isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Don't warn about an insecure lecture dir twice.

Browse Source 
Display warnings in the user's locale.
This commit is contained in:
Todd C. Miller
2014-02-06 15:46:27 -07:00
parent 4e733589e7
commit b299763e34
1 changed files with 25 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
plugins/sudoers/timestamp.c
View File

@@ -188,7 +188,7 @@ found_it:
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
"short write, truncating partial time stamp record"); "short write, truncating partial time stamp record");
if (ftruncate(fd, old_eof) != 0) { if (ftruncate(fd, old_eof) != 0) {
warning(N_("unable to truncate time stamp file to %lld bytes"), warning(U_("unable to truncate time stamp file to %lld bytes"),
old_eof); old_eof);
} }
} }
@@ -203,7 +203,7 @@ found_it:
* Returns false on failure and displays a warning to stderr. * Returns false on failure and displays a warning to stderr.
*/ */
static bool static bool
ts_mkdirs(char *path, uid_t owner, mode_t mode, mode_t parent_mode) ts_mkdirs(char *path, uid_t owner, mode_t mode, mode_t parent_mode, bool quiet)
{ {
struct stat sb; struct stat sb;
gid_t parent_gid = 0; gid_t parent_gid = 0;
@@ -217,13 +217,16 @@ ts_mkdirs(char *path, uid_t owner, mode_t mode, mode_t parent_mode)
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
"mkdir %s, mode 0%o", path, parent_mode); "mkdir %s, mode 0%o", path, parent_mode);
if (mkdir(path, parent_mode) != 0) { if (mkdir(path, parent_mode) != 0) {
warning(N_("unable to mkdir %s"), path); if (!quiet)
warning(U_("unable to mkdir %s"), path);
goto done; goto done;
} }
ignore_result(chown(path, (uid_t)-1, parent_gid)); ignore_result(chown(path, (uid_t)-1, parent_gid));
} else if (!S_ISDIR(sb.st_mode)) { } else if (!S_ISDIR(sb.st_mode)) {
warningx(N_("%s exists but is not a directory (0%o)"), if (!quiet) {
warningx(U_("%s exists but is not a directory (0%o)"),
path, (unsigned int) sb.st_mode); path, (unsigned int) sb.st_mode);
}
goto done; goto done;
} else { } else {
/* Inherit gid of parent dir for ownership. */ /* Inherit gid of parent dir for ownership. */
@@ -235,7 +238,8 @@ ts_mkdirs(char *path, uid_t owner, mode_t mode, mode_t parent_mode)
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
"mkdir %s, mode 0%o", path, mode); "mkdir %s, mode 0%o", path, mode);
if (mkdir(path, mode) != 0 && errno != EEXIST) { if (mkdir(path, mode) != 0 && errno != EEXIST) {
warning(N_("unable to mkdir %s"), path); if (!quiet)
warning(U_("unable to mkdir %s"), path);
goto done; goto done;
} }
ignore_result(chown(path, owner, parent_gid)); ignore_result(chown(path, owner, parent_gid));
@@ -251,7 +255,7 @@ done:
* Returns true on success or false on failure, setting errno. * Returns true on success or false on failure, setting errno.
*/ */
static bool static bool
ts_secure_dir(char *path, bool make_it) ts_secure_dir(char *path, bool make_it, bool quiet)
{ {
struct stat sb; struct stat sb;
bool rval = false; bool rval = false;
@@ -263,7 +267,7 @@ ts_secure_dir(char *path, bool make_it)
rval = true; rval = true;
break; break;
case SUDO_PATH_MISSING: case SUDO_PATH_MISSING:
if (make_it && ts_mkdirs(path, timestamp_uid, 0700, 0711)) { if (make_it && ts_mkdirs(path, timestamp_uid, 0700, 0711, quiet)) {
rval = true; rval = true;
break; break;
} }
@@ -271,15 +275,19 @@ ts_secure_dir(char *path, bool make_it)
break; break;
case SUDO_PATH_BAD_TYPE: case SUDO_PATH_BAD_TYPE:
errno = ENOTDIR; errno = ENOTDIR;
if (!quiet)
warning("%s", path); warning("%s", path);
break; break;
case SUDO_PATH_WRONG_OWNER: case SUDO_PATH_WRONG_OWNER:
if (!quiet) {
warningx(U_("%s is owned by uid %u, should be %u"), warningx(U_("%s is owned by uid %u, should be %u"),
path, (unsigned int) sb.st_uid, path, (unsigned int) sb.st_uid,
(unsigned int) timestamp_uid); (unsigned int) timestamp_uid);
}
errno = EACCES; errno = EACCES;
break; break;
case SUDO_PATH_GROUP_WRITABLE: case SUDO_PATH_GROUP_WRITABLE:
if (!quiet)
warningx(U_("%s is group writable"), path); warningx(U_("%s is group writable"), path);
errno = EACCES; errno = EACCES;
break; break;
@@ -320,7 +328,7 @@ update_timestamp(struct passwd *pw)
debug_decl(update_timestamp, SUDO_DEBUG_AUTH) debug_decl(update_timestamp, SUDO_DEBUG_AUTH)
/* Check/create parent directories as needed. */ /* Check/create parent directories as needed. */
if (!ts_secure_dir(def_timestampdir, true)) if (!ts_secure_dir(def_timestampdir, true, false))
goto done; goto done;
/* Fill in time stamp. */ /* Fill in time stamp. */
@@ -373,7 +381,7 @@ timestamp_status(struct passwd *pw)
} }
/* Ignore time stamp files in an insecure directory. */ /* Ignore time stamp files in an insecure directory. */
if (!ts_secure_dir(def_timestampdir, false)) { if (!ts_secure_dir(def_timestampdir, false, false)) {
if (errno != ENOENT) { if (errno != ENOENT) {
status = TS_ERROR; status = TS_ERROR;
goto done; goto done;
@@ -581,7 +589,7 @@ already_lectured(int unused)
int len; int len;
debug_decl(already_lectured, SUDO_DEBUG_AUTH) debug_decl(already_lectured, SUDO_DEBUG_AUTH)
if (ts_secure_dir(def_lecture_status_dir, false)) { if (ts_secure_dir(def_lecture_status_dir, false, true)) {
len = snprintf(status_file, sizeof(status_file), "%s/%s", len = snprintf(status_file, sizeof(status_file), "%s/%s",
def_lecture_status_dir, user_name); def_lecture_status_dir, user_name);
if (len <= 0 || (size_t)len >= sizeof(status_file)) { if (len <= 0 || (size_t)len >= sizeof(status_file)) {
@@ -612,7 +620,7 @@ set_lectured(void)
} }
/* Sanity check lecture dir and create if missing. */ /* Sanity check lecture dir and create if missing. */
if (!ts_secure_dir(def_lecture_status_dir, true)) if (!ts_secure_dir(def_lecture_status_dir, true, false))
goto done; goto done;
/* Create lecture file. */ /* Create lecture file. */