|
version 1.1.1.4, 2013/07/22 10:46:12
|
version 1.1.1.5, 2014/06/15 16:12:54
|
|
Line 51
|
Line 51
|
| |
|
| /* sudoers nsswitch routines */ |
/* sudoers nsswitch routines */ |
| struct sudo_nss sudo_nss_file = { |
struct sudo_nss sudo_nss_file = { |
| &sudo_nss_file, | { NULL, NULL }, |
| NULL, | |
| sudo_file_open, |
sudo_file_open, |
| sudo_file_close, |
sudo_file_close, |
| sudo_file_parse, |
sudo_file_parse, |
|
Line 65 struct sudo_nss sudo_nss_file = {
|
Line 64 struct sudo_nss sudo_nss_file = {
|
| }; |
}; |
| |
|
| /* |
/* |
| * Parser externs. |
|
| */ |
|
| extern FILE *sudoersin; |
|
| extern char *errorfile; |
|
| extern int errorlineno; |
|
| extern bool parse_error; |
|
| |
|
| /* |
|
| * Local prototypes. |
* Local prototypes. |
| */ |
*/ |
| static int display_bound_defaults(int dtype, struct lbuf *lbuf); |
static int display_bound_defaults(int dtype, struct lbuf *lbuf); |
|
Line 182 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
Line 173 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
| CLR(validated, FLAG_NO_USER); |
CLR(validated, FLAG_NO_USER); |
| CLR(validated, FLAG_NO_HOST); |
CLR(validated, FLAG_NO_HOST); |
| match = DENY; |
match = DENY; |
| tq_foreach_fwd(&userspecs, us) { | TAILQ_FOREACH(us, &userspecs, entries) { |
| if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) |
if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) |
| continue; |
continue; |
| tq_foreach_fwd(&us->privileges, priv) { | TAILQ_FOREACH(priv, &us->privileges, entries) { |
| if (hostlist_matches(&priv->hostlist) != ALLOW) |
if (hostlist_matches(&priv->hostlist) != ALLOW) |
| continue; |
continue; |
| tq_foreach_fwd(&priv->cmndlist, cs) { | TAILQ_FOREACH(cs, &priv->cmndlist, entries) { |
| /* Only check the command when listing another user. */ |
/* Only check the command when listing another user. */ |
| if (user_uid == 0 || list_pw == NULL || |
if (user_uid == 0 || list_pw == NULL || |
| user_uid == list_pw->pw_uid || |
user_uid == list_pw->pw_uid || |
|
Line 216 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
Line 207 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
| set_perms(PERM_RUNAS); |
set_perms(PERM_RUNAS); |
| |
|
| match = UNSPEC; |
match = UNSPEC; |
| tq_foreach_rev(&userspecs, us) { | TAILQ_FOREACH_REVERSE(us, &userspecs, userspec_list, entries) { |
| if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) |
if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) |
| continue; |
continue; |
| CLR(validated, FLAG_NO_USER); |
CLR(validated, FLAG_NO_USER); |
| tq_foreach_rev(&us->privileges, priv) { | TAILQ_FOREACH_REVERSE(priv, &us->privileges, privilege_list, entries) { |
| host_match = hostlist_matches(&priv->hostlist); |
host_match = hostlist_matches(&priv->hostlist); |
| if (host_match == ALLOW) |
if (host_match == ALLOW) |
| CLR(validated, FLAG_NO_HOST); |
CLR(validated, FLAG_NO_HOST); |
| else |
else |
| continue; |
continue; |
| tq_foreach_rev(&priv->cmndlist, cs) { | TAILQ_FOREACH_REVERSE(cs, &priv->cmndlist, cmndspec_list, entries) { |
| matching_user = NULL; |
matching_user = NULL; |
| runas_match = runaslist_matches(&cs->runasuserlist, | runas_match = runaslist_matches(cs->runasuserlist, |
| &cs->runasgrouplist, &matching_user, NULL); | cs->runasgrouplist, &matching_user, NULL); |
| if (runas_match == ALLOW) { |
if (runas_match == ALLOW) { |
| cmnd_match = cmnd_matches(cs->cmnd); |
cmnd_match = cmnd_matches(cs->cmnd); |
| if (cmnd_match != UNSPEC) { |
if (cmnd_match != UNSPEC) { |
|
Line 341 sudo_file_append_cmnd(struct cmndspec *cs, struct cmnd
|
Line 332 sudo_file_append_cmnd(struct cmndspec *cs, struct cmnd
|
| |
|
| #define RUNAS_CHANGED(cs1, cs2) \ |
#define RUNAS_CHANGED(cs1, cs2) \ |
| (cs1 == NULL || cs2 == NULL || \ |
(cs1 == NULL || cs2 == NULL || \ |
| cs1->runasuserlist.first != cs2->runasuserlist.first || \ | cs1->runasuserlist != cs2->runasuserlist || \ |
| cs1->runasuserlist.last != cs2->runasuserlist.last || \ | cs1->runasgrouplist != cs2->runasgrouplist) |
| cs1->runasgrouplist.first != cs2->runasgrouplist.first || \ | |
| cs1->runasgrouplist.last != cs2->runasgrouplist.last) | |
| |
|
| static int |
static int |
| sudo_file_display_priv_short(struct passwd *pw, struct userspec *us, |
sudo_file_display_priv_short(struct passwd *pw, struct userspec *us, |
|
Line 363 sudo_file_display_priv_short(struct passwd *pw, struct
|
Line 352 sudo_file_display_priv_short(struct passwd *pw, struct
|
| tags.nopasswd = UNSPEC; |
tags.nopasswd = UNSPEC; |
| tags.log_input = UNSPEC; |
tags.log_input = UNSPEC; |
| tags.log_output = UNSPEC; |
tags.log_output = UNSPEC; |
| tq_foreach_fwd(&us->privileges, priv) { | TAILQ_FOREACH(priv, &us->privileges, entries) { |
| if (hostlist_matches(&priv->hostlist) != ALLOW) |
if (hostlist_matches(&priv->hostlist) != ALLOW) |
| continue; |
continue; |
| prev_cs = NULL; |
prev_cs = NULL; |
| tq_foreach_fwd(&priv->cmndlist, cs) { | TAILQ_FOREACH(cs, &priv->cmndlist, entries) { |
| if (RUNAS_CHANGED(cs, prev_cs)) { |
if (RUNAS_CHANGED(cs, prev_cs)) { |
| if (cs != tq_first(&priv->cmndlist)) | if (cs != TAILQ_FIRST(&priv->cmndlist)) |
| lbuf_append(lbuf, "\n"); |
lbuf_append(lbuf, "\n"); |
| lbuf_append(lbuf, " ("); |
lbuf_append(lbuf, " ("); |
| if (!tq_empty(&cs->runasuserlist)) { | if (cs->runasuserlist != NULL) { |
| tq_foreach_fwd(&cs->runasuserlist, m) { | TAILQ_FOREACH(m, cs->runasuserlist, entries) { |
| if (m != tq_first(&cs->runasuserlist)) | if (m != TAILQ_FIRST(cs->runasuserlist)) |
| lbuf_append(lbuf, ", "); |
lbuf_append(lbuf, ", "); |
| print_member(lbuf, m, RUNASALIAS); |
print_member(lbuf, m, RUNASALIAS); |
| } |
} |
| } else if (tq_empty(&cs->runasgrouplist)) { | } else if (cs->runasgrouplist == NULL) { |
| lbuf_append(lbuf, "%s", def_runas_default); |
lbuf_append(lbuf, "%s", def_runas_default); |
| } else { |
} else { |
| lbuf_append(lbuf, "%s", pw->pw_name); |
lbuf_append(lbuf, "%s", pw->pw_name); |
| } |
} |
| if (!tq_empty(&cs->runasgrouplist)) { | if (cs->runasgrouplist != NULL) { |
| lbuf_append(lbuf, " : "); |
lbuf_append(lbuf, " : "); |
| tq_foreach_fwd(&cs->runasgrouplist, m) { | TAILQ_FOREACH(m, cs->runasgrouplist, entries) { |
| if (m != tq_first(&cs->runasgrouplist)) | if (m != TAILQ_FIRST(cs->runasgrouplist)) |
| lbuf_append(lbuf, ", "); |
lbuf_append(lbuf, ", "); |
| print_member(lbuf, m, RUNASALIAS); |
print_member(lbuf, m, RUNASALIAS); |
| } |
} |
|
Line 397 sudo_file_display_priv_short(struct passwd *pw, struct
|
Line 386 sudo_file_display_priv_short(struct passwd *pw, struct
|
| tags.nopasswd = UNSPEC; |
tags.nopasswd = UNSPEC; |
| tags.log_input = UNSPEC; |
tags.log_input = UNSPEC; |
| tags.log_output = UNSPEC; |
tags.log_output = UNSPEC; |
| } else if (cs != tq_first(&priv->cmndlist)) { | } else if (cs != TAILQ_FIRST(&priv->cmndlist)) { |
| lbuf_append(lbuf, ", "); |
lbuf_append(lbuf, ", "); |
| } |
} |
| sudo_file_append_cmnd(cs, &tags, lbuf); |
sudo_file_append_cmnd(cs, &tags, lbuf); |
|
Line 453 sudo_file_display_priv_long(struct passwd *pw, struct
|
Line 442 sudo_file_display_priv_long(struct passwd *pw, struct
|
| int nfound = 0, olen; |
int nfound = 0, olen; |
| debug_decl(sudo_file_display_priv_long, SUDO_DEBUG_NSS) |
debug_decl(sudo_file_display_priv_long, SUDO_DEBUG_NSS) |
| |
|
| tq_foreach_fwd(&us->privileges, priv) { | TAILQ_FOREACH(priv, &us->privileges, entries) { |
| if (hostlist_matches(&priv->hostlist) != ALLOW) |
if (hostlist_matches(&priv->hostlist) != ALLOW) |
| continue; |
continue; |
| prev_cs = NULL; |
prev_cs = NULL; |
| tq_foreach_fwd(&priv->cmndlist, cs) { | TAILQ_FOREACH(cs, &priv->cmndlist, entries) { |
| if (new_long_entry(cs, prev_cs)) { |
if (new_long_entry(cs, prev_cs)) { |
| lbuf_append(lbuf, _("\nSudoers entry:\n")); |
lbuf_append(lbuf, _("\nSudoers entry:\n")); |
| lbuf_append(lbuf, _(" RunAsUsers: ")); |
lbuf_append(lbuf, _(" RunAsUsers: ")); |
| if (!tq_empty(&cs->runasuserlist)) { | if (cs->runasuserlist != NULL) { |
| tq_foreach_fwd(&cs->runasuserlist, m) { | TAILQ_FOREACH(m, cs->runasuserlist, entries) { |
| if (m != tq_first(&cs->runasuserlist)) | if (m != TAILQ_FIRST(cs->runasuserlist)) |
| lbuf_append(lbuf, ", "); |
lbuf_append(lbuf, ", "); |
| print_member(lbuf, m, RUNASALIAS); |
print_member(lbuf, m, RUNASALIAS); |
| } |
} |
| } else if (tq_empty(&cs->runasgrouplist)) { | } else if (cs->runasgrouplist == NULL) { |
| lbuf_append(lbuf, "%s", def_runas_default); |
lbuf_append(lbuf, "%s", def_runas_default); |
| } else { |
} else { |
| lbuf_append(lbuf, "%s", pw->pw_name); |
lbuf_append(lbuf, "%s", pw->pw_name); |
| } |
} |
| lbuf_append(lbuf, "\n"); |
lbuf_append(lbuf, "\n"); |
| if (!tq_empty(&cs->runasgrouplist)) { | if (cs->runasgrouplist != NULL) { |
| lbuf_append(lbuf, _(" RunAsGroups: ")); |
lbuf_append(lbuf, _(" RunAsGroups: ")); |
| tq_foreach_fwd(&cs->runasgrouplist, m) { | TAILQ_FOREACH(m, cs->runasgrouplist, entries) { |
| if (m != tq_first(&cs->runasgrouplist)) | if (m != TAILQ_FIRST(cs->runasgrouplist)) |
| lbuf_append(lbuf, ", "); |
lbuf_append(lbuf, ", "); |
| print_member(lbuf, m, RUNASALIAS); |
print_member(lbuf, m, RUNASALIAS); |
| } |
} |
|
Line 535 sudo_file_display_privs(struct sudo_nss *nss, struct p
|
Line 524 sudo_file_display_privs(struct sudo_nss *nss, struct p
|
| if (nss->handle == NULL) |
if (nss->handle == NULL) |
| goto done; |
goto done; |
| |
|
| tq_foreach_fwd(&userspecs, us) { | TAILQ_FOREACH(us, &userspecs, entries) { |
| if (userlist_matches(pw, &us->users) != ALLOW) |
if (userlist_matches(pw, &us->users) != ALLOW) |
| continue; |
continue; |
| |
|
|
Line 568 sudo_file_display_defaults(struct sudo_nss *nss, struc
|
Line 557 sudo_file_display_defaults(struct sudo_nss *nss, struc
|
| else |
else |
| prefix = ", "; |
prefix = ", "; |
| |
|
| tq_foreach_fwd(&defaults, d) { | TAILQ_FOREACH(d, &defaults, entries) { |
| switch (d->type) { |
switch (d->type) { |
| case DEFAULTS_HOST: |
case DEFAULTS_HOST: |
| if (hostlist_matches(&d->binding) != ALLOW) | if (hostlist_matches(d->binding) != ALLOW) |
| continue; |
continue; |
| break; |
break; |
| case DEFAULTS_USER: |
case DEFAULTS_USER: |
| if (userlist_matches(pw, &d->binding) != ALLOW) | if (userlist_matches(pw, d->binding) != ALLOW) |
| continue; |
continue; |
| break; |
break; |
| case DEFAULTS_RUNAS: |
case DEFAULTS_RUNAS: |
|
Line 625 static int
|
Line 614 static int
|
| display_bound_defaults(int dtype, struct lbuf *lbuf) |
display_bound_defaults(int dtype, struct lbuf *lbuf) |
| { |
{ |
| struct defaults *d; |
struct defaults *d; |
| struct member *m, *binding = NULL; | struct member_list *binding = NULL; |
| | struct member *m; |
| char *dsep; |
char *dsep; |
| int atype, nfound = 0; |
int atype, nfound = 0; |
| debug_decl(display_bound_defaults, SUDO_DEBUG_NSS) |
debug_decl(display_bound_defaults, SUDO_DEBUG_NSS) |
|
Line 650 display_bound_defaults(int dtype, struct lbuf *lbuf)
|
Line 640 display_bound_defaults(int dtype, struct lbuf *lbuf)
|
| default: |
default: |
| debug_return_int(-1); |
debug_return_int(-1); |
| } |
} |
| tq_foreach_fwd(&defaults, d) { | TAILQ_FOREACH(d, &defaults, entries) { |
| if (d->type != dtype) |
if (d->type != dtype) |
| continue; |
continue; |
| |
|
| nfound++; |
nfound++; |
| if (binding != tq_first(&d->binding)) { | if (binding != d->binding) { |
| binding = tq_first(&d->binding); | binding = d->binding; |
| if (nfound != 1) |
if (nfound != 1) |
| lbuf_append(lbuf, "\n"); |
lbuf_append(lbuf, "\n"); |
| lbuf_append(lbuf, " Defaults%s", dsep); |
lbuf_append(lbuf, " Defaults%s", dsep); |
| for (m = binding; m != NULL; m = m->next) { | TAILQ_FOREACH(m, binding, entries) { |
| if (m != binding) | if (m != TAILQ_FIRST(binding)) |
| lbuf_append(lbuf, ","); |
lbuf_append(lbuf, ","); |
| print_member(lbuf, m, atype); |
print_member(lbuf, m, atype); |
| lbuf_append(lbuf, " "); |
lbuf_append(lbuf, " "); |
|
Line 693 sudo_file_display_cmnd(struct sudo_nss *nss, struct pa
|
Line 683 sudo_file_display_cmnd(struct sudo_nss *nss, struct pa
|
| goto done; |
goto done; |
| |
|
| match = NULL; |
match = NULL; |
| tq_foreach_rev(&userspecs, us) { | TAILQ_FOREACH_REVERSE(us, &userspecs, userspec_list, entries) { |
| if (userlist_matches(pw, &us->users) != ALLOW) |
if (userlist_matches(pw, &us->users) != ALLOW) |
| continue; |
continue; |
| |
|
| tq_foreach_rev(&us->privileges, priv) { | TAILQ_FOREACH_REVERSE(priv, &us->privileges, privilege_list, entries) { |
| host_match = hostlist_matches(&priv->hostlist); |
host_match = hostlist_matches(&priv->hostlist); |
| if (host_match != ALLOW) |
if (host_match != ALLOW) |
| continue; |
continue; |
| tq_foreach_rev(&priv->cmndlist, cs) { | TAILQ_FOREACH_REVERSE(cs, &priv->cmndlist, cmndspec_list, entries) { |
| runas_match = runaslist_matches(&cs->runasuserlist, | runas_match = runaslist_matches(cs->runasuserlist, |
| &cs->runasgrouplist, NULL, NULL); | cs->runasgrouplist, NULL, NULL); |
| if (runas_match == ALLOW) { |
if (runas_match == ALLOW) { |
| cmnd_match = cmnd_matches(cs->cmnd); |
cmnd_match = cmnd_matches(cs->cmnd); |
| if (cmnd_match != UNSPEC) { |
if (cmnd_match != UNSPEC) { |
| match = host_match && runas_match ? cs->cmnd : NULL; | if (cmnd_match == ALLOW) |
| | match = cs->cmnd; |
| goto matched; |
goto matched; |
| } |
} |
| } |
} |
|
Line 755 _print_member(struct lbuf *lbuf, char *name, int type,
|
Line 746 _print_member(struct lbuf *lbuf, char *name, int type,
|
| break; |
break; |
| case ALIAS: |
case ALIAS: |
| if ((a = alias_get(name, alias_type)) != NULL) { |
if ((a = alias_get(name, alias_type)) != NULL) { |
| tq_foreach_fwd(&a->members, m) { | TAILQ_FOREACH(m, &a->members, entries) { |
| if (m != tq_first(&a->members)) | if (m != TAILQ_FIRST(&a->members)) |
| lbuf_append(lbuf, "%s", separator); |
lbuf_append(lbuf, "%s", separator); |
| _print_member(lbuf, m->name, m->type, |
_print_member(lbuf, m->name, m->type, |
| negated ? !m->negated : m->negated, separator, |
negated ? !m->negated : m->negated, separator, |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to parse.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers