Move set_project() from sudoers module into sudo proper.
This commit is contained in:
Todd C. Miller
@@ -80,10 +80,6 @@
|
||||
# define LOGIN_DEFROOTCLASS "daemon"
|
||||
# endif
|
||||
#endif
|
||||
#ifdef HAVE_PROJECT_H
|
||||
# include <project.h>
|
||||
# include <sys/task.h>
|
||||
#endif
|
||||
#ifdef HAVE_SELINUX
|
||||
# include <selinux/selinux.h>
|
||||
#endif
|
||||
@@ -104,7 +100,6 @@
|
||||
static void init_vars(char * const *);
|
||||
static int set_cmnd(int);
|
||||
static void set_loginclass(struct passwd *);
|
||||
static void set_project(struct passwd *);
|
||||
static void set_runasgr(char *);
|
||||
static void set_runaspw(char *);
|
||||
static int sudoers_policy_version(int verbose);
|
||||
@@ -789,9 +784,6 @@ set_cmnd(int sudo_mode)
|
||||
int rval;
|
||||
char *path = user_path;
|
||||
|
||||
/* Set project if applicable. */
|
||||
set_project(runas_pw);
|
||||
|
||||
/* Resolve the path and return. */
|
||||
rval = FOUND;
|
||||
user_stat = emalloc(sizeof(struct stat));
|
||||
@@ -971,70 +963,6 @@ set_loginclass(struct passwd *pw)
|
||||
}
|
||||
#endif /* HAVE_LOGIN_CAP_H */
|
||||
|
||||
#ifdef HAVE_PROJECT_H
|
||||
static void
|
||||
set_project(struct passwd *pw)
|
||||
{
|
||||
int errflags = NO_MAIL|MSG_ONLY|NO_EXIT;
|
||||
int errval;
|
||||
struct project proj;
|
||||
struct project *resultp = '\0';
|
||||
char buf[1024];
|
||||
|
||||
/*
|
||||
* Collect the default project for the user and settaskid
|
||||
*/
|
||||
setprojent();
|
||||
if (resultp = getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf))) {
|
||||
errval = setproject(resultp->pj_name, pw->pw_name, TASK_NORMAL);
|
||||
if (errval != 0) {
|
||||
switch(errval) {
|
||||
case SETPROJ_ERR_TASK:
|
||||
if (errno == EAGAIN)
|
||||
log_error(errflags, "resource control limit has been reached");
|
||||
else if (errno == ESRCH)
|
||||
log_error(errflags, "user \"%s\" is not a member of "
|
||||
"project \"%s\"", pw->pw_name, resultp->pj_name);
|
||||
else if (errno == EACCES)
|
||||
log_error(errflags, "the invoking task is final");
|
||||
else
|
||||
log_error(errflags, "could not join project \"%s\"",
|
||||
resultp->pj_name);
|
||||
break;
|
||||
case SETPROJ_ERR_POOL:
|
||||
if (errno == EACCES)
|
||||
log_error(errflags, "no resource pool accepting "
|
||||
"default bindings exists for project \"%s\"",
|
||||
resultp->pj_name);
|
||||
else if (errno == ESRCH)
|
||||
log_error(errflags, "specified resource pool does "
|
||||
"not exist for project \"%s\"", resultp->pj_name);
|
||||
else
|
||||
log_error(errflags, "could not bind to default "
|
||||
"resource pool for project \"%s\"", resultp->pj_name);
|
||||
break;
|
||||
default:
|
||||
if (errval <= 0) {
|
||||
log_error(errflags, "setproject failed for project \"%s\"",
|
||||
resultp->pj_name);
|
||||
} else {
|
||||
log_error(errflags, "warning, resource control assignment "
|
||||
"failed for project \"%s\"", resultp->pj_name);
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log_error(errflags, "getdefaultproj() error: %s", strerror(errno));
|
||||
}
|
||||
endprojent();
|
||||
}
|
||||
#else
|
||||
static void
|
||||
set_project(struct passwd *pw)
|
||||
{
|
||||
}
|
||||
#endif /* HAVE_PROJECT_H */
|
||||
|
||||
/*
|
||||
* Look up the fully qualified domain name and set user_host and user_shost.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user