added support for SUDOERS_WRONG_MODE and "runas"
This commit is contained in:
Todd C. Miller
37
logging.c
37
logging.c
@@ -86,7 +86,7 @@ static void syslog_wrapper __P((int, char *, char *, char *));
|
|||||||
*/
|
*/
|
||||||
static char *logline;
|
static char *logline;
|
||||||
extern int errorlineno;
|
extern int errorlineno;
|
||||||
|
extern char *runas_user;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* length of syslog-like header info used for mail and file logs
|
* length of syslog-like header info used for mail and file logs
|
||||||
@@ -242,23 +242,18 @@ void log_error(code)
|
|||||||
(void) sprintf(p, "gethostbyname() cannot find host %s ", host);
|
(void) sprintf(p, "gethostbyname() cannot find host %s ", host);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SUDOERS_NO_OWNER:
|
|
||||||
(void) sprintf(p, "no passwd entry for sudoers file owner (%s) ",
|
|
||||||
SUDOERS_OWNER);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case SUDOERS_NOT_FILE:
|
case SUDOERS_NOT_FILE:
|
||||||
(void) sprintf(p, "%s is not a regular file ", _PATH_SUDO_SUDOERS);
|
(void) sprintf(p, "%s is not a regular file ", _PATH_SUDO_SUDOERS);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SUDOERS_WRONG_OWNER:
|
case SUDOERS_WRONG_OWNER:
|
||||||
(void) sprintf(p, "%s is not owned by %s ", _PATH_SUDO_SUDOERS,
|
(void) sprintf(p, "%s is not owned by uid %d and gid %d ",
|
||||||
SUDOERS_OWNER);
|
_PATH_SUDO_SUDOERS, SUDOERS_UID, SUDOERS_GID);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SUDOERS_RW_OTHER:
|
case SUDOERS_WRONG_MODE:
|
||||||
(void) sprintf(p, "%s is readable or writeable by other than %s ",
|
(void) sprintf(p, "%s is not mode %o ", _PATH_SUDO_SUDOERS,
|
||||||
_PATH_SUDO_SUDOERS, SUDOERS_OWNER);
|
SUDOERS_MODE);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SPOOF_ATTEMPT:
|
case SPOOF_ATTEMPT:
|
||||||
@@ -568,6 +563,9 @@ void inform_user(code)
|
|||||||
fputs(*a, stderr);
|
fputs(*a, stderr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (runas_user != NULL)
|
||||||
|
(void) fprintf(stderr, "\" as %s on %s.\n\n", runas_user, host);
|
||||||
|
else
|
||||||
(void) fprintf(stderr, "\" on %s.\n\n", host);
|
(void) fprintf(stderr, "\" on %s.\n\n", host);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -605,11 +603,6 @@ void inform_user(code)
|
|||||||
TRIES_FOR_PASSWORD);
|
TRIES_FOR_PASSWORD);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SUDOERS_NO_OWNER:
|
|
||||||
(void) fprintf(stderr,
|
|
||||||
"No passwd entry for sudoers file owner (%s)\n", SUDOERS_OWNER);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case NO_SUDOERS_FILE:
|
case NO_SUDOERS_FILE:
|
||||||
switch (errno) {
|
switch (errno) {
|
||||||
case ENOENT:
|
case ENOENT:
|
||||||
@@ -630,14 +623,13 @@ void inform_user(code)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case SUDOERS_WRONG_OWNER:
|
case SUDOERS_WRONG_OWNER:
|
||||||
(void) fprintf(stderr, "%s is not owned by %s!\n",
|
(void) fprintf(stderr, "%s is not owned by uid %d and gid %d!\n",
|
||||||
_PATH_SUDO_SUDOERS, SUDOERS_OWNER);
|
_PATH_SUDO_SUDOERS, SUDOERS_UID, SUDOERS_GID);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SUDOERS_RW_OTHER:
|
case SUDOERS_WRONG_MODE:
|
||||||
(void) fprintf(stderr,
|
(void) fprintf(stderr, "%s must be mode %o!\n", _PATH_SUDO_SUDOERS,
|
||||||
"%s is readable or writeable by other than %s!\n",
|
SUDOERS_MODE);
|
||||||
_PATH_SUDO_SUDOERS, SUDOERS_OWNER);
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SPOOF_ATTEMPT:
|
case SPOOF_ATTEMPT:
|
||||||
@@ -682,6 +674,7 @@ static int appropriate(code)
|
|||||||
* these will NOT send mail
|
* these will NOT send mail
|
||||||
*/
|
*/
|
||||||
case VALIDATE_OK:
|
case VALIDATE_OK:
|
||||||
|
case VALIDATE_OK_NOPASS:
|
||||||
case PASSWORD_NOT_CORRECT:
|
case PASSWORD_NOT_CORRECT:
|
||||||
case PASSWORDS_NOT_CORRECT:
|
case PASSWORDS_NOT_CORRECT:
|
||||||
/* case ALL_SYSTEMS_GO: this is the same as OK */
|
/* case ALL_SYSTEMS_GO: this is the same as OK */
|
||||||
|
|||||||
Reference in New Issue
Block a user