngroupsp = ngroups; *ngroupsp = ngroups;

58
plugins/sudoers/tsgetgrpw.h
View File

@@ -1,7 +1,7 @@
/* /*
* SPDX-License-Identifier: ISC * SPDX-License-Identifier: ISC
* *
* Copyright (c) 2010 Todd C. Miller <Todd.Miller@sudo.ws> * Copyright (c) 2010, 2021 Todd C. Miller <Todd.Miller@sudo.ws>
* *
* Permission to use, copy, modify, and distribute this software for any * Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above * purpose with or without fee is hereby granted, provided that the above
@@ -24,51 +24,19 @@
#include <config.h> #include <config.h>
/*
* Define away the system prototypes so we don't have any conflicts.
*/
#define setgrfile sys_setgrfile
#define setgrent sys_setgrent
#define endgrent sys_endgrent
#define getgrent sys_getgrent
#define getgrnam sys_getgrnam
#define getgrgid sys_getgrgid
#define setpwfile sys_setpwfile
#define setpwent sys_setpwent
#define endpwent sys_endpwent
#define getpwent sys_getpwent
#define getpwnam sys_getpwnam
#define getpwuid sys_getpwuid
#include <pwd.h> #include <pwd.h>
#include <grp.h> #include <grp.h>
#undef setgrfile void testsudoers_setgrfile(const char *);
#undef setgrent void testsudoers_setgrent(void);
#undef endgrent void testsudoers_endgrent(void);
#undef getgrent struct group *testsudoers_getgrent(void);
#undef getgrnam struct group *testsudoers_getgrnam(const char *);
#undef getgrgid struct group *testsudoers_getgrgid(gid_t);
void setgrfile(const char *); void testsudoers_setpwfile(const char *);
void setgrent(void); void testsudoers_setpwent(void);
void endgrent(void); void testsudoers_endpwent(void);
struct group *getgrent(void); struct passwd *testsudoers_getpwent(void);
struct group *getgrnam(const char *); struct passwd *testsudoers_getpwnam(const char *);
struct group *getgrgid(gid_t); struct passwd *testsudoers_getpwuid(uid_t);
#undef setpwfile
#undef setpwent
#undef endpwent
#undef getpwent
#undef getpwnam
#undef getpwuid
void setpwfile(const char *);
void setpwent(void);
void endpwent(void);
struct passwd *getpwent(void);
struct passwd *getpwnam(const char *);
struct passwd *getpwuid(uid_t);