added support for "runas" from garp@opustel.com
replaced SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for SUDOERS_MODE
This commit is contained in:
Todd C. Miller
35
visudo.c
35
visudo.c
@@ -104,7 +104,7 @@ int NewArgc = 0;
|
|||||||
char *sudoers = _PATH_SUDO_SUDOERS;
|
char *sudoers = _PATH_SUDO_SUDOERS;
|
||||||
char *stmp = _PATH_SUDO_STMP;
|
char *stmp = _PATH_SUDO_STMP;
|
||||||
int parse_error = FALSE;
|
int parse_error = FALSE;
|
||||||
|
char *runas_user = NULL;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* For the parsing routines
|
* For the parsing routines
|
||||||
@@ -131,7 +131,6 @@ int main(argc, argv)
|
|||||||
int sudoers_fd; /* sudoers file descriptor */
|
int sudoers_fd; /* sudoers file descriptor */
|
||||||
int stmp_fd; /* stmp file descriptor */
|
int stmp_fd; /* stmp file descriptor */
|
||||||
int n; /* length parameter */
|
int n; /* length parameter */
|
||||||
struct passwd *pwd; /* to look up info for SUDOERS_OWNER */
|
|
||||||
|
|
||||||
(void) setbuf(stderr, (char *)NULL); /* unbuffered stderr */
|
(void) setbuf(stderr, (char *)NULL); /* unbuffered stderr */
|
||||||
|
|
||||||
@@ -154,6 +153,9 @@ int main(argc, argv)
|
|||||||
else if (argc != 1)
|
else if (argc != 1)
|
||||||
usage();
|
usage();
|
||||||
|
|
||||||
|
/* user_pw_ent needs to point to something... */
|
||||||
|
user_pw_ent = getpwuid(getuid());
|
||||||
|
|
||||||
#ifdef ENV_EDITOR
|
#ifdef ENV_EDITOR
|
||||||
/*
|
/*
|
||||||
* If we are allowing EDITOR and VISUAL envariables set Editor
|
* If we are allowing EDITOR and VISUAL envariables set Editor
|
||||||
@@ -164,19 +166,6 @@ int main(argc, argv)
|
|||||||
Editor = EDITOR;
|
Editor = EDITOR;
|
||||||
#endif /* ENV_EDITOR */
|
#endif /* ENV_EDITOR */
|
||||||
|
|
||||||
/*
|
|
||||||
* Need to find who should own the sudoers file
|
|
||||||
*/
|
|
||||||
if (!(pwd = getpwnam(SUDOERS_OWNER))) {
|
|
||||||
(void) fprintf(stderr,
|
|
||||||
"%s: no passwd entry for sudoers file owner (%s)\n",
|
|
||||||
Argv[0], SUDOERS_OWNER);
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* user_pw_ent needs to be defined to _something_, this will do */
|
|
||||||
user_pw_ent = pwd;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copy sudoers file to stmp
|
* Copy sudoers file to stmp
|
||||||
*/
|
*/
|
||||||
@@ -216,12 +205,13 @@ int main(argc, argv)
|
|||||||
(void) close(stmp_fd);
|
(void) close(stmp_fd);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Change ownership of temp file to SUDOERS_OWNER
|
* Change ownership of temp file to SUDOERS_UID, SUDOERS_GID
|
||||||
* so when we move it to sudoers things are kosher.
|
* so when we move it to sudoers things are kosher.
|
||||||
*/
|
*/
|
||||||
if (chown(stmp, pwd -> pw_uid, -1)) {
|
if (chown(stmp, SUDOERS_UID, SUDOERS_GID)) {
|
||||||
(void) fprintf(stderr, "%s: Warning, unable to set owner to %s: ",
|
(void) fprintf(stderr,
|
||||||
Argv[0], SUDOERS_OWNER);
|
"%s: Warning, unable to set (uid, gid) to (%d, %d): ",
|
||||||
|
Argv[0], SUDOERS_UID, SUDOERS_GID);
|
||||||
perror("");
|
perror("");
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -350,9 +340,10 @@ int main(argc, argv)
|
|||||||
* Make the new sudoers file readable only by owner.
|
* Make the new sudoers file readable only by owner.
|
||||||
* If this fail it is ok since the file is only least rw owner.
|
* If this fail it is ok since the file is only least rw owner.
|
||||||
*/
|
*/
|
||||||
if (chmod(sudoers, 0400)) {
|
if (chmod(sudoers, SUDOERS_MODE)) {
|
||||||
(void) fprintf(stderr, "%s: Warning, unable to chmod 0400 %s: ",
|
(void) fprintf(stderr,
|
||||||
Argv[0], sudoers);
|
"%s: Warning, unable to change mode of %s to %o: ",
|
||||||
|
Argv[0], sudoers, SUDOERS_MODE);
|
||||||
perror("");
|
perror("");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user