Move a few fields from sudoers_user_contect to sudoers_context.
They are not really specific to the user or user-specified.
This commit is contained in:
Todd C. Miller
@@ -360,7 +360,7 @@ sudoers_audit_accept(const char *plugin_name, unsigned int plugin_type,
|
||||
ret = false;
|
||||
|
||||
if (!ISSET(ctx->mode, MODE_POLICY_INTERCEPTED))
|
||||
uuid_str = ctx->user.uuid_str;
|
||||
uuid_str = ctx->uuid_str;
|
||||
|
||||
audit_to_eventlog(ctx, &evlog, command_info, run_argv, run_envp, uuid_str);
|
||||
if (!log_allowed(ctx, &evlog) && !def_ignore_logfile_errors)
|
||||
|
||||
@@ -46,7 +46,7 @@ fill_seq(char *str, size_t strsize, void *v)
|
||||
debug_decl(fill_seq, SUDOERS_DEBUG_UTIL);
|
||||
|
||||
if (sessid[0] == '\0') {
|
||||
if (!iolog_nextid(ctx->user.iolog_dir, sessid))
|
||||
if (!iolog_nextid(ctx->iolog_dir, sessid))
|
||||
debug_return_size_t((size_t)-1);
|
||||
}
|
||||
|
||||
|
||||
@@ -259,7 +259,7 @@ log_reject(const struct sudoers_context *ctx, const char *message,
|
||||
debug_decl(log_reject, SUDOERS_DEBUG_LOGGING);
|
||||
|
||||
if (!ISSET(ctx->mode, MODE_POLICY_INTERCEPTED))
|
||||
uuid_str = ctx->user.uuid_str;
|
||||
uuid_str = ctx->uuid_str;
|
||||
|
||||
if (mailit) {
|
||||
SET(evl_flags, EVLOG_MAIL);
|
||||
@@ -615,7 +615,7 @@ log_exit_status(const struct sudoers_context *ctx, int status)
|
||||
ret = false;
|
||||
goto done;
|
||||
}
|
||||
sudo_timespecsub(&run_time, &ctx->user.submit_time, &run_time);
|
||||
sudo_timespecsub(&run_time, &ctx->submit_time, &run_time);
|
||||
|
||||
if (WIFEXITED(status)) {
|
||||
exit_value = WEXITSTATUS(status);
|
||||
@@ -636,7 +636,7 @@ log_exit_status(const struct sudoers_context *ctx, int status)
|
||||
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
|
||||
|
||||
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd_saved,
|
||||
ctx->runas.argv_saved, env_get(), ctx->user.uuid_str);
|
||||
ctx->runas.argv_saved, env_get(), ctx->uuid_str);
|
||||
if (def_mail_always) {
|
||||
SET(evl_flags, EVLOG_MAIL);
|
||||
if (!def_log_exit_status)
|
||||
@@ -740,7 +740,7 @@ vlog_warning(const struct sudoers_context *ctx, unsigned int flags,
|
||||
SET(evl_flags, EVLOG_MAIL_ONLY);
|
||||
}
|
||||
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd, ctx->runas.argv,
|
||||
env_get(), ctx->user.uuid_str);
|
||||
env_get(), ctx->uuid_str);
|
||||
if (!eventlog_alert(&evlog, evl_flags, &now, message, errstr))
|
||||
ret = false;
|
||||
if (!log_server_alert(ctx, &evlog, &now, message, errstr))
|
||||
@@ -860,7 +860,7 @@ mail_parse_errors(const struct sudoers_context *ctx)
|
||||
goto done;
|
||||
}
|
||||
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd, ctx->runas.argv,
|
||||
env_get(), ctx->user.uuid_str);
|
||||
env_get(), ctx->uuid_str);
|
||||
|
||||
/* Convert parse_error_list to a string vector. */
|
||||
n = 0;
|
||||
@@ -980,8 +980,8 @@ sudoers_to_eventlog(const struct sudoers_context *ctx, struct eventlog *evlog,
|
||||
sudo_gr_delref(grp);
|
||||
|
||||
memset(evlog, 0, sizeof(*evlog));
|
||||
evlog->iolog_file = ctx->user.iolog_file;
|
||||
evlog->iolog_path = ctx->user.iolog_path;
|
||||
evlog->iolog_file = ctx->iolog_file;
|
||||
evlog->iolog_path = ctx->iolog_path;
|
||||
evlog->command = cmnd ? (char *)cmnd : (argv ? argv[0] : NULL);
|
||||
evlog->cwd = ctx->user.cwd;
|
||||
if (def_runchroot != NULL && strcmp(def_runchroot, "*") != 0) {
|
||||
@@ -995,7 +995,7 @@ sudoers_to_eventlog(const struct sudoers_context *ctx, struct eventlog *evlog,
|
||||
evlog->runcwd = ctx->user.cwd;
|
||||
}
|
||||
evlog->rungroup = ctx->runas.gr ? ctx->runas.gr->gr_name : ctx->runas.group;
|
||||
evlog->source = ctx->user.source;
|
||||
evlog->source = ctx->source;
|
||||
evlog->submithost = ctx->user.host;
|
||||
evlog->submituser = ctx->user.name;
|
||||
if (grp != NULL)
|
||||
@@ -1004,7 +1004,7 @@ sudoers_to_eventlog(const struct sudoers_context *ctx, struct eventlog *evlog,
|
||||
evlog->argv = (char **)argv;
|
||||
evlog->env_add = (char **)ctx->user.env_vars;
|
||||
evlog->envp = (char **)envp;
|
||||
evlog->submit_time = ctx->user.submit_time;
|
||||
evlog->submit_time = ctx->submit_time;
|
||||
evlog->lines = ctx->user.lines;
|
||||
evlog->columns = ctx->user.cols;
|
||||
if (ctx->runas.pw != NULL) {
|
||||
@@ -1030,7 +1030,7 @@ sudoers_to_eventlog(const struct sudoers_context *ctx, struct eventlog *evlog,
|
||||
if (sudo_gettime_real(&now) == -1) {
|
||||
sudo_warn("%s", U_("unable to get time of day"));
|
||||
} else {
|
||||
sudo_timespecsub(&now, &ctx->user.submit_time, &evlog->iolog_offset);
|
||||
sudo_timespecsub(&now, &ctx->submit_time, &evlog->iolog_offset);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -116,7 +116,7 @@ sudoers_policy_deserialize_info(struct sudoers_context *ctx, void *v,
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
if (sudo_gettime_real(&ctx->user.submit_time) == -1) {
|
||||
if (sudo_gettime_real(&ctx->submit_time) == -1) {
|
||||
sudo_warn("%s", U_("unable to get time of day"));
|
||||
goto bad;
|
||||
}
|
||||
@@ -584,7 +584,7 @@ sudoers_policy_deserialize_info(struct sudoers_context *ctx, void *v,
|
||||
|
||||
/* Create a UUID to store in the event log. */
|
||||
sudo_uuid_create(uuid);
|
||||
if (sudo_uuid_to_string(uuid, ctx->user.uuid_str, sizeof(ctx->user.uuid_str)) == NULL) {
|
||||
if (sudo_uuid_to_string(uuid, ctx->uuid_str, sizeof(ctx->uuid_str)) == NULL) {
|
||||
sudo_warnx("%s", U_("unable to generate UUID"));
|
||||
goto bad;
|
||||
}
|
||||
@@ -984,8 +984,8 @@ sudoers_policy_store_result(struct sudoers_context *ctx, bool accepted,
|
||||
if ((command_info[info_len++] = sudo_new_key_val("rlimit_stack", def_rlimit_stack)) == NULL)
|
||||
goto oom;
|
||||
}
|
||||
if (ctx->user.source != NULL) {
|
||||
command_info[info_len] = sudo_new_key_val("source", ctx->user.source);
|
||||
if (ctx->source != NULL) {
|
||||
command_info[info_len] = sudo_new_key_val("source", ctx->source);
|
||||
if (command_info[info_len++] == NULL)
|
||||
goto oom;
|
||||
}
|
||||
|
||||
@@ -280,7 +280,7 @@ cleanup:
|
||||
/*
|
||||
* Expand I/O log dir and file into a full path.
|
||||
* Returns the full I/O log path prefixed with "iolog_path=".
|
||||
* Sets ctx->user.iolog_file as a side effect.
|
||||
* Sets ctx->iolog_file and ctx->iolog_path as a side effect.
|
||||
*/
|
||||
static char *
|
||||
format_iolog_path(struct sudoers_context *ctx)
|
||||
@@ -296,10 +296,10 @@ format_iolog_path(struct sudoers_context *ctx)
|
||||
ok = expand_iolog_path(def_iolog_dir, dir, sizeof(dir),
|
||||
&sudoers_iolog_path_escapes[1], ctx);
|
||||
if (ok) {
|
||||
ctx->user.iolog_dir = dir;
|
||||
ctx->iolog_dir = dir;
|
||||
ok = expand_iolog_path(def_iolog_file, file, sizeof(file),
|
||||
&sudoers_iolog_path_escapes[0], ctx);
|
||||
ctx->user.iolog_dir = NULL;
|
||||
ctx->iolog_dir = NULL;
|
||||
}
|
||||
sudoers_setlocale(oldlocale, NULL);
|
||||
if (!ok)
|
||||
@@ -311,8 +311,8 @@ format_iolog_path(struct sudoers_context *ctx)
|
||||
}
|
||||
|
||||
/* Stash pointer to the I/O log for the event log. */
|
||||
ctx->user.iolog_path = iolog_path + sizeof("iolog_path=") - 1;
|
||||
ctx->user.iolog_file = ctx->user.iolog_path + 1 + strlen(dir);
|
||||
ctx->iolog_path = iolog_path + sizeof("iolog_path=") - 1;
|
||||
ctx->iolog_file = ctx->iolog_path + 1 + strlen(dir);
|
||||
|
||||
done:
|
||||
debug_return_str(iolog_path);
|
||||
@@ -393,15 +393,15 @@ sudoers_check_common(struct sudoers_context *ctx, int pwflag)
|
||||
}
|
||||
|
||||
if (match_info.us != NULL && match_info.us->file != NULL) {
|
||||
free(ctx->user.source);
|
||||
free(ctx->source);
|
||||
if (match_info.us->line != 0) {
|
||||
if (asprintf(&ctx->user.source, "%s:%d:%d", match_info.us->file,
|
||||
if (asprintf(&ctx->source, "%s:%d:%d", match_info.us->file,
|
||||
match_info.us->line, match_info.us->column) == -1)
|
||||
ctx->user.source = NULL;
|
||||
ctx->source = NULL;
|
||||
} else {
|
||||
ctx->user.source = strdup(match_info.us->file);
|
||||
ctx->source = strdup(match_info.us->file);
|
||||
}
|
||||
if (ctx->user.source == NULL) {
|
||||
if (ctx->source == NULL) {
|
||||
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
@@ -112,7 +112,6 @@ struct sudoers_plugin_settings {
|
||||
* Info pertaining to the invoking user.
|
||||
*/
|
||||
struct sudoers_user_context {
|
||||
struct timespec submit_time;
|
||||
struct passwd *pw;
|
||||
struct stat *cmnd_stat;
|
||||
char *cwd;
|
||||
@@ -129,12 +128,8 @@ struct sudoers_user_context {
|
||||
char *cmnd_dir;
|
||||
char *cmnd_list;
|
||||
char *ccname;
|
||||
char *source;
|
||||
struct gid_list *gid_list;
|
||||
char * const * env_vars;
|
||||
char *iolog_file;
|
||||
char *iolog_dir;
|
||||
char *iolog_path;
|
||||
int closefrom;
|
||||
int lines;
|
||||
int cols;
|
||||
@@ -144,7 +139,6 @@ struct sudoers_user_context {
|
||||
uid_t gid;
|
||||
pid_t sid;
|
||||
pid_t tcpgid;
|
||||
char uuid_str[37];
|
||||
};
|
||||
|
||||
/*
|
||||
@@ -193,8 +187,14 @@ struct sudoers_context {
|
||||
struct sudoers_plugin_settings settings;
|
||||
struct sudoers_user_context user;
|
||||
struct sudoers_runas_context runas;
|
||||
struct timespec submit_time;
|
||||
char *source;
|
||||
char *iolog_file;
|
||||
char *iolog_dir;
|
||||
char *iolog_path;
|
||||
int sudoedit_nfiles;
|
||||
unsigned int mode;
|
||||
char uuid_str[37];
|
||||
};
|
||||
|
||||
/*
|
||||
|
||||
@@ -57,7 +57,6 @@ sudoers_ctx_free(struct sudoers_context *ctx)
|
||||
canon_path_free(ctx->user.cmnd_dir);
|
||||
free(ctx->user.cmnd_args);
|
||||
free(ctx->user.cmnd_list);
|
||||
free(ctx->user.source);
|
||||
free(ctx->user.cmnd_stat);
|
||||
|
||||
/* Free remaining references to password and group entries. */
|
||||
@@ -86,6 +85,9 @@ sudoers_ctx_free(struct sudoers_context *ctx)
|
||||
free(ctx->runas.limitprivs);
|
||||
#endif
|
||||
|
||||
/* Free dynamic contents of ctx. */
|
||||
free(ctx->source);
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
|
||||
debug_return;
|
||||
|
||||
Reference in New Issue
Block a user