isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

now uses user_pw_ent and simple macros to get at the contents

Browse Source
This commit is contained in:
Todd C. Miller
1995-11-24 02:27:27 +00:00
parent 57a4342e7d
commit d6a223e2a2
7 changed files with 61 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
check.c
View File

@@ -139,7 +139,7 @@ void check_user()
oldmask = umask(077); /* make sure the timestamp files are private */
rtn = check_timestamp();
if (rtn && sudo_pw_ent->pw_uid) { /* if timestamp is not current... */
if (rtn && user_uid) { /* if timestamp is not current... */
if (rtn == 2)
reminder(); /* do the reminder if ticket file is new */
check_passwd();
@@ -172,7 +172,7 @@ int user_is_exempt()
return(TRUE);
for (gr_mem = grp->gr_mem; *gr_mem; gr_mem++) {
if (strcmp(sudo_pw_ent->pw_name, *gr_mem) == 0)
if (strcmp(user_name, *gr_mem) == 0)
return(TRUE);
}
@@ -205,11 +205,9 @@ static int check_timestamp()
else
p = tty;
(void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR,
sudo_pw_ent->pw_name, p);
(void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR, user_name, p);
#else
(void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR,
sudo_pw_ent->pw_name);
(void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR, user_name);
#endif /* USE_TTY_TICKETS */
timedir_is_good = 1; /* now there's an assumption for ya... */
@@ -364,11 +362,9 @@ void remove_timestamp()
else
p = tty;
(void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR,
sudo_pw_ent->pw_name, p);
(void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR, user_name, p);
#else
(void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR,
sudo_pw_ent->pw_name);
(void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR, user_name);
#endif /* USE_TTY_TICKETS */
/* become root */
@@ -462,7 +458,7 @@ static void check_passwd()
/* get a password from the user */
#ifdef HAVE_SKEY
set_perms(PERM_ROOT);
pass = skey_getpass(prompt, sudo_pw_ent, TRUE);
pass = skey_getpass(prompt, user_pw_ent, TRUE);
set_perms(PERM_USER);
#else
# ifdef USE_GETPASS
@@ -491,24 +487,21 @@ static void check_passwd()
*/
#ifdef SHADOW_TYPE
# if (SHADOW_TYPE == SPW_ULTRIX4)
if (!strcmp(sudo_pw_ent->pw_passwd,
(char *) crypt16(pass, sudo_pw_ent->pw_passwd)))
if (!strcmp(user_passwd, (char *)crypt16(pass, user_passwd)))
return; /* if the passwd is correct return() */
# endif /* ULTRIX4 */
# if (SHADOW_TYPE == SPW_SECUREWARE) && !defined(__alpha)
strncpy(salt, sudo_pw_ent->pw_passwd, 2);
strncpy(salt, user_passwd, 2);
i = AUTH_SALT_SIZE + AUTH_CIPHERTEXT_SEG_CHARS;
if (strncmp(sudo_pw_ent->pw_passwd, crypt(pass, salt), i) == 0)
if (strncmp(user_passwd, crypt(pass, salt), i) == 0)
return; /* if the passwd is correct return() */
# endif /* SECUREWARE && !__alpha */
# if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
if (!strcmp(sudo_pw_ent->pw_passwd,
bigcrypt(pass, sudo_pw_ent->pw_passwd)))
if (!strcmp(user_passwd, bigcrypt(pass, user_passwd)))
return; /* if the passwd is correct return() */
} else if (crypt_type == AUTH_CRYPT_CRYPT16) {
if (!strcmp(sudo_pw_ent->pw_passwd,
crypt16(pass, sudo_pw_ent->pw_passwd)))
if (!strcmp(user_passwd, crypt16(pass, user_passwd)))
return; /* if the passwd is correct return() */
} else {
(void) fprintf(stderr,
@@ -521,26 +514,25 @@ static void check_passwd()
#ifdef HAVE_SKEY
set_perms(PERM_ROOT);
if (!strcmp(sudo_pw_ent->pw_passwd,
skey_crypt(pass, sudo_pw_ent->pw_passwd, sudo_pw_ent, TRUE))) {
if (!strcmp(user_passwd,
skey_crypt(pass, user_passwd, user_pw_ent, TRUE))) {
set_perms(PERM_USER);
return; /* if the passwd is correct return() */
}
set_perms(PERM_USER);
#else
if (!strcmp(sudo_pw_ent->pw_passwd,
(char *) crypt(pass, sudo_pw_ent->pw_passwd)))
if (!strcmp(user_passwd, (char *) crypt(pass, user_passwd)))
return; /* if the passwd is correct return() */
#endif /* HAVE_SKEY */
#ifdef HAVE_KERB4
if (sudo_pw_ent->pw_uid && sudo_krb_validate_user(sudo_pw_ent, pass) == 0)
if (user_uid && sudo_krb_validate_user(user_pw_ent, pass) == 0)
return;
#endif /* HAVE_KERB4 */
#ifdef HAVE_AFS
code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION+KA_USERAUTH_DOSETPAG,
sudo_pw_ent->pw_name,
user_name,
(char *) 0,
(char *) 0,
pass,
@@ -553,7 +545,7 @@ static void check_passwd()
#endif /* HAVE_AFS */
#ifdef HAVE_DCE
/* XXX - this seems wrong... */
if (dce_pwent(sudo_pw_ent->pw_name, pass))
if (dce_pwent(user_name, pass))
return;
#endif /* HAVE_DCE */

21
logging.c
View File

@@ -159,8 +159,7 @@ void log_error(code)
* necesary for mail and file logs.
*/
now = time((time_t) 0);
(void) sprintf(logline, "%19.19s : %8.8s : ", ctime(&now),
sudo_pw_ent->pw_name);
(void) sprintf(logline, "%19.19s : %8.8s : ", ctime(&now), user_name);
/*
* we need a pointer to the end of logline (XXX - use a #define not 33)
@@ -194,7 +193,7 @@ void log_error(code)
case GLOBAL_NO_PW_ENT:
(void) sprintf(p,
"There is no passwd entry for uid %ld (TTY=%s). ",
(long) sudo_pw_ent->pw_uid, tty);
(long) user_uid, tty);
break;
case PASSWORD_NOT_CORRECT:
@@ -319,10 +318,9 @@ void log_error(code)
*tmp = '\0';
if (count == 0)
syslog(pri, "%8.8s : %s", sudo_pw_ent->pw_name, p);
syslog(pri, "%8.8s : %s", user_name, p);
else
syslog(pri, "%8.8s : (command continued) %s",
sudo_pw_ent->pw_name, p);
syslog(pri, "%8.8s : (command continued) %s", user_name, p);
*tmp = save; /* restore saved character */
@@ -331,10 +329,9 @@ void log_error(code)
;
} else {
if (count == 0)
syslog(pri, "%8.8s : %s", sudo_pw_ent->pw_name, p);
syslog(pri, "%8.8s : %s", user_name, p);
else
syslog(pri, "%8.8s : (command continued) %s",
sudo_pw_ent->pw_name, p);
syslog(pri, "%8.8s : (command continued) %s", user_name, p);
}
}
closelog();
@@ -540,18 +537,18 @@ void inform_user(code)
case VALIDATE_NO_USER:
(void) fprintf(stderr,
"%s is not in the sudoers file. This incident will be reported.\n\n",
sudo_pw_ent->pw_name);
user_name);
break;
case VALIDATE_NOT_OK:
if (cmnd_args)
(void) fprintf(stderr,
"Sorry, user %s is not allowed to execute \"%s %s\" on %s.\n\n",
sudo_pw_ent->pw_name, cmnd, cmnd_args, host);
user_name, cmnd, cmnd_args, host);
else
(void) fprintf(stderr,
"Sorry, user %s is not allowed to execute \"%s\" on %s.\n\n",
sudo_pw_ent->pw_name, cmnd, host);
user_name, cmnd, host);
break;
case VALIDATE_ERROR:

4
parse.yacc
View File

@@ -329,13 +329,13 @@ userlist : user
;
user : NAME {
if (strcmp($1, sudo_pw_ent->pw_name) == 0)
if (strcmp($1, user_name) == 0)
user_matches = TRUE;
(void) free($1);
$1 = NULL; /* XXX */
}
| NETGROUP {
if (netgr_matches($1, NULL, sudo_pw_ent->pw_name))
if (netgr_matches($1, NULL, user_name))
user_matches = TRUE;
(void) free($1);
$1 = NULL; /* XXX */

32
sudo.c
View File

@@ -129,7 +129,7 @@ extern int user_is_exempt __P((void));
*/
int Argc;
char **Argv;
struct passwd *sudo_pw_ent;
struct passwd *user_pw_ent;
char *cmnd = NULL;
char *cmnd_args = NULL;
char *tty = NULL;
@@ -310,9 +310,9 @@ int main(argc, argv)
}
/* replace "-s" with the shell's name */
if ((NewArgv[0] = strrchr(sudo_pw_ent->pw_shell, '/') + 1)
if ((NewArgv[0] = strrchr(user_shell, '/') + 1)
== (char *) 1)
NewArgv[0] = sudo_pw_ent->pw_shell;
NewArgv[0] = user_shell;
for (i = 1; i < Argc; i++)
NewArgv[i] = Argv[i];
@@ -349,7 +349,7 @@ int main(argc, argv)
* load_globals()
*
* This function primes these important global variables:
* sudo_pw_ent, host, cwd, interfaces.
* user_pw_ent, host, cwd, interfaces.
*/
static void load_globals(sudo_mode)
@@ -366,11 +366,11 @@ static void load_globals(sudo_mode)
* if necesary. It is assumed that euid is 0 at this point so we
* can read the shadow passwd file if necesary.
*/
sudo_pw_ent = sudo_getpwuid(getuid());
user_pw_ent = sudo_getpwuid(getuid());
set_perms(PERM_ROOT);
set_perms(PERM_USER);
if (sudo_pw_ent == NULL) {
/* need to make a fake sudo_pw_ent */
if (user_pw_ent == NULL) {
/* need to make a fake user_pw_ent */
struct passwd pw_ent;
char pw_name[MAX_UID_T_LEN+1];
@@ -378,7 +378,7 @@ static void load_globals(sudo_mode)
pw_ent.pw_uid = getuid();
(void) sprintf(pw_name, "%ld", pw_ent.pw_uid);
pw_ent.pw_name = pw_name;
sudo_pw_ent = &pw_ent;
user_pw_ent = &pw_ent;
/* complain, log, and die */
log_error(GLOBAL_NO_PW_ENT);
@@ -409,7 +409,7 @@ static void load_globals(sudo_mode)
#endif /* UMASK */
#ifdef NO_ROOT_SUDO
if (sudo_pw_ent -> pw_uid == 0) {
if (user_uid == 0) {
(void) fprintf(stderr,
"You are already root, you don't need to use sudo.\n");
exit(1);
@@ -603,14 +603,14 @@ static void add_env()
}
/* add the SUDO_USER envariable */
if (sudo_setenv("SUDO_USER", sudo_pw_ent -> pw_name)) {
if (sudo_setenv("SUDO_USER", user_name)) {
perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
/* add the SUDO_UID envariable */
(void) sprintf(idstr, "%ld", (long) sudo_pw_ent -> pw_uid);
(void) sprintf(idstr, "%ld", (long) user_uid);
if (sudo_setenv("SUDO_UID", idstr)) {
perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
@@ -645,8 +645,8 @@ static void load_cmnd(sudo_mode)
/* If we are running a shell command args start at position 1 */
if ((sudo_mode & MODE_SHELL)) {
if (sudo_pw_ent->pw_shell && *sudo_pw_ent->pw_shell) {
old_cmnd = sudo_pw_ent->pw_shell;
if (user_shell && *user_shell) {
old_cmnd = user_shell;
arg_start = 1;
} else {
(void) fprintf(stderr, "%s: Unable to determine shell.", Argv[0]);
@@ -794,8 +794,8 @@ void set_perms(perm)
break;
case PERM_USER :
if (seteuid(sudo_pw_ent -> pw_uid)) {
perror("seteuid(sudo_pw_ent -> pw_uid)");
if (seteuid(user_uid)) {
perror("seteuid(user_uid)");
exit(1);
}
break;
@@ -806,7 +806,7 @@ void set_perms(perm)
exit(1);
}
if (setuid(sudo_pw_ent -> pw_uid)) {
if (setuid(user_uid)) {
perror("setuid(uid)");
exit(1);
}

12
sudo.h
View File

@@ -131,6 +131,16 @@ extern int top;
#define PERM_FULL_USER 0x03
#define PERM_SUDOERS 0x04
/*
* Shortcuts for user_pw_ent
*/
#define user_name (user_pw_ent -> pw_name)
#define user_passwd (user_pw_ent -> pw_passwd)
#define user_uid (user_pw_ent -> pw_uid)
#define user_gid (user_pw_ent -> pw_gid)
#define user_shell (user_pw_ent -> pw_shell)
#define user_dir (user_pw_ent -> pw_dir)
/*
* Prototypes
*/
@@ -170,7 +180,7 @@ extern char host[];
extern char cwd[];
extern struct interface *interfaces;
extern int num_interfaces;
extern struct passwd *sudo_pw_ent;
extern struct passwd *user_pw_ent;
extern char *tty;
extern char *cmnd;
extern char *cmnd_args;

4
testsudoers.c
View File

@@ -66,7 +66,7 @@ char *cmnd = NULL;
char *cmnd_args = NULL;
char host[MAXHOSTNAMELEN+1];
char cwd[MAXPATHLEN+1];
struct passwd *sudo_pw_ent;
struct passwd *user_pw_ent;
char **Argv;
int Argc;
uid_t uid;
@@ -198,7 +198,7 @@ main(argc, argv)
Argv = argv;
Argc = argc;
sudo_pw_ent = &pw_ent; /* need sudo_pw_ent->pw_name defined */
user_pw_ent = &pw_ent; /* need user_pw_ent->pw_name defined */
cmnd = argv[1];
pw_ent.pw_name = argv[2];

6
visudo.c
View File

@@ -108,7 +108,7 @@ int parse_error = FALSE;
*/
char host[] = "";
char *cmnd = "";
struct passwd *sudo_pw_ent;
struct passwd *user_pw_ent;
/********************************************************************
@@ -170,8 +170,8 @@ int main(argc, argv)
exit(1);
}
/* sudo_pw_ent needs to be defined to _something_, this will do */
sudo_pw_ent = pwd;
/* user_pw_ent needs to be defined to _something_, this will do */
user_pw_ent = pwd;
/*
* Copy sudoers file to stmp