Move a few fields from sudoers_user_contect to sudoers_context.
They are not really specific to the user or user-specified.
This commit is contained in:
Todd C. Miller
@@ -360,7 +360,7 @@ sudoers_audit_accept(const char *plugin_name, unsigned int plugin_type,
|
|||||||
ret = false;
|
ret = false;
|
||||||
|
|
||||||
if (!ISSET(ctx->mode, MODE_POLICY_INTERCEPTED))
|
if (!ISSET(ctx->mode, MODE_POLICY_INTERCEPTED))
|
||||||
uuid_str = ctx->user.uuid_str;
|
uuid_str = ctx->uuid_str;
|
||||||
|
|
||||||
audit_to_eventlog(ctx, &evlog, command_info, run_argv, run_envp, uuid_str);
|
audit_to_eventlog(ctx, &evlog, command_info, run_argv, run_envp, uuid_str);
|
||||||
if (!log_allowed(ctx, &evlog) && !def_ignore_logfile_errors)
|
if (!log_allowed(ctx, &evlog) && !def_ignore_logfile_errors)
|
||||||
|
|||||||
@@ -46,7 +46,7 @@ fill_seq(char *str, size_t strsize, void *v)
|
|||||||
debug_decl(fill_seq, SUDOERS_DEBUG_UTIL);
|
debug_decl(fill_seq, SUDOERS_DEBUG_UTIL);
|
||||||
|
|
||||||
if (sessid[0] == '\0') {
|
if (sessid[0] == '\0') {
|
||||||
if (!iolog_nextid(ctx->user.iolog_dir, sessid))
|
if (!iolog_nextid(ctx->iolog_dir, sessid))
|
||||||
debug_return_size_t((size_t)-1);
|
debug_return_size_t((size_t)-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -259,7 +259,7 @@ log_reject(const struct sudoers_context *ctx, const char *message,
|
|||||||
debug_decl(log_reject, SUDOERS_DEBUG_LOGGING);
|
debug_decl(log_reject, SUDOERS_DEBUG_LOGGING);
|
||||||
|
|
||||||
if (!ISSET(ctx->mode, MODE_POLICY_INTERCEPTED))
|
if (!ISSET(ctx->mode, MODE_POLICY_INTERCEPTED))
|
||||||
uuid_str = ctx->user.uuid_str;
|
uuid_str = ctx->uuid_str;
|
||||||
|
|
||||||
if (mailit) {
|
if (mailit) {
|
||||||
SET(evl_flags, EVLOG_MAIL);
|
SET(evl_flags, EVLOG_MAIL);
|
||||||
@@ -615,7 +615,7 @@ log_exit_status(const struct sudoers_context *ctx, int status)
|
|||||||
ret = false;
|
ret = false;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
sudo_timespecsub(&run_time, &ctx->user.submit_time, &run_time);
|
sudo_timespecsub(&run_time, &ctx->submit_time, &run_time);
|
||||||
|
|
||||||
if (WIFEXITED(status)) {
|
if (WIFEXITED(status)) {
|
||||||
exit_value = WEXITSTATUS(status);
|
exit_value = WEXITSTATUS(status);
|
||||||
@@ -636,7 +636,7 @@ log_exit_status(const struct sudoers_context *ctx, int status)
|
|||||||
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
|
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
|
||||||
|
|
||||||
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd_saved,
|
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd_saved,
|
||||||
ctx->runas.argv_saved, env_get(), ctx->user.uuid_str);
|
ctx->runas.argv_saved, env_get(), ctx->uuid_str);
|
||||||
if (def_mail_always) {
|
if (def_mail_always) {
|
||||||
SET(evl_flags, EVLOG_MAIL);
|
SET(evl_flags, EVLOG_MAIL);
|
||||||
if (!def_log_exit_status)
|
if (!def_log_exit_status)
|
||||||
@@ -740,7 +740,7 @@ vlog_warning(const struct sudoers_context *ctx, unsigned int flags,
|
|||||||
SET(evl_flags, EVLOG_MAIL_ONLY);
|
SET(evl_flags, EVLOG_MAIL_ONLY);
|
||||||
}
|
}
|
||||||
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd, ctx->runas.argv,
|
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd, ctx->runas.argv,
|
||||||
env_get(), ctx->user.uuid_str);
|
env_get(), ctx->uuid_str);
|
||||||
if (!eventlog_alert(&evlog, evl_flags, &now, message, errstr))
|
if (!eventlog_alert(&evlog, evl_flags, &now, message, errstr))
|
||||||
ret = false;
|
ret = false;
|
||||||
if (!log_server_alert(ctx, &evlog, &now, message, errstr))
|
if (!log_server_alert(ctx, &evlog, &now, message, errstr))
|
||||||
@@ -860,7 +860,7 @@ mail_parse_errors(const struct sudoers_context *ctx)
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd, ctx->runas.argv,
|
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd, ctx->runas.argv,
|
||||||
env_get(), ctx->user.uuid_str);
|
env_get(), ctx->uuid_str);
|
||||||
|
|
||||||
/* Convert parse_error_list to a string vector. */
|
/* Convert parse_error_list to a string vector. */
|
||||||
n = 0;
|
n = 0;
|
||||||
@@ -980,8 +980,8 @@ sudoers_to_eventlog(const struct sudoers_context *ctx, struct eventlog *evlog,
|
|||||||
sudo_gr_delref(grp);
|
sudo_gr_delref(grp);
|
||||||
|
|
||||||
memset(evlog, 0, sizeof(*evlog));
|
memset(evlog, 0, sizeof(*evlog));
|
||||||
evlog->iolog_file = ctx->user.iolog_file;
|
evlog->iolog_file = ctx->iolog_file;
|
||||||
evlog->iolog_path = ctx->user.iolog_path;
|
evlog->iolog_path = ctx->iolog_path;
|
||||||
evlog->command = cmnd ? (char *)cmnd : (argv ? argv[0] : NULL);
|
evlog->command = cmnd ? (char *)cmnd : (argv ? argv[0] : NULL);
|
||||||
evlog->cwd = ctx->user.cwd;
|
evlog->cwd = ctx->user.cwd;
|
||||||
if (def_runchroot != NULL && strcmp(def_runchroot, "*") != 0) {
|
if (def_runchroot != NULL && strcmp(def_runchroot, "*") != 0) {
|
||||||
@@ -995,7 +995,7 @@ sudoers_to_eventlog(const struct sudoers_context *ctx, struct eventlog *evlog,
|
|||||||
evlog->runcwd = ctx->user.cwd;
|
evlog->runcwd = ctx->user.cwd;
|
||||||
}
|
}
|
||||||
evlog->rungroup = ctx->runas.gr ? ctx->runas.gr->gr_name : ctx->runas.group;
|
evlog->rungroup = ctx->runas.gr ? ctx->runas.gr->gr_name : ctx->runas.group;
|
||||||
evlog->source = ctx->user.source;
|
evlog->source = ctx->source;
|
||||||
evlog->submithost = ctx->user.host;
|
evlog->submithost = ctx->user.host;
|
||||||
evlog->submituser = ctx->user.name;
|
evlog->submituser = ctx->user.name;
|
||||||
if (grp != NULL)
|
if (grp != NULL)
|
||||||
@@ -1004,7 +1004,7 @@ sudoers_to_eventlog(const struct sudoers_context *ctx, struct eventlog *evlog,
|
|||||||
evlog->argv = (char **)argv;
|
evlog->argv = (char **)argv;
|
||||||
evlog->env_add = (char **)ctx->user.env_vars;
|
evlog->env_add = (char **)ctx->user.env_vars;
|
||||||
evlog->envp = (char **)envp;
|
evlog->envp = (char **)envp;
|
||||||
evlog->submit_time = ctx->user.submit_time;
|
evlog->submit_time = ctx->submit_time;
|
||||||
evlog->lines = ctx->user.lines;
|
evlog->lines = ctx->user.lines;
|
||||||
evlog->columns = ctx->user.cols;
|
evlog->columns = ctx->user.cols;
|
||||||
if (ctx->runas.pw != NULL) {
|
if (ctx->runas.pw != NULL) {
|
||||||
@@ -1030,7 +1030,7 @@ sudoers_to_eventlog(const struct sudoers_context *ctx, struct eventlog *evlog,
|
|||||||
if (sudo_gettime_real(&now) == -1) {
|
if (sudo_gettime_real(&now) == -1) {
|
||||||
sudo_warn("%s", U_("unable to get time of day"));
|
sudo_warn("%s", U_("unable to get time of day"));
|
||||||
} else {
|
} else {
|
||||||
sudo_timespecsub(&now, &ctx->user.submit_time, &evlog->iolog_offset);
|
sudo_timespecsub(&now, &ctx->submit_time, &evlog->iolog_offset);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -116,7 +116,7 @@ sudoers_policy_deserialize_info(struct sudoers_context *ctx, void *v,
|
|||||||
} \
|
} \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
if (sudo_gettime_real(&ctx->user.submit_time) == -1) {
|
if (sudo_gettime_real(&ctx->submit_time) == -1) {
|
||||||
sudo_warn("%s", U_("unable to get time of day"));
|
sudo_warn("%s", U_("unable to get time of day"));
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
@@ -584,7 +584,7 @@ sudoers_policy_deserialize_info(struct sudoers_context *ctx, void *v,
|
|||||||
|
|
||||||
/* Create a UUID to store in the event log. */
|
/* Create a UUID to store in the event log. */
|
||||||
sudo_uuid_create(uuid);
|
sudo_uuid_create(uuid);
|
||||||
if (sudo_uuid_to_string(uuid, ctx->user.uuid_str, sizeof(ctx->user.uuid_str)) == NULL) {
|
if (sudo_uuid_to_string(uuid, ctx->uuid_str, sizeof(ctx->uuid_str)) == NULL) {
|
||||||
sudo_warnx("%s", U_("unable to generate UUID"));
|
sudo_warnx("%s", U_("unable to generate UUID"));
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
@@ -984,8 +984,8 @@ sudoers_policy_store_result(struct sudoers_context *ctx, bool accepted,
|
|||||||
if ((command_info[info_len++] = sudo_new_key_val("rlimit_stack", def_rlimit_stack)) == NULL)
|
if ((command_info[info_len++] = sudo_new_key_val("rlimit_stack", def_rlimit_stack)) == NULL)
|
||||||
goto oom;
|
goto oom;
|
||||||
}
|
}
|
||||||
if (ctx->user.source != NULL) {
|
if (ctx->source != NULL) {
|
||||||
command_info[info_len] = sudo_new_key_val("source", ctx->user.source);
|
command_info[info_len] = sudo_new_key_val("source", ctx->source);
|
||||||
if (command_info[info_len++] == NULL)
|
if (command_info[info_len++] == NULL)
|
||||||
goto oom;
|
goto oom;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -280,7 +280,7 @@ cleanup:
|
|||||||
/*
|
/*
|
||||||
* Expand I/O log dir and file into a full path.
|
* Expand I/O log dir and file into a full path.
|
||||||
* Returns the full I/O log path prefixed with "iolog_path=".
|
* Returns the full I/O log path prefixed with "iolog_path=".
|
||||||
* Sets ctx->user.iolog_file as a side effect.
|
* Sets ctx->iolog_file and ctx->iolog_path as a side effect.
|
||||||
*/
|
*/
|
||||||
static char *
|
static char *
|
||||||
format_iolog_path(struct sudoers_context *ctx)
|
format_iolog_path(struct sudoers_context *ctx)
|
||||||
@@ -296,10 +296,10 @@ format_iolog_path(struct sudoers_context *ctx)
|
|||||||
ok = expand_iolog_path(def_iolog_dir, dir, sizeof(dir),
|
ok = expand_iolog_path(def_iolog_dir, dir, sizeof(dir),
|
||||||
&sudoers_iolog_path_escapes[1], ctx);
|
&sudoers_iolog_path_escapes[1], ctx);
|
||||||
if (ok) {
|
if (ok) {
|
||||||
ctx->user.iolog_dir = dir;
|
ctx->iolog_dir = dir;
|
||||||
ok = expand_iolog_path(def_iolog_file, file, sizeof(file),
|
ok = expand_iolog_path(def_iolog_file, file, sizeof(file),
|
||||||
&sudoers_iolog_path_escapes[0], ctx);
|
&sudoers_iolog_path_escapes[0], ctx);
|
||||||
ctx->user.iolog_dir = NULL;
|
ctx->iolog_dir = NULL;
|
||||||
}
|
}
|
||||||
sudoers_setlocale(oldlocale, NULL);
|
sudoers_setlocale(oldlocale, NULL);
|
||||||
if (!ok)
|
if (!ok)
|
||||||
@@ -311,8 +311,8 @@ format_iolog_path(struct sudoers_context *ctx)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Stash pointer to the I/O log for the event log. */
|
/* Stash pointer to the I/O log for the event log. */
|
||||||
ctx->user.iolog_path = iolog_path + sizeof("iolog_path=") - 1;
|
ctx->iolog_path = iolog_path + sizeof("iolog_path=") - 1;
|
||||||
ctx->user.iolog_file = ctx->user.iolog_path + 1 + strlen(dir);
|
ctx->iolog_file = ctx->iolog_path + 1 + strlen(dir);
|
||||||
|
|
||||||
done:
|
done:
|
||||||
debug_return_str(iolog_path);
|
debug_return_str(iolog_path);
|
||||||
@@ -393,15 +393,15 @@ sudoers_check_common(struct sudoers_context *ctx, int pwflag)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (match_info.us != NULL && match_info.us->file != NULL) {
|
if (match_info.us != NULL && match_info.us->file != NULL) {
|
||||||
free(ctx->user.source);
|
free(ctx->source);
|
||||||
if (match_info.us->line != 0) {
|
if (match_info.us->line != 0) {
|
||||||
if (asprintf(&ctx->user.source, "%s:%d:%d", match_info.us->file,
|
if (asprintf(&ctx->source, "%s:%d:%d", match_info.us->file,
|
||||||
match_info.us->line, match_info.us->column) == -1)
|
match_info.us->line, match_info.us->column) == -1)
|
||||||
ctx->user.source = NULL;
|
ctx->source = NULL;
|
||||||
} else {
|
} else {
|
||||||
ctx->user.source = strdup(match_info.us->file);
|
ctx->source = strdup(match_info.us->file);
|
||||||
}
|
}
|
||||||
if (ctx->user.source == NULL) {
|
if (ctx->source == NULL) {
|
||||||
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -112,7 +112,6 @@ struct sudoers_plugin_settings {
|
|||||||
* Info pertaining to the invoking user.
|
* Info pertaining to the invoking user.
|
||||||
*/
|
*/
|
||||||
struct sudoers_user_context {
|
struct sudoers_user_context {
|
||||||
struct timespec submit_time;
|
|
||||||
struct passwd *pw;
|
struct passwd *pw;
|
||||||
struct stat *cmnd_stat;
|
struct stat *cmnd_stat;
|
||||||
char *cwd;
|
char *cwd;
|
||||||
@@ -129,12 +128,8 @@ struct sudoers_user_context {
|
|||||||
char *cmnd_dir;
|
char *cmnd_dir;
|
||||||
char *cmnd_list;
|
char *cmnd_list;
|
||||||
char *ccname;
|
char *ccname;
|
||||||
char *source;
|
|
||||||
struct gid_list *gid_list;
|
struct gid_list *gid_list;
|
||||||
char * const * env_vars;
|
char * const * env_vars;
|
||||||
char *iolog_file;
|
|
||||||
char *iolog_dir;
|
|
||||||
char *iolog_path;
|
|
||||||
int closefrom;
|
int closefrom;
|
||||||
int lines;
|
int lines;
|
||||||
int cols;
|
int cols;
|
||||||
@@ -144,7 +139,6 @@ struct sudoers_user_context {
|
|||||||
uid_t gid;
|
uid_t gid;
|
||||||
pid_t sid;
|
pid_t sid;
|
||||||
pid_t tcpgid;
|
pid_t tcpgid;
|
||||||
char uuid_str[37];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -193,8 +187,14 @@ struct sudoers_context {
|
|||||||
struct sudoers_plugin_settings settings;
|
struct sudoers_plugin_settings settings;
|
||||||
struct sudoers_user_context user;
|
struct sudoers_user_context user;
|
||||||
struct sudoers_runas_context runas;
|
struct sudoers_runas_context runas;
|
||||||
|
struct timespec submit_time;
|
||||||
|
char *source;
|
||||||
|
char *iolog_file;
|
||||||
|
char *iolog_dir;
|
||||||
|
char *iolog_path;
|
||||||
int sudoedit_nfiles;
|
int sudoedit_nfiles;
|
||||||
unsigned int mode;
|
unsigned int mode;
|
||||||
|
char uuid_str[37];
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@@ -57,7 +57,6 @@ sudoers_ctx_free(struct sudoers_context *ctx)
|
|||||||
canon_path_free(ctx->user.cmnd_dir);
|
canon_path_free(ctx->user.cmnd_dir);
|
||||||
free(ctx->user.cmnd_args);
|
free(ctx->user.cmnd_args);
|
||||||
free(ctx->user.cmnd_list);
|
free(ctx->user.cmnd_list);
|
||||||
free(ctx->user.source);
|
|
||||||
free(ctx->user.cmnd_stat);
|
free(ctx->user.cmnd_stat);
|
||||||
|
|
||||||
/* Free remaining references to password and group entries. */
|
/* Free remaining references to password and group entries. */
|
||||||
@@ -86,6 +85,9 @@ sudoers_ctx_free(struct sudoers_context *ctx)
|
|||||||
free(ctx->runas.limitprivs);
|
free(ctx->runas.limitprivs);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Free dynamic contents of ctx. */
|
||||||
|
free(ctx->source);
|
||||||
|
|
||||||
memset(ctx, 0, sizeof(*ctx));
|
memset(ctx, 0, sizeof(*ctx));
|
||||||
|
|
||||||
debug_return;
|
debug_return;
|
||||||
|
|||||||
Reference in New Issue
Block a user