isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nss-ify display_privs and display_cmnd.

Browse Source
This commit is contained in:
Todd C. Miller
2007-12-31 15:08:30 +00:00
parent 3008bb494a
commit adfaebdb4d
4 changed files with 151 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
ldap.c
View File

@@ -217,7 +217,6 @@ static struct ldap_config_table ldap_conf_table[] = {
{ NULL } { NULL }
}; };
/* XXX - add display_cmnd and display_privs */
struct sudo_nss sudo_nss_ldap = { struct sudo_nss sudo_nss_ldap = {
&sudo_nss_ldap, &sudo_nss_ldap,
NULL, NULL,
@@ -225,7 +224,9 @@ struct sudo_nss sudo_nss_ldap = {
sudo_ldap_close, sudo_ldap_close,
sudo_ldap_parse, sudo_ldap_parse,
sudo_ldap_setdefs, sudo_ldap_setdefs,
sudo_ldap_lookup sudo_ldap_lookup,
sudo_ldap_display_privs,
sudo_ldap_display_cmnd
}; };
/* /*
@@ -849,19 +850,22 @@ sudo_ldap_read_config()
} }
/* /*
* Like sudo_ldap_check(), except we just print entries. * Like sudo_ldap_lookup(), except we just print entries.
*/ */
void void
sudo_ldap_display_privs(ldv, pw) sudo_ldap_display_privs(nss, pw)
void *ldv; struct sudo_nss *nss;
struct passwd *pw; struct passwd *pw;
{ {
LDAP *ld = (LDAP *) ldv; LDAP *ld = (LDAP *) nss->handle;
LDAPMessage *entry = NULL, *result = NULL; /* used for searches */ LDAPMessage *entry = NULL, *result = NULL; /* used for searches */
char *filt; /* used to parse attributes */ char *filt; /* used to parse attributes */
char *dn, **edn, **v, **p; char *dn, **edn, **v, **p;
int rc, do_netgr; int rc, do_netgr;
if (ld == NULL)
return;
/* /*
* First, get (and display) the global Options. * First, get (and display) the global Options.
*/ */
@@ -983,15 +987,18 @@ sudo_ldap_display_privs(ldv, pw)
} }
int int
sudo_ldap_display_cmnd(ldv, pw) sudo_ldap_display_cmnd(nss, pw)
void *ldv; struct sudo_nss *nss;
struct passwd *pw; struct passwd *pw;
{ {
LDAP *ld = (LDAP *) ldv; LDAP *ld = (LDAP *) nss->handle;
LDAPMessage *entry = NULL, *result = NULL; /* used for searches */ LDAPMessage *entry = NULL, *result = NULL; /* used for searches */
char *filt; /* used to parse attributes */ char *filt; /* used to parse attributes */
int rc, found, do_netgr; /* temp/final return values */ int rc, found, do_netgr; /* temp/final return values */
if (ld == NULL)
return(1);
/* /*
* Okay - time to search for anything that matches this user * Okay - time to search for anything that matches this user
* Lets limit it to only two queries of the LDAP server * Lets limit it to only two queries of the LDAP server

73
parse.c
View File

@@ -63,7 +63,9 @@ struct sudo_nss sudo_nss_file = {
sudo_file_close, sudo_file_close,
sudo_file_parse, sudo_file_parse,
sudo_file_setdefs, sudo_file_setdefs,
sudo_file_lookup sudo_file_lookup,
sudo_file_display_privs,
sudo_file_display_cmnd
}; };
/* /*
@@ -296,23 +298,21 @@ sudo_file_lookup(nss, pwflag)
/* /*
* Print out privileges for the specified user. * Print out privileges for the specified user.
* XXX - move out of parse.c
*/ */
void void
display_privs(v, pw) display_privs(snl, pw)
void *v; struct sudo_nss_list *snl;
struct passwd *pw; struct passwd *pw;
{ {
struct lbuf lbuf; struct sudo_nss *nss;
struct cmndspec *cs;
struct member *m;
struct privilege *priv;
struct userspec *us;
struct cmndtag tags;
#if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS) #if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
/* XXX - refactor and call for display_cmnd too */
/* Set group vector so group matching works correctly. */ /* Set group vector so group matching works correctly. */
if (pw != sudo_user.pw) { if (pw != sudo_user.pw) {
(void) initgroups(pw->pw_name, pw->pw_gid); (void) initgroups(pw->pw_name, pw->pw_gid);
efree(user_groups);
if ((user_ngroups = getgroups(0, NULL)) > 0) { if ((user_ngroups = getgroups(0, NULL)) > 0) {
user_groups = erealloc3(user_groups, user_ngroups, user_groups = erealloc3(user_groups, user_ngroups,
sizeof(GETGROUPS_T)); sizeof(GETGROUPS_T));
@@ -323,7 +323,22 @@ display_privs(v, pw)
} }
#endif #endif
if (!def_ignore_local_sudoers) { tq_foreach_fwd(snl, nss)
nss->display_privs(nss, pw);
}
void
sudo_file_display_privs(nss, pw)
struct sudo_nss *nss;
struct passwd *pw;
{
struct lbuf lbuf;
struct cmndspec *cs;
struct member *m;
struct privilege *priv;
struct userspec *us;
struct cmndtag tags;
display_defaults(pw); display_defaults(pw);
lbuf_init(&lbuf, NULL, 8, '\\'); lbuf_init(&lbuf, NULL, 8, '\\');
@@ -388,12 +403,6 @@ display_privs(v, pw)
} }
} }
lbuf_destroy(&lbuf); lbuf_destroy(&lbuf);
}
/* XXX - nss */
#ifdef HAVE_LDAP
if (v != NULL)
sudo_ldap_display_privs(v, pw);
#endif
} }
/* /*
@@ -526,10 +535,28 @@ display_bound_defaults(dtype)
/* /*
* Check user_cmnd against sudoers and print the matching entry if the * Check user_cmnd against sudoers and print the matching entry if the
* command is allowed. * command is allowed.
* XXX - move out of parse.c
*/ */
int int
display_cmnd(v, pw) display_cmnd(snl, pw)
void *v; struct sudo_nss_list *snl;
struct passwd *pw;
{
struct sudo_nss *nss;
int rval = 1;
/* XXX - reset group vector? */
tq_foreach_fwd(snl, nss) {
if (nss->display_cmnd(nss, pw) == 0)
rval = 0;
}
return(rval);
}
int
sudo_file_display_cmnd(nss, pw)
struct sudo_nss *nss;
struct passwd *pw; struct passwd *pw;
{ {
struct cmndspec *cs; struct cmndspec *cs;
@@ -539,12 +566,9 @@ display_cmnd(v, pw)
int rval = 1; int rval = 1;
int host_match, runas_match, cmnd_match; int host_match, runas_match, cmnd_match;
/* XXX - nss */ if (nss->handle == NULL)
#ifdef HAVE_LDAP return(rval);
if (v != NULL)
rval = sudo_ldap_display_cmnd(v, pw);
#endif
if (rval != 0 && !def_ignore_local_sudoers) {
match = NULL; match = NULL;
tq_foreach_rev(&userspecs, us) { tq_foreach_rev(&userspecs, us) {
if (userlist_matches(pw, &us->users) != ALLOW) if (userlist_matches(pw, &us->users) != ALLOW)
@@ -574,7 +598,6 @@ display_cmnd(v, pw)
user_args ? user_args : ""); user_args ? user_args : "");
rval = 0; rval = 0;
} }
}
return(rval); return(rval);
} }

4
sudo.c
View File

@@ -421,9 +421,9 @@ main(argc, argv, envp)
log_auth(validated, 1); log_auth(validated, 1);
if (sudo_mode == MODE_CHECK) if (sudo_mode == MODE_CHECK)
rc = display_cmnd(NULL, list_pw ? list_pw : sudo_user.pw); rc = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw);
else if (sudo_mode == MODE_LIST) else if (sudo_mode == MODE_LIST)
display_privs(NULL, list_pw ? list_pw : sudo_user.pw); display_privs(snl, list_pw ? list_pw : sudo_user.pw);
/* Cleanup sudoers sources */ /* Cleanup sudoers sources */
tq_foreach_fwd(snl, nss) tq_foreach_fwd(snl, nss)

10
sudo.h
View File

@@ -227,13 +227,13 @@ int find_path __P((char *, char **, struct stat *, char *));
void check_user __P((int)); void check_user __P((int));
void verify_user __P((struct passwd *, char *)); void verify_user __P((struct passwd *, char *));
#ifdef HAVE_LDAP #ifdef HAVE_LDAP
void sudo_ldap_display_privs __P((void *, struct passwd *));
int sudo_ldap_display_cmnd __P((void *, struct passwd *));
int sudo_ldap_open __P((struct sudo_nss *)); int sudo_ldap_open __P((struct sudo_nss *));
int sudo_ldap_close __P((struct sudo_nss *)); int sudo_ldap_close __P((struct sudo_nss *));
int sudo_ldap_setdefs __P((struct sudo_nss *)); int sudo_ldap_setdefs __P((struct sudo_nss *));
int sudo_ldap_lookup __P((struct sudo_nss *, int)); int sudo_ldap_lookup __P((struct sudo_nss *, int));
int sudo_ldap_parse __P((struct sudo_nss *)); int sudo_ldap_parse __P((struct sudo_nss *));
void sudo_ldap_display_privs __P((struct sudo_nss *, struct passwd *));
int sudo_ldap_display_cmnd __P((struct sudo_nss *, struct passwd *));
#endif #endif
#if 1 #if 1
int sudo_file_open __P((struct sudo_nss *)); int sudo_file_open __P((struct sudo_nss *));
@@ -241,6 +241,8 @@ int sudo_file_close __P((struct sudo_nss *));
int sudo_file_setdefs __P((struct sudo_nss *)); int sudo_file_setdefs __P((struct sudo_nss *));
int sudo_file_lookup __P((struct sudo_nss *, int)); int sudo_file_lookup __P((struct sudo_nss *, int));
int sudo_file_parse __P((struct sudo_nss *)); int sudo_file_parse __P((struct sudo_nss *));
void sudo_file_display_privs __P((struct sudo_nss *, struct passwd *));
int sudo_file_display_cmnd __P((struct sudo_nss *, struct passwd *));
#endif #endif
void set_perms __P((int)); void set_perms __P((int));
void remove_timestamp __P((int)); void remove_timestamp __P((int));
@@ -273,8 +275,8 @@ int pam_prep_user __P((struct passwd *));
void zero_bytes __P((volatile void *, size_t)); void zero_bytes __P((volatile void *, size_t));
int gettime __P((struct timespec *)); int gettime __P((struct timespec *));
FILE *open_sudoers __P((const char *, int *)); FILE *open_sudoers __P((const char *, int *));
void display_privs __P((void *, struct passwd *)); void display_privs __P((struct sudo_nss_list *, struct passwd *));
int display_cmnd __P((void *, struct passwd *)); int display_cmnd __P((struct sudo_nss_list *, struct passwd *));
int get_ttycols __P((void)); int get_ttycols __P((void));
void sudo_setenv __P((const char *, const char *, int)); void sudo_setenv __P((const char *, const char *, int));
void sudo_unsetenv __P((const char *)); void sudo_unsetenv __P((const char *));