isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Better ldap cleanup.

Browse Source
This commit is contained in:
Todd C. Miller
2007-12-16 19:42:44 +00:00
parent c5b5f0cfd7
commit a68ab16dcd
3 changed files with 37 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
logging.c
View File

@@ -393,8 +393,13 @@ log_error(flags, fmt, va_alist)
if (logline != message) if (logline != message)
efree(logline); efree(logline);
if (!ISSET(flags, NO_EXIT)) if (!ISSET(flags, NO_EXIT)) {
#ifdef HAVE_LDAP
if (ldap_conn != NULL)
sudo_ldap_close(ldap_conn);
#endif
exit(1); exit(1);
}
} }
#define MAX_MAILFLAGS 63 #define MAX_MAILFLAGS 63

59
sudo.c
View File

@@ -150,7 +150,7 @@ char *login_style;
sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld; sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
static char *runas_user; static char *runas_user;
static char *runas_group; static char *runas_group;
void *ldap_conn;
int int
main(argc, argv, envp) main(argc, argv, envp)
@@ -159,12 +159,8 @@ main(argc, argv, envp)
char **envp; char **envp;
{ {
int validated = 0; int validated = 0;
int fd; int fd, cmnd_status, sudo_mode, pwflag, rc = 0;
int cmnd_status;
int sudo_mode;
int pwflag;
sigaction_t sa; sigaction_t sa;
void *ld = NULL;
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) #if defined(SUDO_DEVEL) && defined(__OpenBSD__)
extern char *malloc_options; extern char *malloc_options;
malloc_options = "AFGJPR"; malloc_options = "AFGJPR";
@@ -270,8 +266,8 @@ main(argc, argv, envp)
init_vars(sudo_mode, envp); /* XXX - move this later? */ init_vars(sudo_mode, envp); /* XXX - move this later? */
#ifdef HAVE_LDAP #ifdef HAVE_LDAP
if ((ld = sudo_ldap_open()) != NULL) if ((ldap_conn = sudo_ldap_open()) != NULL)
sudo_ldap_update_defaults(ld); sudo_ldap_update_defaults(ldap_conn);
if (!def_ignore_local_sudoers) if (!def_ignore_local_sudoers)
#endif #endif
@@ -307,6 +303,7 @@ main(argc, argv, envp)
/* This goes after sudoers is parsed since it may have timestamp options. */ /* This goes after sudoers is parsed since it may have timestamp options. */
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) {
remove_timestamp((sudo_mode == MODE_KILL)); remove_timestamp((sudo_mode == MODE_KILL));
cleanup(0);
exit(0); exit(0);
} }
@@ -329,8 +326,8 @@ main(argc, argv, envp)
cmnd_status = set_cmnd(sudo_mode); cmnd_status = set_cmnd(sudo_mode);
#ifdef HAVE_LDAP #ifdef HAVE_LDAP
if (ld != NULL) if (ldap_conn != NULL)
validated = sudo_ldap_check(ld, pwflag); validated = sudo_ldap_check(ldap_conn, pwflag);
/* Fallback to sudoers if we are allowed to and we aren't validated. */ /* Fallback to sudoers if we are allowed to and we aren't validated. */
if (!def_ignore_local_sudoers && !ISSET(validated, VALIDATE_OK)) if (!def_ignore_local_sudoers && !ISSET(validated, VALIDATE_OK))
#endif #endif
@@ -401,13 +398,10 @@ main(argc, argv, envp)
if (ISSET(validated, VALIDATE_OK)) { if (ISSET(validated, VALIDATE_OK)) {
/* Finally tell the user if the command did not exist. */ /* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) { if (cmnd_status == NOT_FOUND_DOT)
warningx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); errorx(1, "ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
exit(1); else if (cmnd_status == NOT_FOUND)
} else if (cmnd_status == NOT_FOUND) { errorx(1, "%s: command not found", user_cmnd);
warningx("%s: command not found", user_cmnd);
exit(1);
}
/* If user specified env vars make sure sudoers allows it. */ /* If user specified env vars make sure sudoers allows it. */
if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) { if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
@@ -419,22 +413,23 @@ main(argc, argv, envp)
} }
log_auth(validated, 1); log_auth(validated, 1);
if (sudo_mode == MODE_VALIDATE) if (sudo_mode == MODE_CHECK)
exit(0); rc = display_cmnd(ldap_conn, list_pw ? list_pw : sudo_user.pw);
else if (sudo_mode == MODE_CHECK) else if (sudo_mode == MODE_LIST)
exit(display_cmnd(ld, list_pw ? list_pw : sudo_user.pw)); display_privs(ldap_conn, list_pw ? list_pw : sudo_user.pw);
else if (sudo_mode == MODE_LIST) {
display_privs(ld, list_pw ? list_pw : sudo_user.pw);
exit(0);
}
#ifdef HAVE_LDAP #ifdef HAVE_LDAP
if (ld != NULL) { if (ldap_conn != NULL) {
sudo_ldap_close(ld); sudo_ldap_close(ldap_conn);
ld = NULL; ldap_conn = NULL;
} }
#endif #endif
/* Deferred exit due to sudo_ldap_close() */
if (sudo_mode == MODE_VALIDATE || sudo_mode == MODE_CHECK ||
sudo_mode == MODE_LIST)
exit(rc);
/* Override user's umask if configured to do so. */ /* Override user's umask if configured to do so. */
if (def_umask != 0777) if (def_umask != 0777)
(void) umask(def_umask); (void) umask(def_umask);
@@ -1349,7 +1344,7 @@ get_authpw()
} }
/* /*
* Stub for error()/errorx() * Cleanup hook for error()/errorx()
*/ */
void void
cleanup(gotsignal) cleanup(gotsignal)
@@ -1359,6 +1354,12 @@ cleanup(gotsignal)
sudo_endpwent(); sudo_endpwent();
sudo_endgrent(); sudo_endgrent();
} }
#ifdef HAVE_LDAP
if (ld != NULL) {
sudo_ldap_close(ld);
ld = NULL;
}
#endif
} }
/* /*

1
sudo.h
View File

@@ -292,6 +292,7 @@ extern struct passwd *auth_pw, *list_pw;
extern int tgetpass_flags; extern int tgetpass_flags;
extern uid_t timestamp_uid; extern uid_t timestamp_uid;
extern void *ldap_conn;
#endif #endif
#ifndef errno #ifndef errno
extern int errno; extern int errno;