isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

For "sudo -l" and "sudo -ll" only print the runas info for subsequent

Browse Source 
commands in a list if the runas info has changed.  If we have new
runas info, print out the tags again so as to be less confusing to
the user.  For "sudo -ll" set the line continuation indent to 8.
This commit is contained in:
Todd C. Miller
2013-02-19 16:29:17 -05:00
parent e07280eeeb
commit d00ad3bbe2
2 changed files with 70 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
plugins/sudoers/parse.c
View File

@@ -337,11 +337,18 @@ sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags,
debug_return; debug_return;
} }
#define RUNAS_CHANGED(cs1, cs2) \
(cs1 == NULL || cs2 == NULL || \
cs1->runasuserlist.first != cs2->runasuserlist.first || \
cs1->runasuserlist.last != cs2->runasuserlist.last || \
cs1->runasgrouplist.first != cs2->runasgrouplist.first || \
cs1->runasgrouplist.last != cs2->runasgrouplist.last)
static int static int
sudo_file_display_priv_short(struct passwd *pw, struct userspec *us, sudo_file_display_priv_short(struct passwd *pw, struct userspec *us,
struct lbuf *lbuf) struct lbuf *lbuf)
{ {
struct cmndspec *cs; struct cmndspec *cs, *prev_cs;
struct member *m; struct member *m;
struct privilege *priv; struct privilege *priv;
struct cmndtag tags; struct cmndtag tags;
@@ -351,39 +358,43 @@ sudo_file_display_priv_short(struct passwd *pw, struct userspec *us,
tq_foreach_fwd(&us->privileges, priv) { tq_foreach_fwd(&us->privileges, priv) {
if (hostlist_matches(&priv->hostlist) != ALLOW) if (hostlist_matches(&priv->hostlist) != ALLOW)
continue; continue;
tags.noexec = UNSPEC; prev_cs = NULL;
tags.setenv = UNSPEC;
tags.nopasswd = UNSPEC;
tags.log_input = UNSPEC;
tags.log_output = UNSPEC;
lbuf_append(lbuf, " "); lbuf_append(lbuf, " ");
tq_foreach_fwd(&priv->cmndlist, cs) { tq_foreach_fwd(&priv->cmndlist, cs) {
if (cs != tq_first(&priv->cmndlist)) if (cs != tq_first(&priv->cmndlist))
lbuf_append(lbuf, ", "); lbuf_append(lbuf, ", ");
lbuf_append(lbuf, "("); if (RUNAS_CHANGED(cs, prev_cs)) {
if (!tq_empty(&cs->runasuserlist)) { lbuf_append(lbuf, "(");
tq_foreach_fwd(&cs->runasuserlist, m) { if (!tq_empty(&cs->runasuserlist)) {
if (m != tq_first(&cs->runasuserlist)) tq_foreach_fwd(&cs->runasuserlist, m) {
lbuf_append(lbuf, ", "); if (m != tq_first(&cs->runasuserlist))
print_member(lbuf, m->name, m->type, m->negated, lbuf_append(lbuf, ", ");
RUNASALIAS); print_member(lbuf, m->name, m->type, m->negated,
RUNASALIAS);
}
} else if (tq_empty(&cs->runasgrouplist)) {
lbuf_append(lbuf, "%s", def_runas_default);
} else {
lbuf_append(lbuf, "%s", pw->pw_name);
} }
} else if (tq_empty(&cs->runasgrouplist)) { if (!tq_empty(&cs->runasgrouplist)) {
lbuf_append(lbuf, "%s", def_runas_default); lbuf_append(lbuf, " : ");
} else { tq_foreach_fwd(&cs->runasgrouplist, m) {
lbuf_append(lbuf, "%s", pw->pw_name); if (m != tq_first(&cs->runasgrouplist))
} lbuf_append(lbuf, ", ");
if (!tq_empty(&cs->runasgrouplist)) { print_member(lbuf, m->name, m->type, m->negated,
lbuf_append(lbuf, " : "); RUNASALIAS);
tq_foreach_fwd(&cs->runasgrouplist, m) { }
if (m != tq_first(&cs->runasgrouplist))
lbuf_append(lbuf, ", ");
print_member(lbuf, m->name, m->type, m->negated,
RUNASALIAS);
} }
lbuf_append(lbuf, ") ");
tags.noexec = UNSPEC;
tags.setenv = UNSPEC;
tags.nopasswd = UNSPEC;
tags.log_input = UNSPEC;
tags.log_output = UNSPEC;
} }
lbuf_append(lbuf, ") ");
sudo_file_append_cmnd(cs, &tags, lbuf); sudo_file_append_cmnd(cs, &tags, lbuf);
prev_cs = cs;
nfound++; nfound++;
} }
lbuf_append(lbuf, "\n"); lbuf_append(lbuf, "\n");
@@ -395,7 +406,7 @@ static int
sudo_file_display_priv_long(struct passwd *pw, struct userspec *us, sudo_file_display_priv_long(struct passwd *pw, struct userspec *us,
struct lbuf *lbuf) struct lbuf *lbuf)
{ {
struct cmndspec *cs; struct cmndspec *cs, *prev_cs;
struct member *m; struct member *m;
struct privilege *priv; struct privilege *priv;
struct cmndtag tags; struct cmndtag tags;
@@ -405,40 +416,44 @@ sudo_file_display_priv_long(struct passwd *pw, struct userspec *us,
tq_foreach_fwd(&us->privileges, priv) { tq_foreach_fwd(&us->privileges, priv) {
if (hostlist_matches(&priv->hostlist) != ALLOW) if (hostlist_matches(&priv->hostlist) != ALLOW)
continue; continue;
tags.noexec = UNSPEC;
tags.setenv = UNSPEC;
tags.nopasswd = UNSPEC;
tags.log_input = UNSPEC;
tags.log_output = UNSPEC;
lbuf_append(lbuf, _("\nSudoers entry:\n")); lbuf_append(lbuf, _("\nSudoers entry:\n"));
tq_foreach_fwd(&priv->cmndlist, cs) { tq_foreach_fwd(&priv->cmndlist, cs) {
lbuf_append(lbuf, _(" RunAsUsers: ")); if (RUNAS_CHANGED(cs, prev_cs)) {
if (!tq_empty(&cs->runasuserlist)) { lbuf_append(lbuf, _(" RunAsUsers: "));
tq_foreach_fwd(&cs->runasuserlist, m) { if (!tq_empty(&cs->runasuserlist)) {
if (m != tq_first(&cs->runasuserlist)) tq_foreach_fwd(&cs->runasuserlist, m) {
lbuf_append(lbuf, ", "); if (m != tq_first(&cs->runasuserlist))
print_member(lbuf, m->name, m->type, m->negated, lbuf_append(lbuf, ", ");
RUNASALIAS); print_member(lbuf, m->name, m->type, m->negated,
} RUNASALIAS);
} else if (tq_empty(&cs->runasgrouplist)) { }
lbuf_append(lbuf, "%s", def_runas_default); } else if (tq_empty(&cs->runasgrouplist)) {
} else { lbuf_append(lbuf, "%s", def_runas_default);
lbuf_append(lbuf, "%s", pw->pw_name); } else {
} lbuf_append(lbuf, "%s", pw->pw_name);
lbuf_append(lbuf, "\n");
if (!tq_empty(&cs->runasgrouplist)) {
lbuf_append(lbuf, _(" RunAsGroups: "));
tq_foreach_fwd(&cs->runasgrouplist, m) {
if (m != tq_first(&cs->runasgrouplist))
lbuf_append(lbuf, ", ");
print_member(lbuf, m->name, m->type, m->negated,
RUNASALIAS);
} }
lbuf_append(lbuf, "\n"); lbuf_append(lbuf, "\n");
if (!tq_empty(&cs->runasgrouplist)) {
lbuf_append(lbuf, _(" RunAsGroups: "));
tq_foreach_fwd(&cs->runasgrouplist, m) {
if (m != tq_first(&cs->runasgrouplist))
lbuf_append(lbuf, ", ");
print_member(lbuf, m->name, m->type, m->negated,
RUNASALIAS);
}
lbuf_append(lbuf, "\n");
}
lbuf_append(lbuf, _(" Commands:\n"));
tags.noexec = UNSPEC;
tags.setenv = UNSPEC;
tags.nopasswd = UNSPEC;
tags.log_input = UNSPEC;
tags.log_output = UNSPEC;
} }
lbuf_append(lbuf, _(" Commands:\n\t")); lbuf_append(lbuf, "\t");
sudo_file_append_cmnd(cs, &tags, lbuf); sudo_file_append_cmnd(cs, &tags, lbuf);
lbuf_append(lbuf, "\n"); lbuf_append(lbuf, "\n");
prev_cs = cs;
nfound++; nfound++;
} }
} }

2
plugins/sudoers/sudo_nss.c
View File

@@ -277,7 +277,7 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw)
if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode))
cols = 0; cols = 0;
lbuf_init(&defs, output, 4, NULL, cols); lbuf_init(&defs, output, 4, NULL, cols);
lbuf_init(&privs, output, 4, NULL, cols); lbuf_init(&privs, output, long_list ? 8 : 4, NULL, cols);
/* Display defaults from all sources. */ /* Display defaults from all sources. */
lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"), lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"),