g/c second arg to set_perms--it is no longer used
This commit is contained in:
Todd C. Miller
@@ -138,7 +138,7 @@ verify_user(pw, prompt)
|
|||||||
for (auth = auth_switch; auth->name; auth++) {
|
for (auth = auth_switch; auth->name; auth++) {
|
||||||
if (auth->init && IS_CONFIGURED(auth)) {
|
if (auth->init && IS_CONFIGURED(auth)) {
|
||||||
if (NEEDS_USER(auth))
|
if (NEEDS_USER(auth))
|
||||||
set_perms(PERM_USER, 0);
|
set_perms(PERM_USER);
|
||||||
|
|
||||||
status = (auth->init)(pw, &prompt, auth);
|
status = (auth->init)(pw, &prompt, auth);
|
||||||
if (status == AUTH_FAILURE)
|
if (status == AUTH_FAILURE)
|
||||||
@@ -147,7 +147,7 @@ verify_user(pw, prompt)
|
|||||||
exit(1); /* assume error msg already printed */
|
exit(1); /* assume error msg already printed */
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
if (NEEDS_USER(auth))
|
||||||
set_perms(PERM_ROOT, 0);
|
set_perms(PERM_ROOT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -156,7 +156,7 @@ verify_user(pw, prompt)
|
|||||||
for (auth = auth_switch; auth->name; auth++) {
|
for (auth = auth_switch; auth->name; auth++) {
|
||||||
if (auth->setup && IS_CONFIGURED(auth)) {
|
if (auth->setup && IS_CONFIGURED(auth)) {
|
||||||
if (NEEDS_USER(auth))
|
if (NEEDS_USER(auth))
|
||||||
set_perms(PERM_USER, 0);
|
set_perms(PERM_USER);
|
||||||
|
|
||||||
status = (auth->setup)(pw, &prompt, auth);
|
status = (auth->setup)(pw, &prompt, auth);
|
||||||
if (status == AUTH_FAILURE)
|
if (status == AUTH_FAILURE)
|
||||||
@@ -165,7 +165,7 @@ verify_user(pw, prompt)
|
|||||||
exit(1); /* assume error msg already printed */
|
exit(1); /* assume error msg already printed */
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
if (NEEDS_USER(auth))
|
||||||
set_perms(PERM_ROOT, 0);
|
set_perms(PERM_ROOT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -186,12 +186,12 @@ verify_user(pw, prompt)
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
if (NEEDS_USER(auth))
|
||||||
set_perms(PERM_USER, 0);
|
set_perms(PERM_USER);
|
||||||
|
|
||||||
success = auth->status = (auth->verify)(pw, p, auth);
|
success = auth->status = (auth->verify)(pw, p, auth);
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
if (NEEDS_USER(auth))
|
||||||
set_perms(PERM_ROOT, 0);
|
set_perms(PERM_ROOT);
|
||||||
|
|
||||||
if (auth->status != AUTH_FAILURE)
|
if (auth->status != AUTH_FAILURE)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@@ -217,14 +217,14 @@ cleanup:
|
|||||||
for (auth = auth_switch; auth->name; auth++) {
|
for (auth = auth_switch; auth->name; auth++) {
|
||||||
if (auth->cleanup && IS_CONFIGURED(auth)) {
|
if (auth->cleanup && IS_CONFIGURED(auth)) {
|
||||||
if (NEEDS_USER(auth))
|
if (NEEDS_USER(auth))
|
||||||
set_perms(PERM_USER, 0);
|
set_perms(PERM_USER);
|
||||||
|
|
||||||
status = (auth->cleanup)(pw, auth);
|
status = (auth->cleanup)(pw, auth);
|
||||||
if (status == AUTH_FATAL) /* XXX log */
|
if (status == AUTH_FATAL) /* XXX log */
|
||||||
exit(1); /* assume error msg already printed */
|
exit(1); /* assume error msg already printed */
|
||||||
|
|
||||||
if (NEEDS_USER(auth))
|
if (NEEDS_USER(auth))
|
||||||
set_perms(PERM_ROOT, 0);
|
set_perms(PERM_ROOT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
10
check.c
10
check.c
@@ -145,7 +145,7 @@ update_timestamp(timestampdir, timestampfile)
|
|||||||
char *timestampfile;
|
char *timestampfile;
|
||||||
{
|
{
|
||||||
|
|
||||||
set_perms(PERM_TIMESTAMP, 0);
|
set_perms(PERM_TIMESTAMP);
|
||||||
if (touch(timestampfile ? timestampfile : timestampdir, time(NULL)) == -1) {
|
if (touch(timestampfile ? timestampfile : timestampdir, time(NULL)) == -1) {
|
||||||
if (timestampfile) {
|
if (timestampfile) {
|
||||||
int fd = open(timestampfile, O_WRONLY|O_CREAT|O_TRUNC, 0600);
|
int fd = open(timestampfile, O_WRONLY|O_CREAT|O_TRUNC, 0600);
|
||||||
@@ -159,7 +159,7 @@ update_timestamp(timestampdir, timestampfile)
|
|||||||
log_error(NO_EXIT|USE_ERRNO, "Can't mkdir %s", timestampdir);
|
log_error(NO_EXIT|USE_ERRNO, "Can't mkdir %s", timestampdir);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
set_perms(PERM_ROOT, 0);
|
set_perms(PERM_ROOT);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -309,7 +309,7 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs)
|
|||||||
char *dirparent = def_str(I_TIMESTAMPDIR);
|
char *dirparent = def_str(I_TIMESTAMPDIR);
|
||||||
int status = TS_ERROR; /* assume the worst */
|
int status = TS_ERROR; /* assume the worst */
|
||||||
|
|
||||||
set_perms(PERM_TIMESTAMP, 0);
|
set_perms(PERM_TIMESTAMP);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Sanity check dirparent and make it if it doesn't already exist.
|
* Sanity check dirparent and make it if it doesn't already exist.
|
||||||
@@ -347,7 +347,7 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (status == TS_ERROR) {
|
if (status == TS_ERROR) {
|
||||||
set_perms(PERM_ROOT, 0);
|
set_perms(PERM_ROOT);
|
||||||
return(status);
|
return(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -462,7 +462,7 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
set_perms(PERM_ROOT, 0);
|
set_perms(PERM_ROOT);
|
||||||
return(status);
|
return(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -365,7 +365,7 @@ log_error(va_alist)
|
|||||||
|
|
||||||
/* Become root if we are not already to avoid user control */
|
/* Become root if we are not already to avoid user control */
|
||||||
if (geteuid() != 0)
|
if (geteuid() != 0)
|
||||||
set_perms(PERM_ROOT, 0);
|
set_perms(PERM_ROOT);
|
||||||
|
|
||||||
/* Expand printf-style format + args. */
|
/* Expand printf-style format + args. */
|
||||||
evasprintf(&message, fmt, ap);
|
evasprintf(&message, fmt, ap);
|
||||||
@@ -507,10 +507,10 @@ send_mail(line)
|
|||||||
* (so user cannot kill it) or as the user (for the paranoid).
|
* (so user cannot kill it) or as the user (for the paranoid).
|
||||||
*/
|
*/
|
||||||
#ifndef NO_ROOT_MAILER
|
#ifndef NO_ROOT_MAILER
|
||||||
set_perms(PERM_FULL_ROOT, 0);
|
set_perms(PERM_FULL_ROOT);
|
||||||
execve(mpath, argv, root_envp);
|
execve(mpath, argv, root_envp);
|
||||||
#else
|
#else
|
||||||
set_perms(PERM_FULL_USER, 0);
|
set_perms(PERM_FULL_USER);
|
||||||
execv(mpath, argv);
|
execv(mpath, argv);
|
||||||
#endif /* NO_ROOT_MAILER */
|
#endif /* NO_ROOT_MAILER */
|
||||||
_exit(127);
|
_exit(127);
|
||||||
|
|||||||
4
parse.c
4
parse.c
@@ -125,7 +125,7 @@ sudoers_lookup(pwflag)
|
|||||||
int nopass;
|
int nopass;
|
||||||
|
|
||||||
/* Become sudoers file owner */
|
/* Become sudoers file owner */
|
||||||
set_perms(PERM_SUDOERS, 0);
|
set_perms(PERM_SUDOERS);
|
||||||
|
|
||||||
/* We opened _PATH_SUDOERS in check_sudoers() so just rewind it. */
|
/* We opened _PATH_SUDOERS in check_sudoers() so just rewind it. */
|
||||||
rewind(sudoers_fp);
|
rewind(sudoers_fp);
|
||||||
@@ -140,7 +140,7 @@ sudoers_lookup(pwflag)
|
|||||||
keepall = TRUE;
|
keepall = TRUE;
|
||||||
|
|
||||||
/* Need to be root while stat'ing things in the parser. */
|
/* Need to be root while stat'ing things in the parser. */
|
||||||
set_perms(PERM_ROOT, 0);
|
set_perms(PERM_ROOT);
|
||||||
error = yyparse();
|
error = yyparse();
|
||||||
|
|
||||||
/* Close the sudoers file now that we are done with it. */
|
/* Close the sudoers file now that we are done with it. */
|
||||||
|
|||||||
@@ -82,9 +82,8 @@ static void fatal __P((char *, int));
|
|||||||
* toggling the effective uid/gid unless we are headed for an exec().
|
* toggling the effective uid/gid unless we are headed for an exec().
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
set_perms_posix(perm, sudo_mode)
|
set_perms_posix(perm)
|
||||||
int perm;
|
int perm;
|
||||||
int sudo_mode;
|
|
||||||
{
|
{
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
@@ -161,9 +160,8 @@ set_perms_posix(perm, sudo_mode)
|
|||||||
* we are headed for an exec().
|
* we are headed for an exec().
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
set_perms_fallback(perm, sudo_mode)
|
set_perms_fallback(perm)
|
||||||
int perm;
|
int perm;
|
||||||
int sudo_mode;
|
|
||||||
{
|
{
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
@@ -232,9 +230,8 @@ set_perms_fallback(perm, sudo_mode)
|
|||||||
* NOTE: does not support the "stay_setuid" option.
|
* NOTE: does not support the "stay_setuid" option.
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
set_perms_fallback(perm, sudo_mode)
|
set_perms_fallback(perm)
|
||||||
int perm;
|
int perm;
|
||||||
int sudo_mode;
|
|
||||||
{
|
{
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
18
sudo.c
18
sudo.c
@@ -142,7 +142,7 @@ login_cap_t *lc;
|
|||||||
#ifdef HAVE_BSD_AUTH_H
|
#ifdef HAVE_BSD_AUTH_H
|
||||||
char *login_style;
|
char *login_style;
|
||||||
#endif /* HAVE_BSD_AUTH_H */
|
#endif /* HAVE_BSD_AUTH_H */
|
||||||
void (*set_perms) __P((int, int));
|
void (*set_perms) __P((int));
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
@@ -397,7 +397,7 @@ main(argc, argv, envp)
|
|||||||
#endif /* RLIMIT_CORE */
|
#endif /* RLIMIT_CORE */
|
||||||
|
|
||||||
/* Become specified user or root. */
|
/* Become specified user or root. */
|
||||||
set_perms(PERM_RUNAS, sudo_mode);
|
set_perms(PERM_RUNAS);
|
||||||
|
|
||||||
/* Close the password and group files */
|
/* Close the password and group files */
|
||||||
endpwent();
|
endpwent();
|
||||||
@@ -546,16 +546,16 @@ init_vars(sudo_mode)
|
|||||||
/*
|
/*
|
||||||
* Get current working directory. Try as user, fall back to root.
|
* Get current working directory. Try as user, fall back to root.
|
||||||
*/
|
*/
|
||||||
set_perms(PERM_USER, sudo_mode);
|
set_perms(PERM_USER);
|
||||||
if (!getcwd(user_cwd, sizeof(user_cwd))) {
|
if (!getcwd(user_cwd, sizeof(user_cwd))) {
|
||||||
set_perms(PERM_ROOT, sudo_mode);
|
set_perms(PERM_ROOT);
|
||||||
if (!getcwd(user_cwd, sizeof(user_cwd))) {
|
if (!getcwd(user_cwd, sizeof(user_cwd))) {
|
||||||
(void) fprintf(stderr, "%s: Can't get working directory!\n",
|
(void) fprintf(stderr, "%s: Can't get working directory!\n",
|
||||||
Argv[0]);
|
Argv[0]);
|
||||||
(void) strcpy(user_cwd, "unknown");
|
(void) strcpy(user_cwd, "unknown");
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
set_perms(PERM_ROOT, sudo_mode);
|
set_perms(PERM_ROOT);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If we were given the '-s' option (run shell) we need to redo
|
* If we were given the '-s' option (run shell) we need to redo
|
||||||
@@ -586,9 +586,9 @@ init_vars(sudo_mode)
|
|||||||
rval = find_path(NewArgv[0], &user_cmnd, user_path);
|
rval = find_path(NewArgv[0], &user_cmnd, user_path);
|
||||||
if (rval != FOUND) {
|
if (rval != FOUND) {
|
||||||
/* Failed as root, try as invoking user. */
|
/* Failed as root, try as invoking user. */
|
||||||
set_perms(PERM_USER, sudo_mode);
|
set_perms(PERM_USER);
|
||||||
rval = find_path(NewArgv[0], &user_cmnd, user_path);
|
rval = find_path(NewArgv[0], &user_cmnd, user_path);
|
||||||
set_perms(PERM_ROOT, sudo_mode);
|
set_perms(PERM_ROOT);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* set user_args */
|
/* set user_args */
|
||||||
@@ -823,7 +823,7 @@ check_sudoers()
|
|||||||
* file owner. We already did a stat as root, so use that
|
* file owner. We already did a stat as root, so use that
|
||||||
* data if we can't stat as sudoers file owner.
|
* data if we can't stat as sudoers file owner.
|
||||||
*/
|
*/
|
||||||
set_perms(PERM_SUDOERS, 0);
|
set_perms(PERM_SUDOERS);
|
||||||
|
|
||||||
if (rootstat != 0 && lstat(_PATH_SUDOERS, &statbuf) != 0)
|
if (rootstat != 0 && lstat(_PATH_SUDOERS, &statbuf) != 0)
|
||||||
log_error(USE_ERRNO, "can't stat %s", _PATH_SUDOERS);
|
log_error(USE_ERRNO, "can't stat %s", _PATH_SUDOERS);
|
||||||
@@ -857,7 +857,7 @@ check_sudoers()
|
|||||||
log_error(USE_ERRNO, "can't open %s", _PATH_SUDOERS);
|
log_error(USE_ERRNO, "can't open %s", _PATH_SUDOERS);
|
||||||
}
|
}
|
||||||
|
|
||||||
set_perms(PERM_ROOT, 0); /* change back to root */
|
set_perms(PERM_ROOT); /* change back to root */
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
6
sudo.h
6
sudo.h
@@ -202,8 +202,8 @@ int find_path __P((char *, char **, char *));
|
|||||||
void check_user __P((void));
|
void check_user __P((void));
|
||||||
void verify_user __P((struct passwd *, char *));
|
void verify_user __P((struct passwd *, char *));
|
||||||
int sudoers_lookup __P((int));
|
int sudoers_lookup __P((int));
|
||||||
void set_perms_posix __P((int, int));
|
void set_perms_posix __P((int));
|
||||||
void set_perms_fallback __P((int, int));
|
void set_perms_fallback __P((int));
|
||||||
void remove_timestamp __P((int));
|
void remove_timestamp __P((int));
|
||||||
int check_secureware __P((char *));
|
int check_secureware __P((char *));
|
||||||
void sia_attempt_auth __P((void));
|
void sia_attempt_auth __P((void));
|
||||||
@@ -238,7 +238,7 @@ extern FILE *sudoers_fp;
|
|||||||
extern int tgetpass_flags;
|
extern int tgetpass_flags;
|
||||||
extern int timestamp_uid;
|
extern int timestamp_uid;
|
||||||
|
|
||||||
extern void (*set_perms) __P((int, int));
|
extern void (*set_perms) __P((int));
|
||||||
#endif
|
#endif
|
||||||
extern int errno;
|
extern int errno;
|
||||||
|
|
||||||
|
|||||||
@@ -91,7 +91,7 @@ static const char rcsid[] = "$Sudo$";
|
|||||||
*/
|
*/
|
||||||
void init_parser __P((void));
|
void init_parser __P((void));
|
||||||
void dumpaliases __P((void));
|
void dumpaliases __P((void));
|
||||||
void set_perms_dummy __P((int, int));
|
void set_perms_dummy __P((int));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Globals
|
* Globals
|
||||||
@@ -102,7 +102,7 @@ int parse_error = FALSE;
|
|||||||
int num_interfaces;
|
int num_interfaces;
|
||||||
struct interface *interfaces;
|
struct interface *interfaces;
|
||||||
struct sudo_user sudo_user;
|
struct sudo_user sudo_user;
|
||||||
void (*set_perms) __P((int, int)) = set_perms_dummy;
|
void (*set_perms) __P((int)) = set_perms_dummy;
|
||||||
extern int clearaliases;
|
extern int clearaliases;
|
||||||
extern int pedantic;
|
extern int pedantic;
|
||||||
|
|
||||||
@@ -311,8 +311,8 @@ netgr_matches(netgr, host, shost, user)
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
set_perms_dummy(i, j)
|
set_perms_dummy(i)
|
||||||
int i, j;
|
int i;
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user