isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Now that we have proper number parsing functions we should store

Browse Source 
T_UINT defaults values as unsigned int, not int.
This commit is contained in:
Todd C. Miller
2013-12-11 14:43:04 -07:00
parent 3e4f5c5848
commit ef2cff1d33
9 changed files with 27 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/sudoers/auth/sudo_auth.c
View File

@@ -183,7 +183,7 @@ sudo_auth_cleanup(struct passwd *pw)
int int
verify_user(struct passwd *pw, char *prompt, int validated) verify_user(struct passwd *pw, char *prompt, int validated)
{ {
int counter = def_passwd_tries + 1; unsigned int counter = def_passwd_tries + 1;
int success = AUTH_FAILURE; int success = AUTH_FAILURE;
int status, rval; int status, rval;
char *p; char *p;

6
plugins/sudoers/def_data.c
View File

@@ -152,7 +152,7 @@ struct sudo_defs_types sudo_defs_table[] = {
NULL, NULL,
}, { }, {
"loglinelen", T_UINT|T_BOOL, "loglinelen", T_UINT|T_BOOL,
N_("Length at which to wrap log file lines (0 for no wrap): %d"), N_("Length at which to wrap log file lines (0 for no wrap): %u"),
NULL, NULL,
}, { }, {
"timestamp_timeout", T_FLOAT|T_BOOL, "timestamp_timeout", T_FLOAT|T_BOOL,
@@ -164,7 +164,7 @@ struct sudo_defs_types sudo_defs_table[] = {
NULL, NULL,
}, { }, {
"passwd_tries", T_UINT, "passwd_tries", T_UINT,
N_("Number of tries to enter a password: %d"), N_("Number of tries to enter a password: %u"),
NULL, NULL,
}, { }, {
"umask", T_MODE|T_BOOL, "umask", T_MODE|T_BOOL,
@@ -372,7 +372,7 @@ struct sudo_defs_types sudo_defs_table[] = {
NULL, NULL,
}, { }, {
"maxseq", T_UINT, "maxseq", T_UINT,
N_("Maximum I/O log sequence number"), N_("Maximum I/O log sequence number: %u"),
NULL, NULL,
}, { }, {
NULL, 0, NULL NULL, 0, NULL

6
plugins/sudoers/def_data.h
View File

@@ -62,13 +62,13 @@
#define I_STAY_SETUID 30 #define I_STAY_SETUID 30
#define def_preserve_groups (sudo_defs_table[31].sd_un.flag) #define def_preserve_groups (sudo_defs_table[31].sd_un.flag)
#define I_PRESERVE_GROUPS 31 #define I_PRESERVE_GROUPS 31
#define def_loglinelen (sudo_defs_table[32].sd_un.ival) #define def_loglinelen (sudo_defs_table[32].sd_un.uival)
#define I_LOGLINELEN 32 #define I_LOGLINELEN 32
#define def_timestamp_timeout (sudo_defs_table[33].sd_un.fval) #define def_timestamp_timeout (sudo_defs_table[33].sd_un.fval)
#define I_TIMESTAMP_TIMEOUT 33 #define I_TIMESTAMP_TIMEOUT 33
#define def_passwd_timeout (sudo_defs_table[34].sd_un.fval) #define def_passwd_timeout (sudo_defs_table[34].sd_un.fval)
#define I_PASSWD_TIMEOUT 34 #define I_PASSWD_TIMEOUT 34
#define def_passwd_tries (sudo_defs_table[35].sd_un.ival) #define def_passwd_tries (sudo_defs_table[35].sd_un.uival)
#define I_PASSWD_TRIES 35 #define I_PASSWD_TRIES 35
#define def_umask (sudo_defs_table[36].sd_un.mode) #define def_umask (sudo_defs_table[36].sd_un.mode)
#define I_UMASK 36 #define I_UMASK 36
@@ -172,7 +172,7 @@
#define I_PAM_SETCRED 85 #define I_PAM_SETCRED 85
#define def_pam_session (sudo_defs_table[86].sd_un.flag) #define def_pam_session (sudo_defs_table[86].sd_un.flag)
#define I_PAM_SESSION 86 #define I_PAM_SESSION 86
#define def_maxseq (sudo_defs_table[87].sd_un.ival) #define def_maxseq (sudo_defs_table[87].sd_un.uival)
#define I_MAXSEQ 87 #define I_MAXSEQ 87
enum def_tuple { enum def_tuple {

6
plugins/sudoers/def_data.in
View File

@@ -109,7 +109,7 @@ preserve_groups
"Don't initialize the group vector to that of the target user" "Don't initialize the group vector to that of the target user"
loglinelen loglinelen
T_UINT|T_BOOL T_UINT|T_BOOL
"Length at which to wrap log file lines (0 for no wrap): %d" "Length at which to wrap log file lines (0 for no wrap): %u"
timestamp_timeout timestamp_timeout
T_FLOAT|T_BOOL T_FLOAT|T_BOOL
"Authentication timestamp timeout: %.1f minutes" "Authentication timestamp timeout: %.1f minutes"
@@ -118,7 +118,7 @@ passwd_timeout
"Password prompt timeout: %.1f minutes" "Password prompt timeout: %.1f minutes"
passwd_tries passwd_tries
T_UINT T_UINT
"Number of tries to enter a password: %d" "Number of tries to enter a password: %u"
umask umask
T_MODE|T_BOOL T_MODE|T_BOOL
"Umask to use or 0777 to use user's: 0%o" "Umask to use or 0777 to use user's: 0%o"
@@ -276,4 +276,4 @@ pam_session
"Create a new PAM session for the command to run in" "Create a new PAM session for the command to run in"
maxseq maxseq
T_UINT T_UINT
"Maximum I/O log sequence number" "Maximum I/O log sequence number: %u"

10
plugins/sudoers/defaults.c
View File

@@ -148,11 +148,14 @@ dump_defaults(void)
sudo_printf(SUDO_CONV_INFO_MSG, "\n"); sudo_printf(SUDO_CONV_INFO_MSG, "\n");
} }
break; break;
case T_UINT:
case T_INT: case T_INT:
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.ival); sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.ival);
sudo_printf(SUDO_CONV_INFO_MSG, "\n"); sudo_printf(SUDO_CONV_INFO_MSG, "\n");
break; break;
case T_UINT:
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.uival);
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
break;
case T_FLOAT: case T_FLOAT:
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.fval); sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.fval);
sudo_printf(SUDO_CONV_INFO_MSG, "\n"); sudo_printf(SUDO_CONV_INFO_MSG, "\n");
@@ -628,7 +631,7 @@ store_uint(char *val, struct sudo_defs_types *def, int op)
debug_decl(store_uint, SUDO_DEBUG_DEFAULTS) debug_decl(store_uint, SUDO_DEBUG_DEFAULTS)
if (op == false) { if (op == false) {
def->sd_un.ival = 0; def->sd_un.uival = 0;
} else { } else {
u = strtonum(val, 0, UINT_MAX, &errstr); u = strtonum(val, 0, UINT_MAX, &errstr);
if (errstr != NULL) { if (errstr != NULL) {
@@ -636,8 +639,7 @@ store_uint(char *val, struct sudo_defs_types *def, int op)
"%s: %s", val, errstr); "%s: %s", val, errstr);
debug_return_bool(false); debug_return_bool(false);
} }
/* XXX - should have uival */ def->sd_un.uival = u;
def->sd_un.ival = u;
} }
if (def->callback) if (def->callback)
debug_return_bool(def->callback(val)); debug_return_bool(def->callback(val));

1
plugins/sudoers/defaults.h
View File

@@ -55,6 +55,7 @@ struct sudo_defs_types {
union { union {
int flag; int flag;
int ival; int ival;
unsigned int uival;
double fval; double fval;
enum def_tuple tuple; enum def_tuple tuple;
char *str; char *str;

14
plugins/sudoers/logging.c
View File

@@ -344,7 +344,7 @@ log_failure(int status, int flags)
* Log and audit that user was not able to authenticate themselves. * Log and audit that user was not able to authenticate themselves.
*/ */
void void
log_auth_failure(int status, int tries) log_auth_failure(int status, unsigned int tries)
{ {
int flags = NO_MAIL; int flags = NO_MAIL;
debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING) debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING)
@@ -439,9 +439,9 @@ vlog_warning(int flags, const char *fmt, va_list ap)
/* Expand printf-style format + args (with a special case). */ /* Expand printf-style format + args (with a special case). */
if (fmt == INCORRECT_PASSWORD_ATTEMPT) { if (fmt == INCORRECT_PASSWORD_ATTEMPT) {
int tries = va_arg(ap, int); unsigned int tries = va_arg(ap, unsigned int);
easprintf(&message, ngettext("%d incorrect password attempt", easprintf(&message, ngettext("%u incorrect password attempt",
"%d incorrect password attempts", tries), tries); "%u incorrect password attempts", tries), tries);
} else { } else {
evasprintf(&message, _(fmt), ap); evasprintf(&message, _(fmt), ap);
} }
@@ -493,9 +493,9 @@ vlog_warning(int flags, const char *fmt, va_list ap)
if (!ISSET(flags, NO_STDERR)) { if (!ISSET(flags, NO_STDERR)) {
sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
if (fmt == INCORRECT_PASSWORD_ATTEMPT) { if (fmt == INCORRECT_PASSWORD_ATTEMPT) {
int tries = va_arg(ap2, int); unsigned int tries = va_arg(ap2, unsigned int);
warningx_nodebug(ngettext("%d incorrect password attempt", warningx_nodebug(ngettext("%u incorrect password attempt",
"%d incorrect password attempts", tries), tries); "%u incorrect password attempts", tries), tries);
} else { } else {
if (ISSET(flags, USE_ERRNO)) if (ISSET(flags, USE_ERRNO))
vwarning_nodebug(_(fmt), ap2); vwarning_nodebug(_(fmt), ap2);

2
plugins/sudoers/logging.h
View File

@@ -63,7 +63,7 @@ int sudoers_getlocale(void);
void audit_success(char *exec_args[]); void audit_success(char *exec_args[]);
void audit_failure(char *exec_args[], char const *const fmt, ...) __printflike(2, 3); void audit_failure(char *exec_args[], char const *const fmt, ...) __printflike(2, 3);
void log_allowed(int status); void log_allowed(int status);
void log_auth_failure(int status, int tries); void log_auth_failure(int status, unsigned int tries);
void log_denial(int status, bool inform_user); void log_denial(int status, bool inform_user);
void log_failure(int status, int flags); void log_failure(int status, int flags);
void log_warning(int flags, const char *fmt, ...) __printflike(2, 3); void log_warning(int flags, const char *fmt, ...) __printflike(2, 3);

3
plugins/sudoers/mkdefaults
View File

@@ -125,7 +125,8 @@ sub print_record {
my ($i, $v, $defname); my ($i, $v, $defname);
# each variable gets a macro to access its value # each variable gets a macro to access its value
for ($rec->[1]) { for ($rec->[1]) {
if (/^T_U?INT/) { $v = "ival"; } if (/^T_INT/) { $v = "ival"; }
elsif (/^T_UINT/) { $v = "uival"; }
elsif (/^T_STR/) { $v = "str"; } elsif (/^T_STR/) { $v = "str"; }
elsif (/^T_FLAG/) { $v = "flag"; } elsif (/^T_FLAG/) { $v = "flag"; }
elsif (/^T_MODE/) { $v = "mode"; } elsif (/^T_MODE/) { $v = "mode"; }