If the user specified a uid with the -u flag and the uid exists in

the passwd file, set runas_user to the name, not the uid. When comparing usernames in sudoers, if a name is really a uid (starts with '#') compare it numerically to pw_uid.
2004-03-24 23:06:34 +00:00
parent 631cbc2857
commit 6190f376c1
6 changed files with 65 additions and 16 deletions
--- a/parse.c
+++ b/parse.c
@@ -438,16 +438,35 @@ hostname_matches(shost, lhost, pattern)
 }

 /*
- *  Returns TRUE if the given user belongs to the named group,
+ *  Returns TRUE if the user/uid from sudoers matches the specified user/uid,
 *  else returns FALSE.
 */
 int
-usergr_matches(group, user)
+userpw_matches(sudoers_user, user, pw)
+    char *sudoers_user;
+    char *user;
+    struct passwd *pw;
+{
+    if (pw != NULL && *sudoers_user == '#') {
+	uid_t uid = atoi(sudoers_user + 1);
+	if (uid == pw->pw_uid)
+	    return(1);
+    }
+    return(strcmp(sudoers_user, user) == 0);
+}
+
+/*
+ *  Returns TRUE if the given user belongs to the named group,
+ *  else returns FALSE.
+ *  XXX - reduce the number of passwd/group lookups
+ */
+int
+usergr_matches(group, user, pw)
    char *group;
    char *user;
+    struct passwd *pw;
 {
    struct group *grp;
-    struct passwd *pw;
    gid_t pw_gid;
    char **cur;

@@ -455,8 +474,8 @@ usergr_matches(group, user)
    if (*group++ != '%')
 	return(FALSE);

-    /* look up user's primary gid in the passwd file (XXX - reduce lookups) */
-    if ((pw = getpwnam(user)) == NULL)
+    /* look up user's primary gid in the passwd file */
+    if (pw == NULL && (pw = getpwnam(user)) == NULL)
 	return(FALSE);
    pw_gid = pw->pw_gid;