Add some debugging to sudo_getgrouplist2().
This commit is contained in:
Todd C. Miller
@@ -41,6 +41,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "sudo_compat.h"
|
#include "sudo_compat.h"
|
||||||
|
#include "sudo_debug.h"
|
||||||
#include "sudo_util.h"
|
#include "sudo_util.h"
|
||||||
|
|
||||||
#ifndef HAVE_GETGROUPLIST
|
#ifndef HAVE_GETGROUPLIST
|
||||||
@@ -70,16 +71,17 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
#ifndef HAVE_GETGROUPLIST_2
|
#ifndef HAVE_GETGROUPLIST_2
|
||||||
int grpsize, tries;
|
int grpsize, tries;
|
||||||
#endif
|
#endif
|
||||||
|
debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL);
|
||||||
|
|
||||||
/* For static group vector, just use getgrouplist(3). */
|
/* For static group vector, just use getgrouplist(3). */
|
||||||
if (groups != NULL)
|
if (groups != NULL)
|
||||||
return getgrouplist(name, basegid, groups, ngroupsp);
|
debug_return_int(getgrouplist(name, basegid, groups, ngroupsp));
|
||||||
|
|
||||||
#ifdef HAVE_GETGROUPLIST_2
|
#ifdef HAVE_GETGROUPLIST_2
|
||||||
if ((ngroups = getgrouplist_2(name, basegid, groupsp)) == -1)
|
if ((ngroups = getgrouplist_2(name, basegid, groupsp)) == -1)
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
*ngroupsp = ngroups;
|
*ngroupsp = ngroups;
|
||||||
return 0;
|
debug_return_int(0);
|
||||||
#else
|
#else
|
||||||
grpsize = (int)sysconf(_SC_NGROUPS_MAX);
|
grpsize = (int)sysconf(_SC_NGROUPS_MAX);
|
||||||
if (grpsize < 0)
|
if (grpsize < 0)
|
||||||
@@ -93,12 +95,12 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
free(groups);
|
free(groups);
|
||||||
groups = reallocarray(NULL, grpsize, sizeof(*groups));
|
groups = reallocarray(NULL, grpsize, sizeof(*groups));
|
||||||
if (groups == NULL)
|
if (groups == NULL)
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
ngroups = grpsize;
|
ngroups = grpsize;
|
||||||
if (getgrouplist(name, basegid, groups, &ngroups) != -1) {
|
if (getgrouplist(name, basegid, groups, &ngroups) != -1) {
|
||||||
*groupsp = groups;
|
*groupsp = groups;
|
||||||
*ngroupsp = ngroups;
|
*ngroupsp = ngroups;
|
||||||
return 0;
|
debug_return_int(0);
|
||||||
}
|
}
|
||||||
if (ngroups == grpsize) {
|
if (ngroups == grpsize) {
|
||||||
/* Failed for some reason other than ngroups too small. */
|
/* Failed for some reason other than ngroups too small. */
|
||||||
@@ -108,7 +110,7 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
grpsize = ngroups;
|
grpsize = ngroups;
|
||||||
}
|
}
|
||||||
free(groups);
|
free(groups);
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
#endif /* HAVE_GETGROUPLIST_2 */
|
#endif /* HAVE_GETGROUPLIST_2 */
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -128,6 +130,7 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
int grpsize = *ngroupsp;
|
int grpsize = *ngroupsp;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
|
debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL);
|
||||||
|
|
||||||
#ifdef HAVE_SETAUTHDB
|
#ifdef HAVE_SETAUTHDB
|
||||||
aix_setauthdb((char *) name, NULL);
|
aix_setauthdb((char *) name, NULL);
|
||||||
@@ -147,11 +150,11 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
}
|
}
|
||||||
groups = reallocarray(NULL, grpsize, sizeof(*groups));
|
groups = reallocarray(NULL, grpsize, sizeof(*groups));
|
||||||
if (groups == NULL)
|
if (groups == NULL)
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
} else {
|
} else {
|
||||||
/* Static group vector. */
|
/* Static group vector. */
|
||||||
if (grpsize < 1)
|
if (grpsize < 1)
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We support BSD semantics where the first element is the base gid */
|
/* We support BSD semantics where the first element is the base gid */
|
||||||
@@ -175,7 +178,7 @@ done:
|
|||||||
*groupsp = groups;
|
*groupsp = groups;
|
||||||
*ngroupsp = ngroups;
|
*ngroupsp = ngroups;
|
||||||
|
|
||||||
return ret;
|
debug_return_int(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
#elif defined(HAVE_NSS_SEARCH)
|
#elif defined(HAVE_NSS_SEARCH)
|
||||||
@@ -211,11 +214,12 @@ str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen)
|
|||||||
const char *errstr;
|
const char *errstr;
|
||||||
int yp = 0;
|
int yp = 0;
|
||||||
id_t id;
|
id_t id;
|
||||||
|
debug_decl(str2grp, SUDO_DEBUG_UTIL);
|
||||||
|
|
||||||
/* Must at least have space to copy instr -> buf. */
|
/* Must at least have space to copy instr -> buf. */
|
||||||
if (inlen >= buflen)
|
if (inlen >= buflen)
|
||||||
return NSS_STR_PARSE_ERANGE;
|
debug_return_int(NSS_STR_PARSE_ERANGE);
|
||||||
|
|
||||||
/* Paranoia: buf and instr should be distinct. */
|
/* Paranoia: buf and instr should be distinct. */
|
||||||
if (buf != instr) {
|
if (buf != instr) {
|
||||||
memmove(buf, instr, inlen);
|
memmove(buf, instr, inlen);
|
||||||
@@ -223,7 +227,7 @@ str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
|
if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
|
||||||
return NSS_STR_PARSE_PARSE;
|
debug_return_int(NSS_STR_PARSE_PARSE);
|
||||||
*fieldsep++ = '\0';
|
*fieldsep++ = '\0';
|
||||||
grp->gr_name = cp;
|
grp->gr_name = cp;
|
||||||
|
|
||||||
@@ -237,12 +241,12 @@ str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
|
if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
|
||||||
return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE;
|
debug_return_int(yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE);
|
||||||
*fieldsep++ = '\0';
|
*fieldsep++ = '\0';
|
||||||
grp->gr_passwd = cp;
|
grp->gr_passwd = cp;
|
||||||
|
|
||||||
if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
|
if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
|
||||||
return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE;
|
debug_return_int(yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE);
|
||||||
*fieldsep++ = '\0';
|
*fieldsep++ = '\0';
|
||||||
id = sudo_strtoid(cp, &errstr);
|
id = sudo_strtoid(cp, &errstr);
|
||||||
if (errstr != NULL) {
|
if (errstr != NULL) {
|
||||||
@@ -251,8 +255,8 @@ str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen)
|
|||||||
* at the end of YP entries since it has no meaning.
|
* at the end of YP entries since it has no meaning.
|
||||||
*/
|
*/
|
||||||
if (errno == ERANGE)
|
if (errno == ERANGE)
|
||||||
return NSS_STR_PARSE_ERANGE;
|
debug_return_int(NSS_STR_PARSE_ERANGE);
|
||||||
return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE;
|
debug_return_int(yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE);
|
||||||
}
|
}
|
||||||
#ifdef GID_NOBODY
|
#ifdef GID_NOBODY
|
||||||
/* Negative gids get mapped to nobody on Solaris. */
|
/* Negative gids get mapped to nobody on Solaris. */
|
||||||
@@ -269,7 +273,7 @@ str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen)
|
|||||||
gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES);
|
gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES);
|
||||||
for (;;) {
|
for (;;) {
|
||||||
if (gr_mem == gr_end)
|
if (gr_mem == gr_end)
|
||||||
return NSS_STR_PARSE_ERANGE; /* out of space! */
|
debug_return_int(NSS_STR_PARSE_ERANGE); /* out of space! */
|
||||||
*gr_mem++ = cp;
|
*gr_mem++ = cp;
|
||||||
if (fieldsep == NULL)
|
if (fieldsep == NULL)
|
||||||
break;
|
break;
|
||||||
@@ -278,7 +282,7 @@ str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen)
|
|||||||
}
|
}
|
||||||
*gr_mem = NULL;
|
*gr_mem = NULL;
|
||||||
}
|
}
|
||||||
return NSS_STR_PARSE_SUCCESS;
|
debug_return_int(NSS_STR_PARSE_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
static nss_status_t
|
static nss_status_t
|
||||||
@@ -291,6 +295,10 @@ process_cstr(const char *instr, int inlen, struct nss_groupsbymem *gbm,
|
|||||||
struct group *grp;
|
struct group *grp;
|
||||||
char **gr_mem;
|
char **gr_mem;
|
||||||
int error, i;
|
int error, i;
|
||||||
|
debug_decl(process_cstr, SUDO_DEBUG_UTIL);
|
||||||
|
|
||||||
|
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: parsing %.*s", __func__,
|
||||||
|
inlen, instr);
|
||||||
|
|
||||||
/* Hack to let us check whether the query was handled by nscd or us. */
|
/* Hack to let us check whether the query was handled by nscd or us. */
|
||||||
if (gbm->force_slow_way != 0)
|
if (gbm->force_slow_way != 0)
|
||||||
@@ -298,7 +306,7 @@ process_cstr(const char *instr, int inlen, struct nss_groupsbymem *gbm,
|
|||||||
|
|
||||||
buf = _nss_XbyY_buf_alloc(sizeof(struct group), NSS_BUFLEN_GROUP);
|
buf = _nss_XbyY_buf_alloc(sizeof(struct group), NSS_BUFLEN_GROUP);
|
||||||
if (buf == NULL)
|
if (buf == NULL)
|
||||||
return NSS_UNAVAIL;
|
debug_return_int(NSS_UNAVAIL);
|
||||||
|
|
||||||
/* Parse groups file string -> struct group. */
|
/* Parse groups file string -> struct group. */
|
||||||
grp = buf->result;
|
grp = buf->result;
|
||||||
@@ -334,7 +342,7 @@ process_cstr(const char *instr, int inlen, struct nss_groupsbymem *gbm,
|
|||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
_nss_XbyY_buf_free(buf);
|
_nss_XbyY_buf_free(buf);
|
||||||
return ret;
|
debug_return_int(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
static nss_status_t
|
static nss_status_t
|
||||||
@@ -358,6 +366,7 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
{
|
{
|
||||||
struct nss_groupsbymem gbm;
|
struct nss_groupsbymem gbm;
|
||||||
static DEFINE_NSS_DB_ROOT(db_root);
|
static DEFINE_NSS_DB_ROOT(db_root);
|
||||||
|
debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL);
|
||||||
|
|
||||||
memset(&gbm, 0, sizeof(gbm));
|
memset(&gbm, 0, sizeof(gbm));
|
||||||
gbm.username = name;
|
gbm.username = name;
|
||||||
@@ -374,13 +383,13 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
gbm.maxgids = NGROUPS_MAX;
|
gbm.maxgids = NGROUPS_MAX;
|
||||||
gbm.gid_array = reallocarray(NULL, gbm.maxgids, 4 * sizeof(GETGROUPS_T));
|
gbm.gid_array = reallocarray(NULL, gbm.maxgids, 4 * sizeof(GETGROUPS_T));
|
||||||
if (gbm.gid_array == NULL)
|
if (gbm.gid_array == NULL)
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
gbm.maxgids <<= 2;
|
gbm.maxgids <<= 2;
|
||||||
gbm.process_cstr = process_cstr_dynamic;
|
gbm.process_cstr = process_cstr_dynamic;
|
||||||
} else {
|
} else {
|
||||||
/* Static group vector. */
|
/* Static group vector. */
|
||||||
if (gbm.maxgids <= 0)
|
if (gbm.maxgids <= 0)
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
gbm.process_cstr = process_cstr_static;
|
gbm.process_cstr = process_cstr_static;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -414,7 +423,7 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
tmp = reallocarray(gbm.gid_array, gbm.maxgids, 2 * sizeof(GETGROUPS_T));
|
tmp = reallocarray(gbm.gid_array, gbm.maxgids, 2 * sizeof(GETGROUPS_T));
|
||||||
if (tmp == NULL) {
|
if (tmp == NULL) {
|
||||||
free(gbm.gid_array);
|
free(gbm.gid_array);
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
}
|
}
|
||||||
gbm.gid_array = tmp;
|
gbm.gid_array = tmp;
|
||||||
gbm.maxgids <<= 1;
|
gbm.maxgids <<= 1;
|
||||||
@@ -424,10 +433,10 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
*groupsp = gbm.gid_array;
|
*groupsp = gbm.gid_array;
|
||||||
if (gbm.numgids <= gbm.maxgids) {
|
if (gbm.numgids <= gbm.maxgids) {
|
||||||
*ngroupsp = gbm.numgids;
|
*ngroupsp = gbm.numgids;
|
||||||
return 0;
|
debug_return_int(0);
|
||||||
}
|
}
|
||||||
*ngroupsp = gbm.maxgids;
|
*ngroupsp = gbm.maxgids;
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
#else /* !HAVE_GETGROUPLIST && !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */
|
#else /* !HAVE_GETGROUPLIST && !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */
|
||||||
@@ -444,6 +453,7 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
int i, ngroups = 1;
|
int i, ngroups = 1;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
struct group *grp;
|
struct group *grp;
|
||||||
|
debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL);
|
||||||
|
|
||||||
if (groups == NULL) {
|
if (groups == NULL) {
|
||||||
/* Dynamically-sized group vector. */
|
/* Dynamically-sized group vector. */
|
||||||
@@ -452,12 +462,12 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
|
|||||||
grpsize = NGROUPS_MAX;
|
grpsize = NGROUPS_MAX;
|
||||||
groups = reallocarray(NULL, grpsize, 4 * sizeof(*groups));
|
groups = reallocarray(NULL, grpsize, 4 * sizeof(*groups));
|
||||||
if (groups == NULL)
|
if (groups == NULL)
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
grpsize <<= 2;
|
grpsize <<= 2;
|
||||||
} else {
|
} else {
|
||||||
/* Static group vector. */
|
/* Static group vector. */
|
||||||
if (grpsize < 1)
|
if (grpsize < 1)
|
||||||
return -1;
|
debug_return_int(-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We support BSD semantics where the first element is the base gid */
|
/* We support BSD semantics where the first element is the base gid */
|
||||||
@@ -508,6 +518,6 @@ done:
|
|||||||
*groupsp = groups;
|
*groupsp = groups;
|
||||||
*ngroupsp = ngroups;
|
*ngroupsp = ngroups;
|
||||||
|
|
||||||
return ret;
|
debug_return_int(ret);
|
||||||
}
|
}
|
||||||
#endif /* !HAVE_GETGROUPLIST && !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */
|
#endif /* !HAVE_GETGROUPLIST && !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */
|
||||||
|
|||||||
Reference in New Issue
Block a user