diff --git a/plugins/sudoers/check_util.c b/plugins/sudoers/check_util.c index cdb010f77..d98304490 100644 --- a/plugins/sudoers/check_util.c +++ b/plugins/sudoers/check_util.c @@ -57,28 +57,27 @@ check_user_shell(const struct passwd *pw) } /* - * Check whether runas_ctx.chroot matches def_runchroot. + * Check whether specified runchroot matches def_runchroot. * Returns true if matched, false if not matched and -1 on error. */ int -check_user_runchroot(void) +check_user_runchroot(const char *runchroot) { debug_decl(check_user_runchroot, SUDOERS_DEBUG_AUTH); - if (runas_ctx.chroot == NULL) + if (runchroot == NULL) debug_return_bool(true); sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "def_runchroot %s, runas_ctx.chroot %s", - def_runchroot ? def_runchroot : "none", - runas_ctx.chroot ? runas_ctx.chroot : "none"); + "def_runchroot %s, runchroot %s", + def_runchroot ? def_runchroot : "none", runchroot ? runchroot : "none"); /* User may only specify a root dir if runchroot is "*" */ if (def_runchroot == NULL || strcmp(def_runchroot, "*") != 0) debug_return_bool(false); free(def_runchroot); - if ((def_runchroot = strdup(runas_ctx.chroot)) == NULL) { + if ((def_runchroot = strdup(runchroot)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(-1); } @@ -86,28 +85,27 @@ check_user_runchroot(void) } /* - * Check whether runas_ctx.cwd matches def_runcwd. + * Check whether specified runcwd matches def_runcwd. * Returns true if matched, false if not matched and -1 on error. */ int -check_user_runcwd(void) +check_user_runcwd(const char *runcwd) { debug_decl(check_user_runcwd, SUDOERS_DEBUG_AUTH); - if (runas_ctx.cwd == NULL) + if (runcwd == NULL) debug_return_bool(true); sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "def_runcwd %s, runas_ctx.cwd %s", - def_runcwd ? def_runcwd : "none", - runas_ctx.cwd ? runas_ctx.cwd : "none"); + "def_runcwd %s, runcwd %s", def_runcwd ? def_runcwd : "none", + runcwd ? runcwd : "none"); /* User may only specify a cwd if runcwd is "*" */ if (def_runcwd == NULL || strcmp(def_runcwd, "*") != 0) debug_return_bool(false); free(def_runcwd); - if ((def_runcwd = strdup(runas_ctx.cwd)) == NULL) { + if ((def_runcwd = strdup(runcwd)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(-1); } diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.c b/plugins/sudoers/regress/fuzz/fuzz_policy.c index c203a3abc..7c46fbc12 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_policy.c +++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c @@ -713,14 +713,14 @@ check_user(unsigned int validated, unsigned int mode) /* STUB */ int -check_user_runchroot(void) +check_user_runchroot(const char *runchroot) { return true; } /* STUB */ int -check_user_runcwd(void) +check_user_runcwd(const char *runcwd) { return true; } diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index e07991b45..e37202132 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -488,7 +488,7 @@ sudoers_check_common(int pwflag) } /* Check whether runas_ctx.chroot is permitted (if specified). */ - switch (check_user_runchroot()) { + switch (check_user_runchroot(runas_ctx.chroot)) { case true: break; case false: @@ -503,7 +503,7 @@ sudoers_check_common(int pwflag) } /* Check whether runas_ctx.cwd is permitted (if specified). */ - switch (check_user_runcwd()) { + switch (check_user_runcwd(runas_ctx.cwd)) { case true: break; case false: diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 29533b5ba..7cc37fd70 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -264,8 +264,8 @@ bool user_is_exempt(void); /* check_util.c */ bool check_user_shell(const struct passwd *pw); -int check_user_runchroot(void); -int check_user_runcwd(void); +int check_user_runchroot(const char *runchroot); +int check_user_runcwd(const char *runcwd); /* prompt.c */ char *expand_prompt(const char *old_prompt, const char *auth_user); diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index c5d72620b..7efce88c9 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -391,13 +391,13 @@ main(int argc, char *argv[]) CLR(validated, VALIDATE_SUCCESS); SET(validated, VALIDATE_FAILURE); } - if (check_user_runchroot() != true) { + if (check_user_runchroot(runas_ctx.chroot) != true) { printf("\nUser %s is not allowed to change root directory to %s\n", user_ctx.name, runas_ctx.chroot); CLR(validated, VALIDATE_SUCCESS); SET(validated, VALIDATE_FAILURE); } - if (check_user_runcwd() != true) { + if (check_user_runcwd(runas_ctx.cwd) != true) { printf("\nUser %s is not allowed to change directory to %s\n", user_ctx.name, runas_ctx.cwd); CLR(validated, VALIDATE_SUCCESS);