isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use the SET, CLR and ISSET macros.

Browse Source
This commit is contained in:
Todd C. Miller
2004-01-29 22:33:58 +00:00
parent fb5a1aa3ae
commit c4a8ab8b99
9 changed files with 65 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
auth/pam.c
View File

@@ -216,7 +216,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
flags = tgetpass_flags;
switch (pm->msg_style) {
case PAM_PROMPT_ECHO_ON:
flags |= TGP_ECHO;
SET(flags, TGP_ECHO);
case PAM_PROMPT_ECHO_OFF:
/* Only override PAM prompt if it matches /^Password: ?/ */
if (strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'

6
auth/sudo_auth.c
View File

@@ -136,7 +136,7 @@ verify_user(pw, prompt)
/* Set FLAG_ONEANDONLY if there is only one auth method. */
if (auth_switch[1].name == NULL)
auth_switch[0].flags |= FLAG_ONEANDONLY;
SET(auth_switch[0].flags, FLAG_ONEANDONLY);
/* Initialize auth methods and unconfigure the method if necessary. */
for (auth = auth_switch; auth->name; auth++) {
@@ -146,7 +146,7 @@ verify_user(pw, prompt)
status = (auth->init)(pw, &prompt, auth);
if (status == AUTH_FAILURE)
auth->flags &= ~FLAG_CONFIGURED;
CLR(auth->flags, FLAG_CONFIGURED);
else if (status == AUTH_FATAL) /* XXX log */
exit(1); /* assume error msg already printed */
@@ -164,7 +164,7 @@ verify_user(pw, prompt)
status = (auth->setup)(pw, &prompt, auth);
if (status == AUTH_FAILURE)
auth->flags &= ~FLAG_CONFIGURED;
CLR(auth->flags, FLAG_CONFIGURED);
else if (status == AUTH_FATAL) /* XXX log */
exit(1); /* assume error msg already printed */

11
interfaces.c
View File

@@ -130,8 +130,8 @@ load_interfaces()
/* Allocate space for the interfaces list. */
for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) {
/* Skip interfaces marked "down" and "loopback". */
if (ifa->ifa_addr == NULL || !(ifa->ifa_flags & IFF_UP) ||
(ifa->ifa_flags & IFF_LOOPBACK))
if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
ISSET(ifa->ifa_flags, IFF_LOOPBACK))
continue;
switch(ifa->ifa_addr->sa_family) {
@@ -149,8 +149,8 @@ load_interfaces()
/* Store the ip addr / netmask pairs. */
for (ifa = ifaddrs, i = 0; ifa != NULL; ifa = ifa -> ifa_next) {
/* Skip interfaces marked "down" and "loopback". */
if (ifa->ifa_addr == NULL || !(ifa->ifa_flags & IFF_UP) ||
(ifa->ifa_flags & IFF_LOOPBACK))
if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
ISSET(ifa->ifa_flags, IFF_LOOPBACK))
continue;
switch(ifa->ifa_addr->sa_family) {
@@ -257,7 +257,8 @@ load_interfaces()
ifr_tmp = *ifr;
/* Skip interfaces marked "down" and "loopback". */
if (!(ifr_tmp.ifr_flags & IFF_UP) || (ifr_tmp.ifr_flags & IFF_LOOPBACK))
if (!ISSET(ifr_tmp.ifr_flags, IFF_UP) ||
ISSET(ifr_tmp.ifr_flags, IFF_LOOPBACK))
continue;
sin = (struct sockaddr_in *) &ifr->ifr_addr;

24
logging.c
View File

@@ -298,19 +298,19 @@ log_auth(status, inform_user)
char *logline;
int pri;
if (status & VALIDATE_OK)
if (ISSET(status, VALIDATE_OK))
pri = def_syslog_goodpri;
else
pri = def_syslog_badpri;
/* Set error message, if any. */
if (status & VALIDATE_OK)
if (ISSET(status, VALIDATE_OK))
message = "";
else if (status & FLAG_NO_USER)
else if (ISSET(status, FLAG_NO_USER))
message = "user NOT in sudoers ; ";
else if (status & FLAG_NO_HOST)
else if (ISSET(status, FLAG_NO_HOST))
message = "user NOT authorized on host ; ";
else if (status & VALIDATE_NOT_OK)
else if (ISSET(status, VALIDATE_NOT_OK))
message = "command not allowed ; ";
else
message = "unknown error ; ";
@@ -322,14 +322,14 @@ log_auth(status, inform_user)
mail_auth(status, logline); /* send mail based on status */
/* Inform the user if they failed to authenticate. */
if (inform_user && (status & VALIDATE_NOT_OK)) {
if (status & FLAG_NO_USER)
if (inform_user && ISSET(status, VALIDATE_NOT_OK)) {
if (ISSET(status, FLAG_NO_USER))
(void) fprintf(stderr, "%s is not in the sudoers file. %s",
user_name, "This incident will be reported.\n");
else if (status & FLAG_NO_HOST)
else if (ISSET(status, FLAG_NO_HOST))
(void) fprintf(stderr, "%s is not allowed to run sudo on %s. %s",
user_name, user_shost, "This incident will be reported.\n");
else if (status & FLAG_NO_CHECK)
else if (ISSET(status, FLAG_NO_CHECK))
(void) fprintf(stderr, "Sorry, user %s may not run sudo on %s.\n",
user_name, user_shost);
else
@@ -573,11 +573,11 @@ mail_auth(status, line)
else {
mail_mask = VALIDATE_ERROR;
if (def_mail_no_user)
mail_mask |= FLAG_NO_USER;
SET(mail_mask, FLAG_NO_USER);
if (def_mail_no_host)
mail_mask |= FLAG_NO_HOST;
SET(mail_mask, FLAG_NO_HOST);
if (def_mail_no_perms)
mail_mask |= VALIDATE_NOT_OK;
SET(mail_mask, VALIDATE_NOT_OK);
}
if ((status & mail_mask) != 0)

8
parse.c
View File

@@ -171,11 +171,11 @@ sudoers_lookup(pwflag)
else
error = VALIDATE_NOT_OK | FLAG_NOPASS;
if (pwcheck) {
error |= FLAG_NO_CHECK;
SET(error, FLAG_NO_CHECK);
} else {
error |= FLAG_NO_HOST;
SET(error, FLAG_NO_HOST);
if (!top)
error |= FLAG_NO_USER;
SET(error, FLAG_NO_USER);
}
/*
@@ -210,7 +210,7 @@ sudoers_lookup(pwflag)
} else {
while (top) {
if (host_matches == TRUE) {
error &= ~FLAG_NO_HOST;
CLR(error, FLAG_NO_HOST);
if (runas_matches == TRUE) {
if (cmnd_matches == TRUE) {
/*

2
set_perms.c
View File

@@ -411,7 +411,7 @@ runas_setup()
*/
flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
if (!def_preserve_groups)
flags |= LOGIN_SETGROUP;
SET(flags, LOGIN_SETGROUP);
else if (setgid(runas_pw->pw_gid))
perror("cannot set gid to runas gid");
error = setusercontext(lc, runas_pw,

6
sigaction.c
View File

@@ -97,7 +97,7 @@ sigaddset(set, signo)
return(-1);
}
*set |= sigmask(signo);
SET(*set, sigmask(signo));
return(0);
}
@@ -112,7 +112,7 @@ sigdelset(set, signo)
return(-1);
}
*set &= ~(sigmask(signo));
CLR(*set, sigmask(signo));
return(0);
}
@@ -122,7 +122,7 @@ sigismember(set, signo)
int signo;
{
return(*set & sigmask(signo));
return(ISSET(*set, sigmask(signo)));
}
int

62
sudo.c
View File

@@ -220,9 +220,9 @@ main(argc, argv, envp)
load_interfaces();
pwflag = 0;
if (sudo_mode & MODE_SHELL)
if (ISSET(sudo_mode, MODE_SHELL))
user_cmnd = "shell";
else if (sudo_mode & MODE_EDIT)
else if (ISSET(sudo_mode, MODE_EDIT))
user_cmnd = "sudoedit";
else
switch (sudo_mode) {
@@ -308,7 +308,7 @@ main(argc, argv, envp)
exit(0);
}
if (validated & VALIDATE_ERROR)
if (ISSET(validated, VALIDATE_ERROR))
log_error(0, "parse error in %s near line %d", _PATH_SUDOERS,
errorlineno);
@@ -321,17 +321,17 @@ main(argc, argv, envp)
}
/* If given the -P option, set the "preserve_groups" flag. */
if (sudo_mode & MODE_PRESERVE_GROUPS)
if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
def_preserve_groups = TRUE;
/* If no command line args and "set_home" is not set, error out. */
if ((sudo_mode & MODE_IMPLIED_SHELL) && !def_shell_noargs)
if (ISSET(sudo_mode, MODE_IMPLIED_SHELL) && !def_shell_noargs)
usage(1);
/* May need to set $HOME to target user if we are running a command. */
if ((sudo_mode & MODE_RUN) && (def_always_set_home ||
((sudo_mode & MODE_SHELL) && def_set_home)))
sudo_mode |= MODE_RESET_HOME;
if (ISSET(sudo_mode, MODE_RUN) && (def_always_set_home ||
(ISSET(sudo_mode, MODE_SHELL) && def_set_home)))
SET(sudo_mode, MODE_RESET_HOME);
/* Bail if a tty is required and we don't have one. */
if (def_requiretty) {
@@ -345,8 +345,8 @@ main(argc, argv, envp)
auth_pw = get_authpw();
/* Require a password if sudoers says so. */
if (!(validated & FLAG_NOPASS))
check_user(validated & FLAG_CHECK_USER);
if (!ISSET(validated, FLAG_NOPASS))
check_user(ISSET(validated, FLAG_CHECK_USER));
/* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
if (user_uid == 0 && prev_user != NULL && strcmp(prev_user, "root") != 0) {
@@ -359,12 +359,12 @@ main(argc, argv, envp)
}
/* Build a new environment that avoids any nasty bits if we have a cmnd. */
if (sudo_mode & MODE_RUN)
new_environ = rebuild_env(envp, sudo_mode, (validated & FLAG_NOEXEC));
if (ISSET(sudo_mode, MODE_RUN))
new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
else
new_environ = envp;
if (validated & VALIDATE_OK) {
if (ISSET(validated, VALIDATE_OK)) {
/* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) {
warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
@@ -400,7 +400,7 @@ main(argc, argv, envp)
#endif /* RLIMIT_CORE && !SUDO_DEVEL */
/* Become specified user or root if executing a command. */
if (sudo_mode & MODE_RUN)
if (ISSET(sudo_mode, MODE_RUN))
set_perms(PERM_FULL_RUNAS);
/* Close the password and group files */
@@ -410,7 +410,7 @@ main(argc, argv, envp)
/* Install the real environment. */
environ = new_environ;
if (sudo_mode & MODE_LOGIN_SHELL) {
if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
char *p;
/* Convert /bin/sh -> -sh so shell knows it is a login shell */
@@ -424,7 +424,7 @@ main(argc, argv, envp)
warn("unable to change directory to %s", runas_pw->pw_dir);
}
if (sudo_mode & MODE_EDIT)
if (ISSET(sudo_mode, MODE_EDIT))
exit(sudo_edit(NewArgc, NewArgv));
/* Restore signal handlers before we exec. */
@@ -434,7 +434,7 @@ main(argc, argv, envp)
(void) sigaction(SIGCHLD, &saved_sa_chld, NULL);
#ifndef PROFILING
if ((sudo_mode & MODE_BACKGROUND) && fork() > 0)
if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
exit(0);
else
EXECV(safe_cmnd, NewArgv); /* run the command */
@@ -446,10 +446,10 @@ main(argc, argv, envp)
*/
warn("unable to execute %s", safe_cmnd);
exit(127);
} else if ((validated & FLAG_NO_USER) || (validated & FLAG_NO_HOST)) {
} else if (ISSET(validated, FLAG_NO_USER) || (validated & FLAG_NO_HOST)) {
log_auth(validated, 1);
exit(1);
} else if (validated & VALIDATE_NOT_OK) {
} else if (ISSET(validated, VALIDATE_NOT_OK)) {
if (def_path_info) {
/*
* We'd like to not leak path info at all here, but that can
@@ -592,9 +592,9 @@ init_vars(sudo_mode)
char **dst, **src = NewArgv;
NewArgv = (char **) emalloc2((++NewArgc + 1), sizeof(char *));
if (sudo_mode & MODE_EDIT)
if (ISSET(sudo_mode, MODE_EDIT))
NewArgv[0] = "sudoedit";
else if (sudo_mode & MODE_LOGIN_SHELL)
else if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
NewArgv[0] = runas_pw->pw_shell;
else if (user_shell && *user_shell)
NewArgv[0] = user_shell;
@@ -612,7 +612,7 @@ init_vars(sudo_mode)
/* Resolve the path and return. */
rval = FOUND;
if (sudo_mode & (MODE_RUN | MODE_EDIT)) {
if (sudo_mode & MODE_RUN) {
if (ISSET(sudo_mode, MODE_RUN)) {
/* XXX - default_runas may be modified during parsing of sudoers */
set_perms(PERM_RUNAS);
rval = find_path(NewArgv[0], &user_cmnd, user_path);
@@ -677,7 +677,7 @@ parse_args(argc, argv)
rval = MODE_RUN;
if (NewArgc == 0 && rval == MODE_RUN) { /* no options and no command */
rval |= (MODE_IMPLIED_SHELL | MODE_SHELL);
SET(rval, (MODE_IMPLIED_SHELL | MODE_SHELL));
return(rval);
}
@@ -732,7 +732,7 @@ parse_args(argc, argv)
break;
#endif
case 'b':
rval |= MODE_BACKGROUND;
SET(rval, MODE_BACKGROUND);
break;
case 'e':
rval = MODE_EDIT;
@@ -747,7 +747,7 @@ parse_args(argc, argv)
excl = 'v';
break;
case 'i':
rval |= (MODE_LOGIN_SHELL | MODE_SHELL);
SET(rval, (MODE_LOGIN_SHELL | MODE_SHELL));
def_env_reset = TRUE;
if (excl && excl != 'i')
usage_excl(1);
@@ -790,25 +790,25 @@ parse_args(argc, argv)
excl = 'h';
break;
case 's':
rval |= MODE_SHELL;
SET(rval, MODE_SHELL);
if (excl && excl != 's')
usage_excl(1);
excl = 's';
break;
case 'H':
rval |= MODE_RESET_HOME;
SET(rval, MODE_RESET_HOME);
break;
case 'P':
rval |= MODE_PRESERVE_GROUPS;
SET(rval, MODE_PRESERVE_GROUPS);
break;
case 'S':
tgetpass_flags |= TGP_STDIN;
SET(tgetpass_flags, TGP_STDIN);
break;
case '-':
NewArgc--;
NewArgv++;
if (rval == MODE_RUN)
rval |= (MODE_IMPLIED_SHELL | MODE_SHELL);
SET(rval, (MODE_IMPLIED_SHELL | MODE_SHELL));
return(rval);
case '\0':
warnx("'-' requires an argument");
@@ -849,7 +849,7 @@ check_sudoers()
if (chmod(_PATH_SUDOERS, SUDOERS_MODE) == 0) {
warnx("fixed mode on %s", _PATH_SUDOERS);
statbuf.st_mode |= SUDOERS_MODE;
SET(statbuf.st_mode, SUDOERS_MODE);
if (statbuf.st_gid != SUDOERS_GID) {
if (!chown(_PATH_SUDOERS,(uid_t) -1,SUDOERS_GID)) {
warnx("set group on %s", _PATH_SUDOERS);

8
tgetpass.c
View File

@@ -152,7 +152,7 @@ tgetpass(prompt, timeout, flags)
restart:
/* Open /dev/tty for reading/writing if possible else use stdin/stderr. */
if ((flags & TGP_STDIN) ||
if (ISSET(flags, TGP_STDIN) ||
(input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
input = STDIN_FILENO;
output = STDERR_FILENO;
@@ -177,8 +177,8 @@ restart:
/* Turn echo off/on as specified by flags. */
if (term_getattr(input, &oterm) == 0) {
(void) memcpy(&term, &oterm, sizeof(term));
if (!(flags & TGP_ECHO))
term.tflags &= ~(ECHO | ECHONL);
if (!ISSET(flags, TGP_ECHO))
CLR(term.tflags, (ECHO | ECHONL));
#ifdef VSTATUS
term.c_cc[VSTATUS] = _POSIX_VDISABLE;
#endif
@@ -194,7 +194,7 @@ restart:
pass = tgetline(input, buf, sizeof(buf), timeout);
save_errno = errno;
if (!(term.tflags & ECHO))
if (!ISSET(term.tflags, ECHO))
(void) write(output, "\n", 1);
/* Restore old tty settings and signals. */