nss-ify display_privs and display_cmnd.

2007-12-31 15:08:30 +00:00
parent 3008bb494a
commit adfaebdb4d
4 changed files with 151 additions and 119 deletions
--- a/ldap.c
+++ b/ldap.c
@@ -217,7 +217,6 @@ static struct ldap_config_table ldap_conf_table[] = {
    { NULL }
 };

-/* XXX - add display_cmnd and display_privs */
 struct sudo_nss sudo_nss_ldap = {
    &sudo_nss_ldap,
    NULL,
@@ -225,7 +224,9 @@ struct sudo_nss sudo_nss_ldap = {
    sudo_ldap_close,
    sudo_ldap_parse,
    sudo_ldap_setdefs,
-    sudo_ldap_lookup
+    sudo_ldap_lookup,
+    sudo_ldap_display_privs,
+    sudo_ldap_display_cmnd
 };

 /*
@@ -849,19 +850,22 @@ sudo_ldap_read_config()
 }

 /*
- * Like sudo_ldap_check(), except we just print entries.
+ * Like sudo_ldap_lookup(), except we just print entries.
 */
 void
-sudo_ldap_display_privs(ldv, pw)
-    void *ldv;
+sudo_ldap_display_privs(nss, pw)
+    struct sudo_nss *nss;
    struct passwd *pw;
 {
-    LDAP *ld = (LDAP *) ldv;
+    LDAP *ld = (LDAP *) nss->handle;
    LDAPMessage *entry = NULL, *result = NULL;	/* used for searches */
    char *filt;					/* used to parse attributes */
    char *dn, **edn, **v, **p;
    int rc, do_netgr;

+    if (ld == NULL)
+	return;
+
    /*
     * First, get (and display) the global Options.
     */
@@ -983,15 +987,18 @@ sudo_ldap_display_privs(ldv, pw)
 }

 int
-sudo_ldap_display_cmnd(ldv, pw)
-    void *ldv;
+sudo_ldap_display_cmnd(nss, pw)
+    struct sudo_nss *nss;
    struct passwd *pw;
 {
-    LDAP *ld = (LDAP *) ldv;
+    LDAP *ld = (LDAP *) nss->handle;
    LDAPMessage *entry = NULL, *result = NULL;	/* used for searches */
    char *filt;					/* used to parse attributes */
    int rc, found, do_netgr;			/* temp/final return values */

+    if (ld == NULL)
+	return(1);
+
    /*
     * Okay - time to search for anything that matches this user
     * Lets limit it to only two queries of the LDAP server
--- a/parse.c
+++ b/parse.c
@@ -63,7 +63,9 @@ struct sudo_nss sudo_nss_file = {
    sudo_file_close,
    sudo_file_parse,
    sudo_file_setdefs,
-    sudo_file_lookup
+    sudo_file_lookup,
+    sudo_file_display_privs,
+    sudo_file_display_cmnd
 };

 /*
@@ -296,23 +298,21 @@ sudo_file_lookup(nss, pwflag)

 /*
 * Print out privileges for the specified user.
+ * XXX - move out of parse.c
 */
 void
-display_privs(v, pw)
-    void *v;
+display_privs(snl, pw)
+    struct sudo_nss_list *snl;
    struct passwd *pw;
 {
-    struct lbuf lbuf;
-    struct cmndspec *cs;
-    struct member *m;
-    struct privilege *priv;
-    struct userspec *us;
-    struct cmndtag tags;
+    struct sudo_nss *nss;

 #if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
+    /* XXX - refactor and call for display_cmnd too */
    /* Set group vector so group matching works correctly. */
    if (pw != sudo_user.pw) {
 	(void) initgroups(pw->pw_name, pw->pw_gid);
+	efree(user_groups);
 	if ((user_ngroups = getgroups(0, NULL)) > 0) {
 	    user_groups = erealloc3(user_groups, user_ngroups,
 		sizeof(GETGROUPS_T));
@@ -323,7 +323,22 @@ display_privs(v, pw)
    }
 #endif

-    if (!def_ignore_local_sudoers) {
+    tq_foreach_fwd(snl, nss)
+	nss->display_privs(nss, pw);
+}
+
+void
+sudo_file_display_privs(nss, pw)
+    struct sudo_nss *nss;
+    struct passwd *pw;
+{
+    struct lbuf lbuf;
+    struct cmndspec *cs;
+    struct member *m;
+    struct privilege *priv;
+    struct userspec *us;
+    struct cmndtag tags;
+
    display_defaults(pw);

    lbuf_init(&lbuf, NULL, 8, '\\');
@@ -388,12 +403,6 @@ display_privs(v, pw)
 	}
    }
    lbuf_destroy(&lbuf);
-    }
-    /* XXX - nss */
-#ifdef HAVE_LDAP
-    if (v != NULL)
-	sudo_ldap_display_privs(v, pw);
-#endif
 }

 /*
@@ -526,10 +535,28 @@ display_bound_defaults(dtype)
 /*
 * Check user_cmnd against sudoers and print the matching entry if the
 * command is allowed.
+ * XXX - move out of parse.c
 */
 int
-display_cmnd(v, pw)
-    void *v;
+display_cmnd(snl, pw)
+    struct sudo_nss_list *snl;
+    struct passwd *pw;
+{
+    struct sudo_nss *nss;
+    int rval = 1;
+
+    /* XXX - reset group vector? */
+
+    tq_foreach_fwd(snl, nss) {
+	if (nss->display_cmnd(nss, pw) == 0)
+	    rval = 0;
+    }
+    return(rval);
+}
+
+int
+sudo_file_display_cmnd(nss, pw)
+    struct sudo_nss *nss;
    struct passwd *pw;
 {
    struct cmndspec *cs;
@@ -539,12 +566,9 @@ display_cmnd(v, pw)
    int rval = 1;
    int host_match, runas_match, cmnd_match;

-    /* XXX - nss */
-#ifdef HAVE_LDAP
-    if (v != NULL)
-	rval = sudo_ldap_display_cmnd(v, pw);
-#endif
-    if (rval != 0 && !def_ignore_local_sudoers) {
+    if (nss->handle == NULL)
+	return(rval);
+
    match = NULL;
    tq_foreach_rev(&userspecs, us) {
 	if (userlist_matches(pw, &us->users) != ALLOW)
@@ -574,7 +598,6 @@ display_cmnd(v, pw)
 	    user_args ? user_args : "");
 	rval = 0;
    }
-    }
    return(rval);
 }

--- a/sudo.c
+++ b/sudo.c
@@ -421,9 +421,9 @@ main(argc, argv, envp)

 	log_auth(validated, 1);
 	if (sudo_mode == MODE_CHECK)
-	    rc = display_cmnd(NULL, list_pw ? list_pw : sudo_user.pw);
+	    rc = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw);
 	else if (sudo_mode == MODE_LIST)
-	    display_privs(NULL, list_pw ? list_pw : sudo_user.pw);
+	    display_privs(snl, list_pw ? list_pw : sudo_user.pw);

 	/* Cleanup sudoers sources */
 	tq_foreach_fwd(snl, nss)
--- a/sudo.h
+++ b/sudo.h
@@ -227,13 +227,13 @@ int find_path		__P((char *, char **, struct stat *, char *));
 void check_user		__P((int));
 void verify_user	__P((struct passwd *, char *));
 #ifdef HAVE_LDAP
-void sudo_ldap_display_privs __P((void *, struct passwd *));
-int sudo_ldap_display_cmnd __P((void *, struct passwd *));
 int sudo_ldap_open	__P((struct sudo_nss *));
 int sudo_ldap_close	__P((struct sudo_nss *));
 int sudo_ldap_setdefs	__P((struct sudo_nss *));
 int sudo_ldap_lookup	__P((struct sudo_nss *, int));
 int sudo_ldap_parse	__P((struct sudo_nss *));
+void sudo_ldap_display_privs __P((struct sudo_nss *, struct passwd *));
+int sudo_ldap_display_cmnd __P((struct sudo_nss *, struct passwd *));
 #endif
 #if 1
 int sudo_file_open	__P((struct sudo_nss *));
@@ -241,6 +241,8 @@ int sudo_file_close	__P((struct sudo_nss *));
 int sudo_file_setdefs	__P((struct sudo_nss *));
 int sudo_file_lookup	__P((struct sudo_nss *, int));
 int sudo_file_parse	__P((struct sudo_nss *));
+void sudo_file_display_privs __P((struct sudo_nss *, struct passwd *));
+int sudo_file_display_cmnd __P((struct sudo_nss *, struct passwd *));
 #endif
 void set_perms		__P((int));
 void remove_timestamp	__P((int));
@@ -273,8 +275,8 @@ int pam_prep_user	__P((struct passwd *));
 void zero_bytes		__P((volatile void *, size_t));
 int gettime		__P((struct timespec *));
 FILE *open_sudoers	__P((const char *, int *));
-void display_privs	__P((void *, struct passwd *));
-int display_cmnd	__P((void *, struct passwd *));
+void display_privs	__P((struct sudo_nss_list *, struct passwd *));
+int display_cmnd	__P((struct sudo_nss_list *, struct passwd *));
 int get_ttycols		__P((void));
 void sudo_setenv	__P((const char *, const char *, int));
 void sudo_unsetenv	__P((const char *));